Welcome to Geeklog, Anonymous Friday, March 29 2024 @ 01:10 am EDT

File Manager Vulnerability

  • Sunday, July 05 2015 @ 06:20 pm EDT
  • Contributed by:
  • Views: 9,287
Security

An XSS vulnerability has been found by Mohammad Sikkandar Sha in the demo code for WideImage which is used in the File Manager shipped with Geeklog 2.1.0. The File Manager itself has access control and is not affected by the vulnerability.

To fix this, please remove the two following directories as soon as possible:

  • public_html/filemanager/connectors/php/inc/vendor/wideimage/demo
  • public_html/filemanager/connectors/php/inc/vendor/wideimage/test

Thank you