Wisdom Matthew
Wisdom Matthew
> It is looking good so far! I like your changes. When you achieve parity, we can delete the old .go file. I've set up some automation in this branch...
@robbyoconnor I would like to work on this
i got this error Fatal error: Cannot use result of built-in function in write context in C:\xampp2\php\pear\Archive\Tar.php on line 639 in file interface/main/backup.php
> # The Issue > Local file disclosure is a vulnerability which allows an attacker to disclose the contents of files on the server. An attacker can use this vulnerability...
> @wisdommatt Can you link to the fixing commit please? The issue has been opened since 2018 and if you cross check the code now you will notice it has...
> I found a report with [a decently sized list of vulnerabilities in OpenEMR](https://github.com/zeropwn/vulnerability-reports-and-pocs/blob/master/OpenEMR%20-%20Vulnerability%20Report.pdf) published on May 1st of this year. > > Not sure if these exist in our...
From my end i found out that the file that writes > # The Issue > Unrestricted file write vulnerabilities allow attackers to write file such as PHP files, in...
i would like to be assigned this issue
it also accepts upload of php files i think it would be more secured to restrict upload files to just some file formats
I have tested the remote code execution issue. .htaccess blocks file access to the uploaded files. ![Screenshot (268)](https://user-images.githubusercontent.com/40186491/77603802-4884a080-6f11-11ea-94b0-f36537955741.png) @C-Sto i think why yours went through might be because the site...