dkwakkel Report post Posted June 4, 2015 We conducted a security vulnerability of Fusion Charts and the following vulnerability shows up: Line 184 in FCExporter_SVG2ALL.php calls shell_exec() with a command built from untrusted data. This call can cause the program to execute malicious commands on behalf of an attacker. Source: index.php 151 Read $_POST() 153 $exportRequestStream = $_POST; Sink: FCExporter_SVG2ALL.php:184 shell_exec() 182 $command = INKSCAPE_PATH . "$bg --without-gui {$tempInputSVGFile} --export- {$ext} $tempOutputFile {$size}"; And: $comandJpg = CONVERT_PATH . " -quality 100 $tempOutputFile $tempOutputJpgFile"; $output .= shell_exec($comandJpg); I could imagine If $bg contains something like "& /dosomethingevil" this can be an issue. I expect escapeshellcmd and escapeshellarg iso shell_exec should be used (see http://stackoverflow.com/a/130323/227061). Can this be fixed? Share this post Link to post Share on other sites