Author Topic: BIG WHOLE - totally insecured fix urgent  (Read 5267 times)

0 Members and 1 Guest are viewing this topic.

Offline
***
BIG WHOLE - totally insecured fix urgent
« on: November 14, 2017, 05:29:07 PM »
There is BIG WHOLE in CWP.

username: user123

This User add a domain for example "domain.com"
He need to enter path
Path is starting with /home/USERNAME

but user can ommit starting slash / from input
if he enter "domain" as path
CWP create path /home/user123domain

but this should be:
/home/user123/domain

This is totally insecured

Offline
*
Re: BIG WHOLE - totally insecured fix urgent
« Reply #1 on: December 06, 2017, 08:08:09 PM »
don't see that issue its probably some old issue.
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
***
Re: BIG WHOLE - totally insecured fix urgent
« Reply #2 on: December 06, 2017, 09:02:02 PM »
It was fixed with last CWP update (new theme). I will check it with addon hacking test ;)