This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2022-25266 | |
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files). | |
After authorization with the Owner account, it will be possible to read files located outside the web directory on the server | |
Discoverer: Positive technologies, Arian Rakhimi | |
CVE-2022-25267 | |
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files). | |
After logging in with the Owner account, an intruder has the ability to upload arbitrary files by sending specially generated HTTP requests | |
Discoverer: Positive technologies, Arian Rakhimi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Scores a password's strength. | |
* | |
* It scores a password according to several factors like character variation, | |
* repetition and length. The passwords are scored in a numeric point scale that | |
* varies from less than 0 to 100 and more. A safe password score should be | |
* considered as 49 points or more. | |
* | |
* @param {String} pwd The password string to score. | |
* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
class LoginController extends \Phalcon\Mvc\Controller | |
{ | |
public function initialize() | |
{ | |
Phalcon\Tag::setTitle('Страница входа / регистрации'); | |
} | |
public function indexAction() |