Uploaded image for project: 'Islandora'
  1. Islandora
  2. ISLANDORA-1999

Many calls to exec() are not sanitized and run values enter into the admin forms.

    XMLWordPrintable

    Details

      Description

      In many cases, we call exec() on the path to a function that a user provides without sanitizing or checking that it's an executable.

      Audit all calls to exec() and escape or validate the input.

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            rosiel Rosie Le Faive
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated: