4images Help / Hilfe > Bug Fixes & Patches

[1.7 - 1.7.10] Security fix for XSS and sql injection in admin/categories.php


A cross site scripting vulnerability and possible sql injection in the 4images admin panel 1.7 - 1.7.10 has been found.

To fix this:

In admin/categories.php


$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? $HTTP_GET_VARS['cat_parent_id'] : 0;

and replace it with

$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? intval($HTTP_GET_VARS['cat_parent_id']) : 0;

I don't get it, how is this a vulnerability? if someone already got access to admin account information and logged in as admin, this will not stop them from do whatever they want to, let alone use this security hole for anything...I mean, sure it's a bug, should be fixed, but call it a security bug... ;)


[0] Message Index

Go to full version