[SECURITY] Directory Traversal Vulnerability Found #18
Comments
Sp1d3rL1
changed the title
|
Hi! I've received an email but my replies bounced. I've added a check to insecure files function. |
|
Sorry, I may have a problem with my Google mail settings. I saw your changes, but the exploit I mentioned can still bypass this restriction, so please send me an email to this email address [email protected]. |
|
Got it now, thanks! I've added a rudimentary, but useful, cleaning function for the tokens. https://github.com/PHPVibe/PHPVibe/commits/master/ It should wipe everything tricky and no longer allow access to file paths. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have recently discovered an Directory Traversal Vulnerability in several files in PHPVibe that cause Code Execution, and it is definitely something that should concern you. I'll report it to the PHPVibe community as soon as possible and also hope to get in touch with you soon so we can move forward with fixing the issue.
If it is convenient, You can reach me at [email protected] to get in touch and hopefully get your attention as soon as possible so that I can report the vulnerability details to you.
Finally, if you don't mind, I would like to report it to CVE as well, so I hope you know and understand.
The text was updated successfully, but these errors were encountered: