mirror/php-tinyfilemanager
1
0
Fork 0
mirror of https://github.com/prasathmani/tinyfilemanager.git synced 2025-07-26 19:40:31 +02:00
Code Issues Releases Wiki Activity

Patched the RCE (#636)

Browse Source 
I have patched the file upload directory traversal to Authenticated Remote Code Execution Vulnerability.
This commit is contained in:
febinrev
2021-11-12 08:31:02 +05:30
committed by GitHub
parent c1718ff4c5
commit 2046bbde72
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tinyfilemanager.php
View File

@@ -880,7 +880,7 @@ if (!empty($_FILES) && !FM_READONLY) {
$targetPath = $path . $ds;
if ( is_writable($targetPath) ) {
$fullPath = $path . '/' . $_REQUEST['fullpath'];
$fullPath = $path . '/' . str_replace("./","_",$_REQUEST['fullpath']);
$folder = substr($fullPath, 0, strrpos($fullPath, "/"));
if(file_exists ($fullPath) && !$override_file_name) {