Headline
CVE-2020-36631: Merge pull request #538 from InvoxiPlayGames/master · barronwaffles/dwc_network_server_emulator@f70eb21
A vulnerability was found in barronwaffles dwc_network_server_emulator. It has been declared as critical. This vulnerability affects the function update_profile of the file gamespy/gs_database.py. The manipulation of the argument firstname/lastname leads to sql injection. The attack can be initiated remotely. The name of the patch is f70eb21394f75019886fbc2fb536de36161ba422. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216772.
@@ -367,12 +367,12 @@ def update_profile(self, profileid, field): Start replacing each field one by one. TODO: Optimize this so it’s done all in one update. FIXME: Possible security issue due to embedding an unsanitized string directly into the statement. TODO: Check if other values than firstname/lastname are set using this “"” with Transaction(self.conn) as tx: q = “UPDATE users SET \"%s\” = ? WHERE profileid = ?" tx.nonquery(q % field[0], (field[1], profileid)) if field[0] in [“firstname", “lastname”]: with Transaction(self.conn) as tx: q = “UPDATE users SET \"%s\” = ? WHERE profileid = ?” tx.nonquery(q % field[0], (field[1], profileid))
# Session functions # TODO: Cache session keys so we don’t have to query the database every