Arbitrary Code Execution #9
Description
https://github.com/Kannampuzha/Paint/blob/c9186f65cdf5e446d58014c054bad87bbb61f857/paint_app.py#L152
If python code is added to the undo.rec file, when undo button is clicked it will run the code.
To fix:
- You can use encryption, encrypt the data written in the undo.rec file
- Decoding the encrypted text in undo.rec file in order to run the function to achieve the undo feature.
Note: You will have to make a function in which for all installations the encryption key is different.