-
Hugh Davenport authored
Bug #1057238 CVE-2012-2244 When a site administrator can manipulate the path for the clamav scanner, they could produce either a reverse shell, or allow any user to execute arbitrary remote commands by setting it to an uploaded reverse shell, or to /bin/bash respectively. Other executable paths, namely pathtozip, and pathtounzip are only set via config.php, and not through the site admin interface. This option, pathtoclam, should follow the same design. Change-Id: I7d4822c9f54eda80682d6631699c1ab40f1dc896 Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>
2de4e22a