🛡️ Sentinel: [HIGH] Fix path traversal vulnerability in getPage.php
By AmmarBasha2011
Assigned to
🛡️ Sentinel: [HIGH] Fix path traversal vulnerability in getPage.php The `getPage` function in `core/functions/PHP/getPage.php` was vulnerable to path traversal attacks because it did not validate the `$RouteName` parameter (from `$_GET['page']`). This allowed attackers to use '..' sequences to access sensitive files outside the intended directories, such as `.env` or other system files. This fix adds a check at the beginning of the `getPage` function to detect and block any route containing '..', returning a 403 Forbidden error if detected. Verification: - Confirmed the vulnerability using a reproduction script. - Verified the fix with the same script. - Ensured no regressions by running the existing test suite. --- *PR created automatically by Jules for task [1007977609609211082](https://ift.tt/HoBZ8N6) started by @AmmarBasha2011*
Labeled:
June 16, 2026 at 12:21AM
via GitHub https://ift.tt/ayVzUFc
By AmmarBasha2011
Assigned to
🛡️ Sentinel: [HIGH] Fix path traversal vulnerability in getPage.php The `getPage` function in `core/functions/PHP/getPage.php` was vulnerable to path traversal attacks because it did not validate the `$RouteName` parameter (from `$_GET['page']`). This allowed attackers to use '..' sequences to access sensitive files outside the intended directories, such as `.env` or other system files. This fix adds a check at the beginning of the `getPage` function to detect and block any route containing '..', returning a 403 Forbidden error if detected. Verification: - Confirmed the vulnerability using a reproduction script. - Verified the fix with the same script. - Ensured no regressions by running the existing test suite. --- *PR created automatically by Jules for task [1007977609609211082](https://ift.tt/HoBZ8N6) started by @AmmarBasha2011*
Labeled:
June 16, 2026 at 12:21AM
via GitHub https://ift.tt/ayVzUFc