servnest/pg-act
Miraty 7f7bcadb58 Fix important vulnerability in reg/ds.php + exescape
In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution.

This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection.
2023-06-19 02:15:43 +02:00
..
auth Allow SSH keys authentication for SFTP(Go) 2023-06-15 03:35:42 +02:00
ht Fix important vulnerability in reg/ds.php + exescape 2023-06-19 02:15:43 +02:00
ns Fix important vulnerability in reg/ds.php + exescape 2023-06-19 02:15:43 +02:00
reg Fix important vulnerability in reg/ds.php + exescape 2023-06-19 02:15:43 +02:00