Full Path Disclosure In EasyDB
P
Paragon Initiative Enterprises
Submitted None
Actions:
Reported by
supernatural
Vulnerability Details
Technical details and impact analysis
Hi,
as reported in #115337
about a full path disclosure in EasyDB
you fixed some of them in last commits
but `single` function is vulnerable too and not fixed yet!
if(count($params) != count($params,COUNT_RECURSIVE)){
throw new \InvalidArgumentException("Invalid params");
}
this will check $params to be 1d array,
add this code before line 366 in EasyDB.php
Regards
Report Details
Additional information and metadata
State
Closed
Substate
Informative
Submitted
Weakness
Information Disclosure