Headline
CVE-2010-10007: Some SQL injection safeguards · lierdakil/click-reminder@41213b6
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The name of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
@@ -36,6 +36,8 @@ protected function getMessageParam($param,$err_message,$err_no) { protected function db_query($query) { $query=str_replace(“\n","",$query); $query=ereg_replace(" +",” ",$query); if(strpos($query, ‘;’) !== false) throw new Exception("Query ‘$query’ contains ';’!", ERR_DB); $result = $this->mysql->query($query); if ($result === true) { if($this->mysql->affected_rows>0) @@ -102,6 +104,9 @@ function __construct($message) { parent::__construct($message); $this->iid = $this->getMessageParam('iid’, "No IID provided", ERR_NO_IID); #iid MUST be numeric. If not, it’s not an IID! if(!is_numeric($this->iid)) throw new Exception("Malformed IID '$this->iid’!", ERR_NO_IID); } } ?>