Skip to content

Commit

Permalink
fix sql injection security vulnerability; reported by Nicky [#1394 st…
Browse files Browse the repository at this point in the history 
…ate:resolved] [#1395 state:resolved]
  • Loading branch information
@dleffler
dleffler committed Nov 6, 2016
1 parent 4327ea9 commit fffb203
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion framework/core/controllers/expController.php
View file
Expand Up @@ -772,7 +772,7 @@ public function manage_ranks() {
$rank = 1; $rank = 1;
foreach ($this->params['rerank'] as $id) { foreach ($this->params['rerank'] as $id) {
$modelname = $this->params['model']; $modelname = $this->params['model'];
$obj = new $modelname($id); $obj = new $modelname(intval($id));
$obj->rank = $rank; $obj->rank = $rank;
$obj->save(false, true); $obj->save(false, true);
$rank++; $rank++;
Expand Down

2 comments on commit fffb203

@futurelighthouse
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CVEID: CVE-2016-9272
Credit: Nicky of Tencent Security Platform Department

@fgeek
Copy link

@fgeek fgeek commented on fffb203 Nov 19, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use CVE-2016-9272 for this vulnerability. Assigned in: http://www.openwall.com/lists/oss-security/2016/11/18/14

Please sign in to comment.