Furthermore, as defined here, the content retrieved from the geomap_server URL is written to the file system (on a predictable path) without validation.
Other info
Here is a screenshot of the global configuration page, which allows setting the geomap_server field.
Problem If a user is able to edit the NagVis global options, he is able to perform a Server-side request forgery.
Explanation The function
geomap_get_contentsuses the PHP functionfile_get_contentsto retrieve data from the URL specified in thegeomap_serverfield of the NagVis global options, but there is no validation on the given URL.Furthermore, as defined here, the content retrieved from the
geomap_serverURL is written to the file system (on a predictable path) without validation.Other info Here is a screenshot of the global configuration page, which allows setting the
geomap_serverfield.