We have had a vulnerability reported in our utility controller used by Open-AudIT. The issue has been fixed and will be available in the next release of Open-AudIT.
If you require the fix now, please download the following file from github and copy it to:
Linux - /usr/local/open-audit/code_igniter/application/controllers/util.php
Windows - c:\xampp\code_igniter\application\controllers\util.php
The fix will work regardless of the version you are currently running.
The git patch details are below.
commit 1ce039306d85598880ff25fbeb20195ef3b7a993
Author: Mark Unwin <marku@opmantek.com>
Date: Thu Oct 28 14:18:44 2021 +1000
Filter out all characters except those in the allowed list for determining number of IPs in range or subnet.
commit 21547c1cd47d5e7f362d08febe1dfccf649fe5b1
Author: Mark Unwin <marku@opmantek.com>
Date: Thu Oct 28 14:06:54 2021 +1000
Prevent util functions from being called, except from localhost.
Apologies for any inconvenience caused.
Mark Unwin.