Search the Community

Showing results for tags 'security'.


More search options

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • Company Forums
    • Company News
  • Product Forums
    • FusionCharts XT
    • FusionWidgets XT
    • PowerCharts XT
    • FusionMaps XT
    • Collabion Charts for SharePoint
    • jQuery Plugin for FusionCharts
    • AngularJS plugin
    • ReactJS plugin
  • General Forums
    • FusionCharts Jobs and Consultation
    • FusionLounge

Found 1 result

  1. Dangerous file inclusion

    dkwakkel posted a topic in FusionCharts and PHP

    During security scan the following issue was found: The file index.php passes an unvalidated filename to a dynamic include statement on line 163. Allowing unvalidated user input to control files that are included dynamically in PHP can lead to malicious code execution. index.php:151 Read $_POST() $exportRequestStream = $_POST; Sink: index.php:163 builtin_include() if (!@include( $exporterResource )) { Given this line in getExporter: $path = RESOURCE_PATH . EXPORT_HANDLER . strtoupper($streamtype) . "2{$exporterSuffix}.php"; I could imagine that if streamtype contains e.g. '\..\..\..\somefile.txt ' illegal content can be included. Can this be fixed by e.g. sanitizing streamtype and exporterSuffix?