Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Posts.class.php
https://github.com/semplon/GeniXCMS/blob/master/inc/lib/Posts.class.php#L313
Functions getParam(), delParam() and existParam() do not filter any incoming parameters, resulting in many SQL injections.
getParam()
delParam()
existParam()
Here is an example.
public static function editParam($param, $value, $post_id) { $sql = "UPDATE `posts_param` SET `value` = '{$value}' WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' "; $q = Db::query($sql); if ($q) { return true; } else { return false; } }
pages.control.php line 165
pages.control.php
if (Posts::existParam('multilang', $_GET['id'])) { Posts::editParam('multilang', $multilang, $_GET['id']); } else { Posts::addParam('multilang', $multilang, $_GET['id']); }
pages_form.php line 133
pages_form.php
$lang = Language::getLangParam($key, $_GET['id']);
then $_GET[id] is parsed into Posts::getParam at Language.class.php line 75
$_GET[id]
Posts::getParam
Language.class.php
public static function getLangParam($lang, $post_id) { if (Posts::existParam('multilang', $post_id)) { $multilang = json_decode(Posts::getParam('multilang', $post_id), true); ...
posts_form.php line 122
posts_form.php
if ($lang == '' || !Posts::existParam('multilang', $_GET['id'])) {
There are many similar cases, please check it later.
The text was updated successfully, but these errors were encountered:
Security Fix #61 #62 #63 #65 #66 #67
abfbb61
semplon
No branches or pull requests
Source
https://github.com/semplon/GeniXCMS/blob/master/inc/lib/Posts.class.php#L313
Functions
getParam(),delParam()andexistParam()do not filter any incoming parameters, resulting in many SQL injections.Here is an example.
Injection 1
pages.control.phpline 165Injection 2
pages_form.phpline 133then
$_GET[id]is parsed intoPosts::getParamatLanguage.class.phpline 75Injection 3
posts_form.phpline 122There are many similar cases, please check it later.
The text was updated successfully, but these errors were encountered: