Headline
CVE-2013-10014: fix possible sql injections. · oktora24/2moons@1b09cf7
A vulnerability classified as critical has been found in oktora24 2moons. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 1b09cf7672eb85b5b0c8a4de321f7a4ad87b09a7. It is recommended to apply a patch to fix this issue. VDB-218898 is the identifier assigned to this vulnerability.
@@ -47,12 +47,12 @@ public function show()
$galaxyRight = HTTP::_GP('galaxyRight’, ‘’);
$systemLeft = HTTP::_GP('systemLeft’, ‘’);
$systemRight = HTTP::_GP('systemRight’, ‘’);
$galaxy = min(max(HTTP::_GP('galaxy’, $PLANET[‘galaxy’]), 1), Config::get(‘max_galaxy’));
$system = min(max(HTTP::_GP('system’, $PLANET[‘system’]), 1), Config::get(‘max_system’));
$planet = min(max(HTTP::_GP('planet’, $PLANET[‘planet’]), 1), Config::get(‘max_planets’));
$galaxy = min(max(HTTP::_GP('galaxy’, (int) $PLANET[‘galaxy’]), 1), Config::get(‘max_galaxy’));
$system = min(max(HTTP::_GP('system’, (int) $PLANET[‘system’]), 1), Config::get(‘max_system’));
$planet = min(max(HTTP::_GP('planet’, (int) $PLANET[‘planet’]), 1), Config::get(‘max_planets’));
$type = HTTP::_GP('type’, 1);
$current = HTTP::_GP('current’, 0);
if (!empty($galaxyLeft))
$galaxy = max($galaxy - 1, 1);
elseif (!empty($galaxyRight))