E
evilrabbi
Guest
The version of horde that is shipped with plesk is vulnerable to remote execution in the help module. This can lead to unauthorized people having access to your server. I'm sure swsoft will issue a patch, but untill then you can use the patch I wrote.
Add the following lines of code to the index.php file located in
/usr/share/psa-horde/services/help.
add it after
$topic = Util::getFormData('topic');
and before
if ($module == 'admin') {
After a patch is issued by plesk remove the code then update.
$good_module = $module;
$bad_chars = array
(
"';'",
"'\''",
);
$replace = array
(
" "
);
$good_module = preg_replace ($search, $replace, $good_module);
$module = $good_module;
cheers,
evilrabbi < evilrabbi <at> gmail [dot] com>
Add the following lines of code to the index.php file located in
/usr/share/psa-horde/services/help.
add it after
$topic = Util::getFormData('topic');
and before
if ($module == 'admin') {
After a patch is issued by plesk remove the code then update.
$good_module = $module;
$bad_chars = array
(
"';'",
"'\''",
);
$replace = array
(
" "
);
$good_module = preg_replace ($search, $replace, $good_module);
$module = $good_module;
cheers,
evilrabbi < evilrabbi <at> gmail [dot] com>