Closed jasperla closed 3 years ago
Thank you for the report, I've updated that and added a readme not on how to install the podcast library for python.
I did notice while poking at the podcaster that the image path change bug is also affecting this too. Will open a new ticket there.
Hi,
It seems there's an OS command injection vulnerability through the
$src
parameter with podcasts.In
scripts/make-radio-manager/radio/sources/pod/index.php
there is this construct:Note that
$src
is not escaped and as such can be abused to execute arbitrary commands on the OS as the user running the web server. For example to establish a reverse shell back to the attacker:Sanitizing
$src
through escapeshellarg() would remedy this problem.