Re: Invision Gallery 2.0.7 SQL Injection Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

To fix this, you would need to change forum/modules/gallery/post.php at about line 153

from 

if( $this->ipsclass->input['op'] == 'doaddcomment' )
{
	$this->process_reply( $this->ipsclass->input['img'] );
}
else
{
	$this->reply_form( $this->ipsclass->input['img'] );
}

to

$img = intval($this->ipsclass->input['img']);
if( $this->ipsclass->input['op'] == 'doaddcomment' )
{
	$this->process_reply($img);
}
else
{
	$this->reply_form( $img );
}
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux