Headline
CVE-2016-15034: fix(security): Correct SQL injection in freedomrss_search.php (refs #… · dynacase-labs/dynacase-webdesk@750a9b3
A vulnerability was found in Dynacase Webdesk and classified as critical. Affected by this issue is the function freedomrss_search of the file freedomrss_search.php. The manipulation leads to sql injection. Upgrading to version 3.2-20180305 is able to address this issue. The patch is identified as 750a9b35af182950c952faf6ddfdcc50a2b25f8b. It is recommended to upgrade the affected component. VDB-233366 is the identifier assigned to this vulnerability.
Expand Up
@@ -16,10 +16,10 @@ function freedomrss_search(Action & $action)
$user = GetHttpVars("user", $action->user->id);
$lim = 10;
$filter[0] = "(title ~* ‘" . pg_escape_string($str) . "’)";
$filter[0] = "(title ~* " . pg_escape_literal($str) . ")";
$filter[1] = "(gui_isrss = ‘yes’)";
if ($sys == 1) $filter[2] = "(owner = " . pg_escape_string($user) . " or gui_sysrss = ‘yes’)";
else $filter[2] = "(owner = " . pg_escape_string($user) . ")";
if ($sys == 1) $filter[2] = "(owner = " . pg_escape_literal($user) . " or gui_sysrss = ‘yes’)";
else $filter[2] = "(owner = " . pg_escape_literal($user) . ")";
$famids = array(
"SEARCH",
Expand Down Expand Up
@@ -67,4 +67,3 @@ function rssGetFamTitle($id)
if (isset($t[“title”])) return $t[“title”];
return "Family $id";
}
?>