CVE-2023-5591: Fix MAC search sql injection (#15402) · librenms/librenms@908aef6

Expand Up @@ -37,7 +37,8 @@ } } elseif ($vars[‘search_type’] == ‘mac’) { $sql = ' FROM `ports` AS I, `devices` AS D’; $sql .= " WHERE I.device_id = D.device_id AND `ifPhysAddress` LIKE '%" . trim(str_replace([':’, ' ', '-', '.’, ‘0x’], ‘’, $vars[‘address’])) . "%’ $where "; $sql .= " WHERE I.device_id = D.device_id AND `ifPhysAddress` LIKE ? $where "; $param[] = ‘%’ . trim(str_replace([':’, ' ', '-', '.’, ‘0x’], '’, $vars[‘address’])) . '%’; }//end if if (is_numeric($vars[‘device_id’])) { $sql .= ' AND I.device_id = ?’; Expand Down