Headline
CVE-2013-10018: * htdocs/prospection/save_contact.php: fixed SQL injection, yet again · fanzila/WebFinance@165dfca
A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The name of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended to apply a patch to fix this issue. The identifier VDB-220057 was assigned to this vulnerability.
@@ -39,14 +39,14 @@
$_SESSION[‘tmp_message’] = $_SESSION[‘message’];
$q = sprintf("INSERT INTO webfinance_personne (nom,prenom,email,tel,mobile,client,fonction,date_created,note) VALUES ('%s’, '%s’, '%s’, '%s’, '%s’, %d, ‘%s’, now(),’%s’)",
$_POST[‘nom’],
$_POST[‘prenom’],
$_POST[‘email’],
removeSpace($_POST[‘tel’]),
removeSpace($_POST[‘mobile’]),
$_POST[‘client’],
$_POST[‘fonction’],
$_POST[‘note’] );
mysql_real_escape_string($_POST[‘nom’]),
mysql_real_escape_string($_POST[‘prenom’]),
mysql_real_escape_string($_POST[‘email’]),
mysql_real_escape_string(removeSpace($_POST[‘tel’])),
mysql_real_escape_string(removeSpace($_POST[‘mobile’])),
mysql_real_escape_string($_POST[‘client’]),
mysql_real_escape_string($_POST[‘fonction’]),
mysql_real_escape_string($_POST[‘note’] ));
mysql_query($q)
or die("QUERY ERROR: $q ".mysql_error());