Support » Plugin: Enable Latex » [Plugin: Enable Latex] False-positive remote file include vulnerability?
5 years, 3 months ago
Original post: http://seclists.org/bugtraq/2011/Nov/150
Here is what I tested: http://seclists.org/bugtraq/2011/Dec/0
Could you tell me if I am correct?
For me, there is no vulnerability !
At least, if global_register is activated, the $url variable may be modified but with any consequence as the real path is after the $url variable …
Then you may have been able to include files with the following path
$url.’core/admin_table.class.php’ (for instance)
Not warmful !
Are you agree ?
I meant harmful and not warmful 🙂
As my previous testing did not work and you said those lines I think this is false-positive.