Page tree
Skip to end of metadata
Go to start of metadata

util function vulnerability

Last revised: 2021-11-01


A vulnerability has been reported in the utility controller used by Open-AudIT. The vulnerability has been fixed and a patch is available as well as included in the next release of Open-AudIT (4.3.0). The vulnerability is caused by un-validated user input to a publicly available function. The patch removes this vulnerability by validating the user input.

Severity: Severe

This issue is remotely exploitable by unauthenticated users. All users are advised to apply the patch immediately.

Products Affected

Open-AudIT versions 3.5.0 and later.

Available Updates

A patch for the issue described in this bulletin will be available in the next released Open-AudIT v4.3.0, expected before Nov 12th (subject to change).

Fixes, Workarounds and Mitigations

Download the attached file and replace the following file:

Linux - /usr/local/open-audit/code_igniter/application/controllers\util.php

Windows - c:\xampp\open-audit\code_igniter\application\controllers\util.php

The file is also available on Github at

You can see the code changed for this patch, also on Github at


  • No labels