Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[11.x, user manager] SQL injection #1410

Closed
plegall opened this issue May 13, 2021 · 0 comments
Closed

[11.x, user manager] SQL injection #1410

plegall opened this issue May 13, 2021 · 0 comments

Comments

@plegall
Copy link
Member

plegall commented May 13, 2021

As reported by Harry Goodman from NCC Group:

The ‘order[0][dir]’ parameter in admin/user_list_backend.php is vulnerable to SQL injection

I believe this is because of the following pieces of code:

68   if ( $_REQUEST['columns'][$col]["searchable"] == "true" )
69   {
70     $sOrder .= $aColumns[ $col ].' '.$_REQUEST["order"][0]["dir"].', ';
71   }

I would suggest either using the check_inputs function that your application seems to rely on, or depending on how much functionality is needed, just do a check to ensure the parameter is either ASC or DESC.

CVE-2021-32615

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant