Loading...

XML

Word

Printable

Type: Defect (Security)
Resolution: Fixed
Priority: Critical
Fix Version/s: 1.8.22, 2.0.14, 2.2.8, 2.3.4
Affects Version/s: 2.3.2
Component/s: Frontend (F)
Labels:
- security

In /chart_bar.php ,line 163.

$itemid = $item['itemid'];

$itemid is a value from gpc(GET,POST,COOKIE) at line 54 of the same file.

code from /chart_bar.php:

Line:54 $items = get_request('items', array());
......
Line:162 foreach ($items as $item) {
Line:163 $itemid = intval($item['itemid']);
Line:174 ' WHERE itemid='.$itemid.

There is a SQL inject vulnerability in the $sql_arr because the $itemid can be evil.

Assignee:: Unassigned

Reporter:: Liang.Xu

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2014 Aug 05 07:27

Updated:: 2020 Jul 16 14:10

Resolved:: 2014 Aug 21 10:35

Details

Description

Attachments

Activity

People

Dates