WordPress.org

Support

Support » Plugins and Hacks » [Resolved] [Plugin: Enable Latex] False-positive remote file include vulnerability?

[Resolved] [Plugin: Enable Latex] False-positive remote file include vulnerability?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Sed Lex
    Member

    @sedlex

    Hi,

    For me, there is no vulnerability !
    At least, if global_register is activated, the $url variable may be modified but with any consequence as the real path is after the $url variable …

    Then you may have been able to include files with the following path
    $url.’core/admin_table.class.php’ (for instance)

    Not warmful !

    Are you agree ?

    Plugin Author Sed Lex
    Member

    @sedlex

    I meant harmful and not warmful 🙂

    henrisalo
    Member

    @henrisalo

    As my previous testing did not work and you said those lines I think this is false-positive.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Resolved] [Plugin: Enable Latex] False-positive remote file include vulnerability?’ is closed to new replies.