MantisBT: master-2.5 3a7c6f75

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.5 2017-08-03 15:39 master-2.5 a6dc088a
Affected Issues  0023173: CVE-2017-12419: Arbitrary File Read inside install.php script
 0023185: Improve doc and notifications when admin dir is present (CVE-2017-12419)
Changeset

Improve admin information about CVE-2017-12419

  • Add admin check for mysqli.allow_local_infile
  • Add reminder to remove admin dir at end of Admin checks
  • Improve post-install tasks section of Admin Guide: add explicit
    warning about potential consequences of not deleting the admin
    directory, more descriptive wording.

Stopgap measures for issue 0023173
mod - admin/check/check_database_inc.php Diff File
mod - admin/check/index.php Diff File
mod - docbook/Admin_Guide/en-US/Installation.xml Diff File