Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1754: fix: added missing conversion to HTML entities, removed obsolete code · thorsten/phpMyFAQ@d773df9

Improper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE
#csrf#git#php#ldap

@@ -18,6 +18,7 @@ */
use phpMyFAQ\Filter; use phpMyFAQ\Strings; use phpMyFAQ\User; use phpMyFAQ\User\CurrentUser;
@@ -171,7 +172,7 @@ <div class="col-lg-12"> <h2 class="page-header"> <i aria-hidden="true" class="fa fa-users fa-fw"></i> <?= $PMF_LANG[‘ad_group_deleteGroup’] ?> “<?= $groupData[‘name’] ?>” <?= $PMF_LANG[‘ad_group_deleteGroup’] ?> “<?= Strings::htmlentities($groupData[‘name’]) ?>” </h2> </div> </header> @@ -226,8 +227,8 @@ $user = new User($faqConfig); $message = '’; $messages = []; $groupName = Filter::filterInput(INPUT_POST, 'group_name’, FILTER_UNSAFE_RAW, ‘’); $groupDescription = Filter::filterInput(INPUT_POST, 'group_description’, FILTER_UNSAFE_RAW, ‘’); $groupName = Filter::filterInput(INPUT_POST, 'group_name’, FILTER_SANITIZE_SPECIAL_CHARS, ‘’); $groupDescription = Filter::filterInput(INPUT_POST, 'group_description’, FILTER_SANITIZE_SPECIAL_CHARS, ‘’); $groupAutoJoin = Filter::filterInput(INPUT_POST, 'group_auto_join’, FILTER_UNSAFE_RAW, ‘’); $csrfOkay = true; $csrfToken = Filter::filterInput(INPUT_POST, 'csrf’, FILTER_UNSAFE_RAW); @@ -236,7 +237,7 @@ $csrfOkay = false; } // check group name if ($groupName == ‘’) { if ($groupName === ‘’) { $messages[] = $PMF_LANG[‘ad_group_error_noName’]; } // ok, let’s go @@ -336,60 +337,6 @@ <?php }
// Import LDAP groups /* if (‘import-ldap-groups’ === $groupAction && $user->perm->hasPermission($user->getUserId(), ‘addgroup’)) { $user = new CurrentUser($faqConfig); $message = '’; $messages = []; // Temporary data $groupName = 'LDAP Group’; $groupDescription = 'This is a LDAP group import demo’; $groupAutoJoin = false; $csrfOkay = true; $csrfToken = Filter::filterInput(INPUT_POST, 'csrf’, FILTER_UNSAFE_RAW); if (!isset($_SESSION[‘phpmyfaq_csrf_token’]) || $_SESSION[‘phpmyfaq_csrf_token’] !== $csrfToken) { $csrfOkay = false; } // check group name if ($groupName == ‘’) { $messages[] = $PMF_LANG[‘ad_group_error_noName’]; } // ok, let’s go if (count($messages) == 0 && $csrfOkay) { // create group $groupData = [ ‘name’ => $groupName, ‘description’ => $groupDescription, ‘auto_join’ => $groupAutoJoin, ]; if ($user->perm->addGroup($groupData) <= 0) { $messages[] = $PMF_LANG[‘ad_adus_dberr’]; } } // no errors, show list if (count($messages) == 0) { $groupAction = $defaultGroupAction; $message = sprintf('<p class="alert alert-success">%s</p>’, $PMF_LANG[‘ad_group_suc’]); // display error messages and show form again } else { $groupAction = 'import-ldap-groups’; $message = '<p class="alert alert-danger">’; foreach ($messages as $err) { $message .= $err . '<br>’; } $message .= '</p>’; } } */
// show list of users if (‘list’ === $groupAction) { ?> @@ -416,20 +363,6 @@
<div class="col-lg-4" id="group_list">
<!-- <div class="card mb-4"> <div class="card-header py-3"> <form id="group-import-ldap-groups" method="post" name="group-import-ldap-groups" action="?action=group&group_action=import-ldap-groups"> <input type="hidden" name="csrf" value="<?= $currentUser->getCsrfTokenFromSession() ?>"> <button class="btn btn-success" type="submit"> Import LDAP groups </button> </form> </div> </div> -->
<div class="card mb-4"> <form id="group_select" name="group_select" action="?action=group&group_action=delete_confirm" method="post">

Related news

GHSA-gvg8-r8w2-9gfj: phpMyFAQ Improper Input Validation vulnerability

Improper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907