[Plugin: Enable Latex] False-positive remote file include vulnerability?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Sed Lex

    (@sedlex)

    Hi,

    For me, there is no vulnerability !
    At least, if global_register is activated, the $url variable may be modified but with any consequence as the real path is after the $url variable …

    Then you may have been able to include files with the following path
    $url.’core/admin_table.class.php’ (for instance)

    Not warmful !

    Are you agree ?

    Plugin Author Sed Lex

    (@sedlex)

    I meant harmful and not warmful ??

    Thread Starter henrisalo

    (@henrisalo)

    As my previous testing did not work and you said those lines I think this is false-positive.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Plugin: Enable Latex] False-positive remote file include vulnerability?’ is closed to new replies.