mirror of
https://github.com/prasathmani/tinyfilemanager
synced 2024-06-13 03:12:17 +02:00
Patched the RCE
I have patched the file upload directory traversal to Authenticated Remote Code Execution Vulnerability.
This commit is contained in:
parent
c1718ff4c5
commit
a93fc321a3
|
@ -880,7 +880,7 @@ if (!empty($_FILES) && !FM_READONLY) {
|
|||
|
||||
$targetPath = $path . $ds;
|
||||
if ( is_writable($targetPath) ) {
|
||||
$fullPath = $path . '/' . $_REQUEST['fullpath'];
|
||||
$fullPath = $path . '/' . str_replace("./","_",$_REQUEST['fullpath']);
|
||||
$folder = substr($fullPath, 0, strrpos($fullPath, "/"));
|
||||
|
||||
if(file_exists ($fullPath) && !$override_file_name) {
|
||||
|
|
Loading…
Reference in a new issue