Headline
CVE-2017-20170: Fix SQL-injection vulnerability in page identifier parameter · ollpu/parontalli@6891bb2
A vulnerability was found in ollpu parontalli. It has been classified as critical. Affected is an unknown function of the file httpdocs/index.php. The manipulation of the argument s leads to sql injection. The name of the patch is 6891bb2dec57dca6daabc15a6d2808c8896620e5. It is recommended to apply a patch to fix this issue. VDB-218418 is the identifier assigned to this vulnerability.
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
* Explore
* All features
* Documentation
* GitHub Skills
* Blog
For
Enterprise
Teams
Startups
Education
By Solution
CI/CD & Automation
DevOps
DevSecOps
Case Studies
Customer Stories
Resources
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
* Repositories
* Topics
* Trending
* Collections
Pricing
Notifications
Fork 0
Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights
Permalink
Browse files
Fix SQL-injection vulnerability in page identifier parameter
Well that’s embarrassing…
- Loading branch information
ollpu committed
Jan 21, 2017
1 parent 422be98 commit 6891bb2dec57dca6daabc15a6d2808c8896620e5
Showing 1 changed file with 4 additions and 1 deletion.
@@ -12,7 +12,10 @@
//Go to first page in order (front page) if ?s argument is not set
if(!isset($_GET[“s”])) {$_GET[‘s’] = $fprow[‘uid’];}
if(!isset($_GET[“s”])) {$_GET[‘s’] = $fprow[‘uid’];}
else {
$_GET[‘s’] = mysqli_real_escape_string($yht, $_GET[‘s’]);
}
$haku_s = mysqli_query($yht, “SELECT * FROM `sivut` WHERE uid = ‘".$_GET[‘s’]."’ LIMIT 1”);
0 comments on commit 6891bb2
Please sign in to comment.