Details
-
Bug
-
Status: Closed
-
Major - P3
-
Resolution: Fixed
-
2.6.0-rc0
-
ALL
Description
db.eval allows a user to load a js file via the load() function. This is a potential security risk since it allows the user to instruct the server to read files on the server side.