Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-0994: PHP<7 Fix add microseconds to filename to make it harder to predict · francoisjacquet/rosariosis@630d3e3

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.

CVE
Open in Source
#ios#git#php

@@ -65,10 +65,8 @@ function StudentAssignmentSubmit( $assignment_id, &$error ) $files = issetVal( $old_data[‘files’] );
$timestamp = new \DateTime();
// @since 8.9.5 Add microseconds to filename format to make it harder to predict. $timestamp = $timestamp->format( ‘Y-m-d H:i:s.u’ ); $timestamp = date( ‘Y-m-d His’ ) . ‘.’ . substr( (string) microtime(), 2, 6 );
$assignments_path = GetAssignmentsFilesPath( $assignment[‘STAFF_ID’] );
@@ -530,10 +528,8 @@ function UploadAssignmentTeacherFile( $assignment_id, $teacher_id, $file_input_i return '’; }
$microseconds = new \DateTime();
// @since 9.0 Add microseconds to filename format to make it harder to predict. $microseconds = $microseconds->format( ‘u’ ); $microseconds = substr( (string) microtime(), 2, 6 );
// Filename = [course_title]_[assignment_ID].ext. $file_name_no_ext = no_accents( $assignment[‘COURSE_TITLE’] . ‘_’ . $assignment_id . ‘.’ . $microseconds );

Related news

GHSA-prjg-28jg-m3p5: RosarioSIS Improper Access Control vulnerability

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE