CGI "id" parameter not sufficiently validated, could allow for the creation of files on the file system
|Reported by:||sdlime||Owned by:||sdlime|
|Component:||MapServer C Library||Version:||unspecified|
The CGI parameter (used for pseudo session handling) is not sufficiently validated and could be used to create files outside of intended locations. The parameter is checked for length but not for content so inserting relative paths alters where MapServer will try to create temporary files.
The fix is to apply a regex pattern to limit an id's value.
Change History (10)
comment:1 Changed 6 years ago by sdlime
- Priority changed from normal to high
- Status changed from new to assigned
comment:8 Changed 6 years ago by sdlime
- Resolution set to fixed
- Status changed from assigned to closed