Posted by Reindl Harald on May 17

Am 13.05.2016 um 17:30 schrieb Rio Sherri:

>
> sprintf (cmd, “/usr/bin/clamscan –no-summary %s”, argv[1]);
> The argv[1] parameter is passed unsanitized to a sprintf function
> which sends the formatted output to the cmd variable,
> which is later passed as a parameter to a run_cmd function on line 14

i don’t think so because the temp-files of mod-security to inspect
uploads are not controlled by the client…