4images Forum & Community

4images Help / Hilfe => Bug Fixes & Patches => Topic started by: kai on March 19, 2012, 02:40:19 PM

Title: [1.7 - 1.7.10] Security fix for XSS and sql injection in admin/categories.php
Post by: kai on March 19, 2012, 02:40:19 PM
A cross site scripting vulnerability and possible sql injection in the 4images admin panel 1.7 - 1.7.10 has been found.

To fix this:

In admin/categories.php

find

$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? $HTTP_GET_VARS['cat_parent_id'] : 0;

and replace it with

$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? intval($HTTP_GET_VARS['cat_parent_id']) : 0;
Title: Re: [1.7 - 1.7.10] Security fix for XSS and sql injection in admin/categories.php
Post by: V@no on March 20, 2012, 03:44:24 AM
I don't get it, how is this a vulnerability? if someone already got access to admin account information and logged in as admin, this will not stop them from do whatever they want to, let alone use this security hole for anything...I mean, sure it's a bug, should be fixed, but call it a security bug... ;)