Furthermore, as defined here, the content retrieved from the geomap_server URL is written to the file system (on a predictable path) without validation.
Other info
Here is a screenshot of the global configuration page, which allows setting the geomap_server field.
Problem If a user is able to edit the NagVis global options, he is able to perform a Server-side request forgery.
Explanation The function
geomap_get_contents
uses the PHP functionfile_get_contents
to retrieve data from the URL specified in thegeomap_server
field of the NagVis global options, but there is no validation on the given URL.Furthermore, as defined here, the content retrieved from the
geomap_server
URL is written to the file system (on a predictable path) without validation.Other info Here is a screenshot of the global configuration page, which allows setting the
geomap_server
field.