Author Topic: BIG WHOLE - totally insecured fix urgent  (Read 53 times)

0 Members and 1 Guest are viewing this topic.

Offline
**
BIG WHOLE - totally insecured fix urgent
« on: November 14, 2017, 05:29:07 PM »
There is BIG WHOLE in CWP.

username: user123

This User add a domain for example "domain.com"
He need to enter path
Path is starting with /home/USERNAME

but user can ommit starting slash / from input
if he enter "domain" as path
CWP create path /home/user123domain

but this should be:
/home/user123/domain

This is totally insecured