In legacy/restts/getimage.php, $_GET['id'] is being passed to a passthru() call without being sanitized, this could allow an attacker to execute arbitrary commands on the server. Take a look at escapeshellarg() for a way to help secure this.
See here:
https://github.com/CatchPlus/S4AAAS/blob/master/legacy/restts/getimage.php#L5
In
legacy/restts/getimage.php,$_GET['id']is being passed to apassthru()call without being sanitized, this could allow an attacker to execute arbitrary commands on the server. Take a look atescapeshellarg()for a way to help secure this.See here:
https://github.com/CatchPlus/S4AAAS/blob/master/legacy/restts/getimage.php#L5