You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fixed in the 2.3.0 version (lsretailomni/lsmag-two@02f373a) but all the versions below are vulnerable. Any Administrator can access not only /etc/passwd, but also app/etc/env.php or even remove it!
Exploit
As a result, with a modified URL, you can display env.php or Server’s /etc/passwd (?log_filename=../../app/etc/env.php) and remove its contents (?log_filename=../../app/etc/env.php&submission=Clear).
The text was updated successfully, but these errors were encountered:
Long-term issue in LS Retail extension:
https://github.com/lsretailomni/lsmag-two/blob/cb6e8013c1acf8e88d25c6659c7a4570f04c2017/src/Replication/Controller/Adminhtml/Logs/Report.php#L96-L112
Fixed in the 2.3.0 version (lsretailomni/lsmag-two@02f373a) but all the versions below are vulnerable. Any Administrator can access not only
/etc/passwd
, but alsoapp/etc/env.php
or even remove it!Exploit
As a result, with a modified URL, you can display env.php or Server’s /etc/passwd (
?log_filename=../../app/etc/env.php
) and remove its contents (?log_filename=../../app/etc/env.php&submission=Clear
).The text was updated successfully, but these errors were encountered: