Control Web Panel

WebPanel => CentOS-WebPanel Bugs => Topic started by: become on November 14, 2017, 05:29:07 PM

Title: BIG WHOLE - totally insecured fix urgent
Post by: become on November 14, 2017, 05:29:07 PM

There is BIG WHOLE in CWP.

username: user123

This User add a domain for example "domain.com"
He need to enter path
Path is starting with /home/USERNAME

but user can ommit starting slash / from input
if he enter "domain" as path
CWP create path /home/user123domain

but this should be:
/home/user123/domain

This is totally insecured

Title: Re: BIG WHOLE - totally insecured fix urgent
Post by: studio4host on December 06, 2017, 08:08:09 PM

don't see that issue its probably some old issue.

Title: Re: BIG WHOLE - totally insecured fix urgent
Post by: become on December 06, 2017, 09:02:02 PM

It was fixed with last CWP update (new theme). I will check it with addon hacking test ;)