Security Issues - Githubissues

ocapmod / ocap-legacy

OCAP is a game-changing tool that allows the recording and playback of operations on an interactive (web-based) map.

Other

38 stars 42 forks source link

Open Coryf88 opened 7 years ago

Coryf88 commented 7 years ago

OCAP Version: 0.5.0.1-beta Server OS: N/A

Description:

Admin page unprotected: #45
Download malicious remote file to server (PHP < 4.22)
SQL Injection
display_errors/display_startup_errors enabled.
phpinfo() accessible: Included info.php in release.
Download malicious remote file to server (OCAP Master >= Sep 18, 2016) bec7380fc3a8be5e5c4b232d96ae201d2cc02a1c

Steps to reproduce: N/A

RPT File: N/A

arma-miksu commented 6 years ago