search

pulsejet / memories

Fast, modern and advanced photo management suite. Runs as a Nextcloud app.
https://memories.gallery
GNU Affero General Public License v3.0
3.21k stars 87 forks source link

Antivirus Alarm CrowdStrike - Perl execution #1356

Open RevLaw opened 9 hours ago

RevLaw commented 9 hours ago

Describe the bug

The Perl line mention in the code is triggering the following tactic 'persistence via web shell'

https://github.com/pulsejet/memories/blob/98a12d240cb6e91243c60e87dd48572ff1fff719/lib/Service/BinExt.php#L463

I don't know how to fix this or if that is possible. But can you check the code if you can make the execution more secure? Probably, you can replace it with another command?

Steps To Reproduce

Install and run the plugin.

Platform

- OS: Docker - Oracle Linux
- Browser: Chrome
- Memories Version: 7.4.1
- Nextcloud Version: 31
- PHP Version: 8

Screenshots

image

Additional context

No response

pulsejet commented 8 hours ago

I don't know if that'll fix the warning, but these should definitely be using exec, not shell 👍🏻