WordPress.org

Ready to get started?Download WordPress

Forums

Enable Latex
[resolved] False-positive remote file include vulnerability? (4 posts)

  1. henrisalo
    Member
    Posted 2 years ago #

  2. Sed Lex
    Member
    Plugin Author

    Posted 2 years ago #

    Hi,

    For me, there is no vulnerability !
    At least, if global_register is activated, the $url variable may be modified but with any consequence as the real path is after the $url variable ...

    Then you may have been able to include files with the following path
    $url.'core/admin_table.class.php' (for instance)

    Not warmful !

    Are you agree ?

  3. Sed Lex
    Member
    Plugin Author

    Posted 2 years ago #

    I meant harmful and not warmful :)

  4. henrisalo
    Member
    Posted 2 years ago #

    As my previous testing did not work and you said those lines I think this is false-positive.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic