...
Last revised: 2021-11-01
Summary
We have had a vulnerability A vulnerability has been reported in our the utility controller used by Open-AudIT. The issue vulnerability has been fixed and will be available a patch is available as well as included in the next release of Open-AudIT (4.3.0). The vulnerability is caused by un-validated user input to a publicly available function. The patch fix removes this vulnerability by validating the user input.
...
This issue is remotely exploitable by unauthenticated users. All users are advised to patch apply the fix immediately.
Products Affected
...
A patch for the issue described in this bulletin will be available in the next released Open-AudIT v4.3.0.
Fixes, Workarounds and Mitigations
Download the attached file and replace the following file:
...
Windows - c:\xampp\open-audit\code_igniter\application\controllers\util.php
The file is also available on Github at https://raw.githubusercontent.com/Opmantek/open-audit/master/code_igniter/application/controllers/util.php
You can view the associated commits also on Github at:
| View file | ||||
|---|---|---|---|---|
|
...