Headline
CVE-2023-3491: Limit "LIMIT" to numbers only + Disable upload theme (#1392) · FOSSBilling/FOSSBilling@2ddb743
Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.
Commit
Permalink
Browse files
Browse the repository at this point in the history
Limit “LIMIT” to numbers only + Disable upload theme (#1392)
* Prevent non numeric values being used in limits
Potential abuse for Sql injection Only allow integers to be used
Adjust exception
* Disable upload assets via Theme pages
File upload was removed in an earlier PR
* Make sure the test run fine
* Fix the tests
* Use limit instead of per_page
* And another fix
Co-authored-by: Belle Aerni [email protected]
- Loading branch information