Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix sql injection (#11923)
in custom oid code

Thanks to loginsoft p.v.t l.t.d india for the report!
Website: https://www.loginsoft.com/
  • Loading branch information
murrant committed Jul 10, 2020
1 parent 1bb6bd8 commit 8f3a29c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions includes/html/forms/customoid.inc.php
Expand Up @@ -72,8 +72,8 @@
}

if ($action == "test") {
$query = "SELECT * FROM `devices` WHERE `device_id` = $device_id LIMIT 1";
$device = dbFetchRow($query);
$query = "SELECT * FROM `devices` WHERE `device_id` = ? LIMIT 1";
$device = dbFetchRow($query, [$device_id]);

$rawdata = snmp_get($device, $oid, '-Oqv');

Expand Down

0 comments on commit 8f3a29c

Please sign in to comment.