[Maplab-dev] [Bug 1695] New: [Maplab] (gszAppPath) Remote File Inclusion Vulnerability

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[Maplab-dev] [Bug 1695] New: [Maplab] (gszAppPath) Remote File Inclusion Vulnerability

bugzilla-daemon (Bugzilla)-13

           Summary: [Maplab] (gszAppPath) Remote File Inclusion
           Product: MapLab
           Version: 2.2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: critical
          Priority: P1
         Component: map editor
        AssignedTo: [hidden email]
        ReportedBy: [hidden email]

gmapfactory includes a file without verifying the path leading to the potential for remote script execution
if php globals is enabled.

See http://www.securityfocus.com/archive/1/464462/30/0/threaded

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Please do NOT reply to this email, use the link above instead to
login to bugzilla and submit your comment. Any email reply to this
address will be lost.
Maplab-dev mailing list
[hidden email]