You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The variable $filename can be controlled by $_GET['scan']. By concatenating $filename with $filepath and passing it directly into the unlink function, it can lead to arbitrary file deletion vulnerability.
To fix this vulnerability, we recommend that developers implement properly sanitize for user input before displaying it on the webpage.
The text was updated successfully, but these errors were encountered:
Recently, our team found a Arbitrary file deletion vulnerability
The vulnerability logic is present in the file:
https://github.com/LibreHealthIO/lh-ehr/blob/master/interface/fax/fax_dispatch.php#L49
https://github.com/LibreHealthIO/lh-ehr/blob/master/interface/fax/fax_dispatch.php#L50
https://github.com/LibreHealthIO/lh-ehr/blob/master/interface/fax/fax_dispatch.php#L315
The variable
$filenamecan be controlled by$_GET['scan']. By concatenating $filename with$filepathand passing it directly into theunlinkfunction, it can lead to arbitrary file deletion vulnerability.To fix this vulnerability, we recommend that developers implement properly sanitize for user input before displaying it on the webpage.
The text was updated successfully, but these errors were encountered: