Author Topic: [1.7 - 1.7.9] Security fix for sql injection in admin/categories.php  (Read 13093 times)

0 Members and 1 Guest are viewing this topic.

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.423
    • View Profile
    • 4images - Image Gallery Management System
A possible sql injection vulnerability in 4images 1.7 - 1.7.9 has been found.
With this logged in admin users could alter queries to the application SQL database.

To fix this:

In admin/categories.php

find 2 x

  $auth_viewcat $HTTP_POST_VARS['auth_viewcat'];
  
$auth_viewimage $HTTP_POST_VARS['auth_viewimage'];
  
$auth_download $HTTP_POST_VARS['auth_download'];
  
$auth_upload $HTTP_POST_VARS['auth_upload'];
  
$auth_directupload $HTTP_POST_VARS['auth_directupload'];
  
$auth_vote $HTTP_POST_VARS['auth_vote'];
  
$auth_sendpostcard $HTTP_POST_VARS['auth_sendpostcard'];
  
$auth_readcomment $HTTP_POST_VARS['auth_readcomment'];
  
$auth_postcomment $HTTP_POST_VARS['auth_postcomment'];


and replace with

  $auth_viewcat intval($HTTP_POST_VARS['auth_viewcat']);
  
$auth_viewimage intval($HTTP_POST_VARS['auth_viewimage']);
  
$auth_download intval($HTTP_POST_VARS['auth_download']);
  
$auth_upload intval($HTTP_POST_VARS['auth_upload']);
  
$auth_directupload intval($HTTP_POST_VARS['auth_directupload']);
  
$auth_vote intval($HTTP_POST_VARS['auth_vote']);
  
$auth_sendpostcard intval($HTTP_POST_VARS['auth_sendpostcard']);
  
$auth_readcomment intval($HTTP_POST_VARS['auth_readcomment']);
  
$auth_postcomment intval($HTTP_POST_VARS['auth_postcomment']);
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search