Project

General

Profile

Actions

Bug #19821

closed

Command execution in sysext indexed_search

Added by Marcus Krause almost 16 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Category:
Indexed Search
Target version:
-
Start date:
2009-01-14
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

references TYPO3 Security Team OTRS issue #2009010510000025

Versions:
4.0 up to trunk (4.0, 4.1, 4.2, trunk)

Problem:
If an attacker is able to create arbitrarily named pdf-files (or .txt, etc.) and he can create a link to that file that is not
urlencoded (e.g. HTML content element), and get that page to be indexed, he is able to execute arbitrary commands.

Solution:
Wrap file arguments by escapeshellargs().

Provided by TYPO3 Security Team
(issue imported from #M10133)


Files

10133.diff (3.13 KB) 10133.diff Administrator Admin, 2009-01-14 23:46
Actions #1

Updated by Marcus Krause almost 16 years ago

Patch will be added until Jan 15, 2009.

Actions #2

Updated by Marcus Krause almost 16 years ago

patch added (made against trunk)
ready to be committed

Actions #3

Updated by Ingo Renner almost 16 years ago

fixed in 4.0.10, 4.1.8, 4.2.4, and trunk

Actions #4

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF