github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-14 02:28:05 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auth bypass vulnerability fix

Browse source
This commit is contained in:
INVENT 2015-01-19 15:14:15 +03:00
commit c0d5b3765a
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
web/api/index.php
View file

@ -17,7 +17,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'", $output, $auth_code);
} else {
$key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']);
if (file_exists($key)) {
if (file_exists($key) && is_file($key)) {
$auth_code = '0';
}
}