Code injection vulnerability in Batflat v1.3.6 Users tab

sruupl / batflat

Lightweight, fast and easy CMS for free. Bootstrap ready. https://batflat.org

MIT License

135 stars 53 forks source link

Code injection vulnerability in Batflat v1.3.6 Users tab #98

Closed mari0x00 closed 2 years ago

mari0x00 commented 3 years ago

Users tab attributes aren't sanitized and some of them allow for code injection. This means that an authenticated user with access to Users tab can execute arbitrary code on the web server with application privileges.

Adding user with PHP code in "Displayed name" field:

PHP being executed:

theofruitrouge commented 3 years ago

This should be fixed ASAP.

michu2k commented 2 years ago

Fixed. The fix will be available in the next update.