Project: Github flatCore/flatCore-CMS 20191112

Vulnerability: #9253369 (2019-11-12 09:27:15)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::include
Risk _GET
/flatCore-CMS-master/install/index.php:19 (show/hide source)
1  <?php
2  
3  /**
4   * flatCore Content Management System
5   * Installer/Updater
6   *
7   * @package: install/
8   * @author: Patrick Konstandin <support@flatcore.de>
9   *
10   */
11  
12  session_start();
13  error_reporting(0);
14  $modus = '';
15  define('INSTALLER', TRUE);
16  
17  
18  if(isset($_GET['l']) && is_dir('../lib/lang/'.basename($_GET['l']).'/')) {
19 $_SESSION['lang'] = basename($_GET['l']);
20 } 21
Threat level 2

Callstack:

@INLINE::/flatCore-CMS-master/install/index.php /flatCore-CMS-master/install/index.php:31 (show/hide source)
11  
12  session_start();
13  error_reporting(0);
14  $modus = '';
15  define('INSTALLER', TRUE);
16  
17  
18  if(isset($_GET['l']) && is_dir('../lib/lang/'.basename($_GET['l']).'/')) {
19  	$_SESSION['lang'] = basename($_GET['l']);
20  }
21  
22  if(!isset($_SESSION['lang']) || $_SESSION['lang'] == '') {
23  	$l = 'de';
24  	$modus = 'choose_lang';
25  } else {
26  	$l = $_SESSION['lang'];
27  }
28  
29  require '../config.php';
30  require 'php/functions.php';
31 include '../lib/lang/'.$l.'/dict-install.php';
32 33