Bugfix: Possible SQL injection in nat/item-add-submit.php. Fixes #2344

phpipam · Dec 4, 2018 · 856b10c · 856b10c
1 parent 4554be4
commit 856b10c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/app/admin/nat/item-add-submit.php b/app/admin/nat/item-add-submit.php
@@ -91,6 +91,12 @@
     $nat_id   = $_POST['id'];               // nat id
     $nat_type = $_POST['type'];             // src, dst
 
+    // validate object type
+    if (!in_array($obj_type, ['subnets', 'ipaddresses'])) { $Result->show("danger", _("Invalid object type"), true); }
+
+    // validate object id
+    if (!is_numeric($obj_id)) { $Result->show("danger", _("Invalid object id"), true); }
+
     // validate object
     $item = $Tools->fetch_object ($obj_type, "id", $obj_id);
     if($item!==false) {

diff --git a/misc/CHANGELOG b/misc/CHANGELOG
@@ -51,6 +51,7 @@
     + Hide LDAP/AD/Radius username / password and secret from logs and syslog (#2006);
     + XSS in phpipamredirect cookie (#2338);
     + XSS in print-user.php, CSRF in user-edit.php (#2326);
+    + Possible SQL injection in nat/item-add-submit.php (#2344);
 
 == 1.3.2