VULAB-177: Security Issue with uploader.php

Metadata

Source: VULAB-177
Type: Bug
Priority: Blocker
Status: Closed
Resolution: Fixed
Assignee: David Makalsky
Reporter: David Makalsky
Created: 2009-02-19T15:26:25.000-0500
Updated: 2009-02-19T22:39:04.000-0500
Versions: 0.5B

0.5
Fixed Versions: 0.5B

0.5
Component: RASCAL

Description

Missing file extension check and adding more unix level security restrictions to uploaded file.

Attachments

vulab177-patch.txt

Comments

David Makalsky commented 2009-02-19T22:39:04.000-0500

code fixed and committed.