Skip to content

Removed unused & vulnerable features w/ security issues#1624

Open
maggienegm wants to merge 2 commits into
LibreHealthIO:masterfrom
maggienegm:security-preventions
Open

Removed unused & vulnerable features w/ security issues#1624
maggienegm wants to merge 2 commits into
LibreHealthIO:masterfrom
maggienegm:security-preventions

Conversation

@maggienegm
Copy link
Copy Markdown
Contributor

@maggienegm maggienegm commented Jul 11, 2020
edited
Loading

plans_config.php includes XSS vulnerabilities

download_template.php includes directory traversal/arbitrary file download vulnerabilities

Both files aren't being used, so references to them have either been replaced with an error message or deleted.

@maggienegm
Copy link
Copy Markdown
Contributor Author

maggienegm commented Jul 12, 2020
edited
Loading

One feature within manage_site_files.php (Admin > Files) allows admin users to change source code within the app. Rather than allowing users to edit code files within the app and allowing security vulnerabilities to exist, programmers can edit the files.

@maggienegm maggienegm changed the title Removed calls to files that weren't used && w/ security issues Removed unused and extremely vulnerable features w/ security issues Jul 12, 2020
@maggienegm maggienegm changed the title Removed unused and extremely vulnerable features w/ security issues Removed unused & vulnerable features w/ security issues Jul 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maggienegm