7f7bcadb58
In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. |
||
---|---|---|
.. | ||
auth | ||
ht | ||
ns | ||
reg |