...
A vulnerability has been reported in the utility controller used by Open-AudIT. The vulnerability has been fixed and a patch is available as well as included in the next release of Open-AudIT (4.3.0). The vulnerability is caused by un-validated user input to a publicly available function. The patch fix removes this vulnerability by validating the user input.
...
This issue is remotely exploitable by unauthenticated users. All users are advised to apply the fix patch immediately.
Products Affected
Open-AudIT Community versions 3.5.0 and later.
...
A patch for the issue described in this bulletin will be available in the next released Open-AudIT v4.3.0, expected before Nov 12th (subject to change).
Fixes, Workarounds and Mitigations
...
Windows - c:\xampp\open-audit\code_igniter\application\controllers\util.php
The file is also available on Github at https://raw.githubusercontent.com/Opmantek/open-audit/master/code_igniter/application/controllers/util.php
You can see the code changed for this patch, also on Github at https://github.com/Opmantek/open-audit/commit/1ce039306d85598880ff25fbeb20195ef3b7a993#diff-0d4f2e9612b02690fdeac430d36d1a8c334d6fb1e1d17c223cbfe5321b2bd04e
| View file | ||||
|---|---|---|---|---|
|
...