index,vul_code,is_vulnerable,programming_language,method_name,file_name,repo_url,repo_owner,committer,committer_date,commit_msg,cwe_id,cwe_name,cwe_description,cwe_url,cve_id,patch 0,"function block_email_request($email) { if ( $this->is_blocked($email) ) return false; $subject = __('E-mail block confirmation', 'subscribe-to-comments'); $message = sprintf(__(""You are receiving this message to confirm that you no longer wish to receive e-mail comment notifications from \""%s\""\n\n"", 'subscribe-to-comments'), get_bloginfo('name')); $message .= __(""To cancel all future notifications for this address, click this link:\n\n"", 'subscribe-to-comments'); $message .= get_bloginfo('wpurl') . ""/wp-subscription-manager.php?email="" . $email . ""&key="" . $this->generate_key($email . 'blockrequest') . ""&blockemailconfirm=true"" . "".\n\n""; $message .= __(""If you did not request this action, please disregard this message."", 'subscribe-to-comments'); return $this->send_mail($email, $subject, $message); }",True,PHP,block_email_request,subscribe-to-comments.php,https://github.com/wp-plugins/subscribe-to-comments,wp-plugins,markjaquith,2006-09-17 06:38:32+00:00,"version 2.0.8, XSS fix thanks to MustLive, more fixes for addresses with + symbols git-svn-id: https://plugins.svn.wordpress.org/subscribe-to-comments/trunk@6401 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2006-10001,"function block_email_request($email) { if ( $this->is_blocked($email) ) return false; $subject = __('E-mail block confirmation', 'subscribe-to-comments'); $message = sprintf(__(""You are receiving this message to confirm that you no longer wish to receive e-mail comment notifications from \""%s\""\n\n"", 'subscribe-to-comments'), get_bloginfo('name')); $message .= __(""To cancel all future notifications for this address, click this link:\n\n"", 'subscribe-to-comments'); $message .= get_bloginfo('wpurl') . ""/wp-subscription-manager.php?email="" . urlencode($email) . ""&key="" . $this->generate_key($email . 'blockrequest') . ""&blockemailconfirm=true"" . "".\n\n""; $message .= __(""If you did not request this action, please disregard this message."", 'subscribe-to-comments'); return $this->send_mail($email, $subject, $message); }" 1,"function change_email_request() { if ( $this->is_blocked() ) return false; $subject = __('E-mail change confirmation', 'subscribe-to-comments'); $message = sprintf(__(""You are receiving this message to confirm a change of e-mail address for your subscriptions at \""%s\""\n\n"", 'subscribe-to-comments'), get_bloginfo('blogname')); $message .= sprintf(__(""To change your e-mail address to %s, click this link:\n\n"", 'subscribe-to-comments'), $this->new_email); $message .= get_bloginfo('wpurl') . ""/wp-subscription-manager.php?email="" . $this->email . ""&new_email="" . $this->new_email . ""&key="" . $this->generate_key($this->email . $this->new_email) . "".\n\n""; $message .= __('If you did not request this action, please disregard this message.', 'subscribe-to-comments'); return $this->send_mail($this->email, $subject, $message); }",True,PHP,change_email_request,subscribe-to-comments.php,https://github.com/wp-plugins/subscribe-to-comments,wp-plugins,markjaquith,2006-09-17 06:38:32+00:00,"version 2.0.8, XSS fix thanks to MustLive, more fixes for addresses with + symbols git-svn-id: https://plugins.svn.wordpress.org/subscribe-to-comments/trunk@6401 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2006-10001,"function change_email_request() { if ( $this->is_blocked() ) return false; $subject = __('E-mail change confirmation', 'subscribe-to-comments'); $message = sprintf(__(""You are receiving this message to confirm a change of e-mail address for your subscriptions at \""%s\""\n\n"", 'subscribe-to-comments'), get_bloginfo('blogname')); $message .= sprintf(__(""To change your e-mail address to %s, click this link:\n\n"", 'subscribe-to-comments'), $this->new_email); $message .= get_bloginfo('wpurl') . ""/wp-subscription-manager.php?email="" . urlencode($this->email) . ""&new_email="" . urlencode($this->new_email) . ""&key="" . $this->generate_key($this->email . $this->new_email) . "".\n\n""; $message .= __('If you did not request this action, please disregard this message.', 'subscribe-to-comments'); return $this->send_mail($this->email, $subject, $message); }" 4,"$email = strtolower($comment_author_email); } else { return false; } $post_author = get_userdata($post->post_author); if ( strtolower($post_author->user_email) == $email && $loggedin ) return 'admin'; if ( is_array($this->subscriptions_from_email($email)) ) if ( in_array($post->ID, $this->email_subscriptions) ) return $email; return false; }",True,PHP,strtolower,subscribe-to-comments.php,https://github.com/wp-plugins/subscribe-to-comments,wp-plugins,markjaquith,2006-09-17 06:38:32+00:00,"version 2.0.8, XSS fix thanks to MustLive, more fixes for addresses with + symbols git-svn-id: https://plugins.svn.wordpress.org/subscribe-to-comments/trunk@6401 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2006-10001,"function manage_link($email='', $html=true, $echo=true) { $link = get_bloginfo('wpurl') . '/wp-subscription-manager.php'; if ( $email != 'admin' ) { $link = add_query_arg('email', urlencode(urlencode($email)), $link); $link = add_query_arg('key', $this->generate_key($email), $link); } $link = add_query_arg('ref', urlencode('http: $link = str_replace('+', '%2B', $link); if ( $html ) $link = htmlentities($link); if ( !$echo ) return $link; echo $link; }" 5,"function manage_link($email='', $html=true, $echo=true) { $link = get_bloginfo('wpurl') . '/wp-subscription-manager.php'; if ( $email != 'admin' ) { $link = add_query_arg('email', urlencode($email), $link); $link = add_query_arg('key', $this->generate_key($email), $link); } $link = add_query_arg('ref', urlencode('http: if ( $html ) $link = htmlentities($link); if ( !$echo ) return $link; echo $link; }",True,PHP,manage_link,subscribe-to-comments.php,https://github.com/wp-plugins/subscribe-to-comments,wp-plugins,markjaquith,2006-09-17 06:38:32+00:00,"version 2.0.8, XSS fix thanks to MustLive, more fixes for addresses with + symbols git-svn-id: https://plugins.svn.wordpress.org/subscribe-to-comments/trunk@6401 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2006-10001,"function show_manual_subscription_form () { global $id, $sg_subscribe, $user_email; sg_subscribe_start(); $sg_subscribe->show_errors('solo_subscribe', '
', '
', __('Error: ', 'subscribe-to-comments'), '
'); if ( !$sg_subscribe->current_viewer_subscription_status() ) : get_currentuserinfo(); ?>
"" />
"" />

{$var} = trim($_REQUEST[$var]); } if ( !$this->key ) $this->key = 'unset'; },True,PHP,trim,subscribe-to-comments.php,https://github.com/wp-plugins/subscribe-to-comments,wp-plugins,markjaquith,2006-09-17 06:38:32+00:00,"version 2.0.8, XSS fix thanks to MustLive, more fixes for addresses with + symbols git-svn-id: https://plugins.svn.wordpress.org/subscribe-to-comments/trunk@6401 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2006-10001,"public function recipient($address) { return $this->sendCommand( 'RCPT TO', 'RCPT TO:<' . $address . '>', array(250, 251) ); }" 8,"function show_manual_subscription_form () { global $id, $sg_subscribe, $user_email; sg_subscribe_start(); $sg_subscribe->show_errors('solo_subscribe', '
', '
', __('Error: ', 'subscribe-to-comments'), '
'); if ( !$sg_subscribe->current_viewer_subscription_status() ) : get_currentuserinfo(); ?>
"" />
"" />

Mail->SMTPDebug = 4; $this->assertTrue($this->Mail->smtpConnect(), 'SMTP single connect failed'); $this->Mail->smtpClose(); $this->Mail->Host = ""ssl: $this->assertFalse($this->Mail->smtpConnect(), 'SMTP bad multi-connect succeeded'); $this->Mail->smtpClose(); $this->Mail->Host = ""localhost:12345;10.10.10.10:54321;"" . $_REQUEST['mail_host']; $this->assertTrue($this->Mail->smtpConnect(), 'SMTP multi-connect failed'); $this->Mail->smtpClose(); $this->Mail->Host = "" localhost:12345 ; "" . $_REQUEST['mail_host'] . ' '; $this->assertTrue($this->Mail->smtpConnect(), 'SMTP hosts with stray spaces failed'); $this->Mail->smtpClose(); $this->Mail->Host = $_REQUEST['mail_host']; $this->assertTrue( $this->Mail->smtpConnect(array('ssl' => array('verify_depth' => 10))), 'SMTP connect with options failed' ); }" 12,"public function recipient($toaddr) { return $this->sendCommand( 'RCPT TO', 'RCPT TO:<' . $toaddr . '>', array(250, 251) ); }",True,PHP,recipient,class.smtp.php,https://github.com/PHPMailer/PHPMailer,PHPMailer,Synchro,2015-11-01 11:12:04+01:00,"Add test for line breaks in addresses vulnerability Don't allow line breaks in addresses Don't allow line breaks in SMTP commands Rearrange tests so slowest tests run last",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-8476,"public function testValidate() { $validaddresses = array( 'first@iana.org', 'first.last@iana.org', '1234567890123456789012345678901234567890123456789012345678901234@iana.org', '""first\""last""@iana.org', '""first@last""@iana.org', '""first\last""@iana.org', 'first.last@[12.34.56.78]', 'first.last@[IPv6:::12.34.56.78]', 'first.last@[IPv6:1111:2222:3333::4444:12.34.56.78]', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666:12.34.56.78]', 'first.last@[IPv6:::1111:2222:3333:4444:5555:6666]', 'first.last@[IPv6:1111:2222:3333::4444:5555:6666]', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666::]', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666:7777:8888]', 'first.last@x23456789012345678901234567890123456789012345678901234567890123.iana.org', 'first.last@3com.com', 'first.last@123.iana.org', '""first\last""@iana.org', 'first.last@[IPv6:1111:2222:3333::4444:5555:12.34.56.78]', 'first.last@[IPv6:1111:2222:3333::4444:5555:6666:7777]', 'first.last@example.123', 'first.last@com', '""Abc\@def""@iana.org', '""Fred\ Bloggs""@iana.org', '""Joe.\Blow""@iana.org', '""Abc@def""@iana.org', 'user+mailbox@iana.org', 'customer/department=shipping@iana.org', '$A12345@iana.org', '!def!xyz%abc@iana.org', '_somename@iana.org', 'dclo@us.ibm.com', 'peter.piper@iana.org', '""Doug \""Ace\"" L.""@iana.org', 'test@iana.org', 'TEST@iana.org', '1234567890@iana.org', 'test+test@iana.org', 'test-test@iana.org', 't*est@iana.org', '+1~1+@iana.org', '{_test_}@iana.org', '""[[ test ]]""@iana.org', 'test.test@iana.org', '""test.test""@iana.org', 'test.""test""@iana.org', '""test@test""@iana.org', 'test@123.123.123.x123', 'test@123.123.123.123', 'test@[123.123.123.123]', 'test@example.iana.org', 'test@example.example.iana.org', '""test\test""@iana.org', 'test@example', '""test\blah""@iana.org', '""test\blah""@iana.org', '""test\""blah""@iana.org', 'customer/department@iana.org', '_Yosemite.Sam@iana.org', '~@iana.org', '""Austin@Powers""@iana.org', 'Ima.Fool@iana.org', '""Ima.Fool""@iana.org', '""Ima Fool""@iana.org', '""first"".""last""@iana.org', '""first"".middle.""last""@iana.org', '""first"".last@iana.org', 'first.""last""@iana.org', '""first"".""middle"".""last""@iana.org', '""first.middle"".""last""@iana.org', '""first.middle.last""@iana.org', '""first..last""@iana.org', '""first\""last""@iana.org', 'first.""mid\dle"".""last""@iana.org', '""test blah""@iana.org', '(foo)cal(bar)@(baz)iamcal.com(quux)', 'cal@iamcal(woo).(yay)com', 'cal(woo(yay)hoopla)@iamcal.com', 'cal(foo\@bar)@iamcal.com', 'cal(foo\)bar)@iamcal.com', 'first().last@iana.org', 'pete(his account)@silly.test(his host)', 'c@(Chris\'s host.)public.example', 'jdoe@machine(comment). example', '1234 @ local(blah) .machine .example', 'first(abc.def).last@iana.org', 'first(a""bc.def).last@iana.org', 'first.("")middle.last("")@iana.org', 'first(abc\(def)@iana.org', 'first.last@x(1234567890123456789012345678901234567890123456789012345678901234567890).com', 'a(a(b(c)d(e(f))g)h(i)j)@iana.org', 'name.lastname@domain.com', 'a@b', 'a@bar.com', 'aaa@[123.123.123.123]', 'a@bar', 'a-b@bar.com', '+@b.c', '+@b.com', 'a@b.co-foo.uk', '""hello my name is""@stutter.com', '""Test \""Fail\"" Ing""@iana.org', 'valid@about.museum', 'shaitan@my-domain.thisisminekthx', 'foobar@192.168.0.1', '""Joe\Blow""@iana.org', 'HM2Kinsists@(that comments are allowed)this.is.ok', 'user%uucp!path@berkeley.edu', 'first.last @iana.org', 'cdburgess+! 'first.last@[IPv6:::a2:a3:a4:b1:b2:b3:b4]', 'first.last@[IPv6:a1:a2:a3:a4:b1:b2:b3::]', 'first.last@[IPv6:::]', 'first.last@[IPv6:::b4]', 'first.last@[IPv6:::b3:b4]', 'first.last@[IPv6:a1::b4]', 'first.last@[IPv6:a1::]', 'first.last@[IPv6:a1:a2::]', 'first.last@[IPv6:0123:4567:89ab:cdef::]', 'first.last@[IPv6:0123:4567:89ab:CDEF::]', 'first.last@[IPv6:::a3:a4:b1:ffff:11.22.33.44]', 'first.last@[IPv6:::a2:a3:a4:b1:ffff:11.22.33.44]', 'first.last@[IPv6:a1:a2:a3:a4::11.22.33.44]', 'first.last@[IPv6:a1:a2:a3:a4:b1::11.22.33.44]', 'first.last@[IPv6:a1::11.22.33.44]', 'first.last@[IPv6:a1:a2::11.22.33.44]', 'first.last@[IPv6:0123:4567:89ab:cdef::11.22.33.44]', 'first.last@[IPv6:0123:4567:89ab:CDEF::11.22.33.44]', 'first.last@[IPv6:a1::b2:11.22.33.44]', 'test@test.com', 'test@xn--example.com', 'test@example.com' ); $invalidaddresses = array( 'first.last@sub.do,com', 'first\@last@iana.org', '123456789012345678901234567890123456789012345678901234567890' . '@12345678901234567890123456789012345678901234 [...]', 'first.last', '12345678901234567890123456789012345678901234567890123456789012345@iana.org', '.first.last@iana.org', 'first.last.@iana.org', 'first..last@iana.org', '""first""last""@iana.org', '""""""@iana.org', '""\""@iana.org', 'first\@last@iana.org', 'first.last@', 'x@x23456789.x23456789.x23456789.x23456789.x23456789.x23456789.x23456789.' . 'x23456789.x23456789.x23456789.x23 [...]', 'first.last@[.12.34.56.78]', 'first.last@[12.34.56.789]', 'first.last@[::12.34.56.78]', 'first.last@[IPv5:::12.34.56.78]', 'first.last@[IPv6:1111:2222:3333:4444:5555:12.34.56.78]', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666:7777:12.34.56.78]', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666:7777]', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666:7777:8888:9999]', 'first.last@[IPv6:1111:2222::3333::4444:5555:6666]', 'first.last@[IPv6:1111:2222:333x::4444:5555]', 'first.last@[IPv6:1111:2222:33333::4444:5555]', 'first.last@-xample.com', 'first.last@exampl-.com', 'first.last@x234567890123456789012345678901234567890123456789012345678901234.iana.org', 'abc\@def@iana.org', 'abc\@iana.org', 'Doug\ \""Ace\""\ Lovell@iana.org', 'abc@def@iana.org', 'abc\@def@iana.org', 'abc\@iana.org', '@iana.org', 'doug@', '""qu@iana.org', 'ote""@iana.org', '.dot@iana.org', 'dot.@iana.org', 'two..dot@iana.org', '""Doug ""Ace"" L.""@iana.org', 'Doug\ \""Ace\""\ L\.@iana.org', 'hello world@iana.org', 'gatsby@f.sc.ot.t.f.i.tzg.era.l.d.', 'test.iana.org', 'test.@iana.org', 'test..test@iana.org', '.test@iana.org', 'test@test@iana.org', 'test@@iana.org', '-- test --@iana.org', '[test]@iana.org', '""test""test""@iana.org', '()[]\;:,><@iana.org', 'test@.', 'test@example.', 'test@.org', 'test@12345678901234567890123456789012345678901234567890123456789012345678901234567890' . '12345678901234567890 [...]', 'test@[123.123.123.123', 'test@123.123.123.123]', 'NotAnEmail', '@NotAnEmail', '""test""blah""@iana.org', '.wooly@iana.org', 'wo..oly@iana.org', 'pootietang.@iana.org', '.@iana.org', 'Ima Fool@iana.org', 'phil.h\@\@ck@haacked.com', 'foo@[\1.2.3.4]', 'first\last@iana.org', 'Abc\@def@iana.org', 'Fred\ Bloggs@iana.org', 'Joe.\Blow@iana.org', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666:12.34.567.89]', '{^c\@**Dog^}@cartoon.com', 'cal(foo(bar)@iamcal.com', 'cal(foo)bar)@iamcal.com', 'cal(foo\)@iamcal.com', 'first(12345678901234567890123456789012345678901234567890)last@(1234567890123456789' . '01234567890123456789012 [...]', 'first(middle)last@iana.org', 'first(abc(""def"".ghi).mno)middle(abc(""def"".ghi).mno).last@(abc(""def"".ghi).mno)example' . '(abc(""def"".ghi).mno). [...]', 'a(a(b(c)d(e(f))g)(h(i)j)@iana.org', '.@', '@bar.com', '@@bar.com', 'aaa.com', 'aaa@.com', 'aaa@.123', 'aaa@[123.123.123.123]a', 'aaa@[123.123.123.333]', 'a@bar.com.', 'a@-b.com', 'a@b-.com', '-@..com', '-@a..com', 'invalid@about.museum-', 'test@...........com', '""Unicode NULL' . chr(0) . '""@char.com', 'Unicode NULL' . chr(0) . '@char.com', 'first.last@[IPv6::]', 'first.last@[IPv6::::]', 'first.last@[IPv6::b4]', 'first.last@[IPv6::::b4]', 'first.last@[IPv6::b3:b4]', 'first.last@[IPv6::::b3:b4]', 'first.last@[IPv6:a1:::b4]', 'first.last@[IPv6:a1:]', 'first.last@[IPv6:a1:::]', 'first.last@[IPv6:a1:a2:]', 'first.last@[IPv6:a1:a2:::]', 'first.last@[IPv6::11.22.33.44]', 'first.last@[IPv6::::11.22.33.44]', 'first.last@[IPv6:a1:11.22.33.44]', 'first.last@[IPv6:a1:::11.22.33.44]', 'first.last@[IPv6:a1:a2:::11.22.33.44]', 'first.last@[IPv6:0123:4567:89ab:cdef::11.22.33.xx]', 'first.last@[IPv6:0123:4567:89ab:CDEFF::11.22.33.44]', 'first.last@[IPv6:a1::a4:b1::b4:11.22.33.44]', 'first.last@[IPv6:a1::11.22.33]', 'first.last@[IPv6:a1::11.22.33.44.55]', 'first.last@[IPv6:a1::b211.22.33.44]', 'first.last@[IPv6:a1::b2::11.22.33.44]', 'first.last@[IPv6:a1::b3:]', 'first.last@[IPv6::a2::b4]', 'first.last@[IPv6:a1:a2:a3:a4:b1:b2:b3:]', 'first.last@[IPv6::a2:a3:a4:b1:b2:b3:b4]', 'first.last@[IPv6:a1:a2:a3:a4::b1:b2:b3:b4]', ""(\r\n RCPT TO:websec02@d.mbsd.jp\r\n DATA \\\nSubject: spam10\\\n\r\n Hello,\r\n this is a spam mail.\\\n.\r\n QUIT\r\n ) a@gmail.com"" ); $unicodeaddresses = array( 'first.last@bücher.ch', 'first.last@кто.рф', 'first.last@phplíst.com', ); $asciiaddresses = array( 'first.last@xn--bcher-kva.ch', 'first.last@xn--j1ail.xn--p1ai', 'first.last@xn--phplst-6va.com', ); $goodfails = array(); foreach (array_merge($validaddresses, $asciiaddresses) as $address) { if (!PHPMailer::validateAddress($address)) { $goodfails[] = $address; } } $badpasses = array(); foreach (array_merge($invalidaddresses, $unicodeaddresses) as $address) { if (PHPMailer::validateAddress($address)) { $badpasses[] = $address; } } $err = ''; if (count($goodfails) > 0) { $err .= ""Good addresses that failed validation:\n""; $err .= implode(""\n"", $goodfails); } if (count($badpasses) > 0) { if (!empty($err)) { $err .= ""\n\n""; } $err .= ""Bad addresses that passed validation:\n""; $err .= implode(""\n"", $badpasses); } $this->assertEmpty($err, $err); $this->assertTrue(PHPMailer::validateAddress('test@example.com', 'auto')); $this->assertFalse(PHPMailer::validateAddress('test@example.com.', 'auto')); $this->assertTrue(PHPMailer::validateAddress('test@example.com', 'pcre')); $this->assertFalse(PHPMailer::validateAddress('test@example.com.', 'pcre')); $this->assertTrue(PHPMailer::validateAddress('test@example.com', 'pcre8')); $this->assertFalse(PHPMailer::validateAddress('test@example.com.', 'pcre8')); $this->assertTrue(PHPMailer::validateAddress('test@example.com', 'php')); $this->assertFalse(PHPMailer::validateAddress('test@example.com.', 'php')); $this->assertTrue(PHPMailer::validateAddress('test@example.com', 'noregex')); $this->assertFalse(PHPMailer::validateAddress('bad', 'noregex')); }" 14,"public function testSmtpConnect() { $this->Mail->SMTPDebug = 4; $this->assertTrue($this->Mail->smtpConnect(), 'SMTP single connect failed'); $this->Mail->smtpClose(); $this->Mail->Host = ""ssl: $this->assertFalse($this->Mail->smtpConnect(), 'SMTP bad multi-connect succeeded'); $this->Mail->smtpClose(); $this->Mail->Host = ""localhost:12345;10.10.10.10:54321;"" . $_REQUEST['mail_host']; $this->assertTrue($this->Mail->smtpConnect(), 'SMTP multi-connect failed'); $this->Mail->smtpClose(); $this->Mail->Host = "" localhost:12345 ; "" . $_REQUEST['mail_host'] . ' '; $this->assertTrue($this->Mail->smtpConnect(), 'SMTP hosts with stray spaces failed'); $this->Mail->smtpClose(); $this->Mail->Host = $_REQUEST['mail_host']; $this->assertTrue( $this->Mail->smtpConnect(array('ssl' => array('verify_depth' => 10))), 'SMTP connect with options failed' ); }",True,PHP,testSmtpConnect,phpmailerTest.php,https://github.com/PHPMailer/PHPMailer,PHPMailer,Synchro,2015-11-01 11:12:04+01:00,"Add test for line breaks in addresses vulnerability Don't allow line breaks in addresses Don't allow line breaks in SMTP commands Rearrange tests so slowest tests run last",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-8476,"public function testPopBeforeSmtpBad() { $pid = shell_exec('nohup ./runfakepopserver.sh 1101 >/dev/null 2>/dev/null & printf ""%u"" $!'); $this->pids[] = $pid; sleep(2); $this->assertFalse( POP3::popBeforeSmtp('localhost', 1101, 10, 'user', 'xxx', $this->Mail->SMTPDebug), 'POP before SMTP should have failed' ); shell_exec('kill -TERM ' . escapeshellarg($pid)); sleep(2); }" 15,"public function testValidate() { $validaddresses = array( 'first@iana.org', 'first.last@iana.org', '1234567890123456789012345678901234567890123456789012345678901234@iana.org', '""first\""last""@iana.org', '""first@last""@iana.org', '""first\last""@iana.org', 'first.last@[12.34.56.78]', 'first.last@[IPv6:::12.34.56.78]', 'first.last@[IPv6:1111:2222:3333::4444:12.34.56.78]', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666:12.34.56.78]', 'first.last@[IPv6:::1111:2222:3333:4444:5555:6666]', 'first.last@[IPv6:1111:2222:3333::4444:5555:6666]', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666::]', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666:7777:8888]', 'first.last@x23456789012345678901234567890123456789012345678901234567890123.iana.org', 'first.last@3com.com', 'first.last@123.iana.org', '""first\last""@iana.org', 'first.last@[IPv6:1111:2222:3333::4444:5555:12.34.56.78]', 'first.last@[IPv6:1111:2222:3333::4444:5555:6666:7777]', 'first.last@example.123', 'first.last@com', '""Abc\@def""@iana.org', '""Fred\ Bloggs""@iana.org', '""Joe.\Blow""@iana.org', '""Abc@def""@iana.org', '""Fred Bloggs""@iana.org', 'user+mailbox@iana.org', 'customer/department=shipping@iana.org', '$A12345@iana.org', '!def!xyz%abc@iana.org', '_somename@iana.org', 'dclo@us.ibm.com', 'peter.piper@iana.org', '""Doug \""Ace\"" L.""@iana.org', 'test@iana.org', 'TEST@iana.org', '1234567890@iana.org', 'test+test@iana.org', 'test-test@iana.org', 't*est@iana.org', '+1~1+@iana.org', '{_test_}@iana.org', '""[[ test ]]""@iana.org', 'test.test@iana.org', '""test.test""@iana.org', 'test.""test""@iana.org', '""test@test""@iana.org', 'test@123.123.123.x123', 'test@123.123.123.123', 'test@[123.123.123.123]', 'test@example.iana.org', 'test@example.example.iana.org', '""test\test""@iana.org', 'test@example', '""test\blah""@iana.org', '""test\blah""@iana.org', '""test\""blah""@iana.org', 'customer/department@iana.org', '_Yosemite.Sam@iana.org', '~@iana.org', '""Austin@Powers""@iana.org', 'Ima.Fool@iana.org', '""Ima.Fool""@iana.org', '""Ima Fool""@iana.org', '""first"".""last""@iana.org', '""first"".middle.""last""@iana.org', '""first"".last@iana.org', 'first.""last""@iana.org', '""first"".""middle"".""last""@iana.org', '""first.middle"".""last""@iana.org', '""first.middle.last""@iana.org', '""first..last""@iana.org', '""first\""last""@iana.org', 'first.""mid\dle"".""last""@iana.org', '""test blah""@iana.org', '(foo)cal(bar)@(baz)iamcal.com(quux)', 'cal@iamcal(woo).(yay)com', 'cal(woo(yay)hoopla)@iamcal.com', 'cal(foo\@bar)@iamcal.com', 'cal(foo\)bar)@iamcal.com', 'first().last@iana.org', 'pete(his account)@silly.test(his host)', 'c@(Chris\'s host.)public.example', 'jdoe@machine(comment). example', '1234 @ local(blah) .machine .example', 'first(abc.def).last@iana.org', 'first(a""bc.def).last@iana.org', 'first.("")middle.last("")@iana.org', 'first(abc\(def)@iana.org', 'first.last@x(1234567890123456789012345678901234567890123456789012345678901234567890).com', 'a(a(b(c)d(e(f))g)h(i)j)@iana.org', 'name.lastname@domain.com', 'a@b', 'a@bar.com', 'aaa@[123.123.123.123]', 'a@bar', 'a-b@bar.com', '+@b.c', '+@b.com', 'a@b.co-foo.uk', '""hello my name is""@stutter.com', '""Test \""Fail\"" Ing""@iana.org', 'valid@about.museum', 'shaitan@my-domain.thisisminekthx', 'foobar@192.168.0.1', '""Joe\Blow""@iana.org', 'HM2Kinsists@(that comments are allowed)this.is.ok', 'user%uucp!path@berkeley.edu', 'first.last @iana.org', 'cdburgess+! 'first.last@[IPv6:::a2:a3:a4:b1:b2:b3:b4]', 'first.last@[IPv6:a1:a2:a3:a4:b1:b2:b3::]', 'first.last@[IPv6:::]', 'first.last@[IPv6:::b4]', 'first.last@[IPv6:::b3:b4]', 'first.last@[IPv6:a1::b4]', 'first.last@[IPv6:a1::]', 'first.last@[IPv6:a1:a2::]', 'first.last@[IPv6:0123:4567:89ab:cdef::]', 'first.last@[IPv6:0123:4567:89ab:CDEF::]', 'first.last@[IPv6:::a3:a4:b1:ffff:11.22.33.44]', 'first.last@[IPv6:::a2:a3:a4:b1:ffff:11.22.33.44]', 'first.last@[IPv6:a1:a2:a3:a4::11.22.33.44]', 'first.last@[IPv6:a1:a2:a3:a4:b1::11.22.33.44]', 'first.last@[IPv6:a1::11.22.33.44]', 'first.last@[IPv6:a1:a2::11.22.33.44]', 'first.last@[IPv6:0123:4567:89ab:cdef::11.22.33.44]', 'first.last@[IPv6:0123:4567:89ab:CDEF::11.22.33.44]', 'first.last@[IPv6:a1::b2:11.22.33.44]', 'test@test.com', 'test@xn--example.com', 'test@example.com', ); $invalidaddresses = array( 'first.last@sub.do,com', 'first\@last@iana.org', '123456789012345678901234567890123456789012345678901234567890' . '@12345678901234567890123456789012345678901234 [...]', 'first.last', '12345678901234567890123456789012345678901234567890123456789012345@iana.org', '.first.last@iana.org', 'first.last.@iana.org', 'first..last@iana.org', '""first""last""@iana.org', '""""""@iana.org', '""\""@iana.org', 'first\@last@iana.org', 'first.last@', 'x@x23456789.x23456789.x23456789.x23456789.x23456789.x23456789.x23456789.' . 'x23456789.x23456789.x23456789.x23 [...]', 'first.last@[.12.34.56.78]', 'first.last@[12.34.56.789]', 'first.last@[::12.34.56.78]', 'first.last@[IPv5:::12.34.56.78]', 'first.last@[IPv6:1111:2222:3333:4444:5555:12.34.56.78]', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666:7777:12.34.56.78]', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666:7777]', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666:7777:8888:9999]', 'first.last@[IPv6:1111:2222::3333::4444:5555:6666]', 'first.last@[IPv6:1111:2222:333x::4444:5555]', 'first.last@[IPv6:1111:2222:33333::4444:5555]', 'first.last@-xample.com', 'first.last@exampl-.com', 'first.last@x234567890123456789012345678901234567890123456789012345678901234.iana.org', 'abc\@def@iana.org', 'abc\@iana.org', 'Doug\ \""Ace\""\ Lovell@iana.org', 'abc@def@iana.org', 'abc\@def@iana.org', 'abc\@iana.org', '@iana.org', 'doug@', '""qu@iana.org', 'ote""@iana.org', '.dot@iana.org', 'dot.@iana.org', 'two..dot@iana.org', '""Doug ""Ace"" L.""@iana.org', 'Doug\ \""Ace\""\ L\.@iana.org', 'hello world@iana.org', 'gatsby@f.sc.ot.t.f.i.tzg.era.l.d.', 'test.iana.org', 'test.@iana.org', 'test..test@iana.org', '.test@iana.org', 'test@test@iana.org', 'test@@iana.org', '-- test --@iana.org', '[test]@iana.org', '""test""test""@iana.org', '()[]\;:,><@iana.org', 'test@.', 'test@example.', 'test@.org', 'test@12345678901234567890123456789012345678901234567890123456789012345678901234567890' . '12345678901234567890 [...]', 'test@[123.123.123.123', 'test@123.123.123.123]', 'NotAnEmail', '@NotAnEmail', '""test""blah""@iana.org', '.wooly@iana.org', 'wo..oly@iana.org', 'pootietang.@iana.org', '.@iana.org', 'Ima Fool@iana.org', 'phil.h\@\@ck@haacked.com', 'foo@[\1.2.3.4]', 'first\last@iana.org', 'Abc\@def@iana.org', 'Fred\ Bloggs@iana.org', 'Joe.\Blow@iana.org', 'first.last@[IPv6:1111:2222:3333:4444:5555:6666:12.34.567.89]', '{^c\@**Dog^}@cartoon.com', 'cal(foo(bar)@iamcal.com', 'cal(foo)bar)@iamcal.com', 'cal(foo\)@iamcal.com', 'first(12345678901234567890123456789012345678901234567890)last@(1234567890123456789' . '01234567890123456789012 [...]', 'first(middle)last@iana.org', 'first(abc(""def"".ghi).mno)middle(abc(""def"".ghi).mno).last@(abc(""def"".ghi).mno)example' . '(abc(""def"".ghi).mno). [...]', 'a(a(b(c)d(e(f))g)(h(i)j)@iana.org', '.@', '@bar.com', '@@bar.com', 'aaa.com', 'aaa@.com', 'aaa@.123', 'aaa@[123.123.123.123]a', 'aaa@[123.123.123.333]', 'a@bar.com.', 'a@-b.com', 'a@b-.com', '-@..com', '-@a..com', 'invalid@about.museum-', 'test@...........com', '""Unicode NULL' . chr(0) . '""@char.com', 'Unicode NULL' . chr(0) . '@char.com', 'first.last@[IPv6::]', 'first.last@[IPv6::::]', 'first.last@[IPv6::b4]', 'first.last@[IPv6::::b4]', 'first.last@[IPv6::b3:b4]', 'first.last@[IPv6::::b3:b4]', 'first.last@[IPv6:a1:::b4]', 'first.last@[IPv6:a1:]', 'first.last@[IPv6:a1:::]', 'first.last@[IPv6:a1:a2:]', 'first.last@[IPv6:a1:a2:::]', 'first.last@[IPv6::11.22.33.44]', 'first.last@[IPv6::::11.22.33.44]', 'first.last@[IPv6:a1:11.22.33.44]', 'first.last@[IPv6:a1:::11.22.33.44]', 'first.last@[IPv6:a1:a2:::11.22.33.44]', 'first.last@[IPv6:0123:4567:89ab:cdef::11.22.33.xx]', 'first.last@[IPv6:0123:4567:89ab:CDEFF::11.22.33.44]', 'first.last@[IPv6:a1::a4:b1::b4:11.22.33.44]', 'first.last@[IPv6:a1::11.22.33]', 'first.last@[IPv6:a1::11.22.33.44.55]', 'first.last@[IPv6:a1::b211.22.33.44]', 'first.last@[IPv6:a1::b2::11.22.33.44]', 'first.last@[IPv6:a1::b3:]', 'first.last@[IPv6::a2::b4]', 'first.last@[IPv6:a1:a2:a3:a4:b1:b2:b3:]', 'first.last@[IPv6::a2:a3:a4:b1:b2:b3:b4]', 'first.last@[IPv6:a1:a2:a3:a4::b1:b2:b3:b4]', ); $unicodeaddresses = array( 'first.last@bücher.ch', 'first.last@кто.рф', 'first.last@phplíst.com', ); $asciiaddresses = array( 'first.last@xn--bcher-kva.ch', 'first.last@xn--j1ail.xn--p1ai', 'first.last@xn--phplst-6va.com', ); $goodfails = array(); foreach (array_merge($validaddresses, $asciiaddresses) as $address) { if (!PHPMailer::validateAddress($address)) { $goodfails[] = $address; } } $badpasses = array(); foreach (array_merge($invalidaddresses, $unicodeaddresses) as $address) { if (PHPMailer::validateAddress($address)) { $badpasses[] = $address; } } $err = ''; if (count($goodfails) > 0) { $err .= ""Good addresses that failed validation:\n""; $err .= implode(""\n"", $goodfails); } if (count($badpasses) > 0) { if (!empty($err)) { $err .= ""\n\n""; } $err .= ""Bad addresses that passed validation:\n""; $err .= implode(""\n"", $badpasses); } $this->assertEmpty($err, $err); $this->assertTrue(PHPMailer::validateAddress('test@example.com', 'auto')); $this->assertFalse(PHPMailer::validateAddress('test@example.com.', 'auto')); $this->assertTrue(PHPMailer::validateAddress('test@example.com', 'pcre')); $this->assertFalse(PHPMailer::validateAddress('test@example.com.', 'pcre')); $this->assertTrue(PHPMailer::validateAddress('test@example.com', 'pcre8')); $this->assertFalse(PHPMailer::validateAddress('test@example.com.', 'pcre8')); $this->assertTrue(PHPMailer::validateAddress('test@example.com', 'php')); $this->assertFalse(PHPMailer::validateAddress('test@example.com.', 'php')); $this->assertTrue(PHPMailer::validateAddress('test@example.com', 'noregex')); $this->assertFalse(PHPMailer::validateAddress('bad', 'noregex')); }",True,PHP,testValidate,phpmailerTest.php,https://github.com/PHPMailer/PHPMailer,PHPMailer,Synchro,2015-11-01 11:12:04+01:00,"Add test for line breaks in addresses vulnerability Don't allow line breaks in addresses Don't allow line breaks in SMTP commands Rearrange tests so slowest tests run last",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-8476,"public function testPopBeforeSmtpGood() { $pid = shell_exec('nohup ./runfakepopserver.sh >/dev/null 2>/dev/null & printf ""%u"" $!'); $this->pids[] = $pid; sleep(2); $this->assertTrue( POP3::popBeforeSmtp('localhost', 1100, 10, 'user', 'test', $this->Mail->SMTPDebug), 'POP before SMTP failed' ); shell_exec('kill -TERM ' . escapeshellarg($pid)); sleep(2); }" 19,"public function testPopBeforeSmtpGood() { $pid = shell_exec('nohup ./runfakepopserver.sh >/dev/null 2>/dev/null & printf ""%u"" $!'); $this->pids[] = $pid; sleep(2); $this->assertTrue( POP3::popBeforeSmtp('localhost', 1100, 10, 'user', 'test', $this->Mail->SMTPDebug), 'POP before SMTP failed' ); shell_exec('kill -TERM '.escapeshellarg($pid)); sleep(2); }",True,PHP,testPopBeforeSmtpGood,phpmailerTest.php,https://github.com/PHPMailer/PHPMailer,PHPMailer,Synchro,2015-11-01 11:12:04+01:00,"Add test for line breaks in addresses vulnerability Don't allow line breaks in addresses Don't allow line breaks in SMTP commands Rearrange tests so slowest tests run last",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-8476,"public function testCustomValidator() { self::assertTrue( PHPMailer::validateAddress( 'user@example.com', function ($address) { return strpos($address, '@') !== false; } ), 'Custom validator false negative' ); self::assertFalse( PHPMailer::validateAddress( 'userexample.com', function ($address) { return strpos($address, '@') !== false; } ), 'Custom validator false positive' ); PHPMailer::$validator = function ($address) { return 'user@example.com' === $address; }; self::assertTrue( $this->Mail->addAddress('user@example.com'), 'Custom default validator false negative' ); self::assertFalse( $this->Mail->addAddress('bananas@example.com'), 'Custom default validator false positive' ); PHPMailer::$validator = 'php'; self::assertFalse( $this->Mail->addAddress('first.last@example.123'), 'PHP validator not behaving as expected' ); self::assertTrue(PHPMailer::validateAddress('test@example.com', 'php')); self::assertTrue(PHPMailer::validateAddress('test@example.com', 'phpx')); }" 27,"public function testCustomValidator() { self::assertTrue( PHPMailer::validateAddress( 'user@example.com', function ($address) { return strpos($address, '@') !== false; } ), 'Custom validator false negative' ); self::assertFalse( PHPMailer::validateAddress( 'userexample.com', function ($address) { return strpos($address, '@') !== false; } ), 'Custom validator false positive' ); PHPMailer::$validator = function ($address) { return 'user@example.com' === $address; }; self::assertTrue( $this->Mail->addAddress('user@example.com'), 'Custom default validator false negative' ); self::assertFalse( $this->Mail->addAddress('bananas@example.com'), 'Custom default validator false positive' ); PHPMailer::$validator = 'php'; self::assertFalse( $this->Mail->addAddress('first.last@example.123'), 'PHP validator not behaving as expected' ); self::assertTrue(PHPMailer::validateAddress('test@example.com', 'php')); self::assertFalse(PHPMailer::validateAddress('test@example.com', 'phpx')); }",True,PHP,testCustomValidator,PHPMailerTest.php,https://github.com/PHPMailer/PHPMailer,PHPMailer,Marcus Bointon,2021-06-15 17:37:24+02:00,Deny string-based callables altogether,CWE-829,Inclusion of Functionality from Untrusted Control Sphere,"The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.",https://cwe.mitre.org/data/definitions/829.html,CVE-2021-3603,"function getByPlugins($database, $plugins, $phrase, $partial_match) { $phrase_escaped = $database->getEscaped($phrase, true); $count = count($plugins); for ($i = 0; $i < $count; $i++) { $result = call_user_func($plugins[$i], $database, $phrase_escaped, $partial_match); if (count($result) == 2) { return $result; } } return null; }" 28,"function password_check($oldpassword, $profile_id) { global $db_user_id, $db_group_id, $db_user_name, $db_user_email, $db_user_password, $db_table_user_name; global $db_table_group_name, $auth_user_class, $auth_alt_user_class, $table_prefix, $db_raid, $phpraid_config; global $pwd_hasher; $sql_passchk = sprintf(""SELECT "" . $db_user_password . "" FROM "" . $table_prefix . $db_table_user_name . "" WHERE "" . $db_user_id . "" = %s"", quote_smart($profile_id) ); $result_passchk = $db_raid->sql_query($sql_passchk) or print_error($sql_passchk, mysql_error(), 1); $data_passchk = $db_raid->sql_fetchrow($result_passchk, true); $db_pass = $data_passchk[$db_user_password]; $initString = '$H$'; $testVal = $pwd_hasher->CheckPassword($oldpassword, $db_pass); if ($testVal) return 0; else return 1; }",True,PHP,password_check,auth_phpbb3.php,https://github.com/Illydth/wowraidmanager,Illydth,Douglas Wagner,2008-10-13 16:26:19-05:00,Bug Fix: Fixes problem with phpBB3 bridge allowing login with ANY password.,CWE-255,Credentials Management Errors,Weaknesses in this category are related to the management of credentials.,https://cwe.mitre.org/data/definitions/255.html,CVE-2008-7050,"function plugin_contentTitle($database, $phrase, $partial_match = true) { global $mainframe; if(!class_exists('ContentHelperRoute')) { require_once( JPATH_SITE.DS.'components'.DS.'com_content'.DS.'helpers'.DS.'route.php' ); } $result = null; $query = ""SELECT a.id, a.title AS arttitle, a.alias AS artalias, c.id as catid, c.alias AS catalias, a.sectionid""; $query .= "" FROM $query .= "" LEFT JOIN $query .= "" LEFT JOIN $where_clause = "" WHERE a.state=1 ""; $where_variant = "" AND a.alias "" . (($partial_match) ? "" LIKE "".$database->quote('%'.$phrase.'%', false) : ""= "".$database->quote($phrase, false));" 31,"function getByPlugins($database, $plugins, $phrase, $partial_match) { $count = count($plugins); for ($i = 0; $i < $count; $i++) { $result = call_user_func($plugins[$i], $database, $phrase, $partial_match); if (count($result) == 2) { return $result; } } return null; }",True,PHP,getByPlugins,titlelink.php,https://github.com/gesellix/titlelink,gesellix,Tobias Gesellchen,2010-08-08 18:17:54+00:00,"[#20653] SQL Injection: $phrase is escaped now, yet most of the plugins have to be updated according to plugin_content_title.php git-svn-id: http://joomlacode.org/svn/titlelink@27 de31ee7e-3f2c-0410-b67e-83f64df8b4ac",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2010-10003,function getValue() { $ret = SecurityManager::formPrep($this->value); if(empty($ret)) { return $this->default; } return $ret; } 33,"function plugin_contentTitle($database, $phrase, $partial_match = true) { global $mainframe; if(!class_exists('ContentHelperRoute')) { require_once( JPATH_SITE.DS.'components'.DS.'com_content'.DS.'helpers'.DS.'route.php' ); } $result = null; $query = ""SELECT a.id, a.title AS arttitle, a.alias AS artalias, c.id as catid, c.alias AS catalias, a.sectionid""; $query .= "" FROM $query .= "" LEFT JOIN $query .= "" LEFT JOIN $where_clause = "" WHERE a.state=1 ""; $where_variant = "" AND a.alias "" . (($partial_match) ? "" LIKE '%$phrase%'"" : ""= '$phrase'"");",True,PHP,plugin_contentTitle,plugin_content_title.php,https://github.com/gesellix/titlelink,gesellix,Tobias Gesellchen,2010-08-08 18:17:54+00:00,"[#20653] SQL Injection: $phrase is escaped now, yet most of the plugins have to be updated according to plugin_content_title.php git-svn-id: http://joomlacode.org/svn/titlelink@27 de31ee7e-3f2c-0410-b67e-83f64df8b4ac",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2010-10003,"public function Handshake($AuthenticationSchemeAlias = 'default') { try { if (!Gdn::Authenticator()->CanHandshake()) throw new Exception(); $Authenticator = Gdn::Authenticator()->AuthenticateWith($AuthenticationSchemeAlias); $Payload = $Authenticator->GetHandshake(); if ($Payload === FALSE) { Gdn::Request()->WithURI('dashboard/entry/auth/password'); return Gdn::Dispatcher()->Dispatch(); } } catch (Exception $e) { Gdn::Request()->WithURI('/entry/signin'); return Gdn::Dispatcher()->Dispatch(); } $UserInfo = array( 'UserKey' => $Authenticator->GetUserKeyFromHandshake($Payload), 'ConsumerKey' => $Authenticator->GetProviderKeyFromHandshake($Payload), 'TokenKey' => $Authenticator->GetTokenKeyFromHandshake($Payload), 'UserName' => $Authenticator->GetUserNameFromHandshake($Payload), 'UserEmail' => $Authenticator->GetUserEmailFromHandshake($Payload) ); $SyncScreen = C('Garden.Authenticator.SyncScreen', 'on'); switch ($SyncScreen) { case 'on': $this->SyncScreen($Authenticator, $UserInfo, $Payload); break; case 'off': case 'smart': $UserID = $this->UserModel->Synchronize($UserInfo['UserKey'], array( 'Name' => $UserInfo['UserName'], 'Email' => $UserInfo['UserEmail'] )); if ($UserID > 0) { $Authenticator->Finalize($UserInfo['UserKey'], $UserID, $UserInfo['ConsumerKey'], $UserInfo['TokenKey'], $Payload); $Route = $this->RedirectTo(); if ($Route !== FALSE) Redirect($Route); else Redirect('/'); } else { if ($SyncScreen == 'smart') { $this->StatusMessage = T('There is already an account in this forum using your email address. Please create a new account, or enter the credentials for the existing account.'); $this->SyncScreen($Authenticator, $UserInfo, $Payload); } else { $CookiePayload = array( 'Sync' => 'Failed' ); $SerializedCookiePayload = Gdn_Format::Serialize($CookiePayload); $Authenticator->Remember($UserInfo['ConsumerKey'], $SerializedCookiePayload); Gdn::Request()->WithRoute('DefaultController'); $this->SelfUrl = Url(''); $this->View = 'syncfailed'; $this->ProviderSite = $Authenticator->GetProviderUrl(); $this->Render(); } } break; } }" 39,function getValue() { $ret = $this->value; if(empty($ret)) { return $this->default; } return $ret; },True,PHP,getValue,Field.php,https://github.com/frioux/ptome,frioux,JohnBOren,2010-01-11 06:15:24+00:00,"Security update to thwart SQL injection (previously, magic_quotes_gpc was saving us)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2010-10009,"protected function _AnalyzeRequest(&$Request, $FolderDepth = 1) { $this->_ApplicationFolder = ''; $this->_ControllerFolder = ''; $this->_ControllerName = ''; $this->_ControllerMethod = 'index'; $this->_ControllerMethodArgs = array(); $this->Request = Url(''); $PathAndQuery = $Request->PathAndQuery(); $MatchRoute = Gdn::Router()->MatchRoute($PathAndQuery); if ($MatchRoute !== FALSE) { switch ($MatchRoute['Type']) { case 'Internal': $Request->PathAndQuery($MatchRoute['FinalDestination']); $this->Request = $MatchRoute['FinalDestination']; break; case 'Temporary': Header( ""HTTP/1.1 302 Moved Temporarily"" ); Header( ""Location: "".$MatchRoute['FinalDestination'] ); exit(); break; case 'Permanent': Header( ""HTTP/1.1 301 Moved Permanently"" ); Header( ""Location: "".$MatchRoute['FinalDestination'] ); exit(); break; case 'NotFound': Header( ""HTTP/1.1 404 Not Found"" ); $this->Request = $MatchRoute['FinalDestination']; break; } } switch ($Request->OutputFormat()) { case 'rss': $this->_SyndicationMethod = SYNDICATION_RSS; break; case 'atom': $this->_SyndicationMethod = SYNDICATION_ATOM; break; case 'default': default: $this->_SyndicationMethod = SYNDICATION_NONE; break; } if ($this->Request == '') { $DefaultController = Gdn::Router()->GetRoute('DefaultController'); $this->Request = $DefaultController['Destination']; } $Parts = explode('/', $this->Request); $Length = count($Parts); if ($Length == 1 || $FolderDepth <= 0) { $FolderDepth = 0; $this->_ControllerName = $Parts[0]; $this->_MapParts($Parts, 0); $this->_FetchController(TRUE); } else if ($Length == 2) { $FolderDepth = 1; } if ($FolderDepth == 2) { $this->_ApplicationFolder = $Parts[0]; $this->_ControllerFolder = $Parts[1]; $this->_MapParts($Parts, 2); if (!$this->_FetchController()) { $this->_AnalyzeRequest($Request, 1); } } else if ($FolderDepth == 1) { $Found = FALSE; if (in_array($Parts[0], $this->EnabledApplicationFolders())) { $this->_ApplicationFolder = $Parts[0]; $this->_MapParts($Parts, 1); $Found = $this->_FetchController(); } if (!$Found) { $this->_ApplicationFolder = ''; $this->_ControllerFolder = $Parts[0]; $this->_MapParts($Parts, 1); if (!$this->_FetchController()) { $this->_AnalyzeRequest($Request, 0); } } } }" 42,"public function Handshake($AuthenticationSchemeAlias = 'default') { try { if (!Gdn::Authenticator()->CanHandshake()) throw new Exception(); $Authenticator = Gdn::Authenticator()->AuthenticateWith($AuthenticationSchemeAlias); $Payload = $Authenticator->GetHandshake(); if ($Payload === FALSE) { Gdn::Request()->WithURI('dashboard/entry/auth/password'); return Gdn::Dispatcher()->Dispatch(); } } catch (Exception $e) { Gdn::Request()->WithURI('/entry/signin'); return Gdn::Dispatcher()->Dispatch(); } $UserInfo = array( 'UserKey' => $Authenticator->GetUserKeyFromHandshake($Payload), 'ConsumerKey' => $Authenticator->GetProviderKeyFromHandshake($Payload), 'TokenKey' => $Authenticator->GetTokenKeyFromHandshake($Payload), 'UserName' => $Authenticator->GetUserNameFromHandshake($Payload), 'UserEmail' => $Authenticator->GetUserEmailFromHandshake($Payload) ); $SyncScreen = C('Garden.Authenticator.SyncScreen', 'on'); switch ($SyncScreen) { case 'on': $this->SyncScreen($Authenticator, $UserInfo, $Payload); break; case 'off': case 'smart': $UserID = $this->UserModel->Synchronize($UserInfo['UserKey'], array( 'Name' => $UserInfo['UserName'], 'Email' => $UserInfo['UserEmail'] )); if ($UserID > 0) { $Authenticator->Finalize($UserInfo['UserKey'], $UserID, $UserInfo['ConsumerKey'], $UserInfo['TokenKey'], $Payload); $Route = $this->RedirectTo(); if ($Route !== FALSE) Redirect($Route); else Redirect('/'); } else { if ($SyncScreen == 'smart') { $this->StatusMessage = T('There is already an account in this forum using your email address. Please create a new account, or enter the credentials for the existing account.'); $this->SyncScreen($Authenticator, $UserInfo, $Payload); } else { $CookiePayload = array( 'Sync' => 'Failed' ); $SerializedCookiePayload = Gdn_Format::Serialize($CookiePayload); $Authenticator->Remember($UserInfo['ConsumerKey'], $SerializedCookiePayload); Gdn::Request()->WithRoute('DefaultController'); $this->SelfUrl = Gdn::Request()->Path(); $this->View = 'syncfailed'; $this->ProviderSite = $Authenticator->GetProviderUrl(); $this->Render(); } } break; } }",True,PHP,Handshake,class.entrycontroller.php,https://github.com/vanilla/vanilla,vanilla,Tim Gunter,2010-09-27 11:22:20-04:00,Fixed XSS vulnerability where filename could contain abitrary code to execute on the client side.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2010-4264,"public function startup(Event $event) { $controller = $event->subject(); $request = $controller->request; $response = $controller->response; $cookieName = $this->_config['cookieName']; $cookieData = $request->cookie($cookieName); if ($cookieData) { $request->params['_csrfToken'] = $cookieData; } if ($request->is('requested')) { return; } if ($request->is('get') && $cookieData === null) { $this->_setCookie($request, $response); } if (!$request->is(['head', 'get', 'options'])) { $this->_validateToken($request); unset($request->data[$this->_config['field']]); } }" 44,"protected function _AnalyzeRequest(&$Request, $FolderDepth = 1) { $this->_ApplicationFolder = ''; $this->_ControllerFolder = ''; $this->_ControllerName = ''; $this->_ControllerMethod = 'index'; $this->_ControllerMethodArgs = array(); $this->Request = $Request->Path(); $PathAndQuery = $Request->PathAndQuery(); $MatchRoute = Gdn::Router()->MatchRoute($PathAndQuery); if ($MatchRoute !== FALSE) { switch ($MatchRoute['Type']) { case 'Internal': $Request->PathAndQuery($MatchRoute['FinalDestination']); $this->Request = $MatchRoute['FinalDestination']; break; case 'Temporary': Header( ""HTTP/1.1 302 Moved Temporarily"" ); Header( ""Location: "".$MatchRoute['FinalDestination'] ); exit(); break; case 'Permanent': Header( ""HTTP/1.1 301 Moved Permanently"" ); Header( ""Location: "".$MatchRoute['FinalDestination'] ); exit(); break; case 'NotFound': Header( ""HTTP/1.1 404 Not Found"" ); $this->Request = $MatchRoute['FinalDestination']; break; } } switch ($Request->OutputFormat()) { case 'rss': $this->_SyndicationMethod = SYNDICATION_RSS; break; case 'atom': $this->_SyndicationMethod = SYNDICATION_ATOM; break; case 'default': default: $this->_SyndicationMethod = SYNDICATION_NONE; break; } if ($this->Request == '') { $DefaultController = Gdn::Router()->GetRoute('DefaultController'); $this->Request = $DefaultController['Destination']; } $Parts = explode('/', $this->Request); $Length = count($Parts); if ($Length == 1 || $FolderDepth <= 0) { $FolderDepth = 0; $this->_ControllerName = $Parts[0]; $this->_MapParts($Parts, 0); $this->_FetchController(TRUE); } else if ($Length == 2) { $FolderDepth = 1; } if ($FolderDepth == 2) { $this->_ApplicationFolder = $Parts[0]; $this->_ControllerFolder = $Parts[1]; $this->_MapParts($Parts, 2); if (!$this->_FetchController()) { $this->_AnalyzeRequest($Request, 1); } } else if ($FolderDepth == 1) { $Found = FALSE; if (in_array($Parts[0], $this->EnabledApplicationFolders())) { $this->_ApplicationFolder = $Parts[0]; $this->_MapParts($Parts, 1); $Found = $this->_FetchController(); } if (!$Found) { $this->_ApplicationFolder = ''; $this->_ControllerFolder = $Parts[0]; $this->_MapParts($Parts, 1); if (!$this->_FetchController()) { $this->_AnalyzeRequest($Request, 0); } } } }",True,PHP,_AnalyzeRequest,class.dispatcher.php,https://github.com/vanilla/vanilla,vanilla,Tim Gunter,2010-09-27 11:22:20-04:00,Fixed XSS vulnerability where filename could contain abitrary code to execute on the client side.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2010-4264,"public static function httpMethodProvider() { return [ ['PATCH'], ['PUT'], ['POST'], ['DELETE'], ['PURGE'], ['INVALIDMETHOD'] ]; }" 50,"public function startup(Event $event) { $controller = $event->subject(); $request = $controller->request; $response = $controller->response; $cookieName = $this->_config['cookieName']; $cookieData = $request->cookie($cookieName); if ($cookieData) { $request->params['_csrfToken'] = $cookieData; } if ($request->is('requested')) { return; } if ($request->is('get') && $cookieData === null) { $this->_setCookie($request, $response); } if ($request->is(['patch', 'put', 'post', 'delete'])) { $this->_validateToken($request); unset($request->data[$this->_config['field']]); } }",True,PHP,startup,CsrfComponent.php,https://github.com/cakephp/cakephp,cakephp,Mark Story,2015-11-25 22:11:16-05:00,"Only allow GET, HEAD, OPTIONS to not have CSRF tokens. This covers cases where bad guys make up fake HTTP methods to trick CSRF validation. Update test cases to not muck about in $_SERVER too.",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-8379,"public function Labyrinth($ip,$useragent){ global $config; mt_srand(Labyrinth::MakeSeed()); $this->dbhandle = new SQLiteDatabase($config['tracking_db']); $this->crawler_ip = sqlite_escape_string($ip); $this->crawler_useragent = sqlite_escape_string($useragent); $this->crawler_info = $this->dbhandle->query(""SELECT crawler_ip FROM crawlers WHERE crawler_ip='$this->ip' AND crawler_useragent='$this->useragent'""); }" 52,"public static function httpMethodProvider() { return [ ['PATCH'], ['PUT'], ['POST'], ['DELETE'] ]; }",True,PHP,httpMethodProvider,CsrfComponentTest.php,https://github.com/cakephp/cakephp,cakephp,Mark Story,2015-11-25 22:11:16-05:00,"Only allow GET, HEAD, OPTIONS to not have CSRF tokens. This covers cases where bad guys make up fake HTTP methods to trick CSRF validation. Update test cases to not muck about in $_SERVER too.",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-8379,"function _executeUpdateAct($output) { foreach($output->tables as $key => $val) { $table_list[] = '`'.$this->prefix.$val.'` as '.$key; } foreach($output->columns as $key => $val) { if(!isset($val['value'])) continue; $name = $val['name']; $value = $val['value']; if(strpos($name,'.')!==false&&strpos($value,'.')!==false) $column_list[] = $name.' = '.$value; else { if($output->column_type[$name]!='number') $value = ""'"".$this->addQuotes($value).""'""; else $value = (int)$value; $column_list[] = sprintf(""`%s` = %s"", $name, $value); } } $condition = $this->getCondition($output); $query = sprintf(""update %s set %s %s"", implode(',',$table_list), implode(',',$column_list), $condition); return $this->_query($query); }" 53,"public function testConfigurationCookieCreate() { $_SERVER['REQUEST_METHOD'] = 'GET'; $controller = $this->getMock('Cake\Controller\Controller', ['redirect']); $controller->request = new Request(['webroot' => '/dir/']); $controller->response = new Response(); $component = new CsrfComponent($this->registry, [ 'cookieName' => 'token', 'expiry' => '+1 hour', 'secure' => true, 'httpOnly' => true ]); $event = new Event('Controller.startup', $controller); $component->startup($event); $this->assertEmpty($controller->response->cookie('csrfToken')); $cookie = $controller->response->cookie('token'); $this->assertNotEmpty($cookie, 'Should set a token.'); $this->assertRegExp('/^[a-f0-9]+$/', $cookie['value'], 'Should look like a hash.'); $this->assertWithinRange((new Time('+1 hour'))->format('U'), $cookie['expire'], 1, 'session duration.'); $this->assertEquals('/dir/', $cookie['path'], 'session path.'); $this->assertTrue($cookie['secure'], 'cookie security flag missing'); $this->assertTrue($cookie['httpOnly'], 'cookie httpOnly flag missing'); }",True,PHP,testConfigurationCookieCreate,CsrfComponentTest.php,https://github.com/cakephp/cakephp,cakephp,Mark Story,2015-11-25 22:11:16-05:00,"Only allow GET, HEAD, OPTIONS to not have CSRF tokens. This covers cases where bad guys make up fake HTTP methods to trick CSRF validation. Update test cases to not muck about in $_SERVER too.",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-8379,"function _executeUpdateAct($output) { foreach ($output->tables as $key => $val) { $table_list[] = $this->prefix . $val; } foreach ($output->columns as $key => $val) { if (!isset($val['value'])) continue; $name = $val['name']; $value = $val['value']; if (strpos($name, '.') !== false && strpos($value, '.') !== false) $column_list[] = $name . ' = ' . $value; else { if ($output->column_type[$name] != 'number') $value = ""'"" . $this->addQuotes($value) . ""'""; else $value = (int)$value; $column_list[] = sprintf(""%s = %s"", $name, $value); } } $condition = $this->getCondition($output); $query = sprintf(""update %s set %s %s"", implode(',', $table_list), implode(',', $column_list), $condition); return $this->_query($query); }" 54,"public function testSettingCookie() { $_SERVER['REQUEST_METHOD'] = 'GET'; $controller = $this->getMock('Cake\Controller\Controller', ['redirect']); $controller->request = new Request(['webroot' => '/dir/']); $controller->response = new Response(); $event = new Event('Controller.startup', $controller); $this->component->startup($event); $cookie = $controller->response->cookie('csrfToken'); $this->assertNotEmpty($cookie, 'Should set a token.'); $this->assertRegExp('/^[a-f0-9]+$/', $cookie['value'], 'Should look like a hash.'); $this->assertEquals(0, $cookie['expire'], 'session duration.'); $this->assertEquals('/dir/', $cookie['path'], 'session path.'); $this->assertEquals($cookie['value'], $controller->request->params['_csrfToken']); }",True,PHP,testSettingCookie,CsrfComponentTest.php,https://github.com/cakephp/cakephp,cakephp,Mark Story,2015-11-25 22:11:16-05:00,"Only allow GET, HEAD, OPTIONS to not have CSRF tokens. This covers cases where bad guys make up fake HTTP methods to trick CSRF validation. Update test cases to not muck about in $_SERVER too.",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-8379,"function layout_navbar() { $t_logo_url = config_get('logo_url'); echo '
'; echo '
'; echo ''; echo '
'; echo ''; echo ' '; echo string_display_line( config_get('window_title') ); echo ' '; echo ''; $t_toggle_class = (OFF == config_get('show_avatar') ? 'navbar-toggle' : 'navbar-toggle-img'); echo ''; echo '
'; echo '
'; echo '
    '; if (auth_is_user_authenticated()) { layout_navbar_button_bar(); layout_navbar_projects_menu(); layout_navbar_user_menu(); } echo '
'; echo '
'; echo '
'; echo '
'; }" 56,"public function Labyrinth($ip,$useragent){ global $config; mt_srand(Labyrinth::MakeSeed()); $this->crawler_ip = $ip; $this->crawler_useragent = $useragent; $this->dbhandle = new SQLiteDatabase($config['tracking_db']); $this->crawler_info = $this->dbhandle->query(""SELECT crawler_ip FROM crawlers WHERE crawler_ip='$ip' AND crawler_useragent='$useragent'""); }",True,PHP,Labyrinth,labyrinth.inc.php,https://github.com/rotelok/weblabyrinth,rotelok,bbj@mayhemiclabs.com,2011-05-07 20:06:59+00:00,Fixed SQLi bug described in https://code.google.com/p/weblabyrinth/issues/detail?id=1 -- Whoops...,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2011-10002,"function cfdef_input_textbox( array $p_field_def, $p_custom_field_value, $p_required = '' ) { echo ' 0 ) { echo ' maxlength=""' . $p_field_def['length_max'] . '""' , ' size=""' . min( 80, $p_field_def['length_max'] ) . '""'; } else { echo ' maxlength=""255"" size=""80""'; } if( !empty( $p_field_def['valid_regexp'] ) ) { $t_cf_regex = $p_field_def['valid_regexp']; if( substr( $t_cf_regex, 0, 1 ) != '^' ) { $t_cf_regex = '.*' . $t_cf_regex; } if( substr( $t_cf_regex, -1 ) != '$' ) { $t_cf_regex .= '.*'; } echo ' pattern=""' . string_attribute( $t_cf_regex ) . '""'; } echo ' value=""' . string_attribute( $p_custom_field_value ) .'"" />'; }" 58,"$value = (int) $value; } $column_list[] = sprintf (""\""%s\"" = %s"", $name, $value); } } $condition = $this->getCondition ($output); $check_click_count_condition = false; if ($check_click_count) { foreach ($output->conditions as $val) { if ($val['pipe'] == 'or') { $check_click_count_condition = false; break; } foreach ($val['condition'] as $v) { if ($v['operation'] == 'equal') { $check_click_count_condition = true; } else { if ($v['operation'] == 'in' && !strpos ($v['value'], ',')) { $check_click_count_condition = true; } else { $check_click_count_condition = false; } } if ($v['pipe'] == 'or') { $check_click_count_condition = false; break; } } } } if ($check_click_count&& $check_click_count_condition && count ($output->tables) == 1 && count ($output->conditions) > 0 && count ($output->groups) == 0 && count ($output->order) == 0) { foreach ($output->columns as $v) { $incr_columns[] = 'incr(""'.$v['name'].'"")'; } $query = sprintf ('select %s from %s %s', join (',', $incr_columns), implode(',', $table_list), $condition); } else { $query = sprintf (""update %s set %s %s"", implode (',', $table_list), implode (',', $column_list), $condition); } $result = $this->_query ($query); if ($result && !$this->transaction_started) @cubrid_commit ($this->fd); return $result; }",True,PHP,=,DBCubrid.class.php,https://github.com/haegyung/xe-core,haegyung,ovclas@gmail.com,2011-05-02 06:43:49+00:00,"#19727459 SQL Injection fixed in Update Query git-svn-id: http://xe-core.googlecode.com/svn/branches/1.4.5@8350 201d5d3c-b55e-5fd7-737f-ddc643e51545",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2011-10003,"function mci_account_get_array_by_id( $p_user_id ) { $t_result = array(); $t_result['id'] = $p_user_id; if( user_exists( $p_user_id ) ) { $t_current_user_id = auth_get_current_user_id(); $t_access_level = user_get_field ( $t_current_user_id, 'access_level' ); $t_can_manage = access_has_global_level( config_get( 'manage_user_threshold' ) ) && access_has_global_level( $t_access_level ); $t_is_same_user = $t_current_user_id === $p_user_id; $t_can_see_realname = access_has_project_level( config_get( 'show_user_realname_threshold' ) ); $t_can_see_email = access_has_project_level( config_get( 'show_user_email_threshold' ) ); $t_result['name'] = user_get_field( $p_user_id, 'username' ); if ( $t_is_same_user || $t_can_manage || $t_can_see_realname ) { $t_realname = user_get_realname( $p_user_id ); if( !empty( $t_realname ) ) { $t_result['real_name'] = $t_realname; } } if ( $t_is_same_user || $t_can_manage || $t_can_see_email ) { $t_email = user_get_email( $p_user_id ); if( !empty( $t_email ) ) { $t_result['email'] = $t_email; } } } return $t_result; }" 61,"function _executeUpdateAct($output) { foreach($output->tables as $key => $val) { $table_list[] = '`'.$this->prefix.$val.'` as '.$key; } foreach($output->columns as $key => $val) { if(!isset($val['value'])) continue; $name = $val['name']; $value = $val['value']; if(strpos($name,'.')!==false&&strpos($value,'.')!==false) $column_list[] = $name.' = '.$value; else { if($output->column_type[$name]!='number') $value = ""'"".$this->addQuotes($value).""'""; elseif(!$value || is_numeric($value)) $value = (int)$value; $column_list[] = sprintf(""`%s` = %s"", $name, $value); } } $condition = $this->getCondition($output); $query = sprintf(""update %s set %s %s"", implode(',',$table_list), implode(',',$column_list), $condition); return $this->_query($query); }",True,PHP,_executeUpdateAct,DBMysql.class.php,https://github.com/haegyung/xe-core,haegyung,ovclas@gmail.com,2011-05-02 06:43:49+00:00,"#19727459 SQL Injection fixed in Update Query git-svn-id: http://xe-core.googlecode.com/svn/branches/1.4.5@8350 201d5d3c-b55e-5fd7-737f-ddc643e51545",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2011-10003,"function html_operation_successful( $p_redirect_url, $p_message = '' ) { echo '
'; if( !is_blank( $p_message ) ) { echo $p_message . '
'; } echo lang_get( 'operation_successful' ).'
'; print_bracket_link( string_sanitize_url( $p_redirect_url ), lang_get( 'proceed' ) ); echo '
'; }" 62,"function _executeUpdateAct($output) { foreach ($output->tables as $key => $val) { $table_list[] = $this->prefix . $val; } foreach ($output->columns as $key => $val) { if (!isset($val['value'])) continue; $name = $val['name']; $value = $val['value']; if (strpos($name, '.') !== false && strpos($value, '.') !== false) $column_list[] = $name . ' = ' . $value; else { if ($output->column_type[$name] != 'number') $value = ""'"" . $this->addQuotes($value) . ""'""; elseif (!$value || is_numeric($value)) $value = (int)$value; $column_list[] = sprintf(""%s = %s"", $name, $value); } } $condition = $this->getCondition($output); $query = sprintf(""update %s set %s %s"", implode(',', $table_list), implode(',', $column_list), $condition); return $this->_query($query); }",True,PHP,_executeUpdateAct,DBPostgresql.class.php,https://github.com/haegyung/xe-core,haegyung,ovclas@gmail.com,2011-05-02 06:43:49+00:00,"#19727459 SQL Injection fixed in Update Query git-svn-id: http://xe-core.googlecode.com/svn/branches/1.4.5@8350 201d5d3c-b55e-5fd7-737f-ddc643e51545",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2011-10003,"function current_user_get_bug_filter( $p_project_id = null ) { $f_filter_string = gpc_get_string( 'filter', '' ); $t_filter = array(); if( !is_blank( $f_filter_string ) ) { if( is_numeric( $f_filter_string ) ) { $t_token = token_get_value( TOKEN_FILTER ); if( null != $t_token ) { $t_filter = json_decode( $t_token, true ); } } else { $t_filter = json_decode( $f_filter_string, true ); } $t_filter = filter_ensure_valid_filter( $t_filter ); } else if( !filter_is_cookie_valid() ) { $t_filter = filter_get_default(); } else { $t_user_id = auth_get_current_user_id(); $t_filter = user_get_bug_filter( $t_user_id, $p_project_id ); } return $t_filter; }" 64,"function layout_navbar() { $t_logo_url = config_get('logo_url'); echo '
'; echo '
'; echo ''; echo '
'; echo ''; echo ' '; echo config_get('window_title'); echo ' '; echo ''; $t_toggle_class = (OFF == config_get('show_avatar') ? 'navbar-toggle' : 'navbar-toggle-img'); echo ''; echo '
'; echo '
'; echo '
    '; if (auth_is_user_authenticated()) { layout_navbar_button_bar(); layout_navbar_projects_menu(); layout_navbar_user_menu(); } echo '
'; echo '
'; echo '
'; echo '
'; }",True,PHP,layout_navbar,layout_api.php,https://github.com/mantisbt/mantisbt,mantisbt,Victor Boctor,2017-02-16 20:27:52-08:00,"Sanitize window title The window title is not sanitized. That is not an issue when CSP is enable (default), but if disabled, it can execute javascript that is set by a user who has access to set configuration via Manage - Manage Configuration - Configuration Report page. Fixes #22266",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-7222,"public function html() { switch( $this->type ) { case FILE_ADDED: $t_string = 'timeline_issue_file_added'; break; case FILE_DELETED: $t_string = 'timeline_issue_file_deleted'; break; default: throw new ServiceException( 'Unknown Event Type', ERROR_GENERIC ); } $t_bug_link = string_get_bug_view_link( $this->issue_id ); $t_html = $this->html_start( 'fa-file-o' ); $t_html .= '
' . sprintf( lang_get( $t_string ), prepare_user_name( $this->user_id ), $t_bug_link, string_html_specialchars( $this->filename ) ) . '
'; $t_html .= $this->html_end(); return $t_html; }" 67,"function cfdef_input_textbox( array $p_field_def, $p_custom_field_value, $p_required = '' ) { echo ' 0 ) { echo ' maxlength=""' . $p_field_def['length_max'] . '""' , ' size=""' . min( 80, $p_field_def['length_max'] ) . '""'; } else { echo ' maxlength=""255"" size=""80""'; } if( !empty( $p_field_def['valid_regexp'] ) ) { $t_cf_regex = $p_field_def['valid_regexp']; if( substr( $t_cf_regex, 0, 1 ) != '^' ) { $t_cf_regex = '.*' . $t_cf_regex; } if( substr( $t_cf_regex, -1 ) != '$' ) { $t_cf_regex .= '.*'; } echo ' pattern=""' . $t_cf_regex . '""'; } echo ' value=""' . string_attribute( $p_custom_field_value ) .'"" />'; }",True,PHP,cfdef_input_textbox,cfdef_standard.php,https://github.com/mantisbt/mantisbt,mantisbt,Damien Regad,2020-09-23 19:04:55+02:00,"Fix XSS in Custom Field regex pattern validation Improper escaping of the custom field definition's Regular Expression allowed an attacker to inject HTML into the page (CVE-2020-25288). Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for the finding. Fixes #27275",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-25288,"function output( $p_format = 'dot', $p_headers = false ) { if( !isset( $this->formats[$p_format] ) ) { trigger_error( ERROR_GENERIC, ERROR ); } $t_binary = $this->formats[$p_format]['binary']; $t_type = $this->formats[$p_format]['type']; $t_mime = $this->formats[$p_format]['mime']; if( $p_headers ) { header( 'Content-Type: ' . $t_mime ); } ob_start(); $this->generate(); $t_dot_source = ob_get_contents(); ob_end_clean(); $t_command = escapeshellcmd( $this->graphviz_tool . ' -T' . $p_format ); $t_descriptors = array( 0 => array( 'pipe', 'r', ), 1 => array( 'pipe', 'w', ), 2 => array( 'file', 'php: ); $t_pipes = array(); $t_process = proc_open( $t_command, $t_descriptors, $t_pipes ); if( is_resource( $t_process ) ) { fwrite( $t_pipes[0], $t_dot_source ); fclose( $t_pipes[0] ); if( $p_headers ) { ob_start(); while( !feof( $t_pipes[1] ) ) { echo fgets( $t_pipes[1], 1024 ); } header( 'Content-Length: ' . ob_get_length() ); ob_end_flush(); } else { while( !feof( $t_pipes[1] ) ) { print( fgets( $t_pipes[1], 1024 ) ); } } fclose( $t_pipes[1] ); proc_close( $t_process ); } }" 68,"function file_get_visible_attachments( $p_bug_id ) { $t_attachment_rows = bug_get_attachments( $p_bug_id ); $t_visible_attachments = array(); $t_attachments_count = count( $t_attachment_rows ); if( $t_attachments_count === 0 ) { return $t_visible_attachments; } $t_attachments = array(); $t_preview_text_ext = config_get( 'preview_text_extensions' ); $t_preview_image_ext = config_get( 'preview_image_extensions' ); $t_attachments_view_threshold = config_get( 'view_attachments_threshold' ); $t_image_previewed = false; for( $i = 0;$i < $t_attachments_count;$i++ ) { $t_row = $t_attachment_rows[$i]; $t_user_id = (int)$t_row['user_id']; if( !file_can_view_bug_attachments( $p_bug_id, $t_user_id ) ) { continue; } $t_attachment_note_id = (int)$t_row['bugnote_id']; if( $t_attachment_note_id !== 0 ) { if( bugnote_get_field( $t_attachment_note_id, 'view_state' ) != VS_PUBLIC ) { if( !access_has_bugnote_level( $t_attachments_view_threshold, $t_attachment_note_id ) ) { continue; } } } $t_id = (int)$t_row['id']; $t_filename = $t_row['filename']; $t_filesize = $t_row['filesize']; $t_diskfile = file_normalize_attachment_path( $t_row['diskfile'], bug_get_field( $p_bug_id, 'project_id' ) ); $t_date_added = $t_row['date_added']; $t_attachment = array(); $t_attachment['id'] = $t_id; $t_attachment['user_id'] = $t_user_id; $t_attachment['display_name'] = file_get_display_name( $t_filename ); $t_attachment['size'] = (int)$t_filesize; $t_attachment['date_added'] = $t_date_added; $t_attachment['diskfile'] = $t_diskfile; $t_attachment['file_type'] = $t_row['file_type']; $t_attachment['bugnote_id'] = (int)$t_row['bugnote_id']; $t_attachment['can_download'] = file_can_download_bug_attachments( $p_bug_id, (int)$t_row['user_id'] ); $t_attachment['can_delete'] = file_can_delete_bug_attachments( $p_bug_id, (int)$t_row['user_id'] ); if( $t_attachment['can_download'] ) { $t_attachment['download_url'] = 'file_download.php?file_id=' . $t_id . '&type=bug'; } if( $t_image_previewed ) { $t_image_previewed = false; } $t_attachment['exists'] = config_get( 'file_upload_method' ) != DISK || file_exists( $t_diskfile ); $t_attachment['icon'] = file_get_icon_url( $t_attachment['display_name'] ); $t_attachment['preview'] = false; $t_attachment['type'] = ''; $t_ext = strtolower( pathinfo( $t_attachment['display_name'], PATHINFO_EXTENSION ) ); $t_attachment['alt'] = $t_ext; if( $t_attachment['exists'] && $t_attachment['can_download'] && $t_filesize != 0 ) { $t_preview = $t_filesize <= config_get( 'preview_attachments_inline_max_size' ); if( stripos( $t_attachment['file_type'], 'text/' ) === 0 || in_array( $t_ext, $t_preview_text_ext, true ) ) { $t_attachment['preview'] = $t_preview; $t_attachment['type'] = 'text'; } else if( stripos( $t_attachment['file_type'], 'image/' ) === 0 || in_array( $t_ext, $t_preview_image_ext, true ) ) { $t_attachment['preview'] = $t_preview; $t_attachment['type'] = 'image'; } else if( stripos( $t_attachment['file_type'], 'audio/' ) === 0 ) { $t_attachment['preview'] = $t_preview; $t_attachment['type'] = 'audio'; } else if( stripos( $t_attachment['file_type'], 'video/' ) === 0 ) { $t_attachment['preview'] = $t_preview; $t_attachment['type'] = 'video'; } } $t_attachments[] = $t_attachment; } return $t_attachments; }",True,PHP,file_get_visible_attachments,file_api.php,https://github.com/mantisbt/mantisbt,mantisbt,Damien Regad,2020-09-23 19:06:04+02:00,"Check ability to download attachments at bugnote level This prevents users authorized to download attachments but not to view private bugnotes, from accessing files attached to a private note via `file_download.php?file_id={FILE_ID}&type=bug` (CVE-2020-25781). Includes some minor code cleanup in file_get_visible_attachments(): - use a foreach loop - reuse variables instead of derefenrcing array Fixes #27039",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-25781,"function access_has_bug_level( $p_access_level, $p_bug_id, $p_user_id = null ) { if( $p_user_id === null ) { $p_user_id = auth_get_current_user_id(); } if( empty( $p_user_id ) && !auth_is_user_authenticated() ) { return false; } $t_project_id = bug_get_field( $p_bug_id, 'project_id' ); $t_limit_reporters = config_get( 'limit_reporters' ); if(( ON === $t_limit_reporters ) && ( !bug_is_user_reporter( $p_bug_id, $p_user_id ) ) && ( !access_has_project_level( REPORTER + 1, $t_project_id, $p_user_id ) ) ) { return false; } if( VS_PRIVATE == bug_get_field( $p_bug_id, 'view_state' ) && !bug_is_user_reporter( $p_bug_id, $p_user_id ) ) { $t_access_level = access_get_project_level( $t_project_id, $p_user_id ); return access_compare_level( $t_access_level, config_get( 'private_bug_threshold' ) ) && access_compare_level( $t_access_level, $p_access_level ); } return access_has_project_level( $p_access_level, $t_project_id, $p_user_id ); }" 77,"function html_operation_successful( $p_redirect_url, $p_message = '' ) { echo '
'; if( !is_blank( $p_message ) ) { echo $p_message . '
'; } echo lang_get( 'operation_successful' ).'
'; print_bracket_link( $p_redirect_url, lang_get( 'proceed' ) ); echo '
'; }",True,PHP,html_operation_successful,html_api.php,https://github.com/mantisbt/mantisbt,mantisbt,Damien Regad,2016-06-11 02:01:33+02:00,"Fix XSS in custom fields management Kacper Szurek (http://security.szurek.pl/) discovered an XSS vulnerability in Custom fields management pages, caused by unescaped output of 'return URL' GPC parameter. His report describes two ways to exploit this issue: 1. using 'accesskey' inside hidden input field (see [1]) reflects XSS to the administrator in manage_custom_field_edit_page.php when the keyboard shortcut is actioned 2. using 'javascript:' URI scheme executes the code when the user clicks the [Proceed] link on manage_custom_field_update.php after updating a custom field This commit fixes both attack vectors: - properly escape the return URL prior to printing it on the hidden form field - let html_operation_successful() sanitize the URL before displaying it, just like html_meta_redirect() does. In this case, if the string contains an URI scheme, it will be replaced by 'index.php' [1] http://blog.portswigger.net/2015/11/xss-in-hidden-input-fields.html Fixes #20956",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2016-5364,"public static function display() { $GLOBALS['PMA_Config']->checkGitRevision(); if (! $GLOBALS['PMA_Config']->get('PMA_VERSION_GIT')) { $response = Response::getInstance(); $response->setRequestStatus(false); return; } $commit_hash = substr( $GLOBALS['PMA_Config']->get('PMA_VERSION_GIT_COMMITHASH'), 0, 7 ); $commit_hash = 'get('PMA_VERSION_GIT_MESSAGE')) . '"">' . htmlspecialchars($commit_hash) . ''; if ($GLOBALS['PMA_Config']->get('PMA_VERSION_GIT_ISREMOTECOMMIT')) { $commit_hash = 'get('PMA_VERSION_GIT_COMMITHASH')) ) . '"" rel=""noopener noreferrer"" target=""_blank"">' . $commit_hash . ''; } $branch = $GLOBALS['PMA_Config']->get('PMA_VERSION_GIT_BRANCH'); $isRemoteBranch = $GLOBALS['PMA_Config']->get('PMA_VERSION_GIT_ISREMOTEBRANCH'); if ($isRemoteBranch) { $branch = 'get('PMA_VERSION_GIT_BRANCH') ) . '"" rel=""noopener noreferrer"" target=""_blank"">' . htmlspecialchars($branch) . ''; } if ($branch !== false) { $branch = sprintf( __('%1$s from %2$s branch'), $commit_hash, $isRemoteBranch ? $branch : htmlspecialchars($branch) ); } else { $branch = $commit_hash . ' (' . __('no branch') . ')'; } $committer = $GLOBALS['PMA_Config']->get('PMA_VERSION_GIT_COMMITTER'); $author = $GLOBALS['PMA_Config']->get('PMA_VERSION_GIT_AUTHOR'); Core::printListItem( __('Git revision:') . ' ' . $branch . ',
' . sprintf( __('committed on %1$s by %2$s'), Util::localisedDate(strtotime($committer['date'])), '' . htmlspecialchars($committer['name']) . '' ) . ($author != $committer ? ',
' . sprintf( __('authored on %1$s by %2$s'), Util::localisedDate(strtotime($author['date'])), '' . htmlspecialchars($author['name']) . '' ) : ''), 'li_pma_version_git', null, null, null );" 79,"function current_user_get_bug_filter( $p_project_id = null ) { $f_filter_string = gpc_get_string( 'filter', '' ); $t_filter = ''; if( !is_blank( $f_filter_string ) ) { if( is_numeric( $f_filter_string ) ) { $t_token = token_get_value( TOKEN_FILTER ); if( null != $t_token ) { $t_filter = json_decode( $t_token, true ); } } else { $t_filter = json_decode( $f_filter_string, true ); } $t_filter = filter_ensure_valid_filter( $t_filter ); } else if( !filter_is_cookie_valid() ) { $t_filter = filter_get_default(); } else { $t_user_id = auth_get_current_user_id(); $t_filter = user_get_bug_filter( $t_user_id, $p_project_id ); } return $t_filter; }",True,PHP,current_user_get_bug_filter,current_user_api.php,https://github.com/mantisbt/mantisbt,mantisbt,Damien Regad,2018-02-02 12:14:42+01:00,"Fix PHP error - wrong argument type Initialize $t_filter variable as array() instead of '' in current_user_get_bug_filter(), to ensure its type is correct when calling filter_ensure_valid_filter(). Fixes #23921",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2018-6526,"private function _getDemoMessage() { $message = '' . __('phpMyAdmin Demo Server') . ': '; if (@file_exists('./revision-info.php')) { include './revision-info.php'; $message .= sprintf( __('Currently running Git revision %1$s from the %2$s branch.'), '' . htmlspecialchars($revision) . '', '' . htmlspecialchars($branch) . '' ); } else { $message .= __('Git information missing!'); } return Message::notice($message)->getDisplay(); }" 80,"public function html() { switch( $this->type ) { case FILE_ADDED: $t_string = 'timeline_issue_file_added'; break; case FILE_DELETED: $t_string = 'timeline_issue_file_deleted'; break; default: throw new ServiceException( 'Unknown Event Type', ERROR_GENERIC ); } $t_bug_link = string_get_bug_view_link( $this->issue_id ); $t_html = $this->html_start( 'fa-file-o' ); $t_html .= '
' . sprintf( lang_get( $t_string ), prepare_user_name( $this->user_id ), $t_bug_link, $this->filename ) . '
'; $t_html .= $this->html_end(); return $t_html; }",True,PHP,html,IssueAttachmentTimelineEvent.class.php,https://github.com/mantisbt/mantisbt,mantisbt,Damien Regad,2019-08-15 16:34:41+02:00,"Fix XSS on timeline (CVE-2019-15074) Kamran Saifullah reported a stored cross-site scripting (XSS) vulnerability in Timeline, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed. Prevent the attack by sanitizing the filename before display. Fixes #25995",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-15074,"function PMA_unInlineEditRow($del_hide, $chg_submit, $this_td, $input_siblings, data, disp_mode) { $del_hide.find('a, br').remove(); $del_hide.append($data_a.clone()); $this_td.removeClass('inline_edit_active').addClass('inline_edit_anchor'); $this_td.parent('tr').removeClass('noclick'); if(disp_mode != 'vertical') { $this_td.parent('tr').removeClass('hover').find('td').removeClass('hover'); } else { $this_td.parents('tbody').find('tr').find('td:eq(' + $this_td.index() + ')').removeClass('marked hover'); } $input_siblings.each(function() { $this_sibling = $(this); var is_null = $this_sibling.find('input:checkbox').is(':checked'); if (is_null) { $this_sibling.html('NULL'); $this_sibling.addClass('null'); } else { $this_sibling.removeClass('null'); if($this_sibling.is(':not(.relation, .enum, .set)')) { var new_html = $this_sibling.find('textarea').val(); if($this_sibling.is('.transformed')) { var field_name = getFieldName($this_sibling, disp_mode); if (typeof data.transformations != 'undefined') { $.each(data.transformations, function(key, value) { if(key == field_name) { if($this_sibling.is('.text_plain, .application_octetstream')) { new_html = value; return false; } else { var new_value = $this_sibling.find('textarea').val(); new_html = $(value).append(new_value); return false; } } }) } } } else { var new_html = ''; var new_value = ''; $test_element = $this_sibling.find('select'); if ($test_element.length != 0) { new_value = $test_element.val(); } $test_element = $this_sibling.find('span.curr_value'); if ($test_element.length != 0) { new_value = $test_element.text(); } if($this_sibling.is('.relation')) { var field_name = getFieldName($this_sibling, disp_mode); if (typeof data.relations != 'undefined') { $.each(data.relations, function(key, value) { if(key == field_name) { new_html = $(value); return false; } }) } } else if ($this_sibling.is('.enum')) { new_html = new_value; } else if ($this_sibling.is('.set')) { if (new_value != null) { $.each(new_value, function(key, value) { new_html = new_html + value + ','; }) new_html = new_html.substring(0, new_html.length-1); } } } $this_sibling.text(new_html); } }) }" 82,"function output( $p_format = 'dot', $p_headers = false ) { if( !isset( $this->formats[$p_format] ) ) { trigger_error( ERROR_GENERIC, ERROR ); } $t_binary = $this->formats[$p_format]['binary']; $t_type = $this->formats[$p_format]['type']; $t_mime = $this->formats[$p_format]['mime']; if( $p_headers ) { header( 'Content-Type: ' . $t_mime ); } ob_start(); $this->generate(); $t_dot_source = ob_get_contents(); ob_end_clean(); $t_command = $this->graphviz_tool . ' -T' . $p_format; $t_descriptors = array( 0 => array( 'pipe', 'r', ), 1 => array( 'pipe', 'w', ), 2 => array( 'file', 'php: ); $t_pipes = array(); $t_process = proc_open( $t_command, $t_descriptors, $t_pipes ); if( is_resource( $t_process ) ) { fwrite( $t_pipes[0], $t_dot_source ); fclose( $t_pipes[0] ); if( $p_headers ) { ob_start(); while( !feof( $t_pipes[1] ) ) { echo fgets( $t_pipes[1], 1024 ); } header( 'Content-Length: ' . ob_get_length() ); ob_end_flush(); } else { while( !feof( $t_pipes[1] ) ) { print( fgets( $t_pipes[1], 1024 ) ); } } fclose( $t_pipes[1] ); proc_close( $t_process ); } }",True,PHP,output,graphviz_api.php,https://github.com/mantisbt/mantisbt,mantisbt,Damien Regad,2019-09-21 18:02:59+02:00,"Escape GraphViz command before calling proc_open() Fixes #26091, CVE-2019-15715",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2019-15715,"public function getHtmlForControlButtons() { $ret = ''; $cfgRelation = PMA_getRelationsParam(); if ($cfgRelation['navwork']) { $db = $this->realParent()->real_name; $item = $this->real_name; $ret = '' . '' . PMA_Util::getImage('lightbulb_off.png', __('Hide')) . ''; } return $ret; }" 84,"function access_has_bug_level( $p_access_level, $p_bug_id, $p_user_id = null ) { if( $p_user_id === null ) { $p_user_id = auth_get_current_user_id(); } if( empty( $p_user_id ) && !auth_is_user_authenticated() ) { return false; } $t_project_id = bug_get_field( $p_bug_id, 'project_id' ); $t_limit_reporters = config_get( 'limit_reporters' ); if(( ON === $t_limit_reporters ) && ( !bug_is_user_reporter( $p_bug_id, $p_user_id ) ) && ( !access_has_project_level( REPORTER + 1, $t_project_id, $p_user_id ) ) ) { return false; } if( VS_PRIVATE == bug_get_field( $p_bug_id, 'view_state' ) && !bug_is_user_reporter( $p_bug_id, $p_user_id ) ) { $p_access_level = max( $p_access_level, config_get( 'private_bug_threshold' ) ); } return access_has_project_level( $p_access_level, $t_project_id, $p_user_id ); }",True,PHP,access_has_bug_level,access_api.php,https://github.com/mantisbt/mantisbt,mantisbt,Damien Regad,2012-02-28 01:40:19+01:00,"Fix bug in access_has_bug_level() for private issues When private_bug_threshold is defined as an array instead of a single access level, e.g. array(0=>40, 1=>70, 2=>90) to prevent developers from seeing private bugs while granting that privilege to updaters, access_has_bug_level() incorrectly returned true. The consequence is that unwanted access to Private bugs was granted to users who are allowed to view them, e.g. allowing them to delete or perform other restricted actions. Fixes #10124",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2012-1118,"function PMA_TRI_getRowForList($trigger, $rowclass = '') { global $ajax_class, $url_query, $db, $table, $titles; $retval = "" \n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($trigger['drop']) . ""\n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($trigger['name']) . ""\n""; $retval .= "" \n""; $retval .= "" \n""; if (empty($table)) { $retval .= "" \n""; $retval .= """" . urlencode($trigger['table']) . """"; $retval .= "" \n""; } $retval .= "" \n""; if (PMA_Util::currentUserHasPrivilege('TRIGGER', $db, $table)) { $retval .= ' ' . $titles['Edit'] . ""\n""; } else { $retval .= "" {$titles['NoEdit']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= ' ' . $titles['Export'] . ""\n""; $retval .= "" \n""; $retval .= "" \n""; if (PMA_Util::currentUserHasPrivilege('TRIGGER', $db)) { $retval .= ' ' . $titles['Drop'] . ""\n""; } else { $retval .= "" {$titles['NoDrop']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$trigger['action_timing']}\n""; $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$trigger['event_manipulation']}\n""; $retval .= "" \n""; $retval .= "" \n""; return $retval; }" 89,"function csrf_confirm_form() { global $forum_db, $forum_url, $lang_common, $forum_config, $base_url, $forum_start, $tpl_main, $forum_user, $forum_page, $forum_updates; if (defined('FORUM_DISABLE_CSRF_CONFIRM')) return; if (isset($_POST['confirm_cancel'])) redirect(forum_htmlencode($_POST['prev_url']), $lang_common['Cancel redirect']); function _csrf_confirm_form($key, $values) { $fields = array(); if (is_array($values)) { foreach ($values as $cur_key => $cur_values) $fields = array_merge($fields, _csrf_confirm_form($key.'['.$cur_key.']', $cur_values)); return $fields; } else $fields[$key] = $values; return $fields; } $return = ($hook = get_hook('fn_csrf_confirm_form_start')) ? eval($hook) : null; if ($return != null) return; $forum_page['crumbs'] = array( array($forum_config['o_board_title'], forum_link($forum_url['index'])), $lang_common['Confirm action'] ); $forum_page['form_action'] = get_current_url(); $forum_page['hidden_fields'] = array( 'csrf_token' => '', 'prev_url' => '' ); foreach ($_POST as $submitted_key => $submitted_val) if ($submitted_key != 'csrf_token' && $submitted_key != 'prev_url') { $hidden_fields = _csrf_confirm_form($submitted_key, $submitted_val); foreach ($hidden_fields as $field_key => $field_val) $forum_page['hidden_fields'][$field_key] = ''; } define('FORUM_PAGE', 'dialogue'); require FORUM_ROOT.'header.php'; ob_start(); ($hook = get_hook('fn_csrf_confirm_form_pre_header_load')) ? eval($hook) : null; ?>

"">
"" /> "" />
', $tpl_temp, $tpl_main); ob_end_clean(); require FORUM_ROOT.'footer.php'; }",True,PHP,csrf_confirm_form,functions.php,https://github.com/punbb/punbb,punbb,ashcs,2011-09-18 10:10:01+07:00,Fix XSS vulnerabilities described on http://seclists.org/fulldisclosure/2011/Sep/158,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2011-3371,"private function _addDefaultScripts() { $params = array('lang' => $GLOBALS['lang']); if (isset($GLOBALS['db'])) { $params['db'] = $GLOBALS['db']; } $this->_scripts->addFile('jquery/jquery-1.8.3.min.js'); $this->_scripts->addFile( 'whitelist.php' . PMA_URL_getCommon($params), false, true ); $this->_scripts->addFile('ajax.js'); $this->_scripts->addFile('keyhandler.js'); $this->_scripts->addFile('jquery/jquery-ui-1.9.2.custom.min.js'); $this->_scripts->addFile('jquery/jquery.sprintf.js'); $this->_scripts->addFile('jquery/jquery.cookie.js'); $this->_scripts->addFile('jquery/jquery.mousewheel.js'); $this->_scripts->addFile('jquery/jquery.event.drag-2.2.js'); $this->_scripts->addFile('jquery/jquery-ui-timepicker-addon.js'); $this->_scripts->addFile('jquery/jquery.ba-hashchange-1.3.js'); $this->_scripts->addFile('jquery/jquery.debounce-1.0.5.js'); $this->_scripts->addFile('jquery/jquery.menuResizer-1.0.js'); if ($GLOBALS['cfg']['AllowThirdPartyFraming'] === false) { $this->_scripts->addFile('cross_framing_protection.js'); } $this->_scripts->addFile('rte.js'); if ($GLOBALS['cfg']['SendErrorReports'] !== 'never') { $this->_scripts->addFile('tracekit/tracekit.js'); $this->_scripts->addFile('error_report.js'); } $this->_scripts->addFile('messages.php' . PMA_URL_getCommon($params)); if (isset($_SESSION['PMA_Theme'])) { $theme_id = urlencode($_SESSION['PMA_Theme']->getId()); } else { $theme_id = 'default'; } $this->_scripts->addFile( 'get_image.js.php?theme=' . $theme_id ); $this->_scripts->addFile('doclinks.js'); $this->_scripts->addFile('functions.js'); $this->_scripts->addFile('navigation.js'); $this->_scripts->addFile('indexes.js'); $this->_scripts->addFile('common.js'); $this->_scripts->addCode($this->getJsParamsCode()); }" 91,"public static function display() { $GLOBALS['PMA_Config']->checkGitRevision(); if (! $GLOBALS['PMA_Config']->get('PMA_VERSION_GIT')) { $response = Response::getInstance(); $response->setRequestStatus(false); return; } $commit_hash = substr( $GLOBALS['PMA_Config']->get('PMA_VERSION_GIT_COMMITHASH'), 0, 7 ); $commit_hash = 'get('PMA_VERSION_GIT_MESSAGE')) . '"">' . $commit_hash . ''; if ($GLOBALS['PMA_Config']->get('PMA_VERSION_GIT_ISREMOTECOMMIT')) { $commit_hash = 'get('PMA_VERSION_GIT_COMMITHASH') ) . '"" rel=""noopener noreferrer"" target=""_blank"">' . $commit_hash . ''; } $branch = $GLOBALS['PMA_Config']->get('PMA_VERSION_GIT_BRANCH'); if ($GLOBALS['PMA_Config']->get('PMA_VERSION_GIT_ISREMOTEBRANCH')) { $branch = 'get('PMA_VERSION_GIT_BRANCH') ) . '"" rel=""noopener noreferrer"" target=""_blank"">' . $branch . ''; } if ($branch !== false) { $branch = sprintf(__('%1$s from %2$s branch'), $commit_hash, $branch); } else { $branch = $commit_hash . ' (' . __('no branch') . ')'; } $committer = $GLOBALS['PMA_Config']->get('PMA_VERSION_GIT_COMMITTER'); $author = $GLOBALS['PMA_Config']->get('PMA_VERSION_GIT_AUTHOR'); Core::printListItem( __('Git revision:') . ' ' . $branch . ',
' . sprintf( __('committed on %1$s by %2$s'), Util::localisedDate(strtotime($committer['date'])), '' . htmlspecialchars($committer['name']) . '' ) . ($author != $committer ? ',
' . sprintf( __('authored on %1$s by %2$s'), Util::localisedDate(strtotime($author['date'])), '' . htmlspecialchars($author['name']) . '' ) : ''), 'li_pma_version_git', null, null, null );",True,PHP,display,GitRevision.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Maurício Meneghini Fauth,2019-10-18 18:03:53-03:00,"Escape Git information on the index page Signed-off-by: Maurício Meneghini Fauth ",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2019-19617,"public function addFile($filename, $conditional_ie = false, $before_statics = false) { $hash = md5($filename); if (!empty($this->_files[$hash])) { return; } $has_onload = $this->_eventBlacklist($filename); $this->_files[$hash] = array( 'has_onload' => $has_onload, 'filename' => $filename, 'conditional_ie' => $conditional_ie, 'before_statics' => $before_statics ); }" 93,"private function _getDemoMessage() { $message = '' . __('phpMyAdmin Demo Server') . ': '; if (@file_exists('./revision-info.php')) { include './revision-info.php'; $message .= sprintf( __('Currently running Git revision %1$s from the %2$s branch.'), '' . $revision . '', '' . $branch . '' ); } else { $message .= __('Git information missing!'); } return Message::notice($message)->getDisplay(); }",True,PHP,_getDemoMessage,Footer.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Maurício Meneghini Fauth,2019-10-18 18:03:53-03:00,"Escape Git information on the index page Signed-off-by: Maurício Meneghini Fauth ",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2019-19617,"private function _includeFiles($files) { $first_dynamic_scripts = """"; $dynamic_scripts = """"; $scripts = array(); foreach ($files as $value) { if (strpos($value['filename'], ""?"") !== false) { if ($value['before_statics'] === true) { $first_dynamic_scripts .= """"; } else { $dynamic_scripts .= """"; } continue; } $include = true; if ($value['conditional_ie'] !== false && PMA_USR_BROWSER_AGENT === 'IE' ) { if ($value['conditional_ie'] === true) { $include = true; } else if ($value['conditional_ie'] == PMA_USR_BROWSER_VER) { $include = true; } else { $include = false; } } if ($include) { $scripts[] = ""scripts[]="" . $value['filename']; } } $separator = PMA_URL_getArgSeparator(); $url = 'js/get_scripts.js.php' . PMA_URL_getCommon(array(), 'none') . $separator . implode($separator, $scripts); $static_scripts = sprintf( '', htmlspecialchars($url) ); return $first_dynamic_scripts . $static_scripts . $dynamic_scripts; }" 94,"function PMA_unInlineEditRow($del_hide, $chg_submit, $this_td, $input_siblings, data, disp_mode) { $del_hide.find('a, br').remove(); $del_hide.append($data_a.clone()); $this_td.removeClass('inline_edit_active').addClass('inline_edit_anchor'); $this_td.parent('tr').removeClass('noclick'); if(disp_mode != 'vertical') { $this_td.parent('tr').removeClass('hover').find('td').removeClass('hover'); } else { $this_td.parents('tbody').find('tr').find('td:eq(' + $this_td.index() + ')').removeClass('marked hover'); } $input_siblings.each(function() { $this_sibling = $(this); var is_null = $this_sibling.find('input:checkbox').is(':checked'); if (is_null) { $this_sibling.html('NULL'); $this_sibling.addClass('null'); } else { $this_sibling.removeClass('null'); if($this_sibling.is(':not(.relation, .enum, .set)')) { var new_html = $this_sibling.find('textarea').val(); if($this_sibling.is('.transformed')) { var field_name = getFieldName($this_sibling, disp_mode); if (typeof data.transformations != 'undefined') { $.each(data.transformations, function(key, value) { if(key == field_name) { if($this_sibling.is('.text_plain, .application_octetstream')) { new_html = value; return false; } else { var new_value = $this_sibling.find('textarea').val(); new_html = $(value).append(new_value); return false; } } }) } } } else { var new_html = ''; var new_value = ''; $test_element = $this_sibling.find('select'); if ($test_element.length != 0) { new_value = $test_element.val(); } $test_element = $this_sibling.find('span.curr_value'); if ($test_element.length != 0) { new_value = $test_element.text(); } if($this_sibling.is('.relation')) { var field_name = getFieldName($this_sibling, disp_mode); if (typeof data.relations != 'undefined') { $.each(data.relations, function(key, value) { if(key == field_name) { new_html = $(value); return false; } }) } } else if ($this_sibling.is('.enum')) { new_html = new_value; } else if ($this_sibling.is('.set')) { if (new_value != null) { $.each(new_value, function(key, value) { new_html = new_html + value + ','; }) new_html = new_html.substring(0, new_html.length-1); } } } $this_sibling.html(new_html); } }) }",True,PHP,PMA_unInlineEditRow,sql.js,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Marc Delisle,2011-09-02 13:00:33-04:00,[security] Fixed XSS in Inline Edit on save action,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2011-3592,"private function _getRowsNormal() { $odd_row = true; $html_output = ''; for ( $column_index = 0, $nb = count($this->_columnNames); $column_index < $nb; $column_index++ ) { $html_output .= ''; $odd_row = !$odd_row; $html_output .= $this->_getGeomFuncHtml($column_index); $html_output .= '' . htmlspecialchars($this->_columnNames[$column_index]) . ''; $properties = $this->getColumnProperties($column_index, $column_index); $html_output .= '' . htmlspecialchars($properties['type']) . ''; $html_output .= '' . $properties['collation'] . ''; $html_output .= '' . $properties['func'] . ''; $html_output .= '' . $properties['value'] . ''; $html_output .= ''; $html_output .= ''; $html_output .= '_columnNames[$column_index]) . '"" />'; $html_output .= '_columnTypes[$column_index]) . '"" />'; $html_output .= '_columnCollations[$column_index] . '"" />'; $html_output .= ''; }" 96,". PMA_Util::getIcon('b_favorite.png') . ''; $html .= '`' . $table['db'] . '`.`' . $table['table'] . '`'; $html .= ''; } } } else { $html .= '
  • ' . ($this->_tableType == 'recent' ?__('There are no recent tables.') :__('There are no favorite tables.')) . '
    • '; }",True,PHP,getIcon,RecentFavoriteTable.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Ann + J.M,2014-06-06 18:40:19+02:00,"Fix XSS in recent/favorite tables list feature Signed-off-by: Ann + J.M ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-4348,"public static function extractColumnSpec($columnspec) { $first_bracket_pos = strpos($columnspec, '('); if ($first_bracket_pos) { $spec_in_brackets = chop( substr( $columnspec, $first_bracket_pos + 1, (strrpos($columnspec, ')') - $first_bracket_pos - 1) ) ); $type = strtolower(chop(substr($columnspec, 0, $first_bracket_pos))); } else { $type_parts = explode(' ',$columnspec); $type = strtolower($type_parts[0]); $spec_in_brackets = ''; } if ('enum' == $type || 'set' == $type) { $enum_set_values = self::parseEnumSetValues($columnspec, false); $printtype = $type . '(' . str_replace(""','"", ""', '"", $spec_in_brackets) . ')'; $binary = false; $unsigned = false; $zerofill = false; } else { $enum_set_values = array(); $printtype = strtolower($columnspec); if (preg_match('@binary@', $printtype) && ! preg_match('@binary[\(]@', $printtype) ) { $printtype = preg_replace('@binary@', '', $printtype); $binary = true; } else { $binary = false; } $printtype = preg_replace( '@zerofill@', '', $printtype, -1, $zerofill_cnt ); $zerofill = ($zerofill_cnt > 0); $printtype = preg_replace( '@unsigned@', '', $printtype, -1, $unsigned_cnt ); $unsigned = ($unsigned_cnt > 0); $printtype = trim($printtype); } $attribute = ' '; if ($binary) { $attribute = 'BINARY'; } if ($unsigned) { $attribute = 'UNSIGNED'; } if ($zerofill) { $attribute = 'UNSIGNED ZEROFILL'; } $can_contain_collation = false; if (! $binary && preg_match( ""@^(char|varchar|text|tinytext|mediumtext|longtext|set|enum)@"", $type ) ) { $can_contain_collation = true; } $displayed_type = htmlspecialchars($printtype); if (strlen($printtype) > $GLOBALS['cfg']['LimitChars']) { $displayed_type = ''; $displayed_type .= htmlspecialchars( $GLOBALS['PMA_String']->substr( $printtype, 0, $GLOBALS['cfg']['LimitChars'] ) ); $displayed_type .= ''; } return array( 'type' => $type, 'spec_in_brackets' => $spec_in_brackets, 'enum_set_values' => $enum_set_values, 'print_type' => $printtype, 'binary' => $binary, 'unsigned' => $unsigned, 'zerofill' => $zerofill, 'attribute' => $attribute, 'can_contain_collation' => $can_contain_collation, 'displayed_type' => $displayed_type ); }" 98,". htmlspecialchars($table['table']) . '`'; $html .= ''; } } } else { $html .= '
  • ' . ($this->_tableType == 'recent' ?__('There are no recent tables.') :__('There are no favorite tables.')) . '
    • '; }",True,PHP,"].'"">`'.htmlspecialchars.'`.`'.htmlspecialchars",RecentFavoriteTable.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Ann + J.M,2014-06-19 12:52:52+02:00,"Fix XSS in PMA_RecentFavoriteTable::getHtmlList() Signed-off-by: Ann + J.M ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-4348,"private function _getRowsNormal() { $odd_row = true; $html_output = ''; for ( $column_index = 0, $nb = count($this->_columnNames); $column_index < $nb; $column_index++ ) { $html_output .= ''; $odd_row = !$odd_row; $html_output .= $this->_getGeomFuncHtml($column_index); $html_output .= '' . htmlspecialchars($this->_columnNames[$column_index]) . ''; $properties = $this->getColumnProperties($column_index, $column_index); $html_output .= '' . htmlspecialchars($properties['type']) . ''; $html_output .= '' . $properties['collation'] . ''; $html_output .= '' . $properties['func'] . ''; $html_output .= '' . $properties['value'] . ''; $html_output .= ''; $html_output .= ''; $html_output .= '_columnNames[$column_index]) . '"" />'; $html_output .= '_columnTypes[$column_index]) . '"" />'; $html_output .= '_columnCollations[$column_index] . '"" />'; $html_output .= ''; }" 101,"public function getHtmlForControlButtons() { $ret = ''; $cfgRelation = PMA_getRelationsParam(); if ($cfgRelation['navwork']) { $db = $this->realParent()->real_name; $item = $this->real_name; $ret = '' . '' . PMA_Util::getImage('lightbulb_off.png', __('Hide')) . ''; } return $ret; }",True,PHP,getHtmlForControlButtons,Node_DatabaseChild.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Ann + J.M,2014-06-19 12:57:59+02:00,"Fix XSS in Hide navigation items feature Signed-off-by: Ann + J.M ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-4349,"function PMA_getErrorReportForm() { $html = """"; $html .= '
    ' . '
    '; $html .= '

    ' . __( 'phpMyAdmin has encountered an error. We have collected data about' . ' this error as well as information about relevant configuration' . ' settings to send to the phpMyAdmin team to help us in' . ' debugging the problem.' ) . '

    '; $html .= '
    ' . '
    ' . htmlspecialchars(PMA_getReportData()) . '
    '; $html .= '
    ' . ''; $html .= '' . ''; $html .= '
    '; $html .= PMA_URL_getHiddenInputs(); $reportData = PMA_getReportData(false); if (! empty($reportData)) { $html .= PMA_getHiddenFields($reportData); } $html .= '
    '; return $html; }" 102,"function PMA_TRI_getRowForList($trigger, $rowclass = '') { global $ajax_class, $url_query, $db, $table, $titles; $retval = "" \n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($trigger['drop']) . ""\n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($trigger['name']) . ""\n""; $retval .= "" \n""; $retval .= "" \n""; if (empty($table)) { $retval .= "" \n""; $retval .= "" "" . $trigger['table'] . ""\n""; $retval .= "" \n""; } $retval .= "" \n""; if (PMA_Util::currentUserHasPrivilege('TRIGGER', $db, $table)) { $retval .= ' ' . $titles['Edit'] . ""\n""; } else { $retval .= "" {$titles['NoEdit']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= ' ' . $titles['Export'] . ""\n""; $retval .= "" \n""; $retval .= "" \n""; if (PMA_Util::currentUserHasPrivilege('TRIGGER', $db)) { $retval .= ' ' . $titles['Drop'] . ""\n""; } else { $retval .= "" {$titles['NoDrop']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$trigger['action_timing']}\n""; $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$trigger['event_manipulation']}\n""; $retval .= "" \n""; $retval .= "" \n""; return $retval; }",True,PHP,PMA_TRI_getRowForList,rte_list.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Marc Delisle,2014-07-11 06:39:20-04:00,"bug #4488 [security] XSS injection due to unescaped table name (triggers) Signed-off-by: Marc Delisle ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-4955,"public static function factory($type) { include_once './libraries/gis/GIS_Geometry.class.php'; $type_lower = strtolower($type); if (! PMA_isValid($type_lower, PMA_Util::getGISDatatypes()) || ! file_exists('./libraries/gis/GIS_' . ucfirst($type_lower) . '.class.php') ) { return false; } if (include_once './libraries/gis/GIS_' . ucfirst($type_lower) . '.class.php') { switch(strtoupper($type)) { case 'MULTIPOLYGON' : return PMA_GIS_Multipolygon::singleton(); case 'POLYGON' : return PMA_GIS_Polygon::singleton(); case 'MULTIPOINT' : return PMA_GIS_Multipoint::singleton(); case 'POINT' : return PMA_GIS_Point::singleton(); case 'MULTILINESTRING' : return PMA_GIS_Multilinestring::singleton(); case 'LINESTRING' : return PMA_GIS_Linestring::singleton(); case 'GEOMETRYCOLLECTION' : return PMA_GIS_Geometrycollection::singleton(); default : return false; } } else { return false; } }" 105,"function PMA_getHtmlForForeignKey($save_row, $i, $existrel_foreign, $myfield, $db, $myfield_md5, $tbl_storage_engine, $options_array ) { $html_output = ''; if (! empty($save_row[$i]['Key'])) { $foreign_db = false; $foreign_table = false; $foreign_column = false; if (isset($existrel_foreign[$myfield])) { $foreign_db = $existrel_foreign[$myfield]['foreign_db']; } else { $foreign_db = $db; } $html_output .= ''; $html_output .= PMA_generateRelationalDropdown( 'destination_foreign_db[' . $myfield_md5 . ']', $GLOBALS['pma']->databases, $foreign_db, __('Database') ); $tables = array(); if ($foreign_db) { if (isset($existrel_foreign[$myfield])) { $foreign_table = $existrel_foreign[$myfield]['foreign_table']; } if (PMA_DRIZZLE) { $tables_rs = $GLOBALS['dbi']->query( 'SHOW TABLES FROM ' . PMA_Util::backquote($foreign_db), null, PMA_DatabaseInterface::QUERY_STORE ); while ($row = $GLOBALS['dbi']->fetchArray($tables_rs)) { $engine = PMA_Table::sGetStatusInfo( $foreign_db, $row[0], 'Engine' ); if (isset($engine) && strtoupper($engine) == $tbl_storage_engine ) { $tables[] = $row[0]; } } } else { $tables_rs = $GLOBALS['dbi']->query( 'SHOW TABLE STATUS FROM ' . PMA_Util::backquote($foreign_db), null, PMA_DatabaseInterface::QUERY_STORE ); while ($row = $GLOBALS['dbi']->fetchRow($tables_rs)) { if (isset($row[1]) && strtoupper($row[1]) == $tbl_storage_engine ) { $tables[] = $row[0]; } } } } $html_output .= PMA_generateRelationalDropdown( 'destination_foreign_table[' . $myfield_md5 . ']', $tables, $foreign_table, __('Table') ); $columns = array(); if ($foreign_db && $foreign_table) { if (isset($existrel_foreign[$myfield])) { $foreign_column = $existrel_foreign[$myfield]['foreign_field']; } $table_obj = new PMA_Table($foreign_table, $foreign_db); $columns = $table_obj->getUniqueColumns(false, false); } $html_output .= PMA_generateRelationalDropdown( 'destination_foreign_column[' . $myfield_md5 . ']', $columns, $foreign_column, __('Column') ); $html_output .= ''; $html_output .= ''; $constraint_name = isset($existrel_foreign[$myfield]['constraint']) ? $existrel_foreign[$myfield]['constraint'] : ''; $html_output .= __('Constraint name'); $html_output .= ''; $html_output .= '' . ""\n""; $html_output .= ''; $on_delete = isset($existrel_foreign[$myfield]['on_delete']) ? $existrel_foreign[$myfield]['on_delete'] : 'RESTRICT'; $html_output .= PMA_generateDropdown( 'ON DELETE', 'on_delete[' . $myfield_md5 . ']', $options_array, $on_delete ); $html_output .= '' . ""\n""; $html_output .= '' . ""\n""; $on_update = isset($existrel_foreign[$myfield]['on_update']) ? $existrel_foreign[$myfield]['on_update'] : 'RESTRICT'; $html_output .= PMA_generateDropdown( 'ON UPDATE', 'on_update[' . $myfield_md5 . ']', $options_array, $on_update ); $html_output .= '' . ""\n""; } else { $html_output .= __('No index defined! Create one below'); } $html_output .= ''; return $html_output; }",True,PHP,PMA_getHtmlForForeignKey,tbl_relation.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Marc Delisle,2014-08-17 08:54:05-04:00,"bug #4517 [security] XSS in relation view Signed-off-by: Marc Delisle ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-5273,"function PMA_getQueryFromSelected($what, $db, $table, $selected, $action, $views) { $reload = null; $full_query_views = null; $full_query = ''; if ($what == 'drop_tbl') { $full_query_views = ''; } $selected_cnt = count($selected); $i = 0; foreach ($selected as $sval) { switch ($what) { case 'row_delete': $full_query .= 'DELETE FROM ' . PMA_Util::backquote(htmlspecialchars($db)) . '.' . PMA_Util::backquote(htmlspecialchars($table)) . ' WHERE ' . urldecode(htmlspecialchars($sval)) . ';
    '; break; case 'drop_db': $full_query .= 'DROP DATABASE ' . PMA_Util::backquote(htmlspecialchars($sval)) . ';
    '; $reload = 1; break; case 'drop_tbl': $current = $sval; if (!empty($views) && in_array($current, $views)) { $full_query_views .= (empty($full_query_views) ? 'DROP VIEW ' : ', ') . PMA_Util::backquote(htmlspecialchars($current)); } else { $full_query .= (empty($full_query) ? 'DROP TABLE ' : ', ') . PMA_Util::backquote(htmlspecialchars($current)); } break; case 'empty_tbl': $full_query .= 'TRUNCATE '; $full_query .= PMA_Util::backquote(htmlspecialchars($sval)) . ';
    '; break; case 'primary_fld': if ($full_query == '') { $full_query .= 'ALTER TABLE ' . PMA_Util::backquote(htmlspecialchars($table)) . '
      DROP PRIMARY KEY,' . '
       ADD PRIMARY KEY(' . '
         ' . PMA_Util::backquote(htmlspecialchars($sval)) . ','; } else { $full_query .= '
         ' . PMA_Util::backquote(htmlspecialchars($sval)) . ','; } if ($i == $selected_cnt-1) { $full_query = preg_replace('@,$@', ');
    ', $full_query); } break; case 'drop_fld': if ($full_query == '') { $full_query .= 'ALTER TABLE ' . PMA_Util::backquote(htmlspecialchars($table)); } $full_query .= '
      DROP ' . PMA_Util::backquote(htmlspecialchars($sval)) . ','; if ($i == $selected_cnt - 1) { $full_query = preg_replace('@,$@', ';
    ', $full_query); } break; } $i++; } if ($what == 'drop_tbl') { if (!empty($full_query)) { $full_query .= ';
    ' . ""\n""; } if (!empty($full_query_views)) { $full_query .= $full_query_views . ';
    ' . ""\n""; } unset($full_query_views); } $full_query_views = isset($full_query_views)? $full_query_views : null; return array($full_query, $reload, $full_query_views); }" 106,private function _addDefaultScripts() { $this->_scripts->addFile('jquery/jquery-1.8.3.min.js'); $this->_scripts->addFile('ajax.js'); $this->_scripts->addFile('keyhandler.js'); $this->_scripts->addFile('jquery/jquery-ui-1.9.2.custom.min.js'); $this->_scripts->addFile('jquery/jquery.sprintf.js'); $this->_scripts->addFile('jquery/jquery.cookie.js'); $this->_scripts->addFile('jquery/jquery.mousewheel.js'); $this->_scripts->addFile('jquery/jquery.event.drag-2.2.js'); $this->_scripts->addFile('jquery/jquery-ui-timepicker-addon.js'); $this->_scripts->addFile('jquery/jquery.ba-hashchange-1.3.js'); $this->_scripts->addFile('jquery/jquery.debounce-1.0.5.js'); $this->_scripts->addFile('jquery/jquery.menuResizer-1.0.js'); if ($GLOBALS['cfg']['AllowThirdPartyFraming'] === false) { $this->_scripts->addFile('cross_framing_protection.js'); } $this->_scripts->addFile('rte.js'); if ($GLOBALS['cfg']['SendErrorReports'] !== 'never') { $this->_scripts->addFile('tracekit/tracekit.js'); $this->_scripts->addFile('error_report.js'); } $params = array('lang' => $GLOBALS['lang']); if (isset($GLOBALS['db'])) { $params['db'] = $GLOBALS['db']; } $this->_scripts->addFile('messages.php' . PMA_URL_getCommon($params)); if (isset($_SESSION['PMA_Theme'])) { $theme_id = urlencode($_SESSION['PMA_Theme']->getId()); } else { $theme_id = 'default'; } $this->_scripts->addFile( 'get_image.js.php?theme=' . $theme_id ); $this->_scripts->addFile('doclinks.js'); $this->_scripts->addFile('functions.js'); $this->_scripts->addFile('navigation.js'); $this->_scripts->addFile('indexes.js'); $this->_scripts->addFile('common.js'); $this->_scripts->addCode($this->getJsParamsCode()); },True,PHP,_addDefaultScripts,Header.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Marc Delisle,2014-09-13 10:30:47-04:00,"bug #4530 [security] DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions Signed-off-by: Marc Delisle ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-6300,"static protected function getFontsizeSelection() { $current_size = $GLOBALS['PMA_Config']->get('fontsize'); if (empty($current_size)) { if (isset($_COOKIE['pma_fontsize'])) { $current_size = htmlspecialchars($_COOKIE['pma_fontsize']); } else { $current_size = '82%'; } } $options = PMA_Config::getFontsizeOptions($current_size); $return = '' . ""\n"" . ''; return $return; }" 109,"public function addFile($filename, $conditional_ie = false) { $hash = md5($filename); if (!empty($this->_files[$hash])) { return; } $has_onload = $this->_eventBlacklist($filename); $this->_files[$hash] = array( 'has_onload' => $has_onload, 'filename' => $filename, 'conditional_ie' => $conditional_ie ); }",True,PHP,addFile,Scripts.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Marc Delisle,2014-09-13 10:30:47-04:00,"bug #4530 [security] DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions Signed-off-by: Marc Delisle ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-6300,function getFontSize() { $fs = $GLOBALS['PMA_Config']->get('fontsize'); if (!is_null($fs)) { return $fs; } if (isset($_COOKIE['pma_fontsize'])) { return htmlspecialchars($_COOKIE['pma_fontsize']); } return '82%'; } 111,"private function _includeFiles($files) { $dynamic_scripts = """"; $scripts = array(); foreach ($files as $value) { if (strpos($value['filename'], ""?"") !== false) { $dynamic_scripts .= """"; continue; } $include = true; if ($value['conditional_ie'] !== false && PMA_USR_BROWSER_AGENT === 'IE' ) { if ($value['conditional_ie'] === true) { $include = true; } else if ($value['conditional_ie'] == PMA_USR_BROWSER_VER) { $include = true; } else { $include = false; } } if ($include) { $scripts[] = ""scripts[]="" . $value['filename']; } } $separator = PMA_URL_getArgSeparator(); $url = 'js/get_scripts.js.php' . PMA_URL_getCommon(array(), 'none') . $separator . implode($separator, $scripts); $static_scripts = sprintf( '', htmlspecialchars($url) ); return $static_scripts . $dynamic_scripts; }",True,PHP,_includeFiles,Scripts.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Marc Delisle,2014-09-13 10:30:47-04:00,"bug #4530 [security] DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions Signed-off-by: Marc Delisle ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-6300,"function PMA_Process_formset(FormDisplay $form_display) { if (isset($_GET['mode']) && $_GET['mode'] == 'revert') { $form_display->fixErrors(); PMA_generateHeader303(); } if (!$form_display->process(false)) { $form_display->display(true, true); return; } if (!$form_display->hasErrors()) { PMA_generateHeader303(); return; } $separator = PMA_URL_getArgSeparator('html'); $page = isset($_GET['page']) ? $_GET['page'] : null; $formset = isset($_GET['formset']) ? $_GET['formset'] : null; $formset = $formset ? ""{$separator}formset=$formset"" : ''; $formId = PMA_isValid($_GET['id'], 'numeric') ? $_GET['id'] : null; if ($formId === null && $page == 'servers') { $formId = $form_display->getConfigFile()->getServerCount(); } $formId = $formId ? ""{$separator}id=$formId"" : ''; ?> displayErrors() ?> "">   page=mode=edit""> _columnNames); $column_index < $nb; $column_index++ ) { $html_output .= ''; $odd_row = !$odd_row; $html_output .= $this->_getGeomFuncHtml($column_index); $html_output .= '' . htmlspecialchars($this->_columnNames[$column_index]) . ''; $properties = $this->getColumnProperties($column_index, $column_index); $html_output .= '' . $properties['type'] . ''; $html_output .= '' . $properties['collation'] . ''; $html_output .= '' . $properties['func'] . ''; $html_output .= '' . $properties['value'] . ''; $html_output .= ''; $html_output .= ''; $html_output .= '_columnNames[$column_index]) . '"" />'; $html_output .= '_columnTypes[$column_index] . '"" />'; $html_output .= '_columnCollations[$column_index] . '"" />'; $html_output .= ''; }",True,PHP,_getRowsNormal,TableSearch.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Marc Delisle,2014-10-01 08:01:00-04:00,"[security] XSS with malicious ENUM values Signed-off-by: Marc Delisle Conflicts: libraries/Util.class.php",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-7217,"$output .= htmlspecialchars($field->name); $output .= """"; } $output .= """"; $data = PMA_DBI_fetch_single_row($result); foreach ($data as $key => $value) { if ($value === null) { $value = 'NULL'; } else { $value = htmlspecialchars($value); } $output .= """" . $value . """"; } $output .= """"; } else { $notice = __('MySQL returned an empty result set (i.e. zero rows).'); $output .= PMA_message::notice($notice)->getDisplay(); } } else { $output = ''; $message = PMA_message::error( sprintf( __('The following query has failed: ""%s""'), htmlspecialchars($query) ) . '

    ' . __('MySQL said: ') . PMA_DBI_getError(null) ); } if ($GLOBALS['is_ajax_request']) { $extra_data = array('dialog' => false); PMA_ajaxResponse( $message->getDisplay() . $output, $message->isSuccess(), $extra_data ); } else { echo $message->getDisplay() . $output; if ($message->isError()) { exit; } unset($_POST); } } else { $message = __('Error in processing request') . ' : '; $message .= sprintf( PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_backquote($db)) ); $message = PMA_message::error($message); if ($GLOBALS['is_ajax_request']) { PMA_ajaxResponse($message, $message->isSuccess()); } else { echo $message->getDisplay(); unset($_POST); } } } else if (! empty($_GET['execute_dialog']) && ! empty($_GET['item_name'])) { $routine = PMA_RTN_getDataFromName($_GET['item_name'], $_GET['item_type'], true); if ($routine !== false) { $form = PMA_RTN_getExecuteForm($routine); if ($GLOBALS['is_ajax_request'] == true) { $extra_data = array(); $extra_data['dialog'] = true; $extra_data['title'] = __(""Execute routine"") . "" ""; $extra_data['title'] .= PMA_backquote( htmlentities($_GET['item_name'], ENT_QUOTES) ); PMA_ajaxResponse($form, true, $extra_data); } else { echo ""\n\n

    "" . __(""Execute routine"") . ""

    \n\n""; echo $form; include './libraries/footer.inc.php'; } } else if (($GLOBALS['is_ajax_request'] == true)) { $message = __('Error in processing request') . ' : '; $message .= sprintf( PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_backquote($db)) ); $message = PMA_message::error($message); PMA_ajaxResponse($message, false); } } }" 115,"public static function extractColumnSpec($columnspec) { $first_bracket_pos = strpos($columnspec, '('); if ($first_bracket_pos) { $spec_in_brackets = chop( substr( $columnspec, $first_bracket_pos + 1, (strrpos($columnspec, ')') - $first_bracket_pos - 1) ) ); $type = strtolower(chop(substr($columnspec, 0, $first_bracket_pos))); } else { $type_parts = explode(' ',$columnspec); $type = strtolower($type_parts[0]); $spec_in_brackets = ''; } if ('enum' == $type || 'set' == $type) { $enum_set_values = self::parseEnumSetValues($columnspec, false); $printtype = $type . '(' . str_replace(""','"", ""', '"", $spec_in_brackets) . ')'; $binary = false; $unsigned = false; $zerofill = false; } else { $enum_set_values = array(); $printtype = strtolower($columnspec); if (preg_match('@binary@', $printtype) && ! preg_match('@binary[\(]@', $printtype) ) { $printtype = preg_replace('@binary@', '', $printtype); $binary = true; } else { $binary = false; } $printtype = preg_replace( '@zerofill@', '', $printtype, -1, $zerofill_cnt ); $zerofill = ($zerofill_cnt > 0); $printtype = preg_replace( '@unsigned@', '', $printtype, -1, $unsigned_cnt ); $unsigned = ($unsigned_cnt > 0); $printtype = trim($printtype); } $attribute = ' '; if ($binary) { $attribute = 'BINARY'; } if ($unsigned) { $attribute = 'UNSIGNED'; } if ($zerofill) { $attribute = 'UNSIGNED ZEROFILL'; } $can_contain_collation = false; if (! $binary && preg_match( ""@^(char|varchar|text|tinytext|mediumtext|longtext|set|enum)@"", $type ) ) { $can_contain_collation = true; } $displayed_type = htmlspecialchars($printtype); if (strlen($printtype) > $GLOBALS['cfg']['LimitChars']) { $displayed_type = ''; $displayed_type .= $GLOBALS['PMA_String']->substr( $printtype, 0, $GLOBALS['cfg']['LimitChars'] ); $displayed_type .= ''; } return array( 'type' => $type, 'spec_in_brackets' => $spec_in_brackets, 'enum_set_values' => $enum_set_values, 'print_type' => $printtype, 'binary' => $binary, 'unsigned' => $unsigned, 'zerofill' => $zerofill, 'attribute' => $attribute, 'can_contain_collation' => $can_contain_collation, 'displayed_type' => $displayed_type ); }",True,PHP,extractColumnSpec,Util.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Marc Delisle,2014-10-01 08:01:00-04:00,"[security] XSS with malicious ENUM values Signed-off-by: Marc Delisle Conflicts: libraries/Util.class.php",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-7217,"function PMA_EVN_getRowForList($event, $rowclass = '') { global $ajax_class, $url_query, $db, $titles; $sql_drop = sprintf( 'DROP EVENT IF EXISTS %s', PMA_backquote($event['EVENT_NAME']) ); $retval = "" \n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($sql_drop) . ""\n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($event['EVENT_NAME']) . ""\n""; $retval .= "" \n""; $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$event['STATUS']}\n""; $retval .= "" \n""; $retval .= "" \n""; if (PMA_currentUserHasPrivilege('EVENT', $db)) { $retval .= ' ' . $titles['Edit'] . ""\n""; } else { $retval .= "" {$titles['NoEdit']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= ' ' . $titles['Export'] . ""\n""; $retval .= "" \n""; $retval .= "" \n""; if (PMA_currentUserHasPrivilege('EVENT', $db)) { $retval .= ' ' . $titles['Drop'] . ""\n""; } else { $retval .= "" {$titles['NoDrop']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$event['EVENT_TYPE']}\n""; $retval .= "" \n""; $retval .= "" \n""; return $retval; }" 118,"private function _getRowsNormal() { $odd_row = true; $html_output = ''; for ( $column_index = 0, $nb = count($this->_columnNames); $column_index < $nb; $column_index++ ) { $html_output .= ''; $odd_row = !$odd_row; $html_output .= $this->_getGeomFuncHtml($column_index); $html_output .= '' . htmlspecialchars($this->_columnNames[$column_index]) . ''; $properties = $this->getColumnProperties($column_index, $column_index); $html_output .= '' . htmlspecialchars($properties['type']) . ''; $html_output .= '' . $properties['collation'] . ''; $html_output .= '' . $properties['func'] . ''; $html_output .= '' . $properties['value'] . ''; $html_output .= ''; $html_output .= ''; $html_output .= '_columnNames[$column_index]) . '"" />'; $html_output .= '_columnTypes[$column_index]) . '"" />'; $html_output .= '_columnCollations[$column_index] . '"" />'; $html_output .= ''; }",True,PHP,_getRowsNormal,TableSearch.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Marc Delisle,2014-10-01 08:09:12-04:00,"Bug 4544: additional fix for 4.2.x Signed-off-by: Marc Delisle ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-7217,"function PMA_RTN_getRowForList($routine, $rowclass = '') { global $ajax_class, $url_query, $db, $titles; $sql_drop = sprintf('DROP %s IF EXISTS %s', $routine['ROUTINE_TYPE'], PMA_backquote($routine['SPECIFIC_NAME'])); $type_link = ""item_type={$routine['ROUTINE_TYPE']}""; $retval = "" \n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($sql_drop) . ""\n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($routine['SPECIFIC_NAME']) . ""\n""; $retval .= "" \n""; $retval .= "" \n""; $retval .= "" \n""; if ($routine['ROUTINE_DEFINITION'] !== null && PMA_currentUserHasPrivilege('ALTER ROUTINE', $db) && PMA_currentUserHasPrivilege('CREATE ROUTINE', $db) ) { $retval .= ' ' . $titles['Edit'] . ""\n""; } else { $retval .= "" {$titles['NoEdit']}\n""; } $retval .= "" \n""; $retval .= "" \n""; if ($routine['ROUTINE_DEFINITION'] !== null && PMA_currentUserHasPrivilege('EXECUTE', $db) ) { $routine_details = PMA_RTN_getDataFromName( $routine['SPECIFIC_NAME'], $routine['ROUTINE_TYPE'], false ); if ($routine !== false) { $execute_action = 'execute_routine'; for ($i=0; $i<$routine_details['item_num_params']; $i++) { if ($routine_details['item_type'] == 'PROCEDURE' && $routine_details['item_param_dir'][$i] == 'OUT' ) { continue; } $execute_action = 'execute_dialog'; break; } $retval .= ' ' . $titles['Execute'] . ""\n""; } } else { $retval .= "" {$titles['NoExecute']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= ' ' . $titles['Export'] . ""\n""; $retval .= "" \n""; $retval .= "" \n""; if (PMA_currentUserHasPrivilege('ALTER ROUTINE', $db)) { $retval .= ' ' . $titles['Drop'] . ""\n""; } else { $retval .= "" {$titles['NoDrop']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$routine['ROUTINE_TYPE']}\n""; $retval .= "" \n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($routine['DTD_IDENTIFIER']) . ""\n""; $retval .= "" \n""; $retval .= "" \n""; return $retval; }" 120,"function PMA_getErrorReportForm() { $html = """"; $html .= '
    ' . '
    '; $html .= '

    ' . __( 'phpMyAdmin has encountered an error. We have collected data about' . ' this error as well as information about relevant configuration' . ' settings to send to the phpMyAdmin team to help us in' . ' debugging the problem.' ) . '

    '; $html .= '
    ' . '
    ' . PMA_getReportData() . '
    '; $html .= '
    ' . ''; $html .= '' . ''; $html .= '
    '; $html .= PMA_URL_getHiddenInputs(); $reportData = PMA_getReportData(false); if (! empty($reportData)) { $html .= PMA_getHiddenFields($reportData); } $html .= '
    '; return $html; }",True,PHP,PMA_getErrorReportForm,error_report.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2014-11-20 06:08:49+05:18,"bug #4596 [security] XSS through exception stack Signed-off-by: Madhura Jayaratne ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-8960,"function PMA_TRI_getRowForList($trigger, $rowclass = '') { global $ajax_class, $url_query, $db, $table, $titles; $retval = "" \n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($trigger['drop']) . ""\n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($trigger['name']) . ""\n""; $retval .= "" \n""; $retval .= "" \n""; if (empty($table)) { $retval .= "" \n""; $retval .= "" "" . $trigger['table'] . ""\n""; $retval .= "" \n""; } $retval .= "" \n""; if (PMA_currentUserHasPrivilege('TRIGGER', $db, $table)) { $retval .= ' ' . $titles['Edit'] . ""\n""; } else { $retval .= "" {$titles['NoEdit']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= ' ' . $titles['Export'] . ""\n""; $retval .= "" \n""; $retval .= "" \n""; if (PMA_currentUserHasPrivilege('TRIGGER', $db)) { $retval .= ' ' . $titles['Drop'] . ""\n""; } else { $retval .= "" {$titles['NoDrop']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$trigger['action_timing']}\n""; $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$trigger['event_manipulation']}\n""; $retval .= "" \n""; $retval .= "" \n""; return $retval; }" 123,public static function factory($type) { include_once './libraries/gis/GIS_Geometry.class.php'; $type_lower = strtolower($type); if (! file_exists('./libraries/gis/GIS_' . ucfirst($type_lower) . '.class.php')) { return false; } if (include_once './libraries/gis/GIS_' . ucfirst($type_lower) . '.class.php') { switch(strtoupper($type)) { case 'MULTIPOLYGON' : return PMA_GIS_Multipolygon::singleton(); case 'POLYGON' : return PMA_GIS_Polygon::singleton(); case 'MULTIPOINT' : return PMA_GIS_Multipoint::singleton(); case 'POINT' : return PMA_GIS_Point::singleton(); case 'MULTILINESTRING' : return PMA_GIS_Multilinestring::singleton(); case 'LINESTRING' : return PMA_GIS_Linestring::singleton(); case 'GEOMETRYCOLLECTION' : return PMA_GIS_Geometrycollection::singleton(); default : return false; } } else { return false; } },True,PHP,factory,GIS_Factory.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2014-11-20 06:20:57+05:18,"bug #4594 [security] Path traversal in file inclusion of GIS factory Signed-off-by: Madhura Jayaratne ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2014-8959,"private function _getMetaTags() { $retval = ''; $retval .= ''; $retval .= ''; if (! $GLOBALS['cfg']['AllowThirdPartyFraming']) { $retval .= ''; } return $retval; }" 125,"function PMA_getQueryFromSelected($what, $db, $table, $selected, $action, $views) { $reload = null; $full_query_views = null; $full_query = ''; if ($what == 'drop_tbl') { $full_query_views = ''; } $selected_cnt = count($selected); $i = 0; foreach ($selected as $sval) { switch ($what) { case 'row_delete': $full_query .= 'DELETE FROM ' . PMA_Util::backquote($db) . '.' . PMA_Util::backquote($table) . ' WHERE ' . urldecode($sval) . ';
    '; break; case 'drop_db': $full_query .= 'DROP DATABASE ' . PMA_Util::backquote(htmlspecialchars($sval)) . ';
    '; $reload = 1; break; case 'drop_tbl': $current = $sval; if (!empty($views) && in_array($current, $views)) { $full_query_views .= (empty($full_query_views) ? 'DROP VIEW ' : ', ') . PMA_Util::backquote(htmlspecialchars($current)); } else { $full_query .= (empty($full_query) ? 'DROP TABLE ' : ', ') . PMA_Util::backquote(htmlspecialchars($current)); } break; case 'empty_tbl': $full_query .= 'TRUNCATE '; $full_query .= PMA_Util::backquote(htmlspecialchars($sval)) . ';
    '; break; case 'primary_fld': if ($full_query == '') { $full_query .= 'ALTER TABLE ' . PMA_Util::backquote(htmlspecialchars($table)) . '
      DROP PRIMARY KEY,' . '
       ADD PRIMARY KEY(' . '
         ' . PMA_Util::backquote(htmlspecialchars($sval)) . ','; } else { $full_query .= '
         ' . PMA_Util::backquote(htmlspecialchars($sval)) . ','; } if ($i == $selected_cnt-1) { $full_query = preg_replace('@,$@', ');
    ', $full_query); } break; case 'drop_fld': if ($full_query == '') { $full_query .= 'ALTER TABLE ' . PMA_Util::backquote(htmlspecialchars($table)); } $full_query .= '
      DROP ' . PMA_Util::backquote(htmlspecialchars($sval)) . ','; if ($i == $selected_cnt - 1) { $full_query = preg_replace('@,$@', ';
    ', $full_query); } break; } $i++; } if ($what == 'drop_tbl') { if (!empty($full_query)) { $full_query .= ';
    ' . ""\n""; } if (!empty($full_query_views)) { $full_query .= $full_query_views . ';
    ' . ""\n""; } unset($full_query_views); } $full_query_views = isset($full_query_views)? $full_query_views : null; return array($full_query, $reload, $full_query_views); }",True,PHP,PMA_getQueryFromSelected,mult_submits.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2014-11-20 06:24:55+05:18,"bug #4598 [security] XSS in multi submit Signed-off-by: Madhura Jayaratne ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-8958,"$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key); if (isset($_COOKIE['pmaPass-' . $key])) { unset($_COOKIE['pmaPass-' . $key]); } } } else { $GLOBALS['PMA_Config']->removeCookie( 'pmaPass-' . $GLOBALS['server'] ); if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) { unset($_COOKIE['pmaPass-' . $GLOBALS['server']]); } } } if (! empty($_REQUEST['pma_username'])) { if (! empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && ! empty($GLOBALS['cfg']['CaptchaLoginPublicKey']) ) { if (! empty($_POST[""g-recaptcha-response""])) { include_once 'libraries/plugins/auth/recaptcha/autoload.php'; $reCaptcha = new \ReCaptcha\ReCaptcha( $GLOBALS['cfg']['CaptchaLoginPrivateKey'] ); $resp = $reCaptcha->verify( $_POST[""g-recaptcha-response""], $_SERVER[""REMOTE_ADDR""] ); if ($resp == null || ! $resp->isSuccess()) { $conn_error = __('Entered captcha is wrong, try again!'); return false; } } else { $conn_error = __('Please enter correct captcha!'); return false; } } $GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username']; $GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password']; if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername']) ) { if ($GLOBALS['cfg']['ArbitraryServerRegexp']) { $parts = explode(' ', $_REQUEST['pma_servername']); if (count($parts) == 2) { $tmp_host = $parts[0]; } else { $tmp_host = $_REQUEST['pma_servername']; } $match = preg_match( $GLOBALS['cfg']['ArbitraryServerRegexp'], $tmp_host ); if (! $match) { $conn_error = __( 'You are not allowed to log in to this MySQL server!' ); return false; } } $GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername']; } return true; } if ($GLOBALS['cfg']['AllowArbitraryServer'] && ! empty($_COOKIE['pmaServer-' . $GLOBALS['server']]) ) { $GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']]; } if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']]) || empty($_COOKIE['pma_iv-' . $GLOBALS['server']]) ) { return false; } $GLOBALS['PHP_AUTH_USER'] = $this->cookieDecrypt( $_COOKIE['pmaUser-' . $GLOBALS['server']], $this->_getEncryptionSecret() ); if (empty($_SESSION['last_access_time'])) { return false; } $last_access_time = time() - $GLOBALS['cfg']['LoginCookieValidity']; if ($_SESSION['last_access_time'] < $last_access_time ) { PMA_Util::cacheUnset('is_create_db_priv'); PMA_Util::cacheUnset('is_process_priv'); PMA_Util::cacheUnset('is_reload_priv'); PMA_Util::cacheUnset('db_to_create'); PMA_Util::cacheUnset('dbs_where_create_table_allowed'); PMA_Util::cacheUnset('dbs_to_test'); $GLOBALS['no_activity'] = true; $this->authFails(); if (! defined('TESTSUITE')) { exit; } else { return false; } } if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) { return false; } $GLOBALS['PHP_AUTH_PW'] = $this->cookieDecrypt( $_COOKIE['pmaPass-' . $GLOBALS['server']], $this->_getSessionEncryptionSecret() ); if ($GLOBALS['PHP_AUTH_PW'] == ""\xff(blank)"") { $GLOBALS['PHP_AUTH_PW'] = ''; } $GLOBALS['from_cookie'] = true; return true; }" 127,"static protected function getFontsizeSelection() { $current_size = $GLOBALS['PMA_Config']->get('fontsize'); if (empty($current_size)) { if (isset($_COOKIE['pma_fontsize'])) { $current_size = $_COOKIE['pma_fontsize']; } else { $current_size = '82%'; } } $options = PMA_Config::getFontsizeOptions($current_size); $return = '' . ""\n"" . ''; return $return; }",True,PHP,getFontsizeSelection,Config.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2014-11-20 06:28:39+05:18,"bug #4597 [security] XSS through pma_fontsize cookie Signed-off-by: Madhura Jayaratne ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-8958,public function testAuthCheckAuthFails() { $GLOBALS['cfg']['Server']['auth_swekey_config'] = 'testConfigSwekey'; $GLOBALS['server'] = 1; $_REQUEST['old_usr'] = ''; $_REQUEST['pma_username'] = ''; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = 'pmaUser1'; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); $GLOBALS['cfg']['blowfish_secret'] = 'secret'; $_SESSION['last_access_time'] = 1; $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = ''; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = ''; $GLOBALS['cfg']['LoginCookieValidity'] = 0; $_SESSION['last_access_time'] = -1; $this->object = $this->getMockBuilder('AuthenticationCookie') ->disableOriginalConstructor() ->setMethods(array('authFails')) ->getMock(); $this->object->expects($this->once()) ->method('authFails'); $this->assertFalse( $this->object->authCheck() ); $this->assertTrue( $GLOBALS['no_activity'] ); } 130,function getFontSize() { $fs = $GLOBALS['PMA_Config']->get('fontsize'); if (!is_null($fs)) { return $fs; } if (isset($_COOKIE['pma_fontsize'])) { return $_COOKIE['pma_fontsize']; } return '82%'; },True,PHP,getFontSize,Theme.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2014-11-20 06:28:39+05:18,"bug #4597 [security] XSS through pma_fontsize cookie Signed-off-by: Madhura Jayaratne ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-8958,"public function testAuthCheckDecryptUser() { $GLOBALS['cfg']['Server']['auth_swekey_config'] = 'testConfigSwekey'; $GLOBALS['server'] = 1; $_REQUEST['old_usr'] = ''; $_REQUEST['pma_username'] = ''; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = 'pmaUser1'; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); $GLOBALS['cfg']['blowfish_secret'] = 'secret'; $_SESSION['last_access_time'] = ''; $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = ''; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = ''; $this->object = $this->getMockBuilder('AuthenticationCookie') ->disableOriginalConstructor() ->setMethods(array('cookieDecrypt')) ->getMock(); $this->object->expects($this->once()) ->method('cookieDecrypt') ->will($this->returnValue('testBF')); $this->assertFalse( $this->object->authCheck() ); $this->assertEquals( 'testBF', $GLOBALS['PHP_AUTH_USER'] ); }" 135,"function PMA_Process_formset(FormDisplay $form_display) { if (filter_input(INPUT_GET, 'mode') == 'revert') { $form_display->fixErrors(); PMA_generateHeader303(); } if (!$form_display->process(false)) { $form_display->display(true, true); return; } if (!$form_display->hasErrors()) { PMA_generateHeader303(); return; } $separator = PMA_URL_getArgSeparator('html'); $page = filter_input(INPUT_GET, 'page'); $formset = filter_input(INPUT_GET, 'formset'); $formset = $formset ? ""{$separator}formset=$formset"" : ''; $formId = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT); if ($formId === null && $page == 'servers') { $formId = $form_display->getConfigFile()->getServerCount(); } $formId = $formId ? ""{$separator}id=$formId"" : ''; ?> displayErrors() ?>   mode=edit""> ",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-3902,"public function testAuthCheckDecryptPassword() { $GLOBALS['cfg']['Server']['auth_swekey_config'] = 'testConfigSwekey'; $GLOBALS['server'] = 1; $_REQUEST['old_usr'] = ''; $_REQUEST['pma_username'] = ''; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = 'pmaUser1'; $_COOKIE['pmaPass-1'] = 'pmaPass1'; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); $GLOBALS['cfg']['blowfish_secret'] = 'secret'; $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = ''; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = ''; $_SESSION['last_access_time'] = time() - 1000; $GLOBALS['cfg']['LoginCookieValidity'] = 1440; $this->object = $this->getMockBuilder('AuthenticationCookie') ->disableOriginalConstructor() ->setMethods(array('cookieDecrypt')) ->getMock(); $this->object->expects($this->at(1)) ->method('cookieDecrypt') ->will($this->returnValue(""\xff(blank)"")); $this->assertTrue( $this->object->authCheck() ); $this->assertTrue( $GLOBALS['from_cookie'] ); $this->assertEquals( '', $GLOBALS['PHP_AUTH_PW'] ); }" 136,"function checkHTTP($link, $get_body = false) { if (! function_exists('curl_init')) { return null; } $ch = curl_init($link); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_USERAGENT, 'phpMyAdmin/' . PMA_VERSION); curl_setopt($ch, CURLOPT_TIMEOUT, 5); if (! defined('TESTSUITE')) { session_write_close(); } $data = @curl_exec($ch); if (! defined('TESTSUITE')) { ini_set('session.use_only_cookies', '0'); ini_set('session.use_cookies', '0'); ini_set('session.use_trans_sid', '0'); ini_set('session.cache_limiter', 'nocache'); session_start(); } if ($data === false) { return null; } $httpOk = 'HTTP/1.1 200 OK'; $httpNotFound = 'HTTP/1.1 404 Not Found'; if (substr($data, 0, strlen($httpOk)) === $httpOk) { return $get_body ? mb_substr( $data, mb_strpos($data, ""\r\n\r\n"") + 4 ) : true; } $httpNOK = substr( $data, 0, strlen($httpNotFound) ); if ($httpNOK === $httpNotFound) { return false; } return null; }",True,PHP,checkHTTP,Config.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2015-05-13 07:25:54+05:18,"bug #4900 [security] Vulnerability allowing man-in-the-middle attack Signed-off-by: Madhura Jayaratne ",CWE-310,Cryptographic Issues,"Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.",https://cwe.mitre.org/data/definitions/310.html,CVE-2015-3903,"public function testAuthCheck() { $defineAgain = 'PMA_TEST_NO_DEFINE'; if (defined('PMA_CLEAR_COOKIES')) { if (! PMA_HAS_RUNKIT) { $this->markTestSkipped( 'Cannot redefine constant/function - missing runkit extension' ); } else { $defineAgain = PMA_CLEAR_COOKIES; runkit_constant_remove('PMA_CLEAR_COOKIES'); } } $GLOBALS['cfg']['Server']['auth_swekey_config'] = 'testConfigSwekey'; file_put_contents('testConfigSwekey', ''); $this->assertFalse( $this->object->authCheck() ); @unlink('testConfigSwekey'); $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = 'testprivkey'; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = 'testpubkey'; $_POST[""g-recaptcha-response""] = ''; $_REQUEST['pma_username'] = 'testPMAUser'; $this->assertFalse( $this->object->authCheck() ); $this->assertEquals( 'Please enter correct captcha!', $GLOBALS['conn_error'] ); $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = ''; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = ''; $_REQUEST['old_usr'] = 'pmaolduser'; $GLOBALS['cfg']['LoginCookieDeleteAll'] = true; $GLOBALS['cfg']['Servers'] = array(1); $_COOKIE['pmaPass-0'] = 'test'; $this->object->authCheck(); $this->assertFalse( isset($_COOKIE['pmaPass-0']) ); $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = ''; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = ''; $_REQUEST['old_usr'] = 'pmaolduser'; $GLOBALS['cfg']['LoginCookieDeleteAll'] = false; $GLOBALS['cfg']['Servers'] = array(1); $GLOBALS['server'] = 1; $_COOKIE['pmaPass-1'] = 'test'; $this->object->authCheck(); $this->assertFalse( isset($_COOKIE['pmaPass-1']) ); $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = ''; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = ''; $_REQUEST['old_usr'] = ''; $_REQUEST['pma_username'] = 'testPMAUser'; $_REQUEST['pma_servername'] = 'testPMAServer'; $_REQUEST['pma_password'] = 'testPMAPSWD'; $GLOBALS['cfg']['AllowArbitraryServer'] = true; $this->assertTrue( $this->object->authCheck() ); $this->assertEquals( 'testPMAUser', $GLOBALS['PHP_AUTH_USER'] ); $this->assertEquals( 'testPMAPSWD', $GLOBALS['PHP_AUTH_PW'] ); $this->assertEquals( 'testPMAServer', $GLOBALS['pma_auth_server'] ); $this->assertFalse( isset($_COOKIE['pmaPass-1']) ); $_REQUEST['pma_username'] = ''; $GLOBALS['server'] = 1; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = ''; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); $this->assertFalse( $this->object->authCheck() ); $this->assertEquals( 'pmaServ1', $GLOBALS['pma_auth_server'] ); $GLOBALS['server'] = 1; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = 'pmaUser1'; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); $_COOKIE['pmaPass-1'] = ''; $GLOBALS['cfg']['blowfish_secret'] = 'secret'; $_SESSION['last_access_time'] = time() - 1000; $GLOBALS['cfg']['LoginCookieValidity'] = 1440; $this->assertFalse( $this->object->authCheck() ); if ($defineAgain !== 'PMA_TEST_NO_DEFINE') { define('PMA_CLEAR_COOKIES', $defineAgain); } }" 137,"$output .= htmlspecialchars($field->name); $output .= """"; } $output .= """"; $data = PMA_DBI_fetch_single_row($result); foreach ($data as $key => $value) { if ($value === null) { $value = 'NULL'; } else { $value = htmlspecialchars($value); } $output .= """" . $value . """"; } $output .= """"; } else { $notice = __('MySQL returned an empty result set (i.e. zero rows).'); $output .= PMA_message::notice($notice)->getDisplay(); } } else { $output = ''; $message = PMA_message::error(sprintf(__('The following query has failed: ""%s""'), $query) . '

    ' . __('MySQL said: ') . PMA_DBI_getError(null)); } if ($GLOBALS['is_ajax_request']) { $extra_data = array('dialog' => false); PMA_ajaxResponse( $message->getDisplay() . $output, $message->isSuccess(), $extra_data ); } else { echo $message->getDisplay() . $output; if ($message->isError()) { exit; } unset($_POST); } } else { $message = __('Error in processing request') . ' : '; $message .= sprintf( PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_backquote($db)) ); $message = PMA_message::error($message); if ($GLOBALS['is_ajax_request']) { PMA_ajaxResponse($message, $message->isSuccess()); } else { echo $message->getDisplay(); unset($_POST); } } } else if (! empty($_GET['execute_dialog']) && ! empty($_GET['item_name'])) { $routine = PMA_RTN_getDataFromName($_GET['item_name'], $_GET['item_type'], true); if ($routine !== false) { $form = PMA_RTN_getExecuteForm($routine); if ($GLOBALS['is_ajax_request'] == true) { $extra_data = array(); $extra_data['dialog'] = true; $extra_data['title'] = __(""Execute routine"") . "" ""; $extra_data['title'] .= PMA_backquote( htmlentities($_GET['item_name'], ENT_QUOTES) ); PMA_ajaxResponse($form, true, $extra_data); } else { echo ""\n\n

    "" . __(""Execute routine"") . ""

    \n\n""; echo $form; include './libraries/footer.inc.php'; } } else if (($GLOBALS['is_ajax_request'] == true)) { $message = __('Error in processing request') . ' : '; $message .= sprintf( PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_backquote($db)) ); $message = PMA_message::error($message); PMA_ajaxResponse($message, false); } } }",True,PHP,htmlspecialchars,rte_routines.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Dieter Adriaenssens,2012-10-03 20:22:25+02:00,"triggers, routines, events : escape sql queries in error messages",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-5339,"public function testAuth() { $restoreInstance = PMA_Response::getInstance(); $mockResponse = $this->getMockBuilder('PMA_Response') ->disableOriginalConstructor() ->setMethods(array('isAjax', 'isSuccess', 'addJSON')) ->getMock(); $mockResponse->expects($this->once()) ->method('isAjax') ->with() ->will($this->returnValue(true)); $mockResponse->expects($this->once()) ->method('isSuccess') ->with(false); $mockResponse->expects($this->once()) ->method('addJSON') ->with( 'redirect_flag', '1' ); $attrInstance = new ReflectionProperty('PMA_Response', '_instance'); $attrInstance->setAccessible(true); $attrInstance->setValue($mockResponse); $GLOBALS['conn_error'] = true; $GLOBALS['cfg']['PmaAbsoluteUri'] = 'https: $this->assertTrue( $this->object->auth() ); $mockResponse = $this->getMockBuilder('PMA_Response') ->disableOriginalConstructor() ->setMethods(array('isAjax', 'getFooter', 'getHeader')) ->getMock(); $mockResponse->expects($this->once()) ->method('isAjax') ->with() ->will($this->returnValue(false)); $_REQUEST['old_usr'] = ''; $GLOBALS['cfg']['LoginCookieRecall'] = true; $GLOBALS['cfg']['blowfish_secret'] = 'secret'; $GLOBALS['PHP_AUTH_USER'] = 'pmauser'; $GLOBALS['pma_auth_server'] = 'localhost'; $mockFooter = $this->getMockBuilder('PMA_Footer') ->disableOriginalConstructor() ->setMethods(array('setMinimal')) ->getMock(); $mockFooter->expects($this->once()) ->method('setMinimal') ->with(); $mockHeader = $this->getMockBuilder('PMA_Header') ->disableOriginalConstructor() ->setMethods( array( 'setBodyId', 'setTitle', 'disableMenuAndConsole', 'disableWarnings' ) ) ->getMock(); $mockHeader->expects($this->once()) ->method('setBodyId') ->with('loginform'); $mockHeader->expects($this->once()) ->method('setTitle') ->with('phpMyAdmin'); $mockHeader->expects($this->once()) ->method('disableMenuAndConsole') ->with(); $mockHeader->expects($this->once()) ->method('disableWarnings') ->with(); $mockResponse->expects($this->once()) ->method('getFooter') ->with() ->will($this->returnValue($mockFooter)); $mockResponse->expects($this->once()) ->method('getHeader') ->with() ->will($this->returnValue($mockHeader)); $attrInstance = new ReflectionProperty('PMA_Response', '_instance'); $attrInstance->setAccessible(true); $attrInstance->setValue($mockResponse); $GLOBALS['pmaThemeImage'] = 'test'; $GLOBALS['conn_error'] = true; $GLOBALS['cfg']['Lang'] = 'en'; $GLOBALS['cfg']['AllowArbitraryServer'] = true; $GLOBALS['cfg']['Servers'] = array(1, 2); $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = ''; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = ''; $GLOBALS['target'] = 'testTarget'; $GLOBALS['db'] = 'testDb'; $GLOBALS['table'] = 'testTable'; file_put_contents('testlogo_right.png', ''); $mockErrorHandler = $this->getMockBuilder('PMA_Error_Handler') ->disableOriginalConstructor() ->setMethods(array('hasDisplayErrors', 'dispErrors')) ->getMock(); $mockErrorHandler->expects($this->once()) ->method('hasDisplayErrors') ->with() ->will($this->returnValue(true)); $mockErrorHandler->expects($this->once()) ->method('dispErrors') ->with(); $GLOBALS['error_handler'] = $mockErrorHandler; ob_start(); $this->object->auth(); $result = ob_get_clean(); $this->assertContains( 'assertContains( '
    ', $result ); $this->assertContains( '
    ', $result ); $this->assertContains( 'assertContains( '', $result ); $this->assertContains( '', $result ); $this->assertContains( '', $result ); $this->assertContains( '', $result ); $this->assertContains( '', $result ); @unlink('testlogo_right.png'); $mockResponse = $this->getMockBuilder('PMA_Response') ->disableOriginalConstructor() ->setMethods(array('isAjax', 'getFooter', 'getHeader')) ->getMock(); $mockResponse->expects($this->once()) ->method('isAjax') ->with() ->will($this->returnValue(false)); $mockResponse->expects($this->once()) ->method('getFooter') ->with() ->will($this->returnValue(new PMA_Footer())); $mockResponse->expects($this->once()) ->method('getHeader') ->with() ->will($this->returnValue(new PMA_Header())); $_REQUEST['old_usr'] = ''; $GLOBALS['cfg']['LoginCookieRecall'] = false; $attrInstance = new ReflectionProperty('PMA_Response', '_instance'); $attrInstance->setAccessible(true); $attrInstance->setValue($mockResponse); $GLOBALS['pmaThemeImage'] = 'test'; $GLOBALS['cfg']['Lang'] = ''; $GLOBALS['cfg']['AllowArbitraryServer'] = false; $GLOBALS['cfg']['Servers'] = array(1); $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = 'testprivkey'; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = 'testpubkey'; $GLOBALS['server'] = 0; $GLOBALS['error_handler'] = new PMA_Error_Handler; ob_start(); $this->object->auth(); $result = ob_get_clean(); $this->assertContains( 'assertContains( '', $result ); $this->assertContains( '', $result ); $this->assertContains( '
    ', $result ); $attrInstance->setValue($restoreInstance); }" 139,"function PMA_EVN_getRowForList($event, $rowclass = '') { global $ajax_class, $url_query, $db, $titles; $sql_drop = sprintf( 'DROP EVENT IF EXISTS %s', PMA_backquote($event['EVENT_NAME']) ); $retval = "" \n""; $retval .= "" \n""; $retval .= "" $sql_drop\n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($event['EVENT_NAME']) . ""\n""; $retval .= "" \n""; $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$event['STATUS']}\n""; $retval .= "" \n""; $retval .= "" \n""; if (PMA_currentUserHasPrivilege('EVENT', $db)) { $retval .= ' ' . $titles['Edit'] . ""\n""; } else { $retval .= "" {$titles['NoEdit']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= ' ' . $titles['Export'] . ""\n""; $retval .= "" \n""; $retval .= "" \n""; if (PMA_currentUserHasPrivilege('EVENT', $db)) { $retval .= ' ' . $titles['Drop'] . ""\n""; } else { $retval .= "" {$titles['NoDrop']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$event['EVENT_TYPE']}\n""; $retval .= "" \n""; $retval .= "" \n""; return $retval; }",True,PHP,PMA_EVN_getRowForList,rte_list.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2012-10-04 21:29:22+05:18,"triggers, routines, events : escape drop sql",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-5339,"private function _ajaxResponse() { if (! isset($this->_JSON['message'])) { $this->_JSON['message'] = $this->_getDisplay(); } else if ($this->_JSON['message'] instanceof PMA_Message) { $this->_JSON['message'] = $this->_JSON['message']->getDisplay(); } if ($this->_isSuccess) { $this->_JSON['success'] = true; } else { $this->_JSON['success'] = false; $this->_JSON['error'] = $this->_JSON['message']; unset($this->_JSON['message']); } if ($this->_isSuccess) { $this->addJSON('_title', $this->getHeader()->getTitleTag()); if (isset($GLOBALS['dbi'])) { $menuHash = $this->getHeader()->getMenu()->getHash(); $this->addJSON('_menuHash', $menuHash); $hashes = array(); if (isset($_REQUEST['menuHashes'])) { $hashes = explode('-', $_REQUEST['menuHashes']); } if (! in_array($menuHash, $hashes)) { $this->addJSON( '_menu', $this->getHeader() ->getMenu() ->getDisplay() ); } } $this->addJSON('_scripts', $this->getHeader()->getScripts()->getFiles()); $this->addJSON('_selflink', $this->getFooter()->getSelfUrl('unencoded')); $this->addJSON('_displayMessage', $this->getHeader()->getMessage()); $debug = $this->_footer->getDebugMessage(); if (empty($_REQUEST['no_debug']) && mb_strlen($debug) ) { $this->addJSON('_debug', $debug); } $errors = $this->_footer->getErrorMessages(); if (mb_strlen($errors)) { $this->addJSON('_errors', $errors); } $promptPhpErrors = $GLOBALS['error_handler']->hasErrorsForPrompt(); $this->addJSON('_promptPhpErrors', $promptPhpErrors); if (empty($GLOBALS['error_message'])) { $query = ''; $maxChars = $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']; if (isset($GLOBALS['sql_query']) && mb_strlen($GLOBALS['sql_query']) < $maxChars ) { $query = $GLOBALS['sql_query']; } $this->addJSON( '_reloadQuerywindow', array( 'db' => PMA_ifSetOr($GLOBALS['db'], ''), 'table' => PMA_ifSetOr($GLOBALS['table'], ''), 'sql_query' => $query ) ); if (! empty($GLOBALS['focus_querywindow'])) { $this->addJSON('_focusQuerywindow', $query); } if (! empty($GLOBALS['reload'])) { $this->addJSON('_reloadNavigation', 1); } $this->addJSON('_params', $this->getHeader()->getJsParams()); } } PMA_headerJSON(); echo json_encode($this->_JSON); }" 143,"function PMA_RTN_getRowForList($routine, $rowclass = '') { global $ajax_class, $url_query, $db, $titles; $sql_drop = sprintf('DROP %s IF EXISTS %s', $routine['ROUTINE_TYPE'], PMA_backquote($routine['SPECIFIC_NAME'])); $type_link = ""item_type={$routine['ROUTINE_TYPE']}""; $retval = "" \n""; $retval .= "" \n""; $retval .= "" $sql_drop\n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($routine['SPECIFIC_NAME']) . ""\n""; $retval .= "" \n""; $retval .= "" \n""; $retval .= "" \n""; if ($routine['ROUTINE_DEFINITION'] !== null && PMA_currentUserHasPrivilege('ALTER ROUTINE', $db) && PMA_currentUserHasPrivilege('CREATE ROUTINE', $db) ) { $retval .= ' ' . $titles['Edit'] . ""\n""; } else { $retval .= "" {$titles['NoEdit']}\n""; } $retval .= "" \n""; $retval .= "" \n""; if ($routine['ROUTINE_DEFINITION'] !== null && PMA_currentUserHasPrivilege('EXECUTE', $db) ) { $routine_details = PMA_RTN_getDataFromName( $routine['SPECIFIC_NAME'], $routine['ROUTINE_TYPE'], false ); if ($routine !== false) { $execute_action = 'execute_routine'; for ($i=0; $i<$routine_details['item_num_params']; $i++) { if ($routine_details['item_type'] == 'PROCEDURE' && $routine_details['item_param_dir'][$i] == 'OUT' ) { continue; } $execute_action = 'execute_dialog'; break; } $retval .= ' ' . $titles['Execute'] . ""\n""; } } else { $retval .= "" {$titles['NoExecute']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= ' ' . $titles['Export'] . ""\n""; $retval .= "" \n""; $retval .= "" \n""; if (PMA_currentUserHasPrivilege('ALTER ROUTINE', $db)) { $retval .= ' ' . $titles['Drop'] . ""\n""; } else { $retval .= "" {$titles['NoDrop']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$routine['ROUTINE_TYPE']}\n""; $retval .= "" \n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($routine['DTD_IDENTIFIER']) . ""\n""; $retval .= "" \n""; $retval .= "" \n""; return $retval; }",True,PHP,PMA_RTN_getRowForList,rte_list.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2012-10-04 21:29:22+05:18,"triggers, routines, events : escape drop sql",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-5339,function PMA_importAjaxStatus($id) { PMA_headerJSON(); echo json_encode( $_SESSION[$GLOBALS['SESSION_KEY']]['handler']::getUploadStatus($id) ); } 144,"function PMA_TRI_getRowForList($trigger, $rowclass = '') { global $ajax_class, $url_query, $db, $table, $titles; $retval = "" \n""; $retval .= "" \n""; $retval .= "" {$trigger['drop']}\n""; $retval .= "" \n""; $retval .= "" "" . htmlspecialchars($trigger['name']) . ""\n""; $retval .= "" \n""; $retval .= "" \n""; if (empty($table)) { $retval .= "" \n""; $retval .= "" "" . $trigger['table'] . ""\n""; $retval .= "" \n""; } $retval .= "" \n""; if (PMA_currentUserHasPrivilege('TRIGGER', $db, $table)) { $retval .= ' ' . $titles['Edit'] . ""\n""; } else { $retval .= "" {$titles['NoEdit']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= ' ' . $titles['Export'] . ""\n""; $retval .= "" \n""; $retval .= "" \n""; if (PMA_currentUserHasPrivilege('TRIGGER', $db)) { $retval .= ' ' . $titles['Drop'] . ""\n""; } else { $retval .= "" {$titles['NoDrop']}\n""; } $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$trigger['action_timing']}\n""; $retval .= "" \n""; $retval .= "" \n""; $retval .= "" {$trigger['event_manipulation']}\n""; $retval .= "" \n""; $retval .= "" \n""; return $retval; }",True,PHP,PMA_TRI_getRowForList,rte_list.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2012-10-04 21:29:22+05:18,"triggers, routines, events : escape drop sql",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-5339,function PMA_secureSession() { if ((PMA_PHP_INT_VERSION >= 50400 && session_status() === PHP_SESSION_ACTIVE) || (PMA_PHP_INT_VERSION < 50400 && session_id() !== '') ) { session_regenerate_id(true); } $_SESSION[' PMA_token '] = bin2hex(phpseclib\Crypt\Random::string(16)); } 152,"$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key); if (isset($_COOKIE['pmaPass-' . $key])) { unset($_COOKIE['pmaPass-' . $key]); } } } else { $GLOBALS['PMA_Config']->removeCookie( 'pmaPass-' . $GLOBALS['server'] ); if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) { unset($_COOKIE['pmaPass-' . $GLOBALS['server']]); } } } if (! empty($_REQUEST['pma_username'])) { $skip = false; if (isset($_SESSION['last_valid_captcha']) && $_SESSION['last_valid_captcha'] ) { $skip = true; } if (! empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && ! empty($GLOBALS['cfg']['CaptchaLoginPublicKey']) && ! $skip ) { if (! empty($_POST[""g-recaptcha-response""])) { include_once 'libraries/plugins/auth/recaptcha/autoload.php'; $reCaptcha = new \ReCaptcha\ReCaptcha( $GLOBALS['cfg']['CaptchaLoginPrivateKey'] ); $resp = $reCaptcha->verify( $_POST[""g-recaptcha-response""], $_SERVER[""REMOTE_ADDR""] ); if ($resp == null || ! $resp->isSuccess()) { $conn_error = __('Entered captcha is wrong, try again!'); $_SESSION['last_valid_captcha'] = false; return false; } else { $_SESSION['last_valid_captcha'] = true; } } else { if (! isset($_SESSION['last_valid_captcha']) || ! $_SESSION['last_valid_captcha'] ) { $conn_error = __('Please enter correct captcha!'); return false; } } } $GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username']; $GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password']; if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername']) ) { if ($GLOBALS['cfg']['ArbitraryServerRegexp']) { $parts = explode(' ', $_REQUEST['pma_servername']); if (count($parts) == 2) { $tmp_host = $parts[0]; } else { $tmp_host = $_REQUEST['pma_servername']; } $match = preg_match( $GLOBALS['cfg']['ArbitraryServerRegexp'], $tmp_host ); if (! $match) { $conn_error = __( 'You are not allowed to log in to this MySQL server!' ); return false; } } $GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername']; } return true; } if ($GLOBALS['cfg']['AllowArbitraryServer'] && ! empty($_COOKIE['pmaServer-' . $GLOBALS['server']]) ) { $GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']]; } if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']]) || empty($_COOKIE['pma_iv-' . $GLOBALS['server']]) ) { return false; } $GLOBALS['PHP_AUTH_USER'] = $this->cookieDecrypt( $_COOKIE['pmaUser-' . $GLOBALS['server']], $this->_getEncryptionSecret() ); if (empty($_SESSION['last_access_time'])) { return false; } $last_access_time = time() - $GLOBALS['cfg']['LoginCookieValidity']; if ($_SESSION['last_access_time'] < $last_access_time ) { PMA_Util::cacheUnset('is_create_db_priv'); PMA_Util::cacheUnset('is_process_priv'); PMA_Util::cacheUnset('is_reload_priv'); PMA_Util::cacheUnset('db_to_create'); PMA_Util::cacheUnset('dbs_where_create_table_allowed'); PMA_Util::cacheUnset('dbs_to_test'); $GLOBALS['no_activity'] = true; $this->authFails(); if (! defined('TESTSUITE')) { exit; } else { return false; } } if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) { return false; } $GLOBALS['PHP_AUTH_PW'] = $this->cookieDecrypt( $_COOKIE['pmaPass-' . $GLOBALS['server']], $this->_getSessionEncryptionSecret() ); if ($GLOBALS['PHP_AUTH_PW'] == ""\xff(blank)"") { $GLOBALS['PHP_AUTH_PW'] = ''; } $GLOBALS['from_cookie'] = true; return true; }",True,PHP,removeCookie,AuthenticationCookie.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2015-09-08 07:13:24+10:00,"Fix reCaptcha bypass Signed-off-by: Madhura Jayaratne ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2015-6830,"function setPassword($password, $method = 'pbkdf2') { $key = ''; switch ($method) { default: $func_args = func_get_args(); $hash = isset($func_args[2]) ? $func_args[2] : 'sha1'; $salt = isset($func_args[3]) ? $func_args[3] : $this->password_default_salt; $count = isset($func_args[4]) ? $func_args[4] : 1000; if (isset($func_args[5])) { $dkLen = $func_args[5]; } else { $dkLen = $method == 'pbkdf1' ? 2 * $this->key_length : $this->key_length; } switch (true) { case $method == 'pbkdf1': $hashObj = new Hash(); $hashObj->setHash($hash); if ($dkLen > $hashObj->getLength()) { user_error('Derived key too long'); return false; } $t = $password . $salt; for ($i = 0; $i < $count; ++$i) { $t = $hashObj->hash($t); } $key = substr($t, 0, $dkLen); $this->setKey(substr($key, 0, $dkLen >> 1)); $this->setIV(substr($key, $dkLen >> 1)); return true; case !function_exists('hash_pbkdf2'): case !function_exists('hash_algos'): case !in_array($hash, hash_algos()): $i = 1; while (strlen($key) < $dkLen) { $hmac = new Hash(); $hmac->setHash($hash); $hmac->setKey($password); $f = $u = $hmac->hash($salt . pack('N', $i++)); for ($j = 2; $j <= $count; ++$j) { $u = $hmac->hash($u); $f^= $u; } $key.= $f; } $key = substr($key, 0, $dkLen); break; default: $key = hash_pbkdf2($hash, $password, $salt, $count, $dkLen, true); } } $this->setKey($key); return true; }" 154,public function testAuthCheckAuthFails() { $GLOBALS['cfg']['Server']['auth_swekey_config'] = 'testConfigSwekey'; $GLOBALS['server'] = 1; $_REQUEST['old_usr'] = ''; $_REQUEST['pma_username'] = ''; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = 'pmaUser1'; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); $GLOBALS['cfg']['blowfish_secret'] = 'secret'; $_SESSION['last_access_time'] = 1; $_SESSION['last_valid_captcha'] = true; $GLOBALS['cfg']['LoginCookieValidity'] = 0; $_SESSION['last_access_time'] = -1; $this->object = $this->getMockBuilder('AuthenticationCookie') ->disableOriginalConstructor() ->setMethods(array('authFails')) ->getMock(); $this->object->expects($this->once()) ->method('authFails'); $this->assertFalse( $this->object->authCheck() ); $this->assertTrue( $GLOBALS['no_activity'] ); },True,PHP,testAuthCheckAuthFails,PMA_AuthenticationCookie_test.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2015-09-08 07:13:24+10:00,"Fix reCaptcha bypass Signed-off-by: Madhura Jayaratne ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2015-6830,"public function postConnect($link) { if (! defined('PMA_MYSQL_INT_VERSION')) { if (PMA_Util::cacheExists('PMA_MYSQL_INT_VERSION')) { define( 'PMA_MYSQL_INT_VERSION', PMA_Util::cacheGet('PMA_MYSQL_INT_VERSION') ); define( 'PMA_MYSQL_MAJOR_VERSION', PMA_Util::cacheGet('PMA_MYSQL_MAJOR_VERSION') ); define( 'PMA_MYSQL_STR_VERSION', PMA_Util::cacheGet('PMA_MYSQL_STR_VERSION') ); define( 'PMA_MYSQL_VERSION_COMMENT', PMA_Util::cacheGet('PMA_MYSQL_VERSION_COMMENT') ); define( 'PMA_MARIADB', PMA_Util::cacheGet('PMA_MARIADB') ); define( 'PMA_DRIZZLE', PMA_Util::cacheGet('PMA_DRIZZLE') ); } else { $version = $this->fetchSingleRow( 'SELECT @@version, @@version_comment', 'ASSOC', $link ); if ($version) { $match = explode('.', $version['@@version']); define('PMA_MYSQL_MAJOR_VERSION', (int)$match[0]); define( 'PMA_MYSQL_INT_VERSION', (int) sprintf( '%d%02d%02d', $match[0], $match[1], intval($match[2]) ) ); define('PMA_MYSQL_STR_VERSION', $version['@@version']); define( 'PMA_MYSQL_VERSION_COMMENT', $version['@@version_comment'] ); } else { define('PMA_MYSQL_INT_VERSION', 50501); define('PMA_MYSQL_MAJOR_VERSION', 5); define('PMA_MYSQL_STR_VERSION', '5.05.01'); define('PMA_MYSQL_VERSION_COMMENT', ''); } PMA_Util::cacheSet( 'PMA_MYSQL_INT_VERSION', PMA_MYSQL_INT_VERSION ); PMA_Util::cacheSet( 'PMA_MYSQL_MAJOR_VERSION', PMA_MYSQL_MAJOR_VERSION ); PMA_Util::cacheSet( 'PMA_MYSQL_STR_VERSION', PMA_MYSQL_STR_VERSION ); PMA_Util::cacheSet( 'PMA_MYSQL_VERSION_COMMENT', PMA_MYSQL_VERSION_COMMENT ); if (mb_strpos(PMA_MYSQL_STR_VERSION, 'MariaDB') !== false) { define('PMA_MARIADB', true); } else { define('PMA_MARIADB', false); } PMA_Util::cacheSet( 'PMA_MARIADB', PMA_MARIADB ); $charset_result = $this->query( ""SELECT @@character_set_results"", $link ); if ($this->numRows($charset_result) == 0) { define('PMA_DRIZZLE', true); } else { define('PMA_DRIZZLE', false); } $this->freeResult($charset_result); PMA_Util::cacheSet( 'PMA_DRIZZLE', PMA_DRIZZLE ); } } if (!PMA_DRIZZLE) { if (PMA_MYSQL_INT_VERSION > 50503) { $default_charset = 'utf8mb4'; $default_collation = 'utf8mb4_general_ci'; } else { $default_charset = 'utf8'; $default_collation = 'utf8_general_ci'; } if (! empty($GLOBALS['collation_connection'])) { $this->query( ""SET CHARACTER SET '$default_charset';"", $link, self::QUERY_STORE ); if ($default_charset == 'utf8mb4' && strncmp('utf8_', $GLOBALS['collation_connection'], 5) == 0 ) { $GLOBALS['collation_connection'] = 'utf8mb4_' . substr( $GLOBALS['collation_connection'], 5 ); } $result = $this->tryQuery( ""SET collation_connection = '"" . PMA_Util::sqlAddSlashes($GLOBALS['collation_connection']) . ""';"", $link, self::QUERY_STORE ); if ($result === false) { trigger_error( __('Failed to set configured collation connection!'), E_USER_WARNING ); $this->query( ""SET collation_connection = '"" . PMA_Util::sqlAddSlashes($default_collation) . ""';"", $link, self::QUERY_STORE ); } } else { $this->query( ""SET NAMES '$default_charset' COLLATE '$default_collation';"", $link, self::QUERY_STORE ); } } if (PMA_DRIZZLE && !PMA_Util::cacheExists('drizzle_engines')) { $sql = ""SELECT p.plugin_name, m.module_library FROM data_dictionary.plugins p JOIN data_dictionary.modules m USING (module_name) WHERE p.plugin_type = 'StorageEngine' AND p.plugin_name NOT IN ('FunctionEngine', 'schema') AND p.is_active = 'YES'""; $engines = $this->fetchResult($sql, 'plugin_name', null, $link); PMA_Util::cacheSet('drizzle_engines', $engines); } }" 155,"public function testAuthCheckDecryptUser() { $GLOBALS['cfg']['Server']['auth_swekey_config'] = 'testConfigSwekey'; $GLOBALS['server'] = 1; $_REQUEST['old_usr'] = ''; $_REQUEST['pma_username'] = ''; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = 'pmaUser1'; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); $GLOBALS['cfg']['blowfish_secret'] = 'secret'; $_SESSION['last_access_time'] = ''; $_SESSION['last_valid_captcha'] = true; $this->object = $this->getMockBuilder('AuthenticationCookie') ->disableOriginalConstructor() ->setMethods(array('cookieDecrypt')) ->getMock(); $this->object->expects($this->once()) ->method('cookieDecrypt') ->will($this->returnValue('testBF')); $this->assertFalse( $this->object->authCheck() ); $this->assertEquals( 'testBF', $GLOBALS['PHP_AUTH_USER'] ); }",True,PHP,testAuthCheckDecryptUser,PMA_AuthenticationCookie_test.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2015-09-08 07:13:24+10:00,"Fix reCaptcha bypass Signed-off-by: Madhura Jayaratne ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2015-6830,"$ret[$key] = sprintf( $format, ++$i, $err[0], $err[1], htmlspecialchars($err[2]), $err[3] ); }" 160,"public function testAuthCheckDecryptPassword() { $GLOBALS['cfg']['Server']['auth_swekey_config'] = 'testConfigSwekey'; $GLOBALS['server'] = 1; $_REQUEST['old_usr'] = ''; $_REQUEST['pma_username'] = ''; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = 'pmaUser1'; $_COOKIE['pmaPass-1'] = 'pmaPass1'; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); $GLOBALS['cfg']['blowfish_secret'] = 'secret'; $_SESSION['last_valid_captcha'] = true; $_SESSION['last_access_time'] = time() - 1000; $GLOBALS['cfg']['LoginCookieValidity'] = 1440; $this->object = $this->getMockBuilder('AuthenticationCookie') ->disableOriginalConstructor() ->setMethods(array('cookieDecrypt')) ->getMock(); $this->object->expects($this->at(1)) ->method('cookieDecrypt') ->will($this->returnValue(""\xff(blank)"")); $this->assertTrue( $this->object->authCheck() ); $this->assertTrue( $GLOBALS['from_cookie'] ); $this->assertEquals( '', $GLOBALS['PHP_AUTH_PW'] ); }",True,PHP,testAuthCheckDecryptPassword,PMA_AuthenticationCookie_test.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2015-09-08 07:13:24+10:00,"Fix reCaptcha bypass Signed-off-by: Madhura Jayaratne ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2015-6830,"public function checkHTTP($link, $get_body = false) { if (! function_exists('curl_init')) { return null; } $handle = curl_init($link); if ($handle === false) { return null; } PMA_Util::configureCurl($handle); curl_setopt($handle, CURLOPT_FOLLOWLOCATION, 0); curl_setopt($handle, CURLOPT_RETURNTRANSFER, 1); curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, '2'); curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, '1'); curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($handle, CURLOPT_TIMEOUT, 5); curl_setopt($handle, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); if (! defined('TESTSUITE')) { session_write_close(); } $data = @curl_exec($handle); if (! defined('TESTSUITE')) { ini_set('session.use_only_cookies', '0'); ini_set('session.use_cookies', '0'); ini_set('session.use_trans_sid', '0'); ini_set('session.cache_limiter', 'nocache'); session_start(); } if ($data === false) { return null; } $http_status = curl_getinfo($handle, CURLINFO_HTTP_CODE); if ($http_status == 200) { return $get_body ? $data : true; } if ($http_status == 404) { return false; } return null; }" 161,"public function testAuthCheck() { $defineAgain = 'PMA_TEST_NO_DEFINE'; if (defined('PMA_CLEAR_COOKIES')) { if (! PMA_HAS_RUNKIT) { $this->markTestSkipped( 'Cannot redefine constant/function - missing runkit extension' ); } else { $defineAgain = PMA_CLEAR_COOKIES; runkit_constant_remove('PMA_CLEAR_COOKIES'); } } $GLOBALS['cfg']['Server']['auth_swekey_config'] = 'testConfigSwekey'; file_put_contents('testConfigSwekey', ''); $this->assertFalse( $this->object->authCheck() ); @unlink('testConfigSwekey'); $_SESSION['last_valid_captcha'] = false; $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = 'testprivkey'; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = 'testpubkey'; $_POST[""g-recaptcha-response""] = ''; $_REQUEST['pma_username'] = 'testPMAUser'; $this->assertFalse( $this->object->authCheck() ); $this->assertEquals( 'Please enter correct captcha!', $GLOBALS['conn_error'] ); $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = ''; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = ''; $_REQUEST['old_usr'] = 'pmaolduser'; $GLOBALS['cfg']['LoginCookieDeleteAll'] = true; $GLOBALS['cfg']['Servers'] = array(1); $_COOKIE['pmaPass-0'] = 'test'; $this->object->authCheck(); $this->assertFalse( isset($_COOKIE['pmaPass-0']) ); $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = ''; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = ''; $_REQUEST['old_usr'] = 'pmaolduser'; $GLOBALS['cfg']['LoginCookieDeleteAll'] = false; $GLOBALS['cfg']['Servers'] = array(1); $GLOBALS['server'] = 1; $_COOKIE['pmaPass-1'] = 'test'; $this->object->authCheck(); $this->assertFalse( isset($_COOKIE['pmaPass-1']) ); $_SESSION['last_valid_captcha'] = true; $_REQUEST['old_usr'] = ''; $_REQUEST['pma_username'] = 'testPMAUser'; $_REQUEST['pma_servername'] = 'testPMAServer'; $_REQUEST['pma_password'] = 'testPMAPSWD'; $GLOBALS['cfg']['AllowArbitraryServer'] = true; $this->assertTrue( $this->object->authCheck() ); $this->assertEquals( 'testPMAUser', $GLOBALS['PHP_AUTH_USER'] ); $this->assertEquals( 'testPMAPSWD', $GLOBALS['PHP_AUTH_PW'] ); $this->assertEquals( 'testPMAServer', $GLOBALS['pma_auth_server'] ); $this->assertFalse( isset($_COOKIE['pmaPass-1']) ); $_REQUEST['pma_username'] = ''; $GLOBALS['server'] = 1; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = ''; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); $this->assertFalse( $this->object->authCheck() ); $this->assertEquals( 'pmaServ1', $GLOBALS['pma_auth_server'] ); $GLOBALS['server'] = 1; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = 'pmaUser1'; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); $_COOKIE['pmaPass-1'] = ''; $GLOBALS['cfg']['blowfish_secret'] = 'secret'; $_SESSION['last_access_time'] = time() - 1000; $GLOBALS['cfg']['LoginCookieValidity'] = 1440; $this->assertFalse( $this->object->authCheck() ); if ($defineAgain !== 'PMA_TEST_NO_DEFINE') { define('PMA_CLEAR_COOKIES', $defineAgain); } }",True,PHP,testAuthCheck,PMA_AuthenticationCookie_test.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2015-09-08 07:13:24+10:00,"Fix reCaptcha bypass Signed-off-by: Madhura Jayaratne ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2015-6830,"public function testCheckHTTP() { if (! function_exists('curl_init')) { $this->markTestSkipped('Missing curl extension!'); } $this->assertTrue( $this->object->checkHTTP(""https: ); $this->assertContains( ""TEST DATA"", $this->object->checkHTTP(""https: ); $this->assertFalse( $this->object->checkHTTP(""https: ); $this->assertContains( '""resources""', $this->object->checkHTTP(""https: ); }" 163,"public function testAuth() { $restoreInstance = PMA_Response::getInstance(); $mockResponse = $this->getMockBuilder('PMA_Response') ->disableOriginalConstructor() ->setMethods(array('isAjax', 'isSuccess', 'addJSON')) ->getMock(); $mockResponse->expects($this->once()) ->method('isAjax') ->with() ->will($this->returnValue(true)); $mockResponse->expects($this->once()) ->method('isSuccess') ->with(false); $mockResponse->expects($this->once()) ->method('addJSON') ->with( 'redirect_flag', '1' ); $attrInstance = new ReflectionProperty('PMA_Response', '_instance'); $attrInstance->setAccessible(true); $attrInstance->setValue($mockResponse); $GLOBALS['conn_error'] = true; $GLOBALS['cfg']['PmaAbsoluteUri'] = 'https: $this->assertTrue( $this->object->auth() ); $mockResponse = $this->getMockBuilder('PMA_Response') ->disableOriginalConstructor() ->setMethods(array('isAjax', 'getFooter', 'getHeader')) ->getMock(); $mockResponse->expects($this->once()) ->method('isAjax') ->with() ->will($this->returnValue(false)); $_REQUEST['old_usr'] = ''; $GLOBALS['cfg']['LoginCookieRecall'] = true; $GLOBALS['cfg']['blowfish_secret'] = 'secret'; $GLOBALS['PHP_AUTH_USER'] = 'pmauser'; $GLOBALS['pma_auth_server'] = 'localhost'; $mockFooter = $this->getMockBuilder('PMA_Footer') ->disableOriginalConstructor() ->setMethods(array('setMinimal')) ->getMock(); $mockFooter->expects($this->once()) ->method('setMinimal') ->with(); $mockHeader = $this->getMockBuilder('PMA_Header') ->disableOriginalConstructor() ->setMethods( array( 'setBodyId', 'setTitle', 'disableMenuAndConsole', 'disableWarnings' ) ) ->getMock(); $mockHeader->expects($this->once()) ->method('setBodyId') ->with('loginform'); $mockHeader->expects($this->once()) ->method('setTitle') ->with('phpMyAdmin'); $mockHeader->expects($this->once()) ->method('disableMenuAndConsole') ->with(); $mockHeader->expects($this->once()) ->method('disableWarnings') ->with(); $mockResponse->expects($this->once()) ->method('getFooter') ->with() ->will($this->returnValue($mockFooter)); $mockResponse->expects($this->once()) ->method('getHeader') ->with() ->will($this->returnValue($mockHeader)); $attrInstance = new ReflectionProperty('PMA_Response', '_instance'); $attrInstance->setAccessible(true); $attrInstance->setValue($mockResponse); $GLOBALS['pmaThemeImage'] = 'test'; $GLOBALS['conn_error'] = true; $GLOBALS['cfg']['Lang'] = 'en'; $GLOBALS['cfg']['AllowArbitraryServer'] = true; $GLOBALS['cfg']['Servers'] = array(1, 2); $_SESSION['last_valid_captcha'] = true; $GLOBALS['target'] = 'testTarget'; $GLOBALS['db'] = 'testDb'; $GLOBALS['table'] = 'testTable'; file_put_contents('testlogo_right.png', ''); $mockErrorHandler = $this->getMockBuilder('PMA_Error_Handler') ->disableOriginalConstructor() ->setMethods(array('hasDisplayErrors', 'dispErrors')) ->getMock(); $mockErrorHandler->expects($this->once()) ->method('hasDisplayErrors') ->with() ->will($this->returnValue(true)); $mockErrorHandler->expects($this->once()) ->method('dispErrors') ->with(); $GLOBALS['error_handler'] = $mockErrorHandler; ob_start(); $this->object->auth(); $result = ob_get_clean(); $this->assertContains( 'assertContains( '
    ', $result ); $this->assertContains( '', $result ); $this->assertContains( 'assertContains( '', $result ); $this->assertContains( '', $result ); $this->assertContains( '', $result ); $this->assertContains( '', $result ); $this->assertContains( '', $result ); @unlink('testlogo_right.png'); $mockResponse = $this->getMockBuilder('PMA_Response') ->disableOriginalConstructor() ->setMethods(array('isAjax', 'getFooter', 'getHeader')) ->getMock(); $mockResponse->expects($this->once()) ->method('isAjax') ->with() ->will($this->returnValue(false)); $mockResponse->expects($this->once()) ->method('getFooter') ->with() ->will($this->returnValue(new PMA_Footer())); $mockResponse->expects($this->once()) ->method('getHeader') ->with() ->will($this->returnValue(new PMA_Header())); $_REQUEST['old_usr'] = ''; $GLOBALS['cfg']['LoginCookieRecall'] = false; $attrInstance = new ReflectionProperty('PMA_Response', '_instance'); $attrInstance->setAccessible(true); $attrInstance->setValue($mockResponse); $GLOBALS['pmaThemeImage'] = 'test'; $GLOBALS['cfg']['Lang'] = ''; $GLOBALS['cfg']['AllowArbitraryServer'] = false; $GLOBALS['cfg']['Servers'] = array(1); $_SESSION['last_valid_captcha'] = false; $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = 'testprivkey'; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = 'testpubkey'; $GLOBALS['server'] = 0; $GLOBALS['error_handler'] = new PMA_Error_Handler; ob_start(); $this->object->auth(); $result = ob_get_clean(); $this->assertContains( 'assertContains( '', $result ); $this->assertContains( '', $result ); $this->assertContains( '
    ', $result ); $attrInstance->setValue($restoreInstance); }",True,PHP,testAuth,PMA_AuthenticationCookie_test.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2015-09-08 07:13:24+10:00,"Fix reCaptcha bypass Signed-off-by: Madhura Jayaratne ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2015-6830,"$url['host'] = PMA_getenv('SERVER_NAME'); } else { $this->error_pma_uri = true; return; } if (empty($url['port']) && PMA_getenv('SERVER_PORT')) { $url['port'] = PMA_getenv('SERVER_PORT'); } if (empty($url['path'])) { if (isset($GLOBALS['PMA_PHP_SELF'])) { $path = parse_url($GLOBALS['PMA_PHP_SELF']); } else { $path = parse_url(PMA_getenv('REQUEST_URI')); } $url['path'] = $path['path']; } } $pma_absolute_uri = $url['scheme'] . ': if (!empty($url['user'])) { $pma_absolute_uri .= $url['user']; if (!empty($url['pass'])) { $pma_absolute_uri .= ':' . $url['pass']; } $pma_absolute_uri .= '@'; } $pma_absolute_uri .= urlencode($url['host']); if (! empty($url['port']) && (($url['scheme'] == 'http' && $url['port'] != 80) || ($url['scheme'] == 'https' && $url['port'] != 80) || ($url['scheme'] == 'https' && $url['port'] != 443)) ) { $pma_absolute_uri .= ':' . $url['port']; } $this->checkWebServerOs(); if ($this->get('PMA_IS_WINDOWS') == 1) { $path = str_replace(""\\"", ""/"", dirname($url['path'] . 'a')); } else { $path = dirname($url['path'] . 'a'); } if (defined('PMA_PATH_TO_BASEDIR') && PMA_PATH_TO_BASEDIR == '../') { if ($this->get('PMA_IS_WINDOWS') == 1) { $path = str_replace(""\\"", ""/"", dirname($path)); } else { $path = dirname($path); } } if ($path == '.') { $path = ''; } if (mb_substr($path, -1) != '/') { $path .= '/'; } $pma_absolute_uri .= $path; if ($this->get('ForceSSL')) { $this->set('PmaAbsoluteUri', $pma_absolute_uri); $pma_absolute_uri = $this->getSSLUri(); $this->isHttps(); } } else { if (mb_substr($pma_absolute_uri, -1) != '/') { $pma_absolute_uri .= '/'; } if (mb_substr($pma_absolute_uri, 0, 7) != 'http: && mb_substr($pma_absolute_uri, 0, 8) != 'https: ) { $pma_absolute_uri = ($is_https ? 'https' : 'http') . ':' . ( mb_substr($pma_absolute_uri, 0, 2) == '//' ? '' : '//' ) . $pma_absolute_uri; } }" 165,"private function _ajaxResponse() { if (! isset($this->_JSON['message'])) { $this->_JSON['message'] = $this->_getDisplay(); } else if ($this->_JSON['message'] instanceof PMA_Message) { $this->_JSON['message'] = $this->_JSON['message']->getDisplay(); } if ($this->_isSuccess) { $this->_JSON['success'] = true; } else { $this->_JSON['success'] = false; $this->_JSON['error'] = $this->_JSON['message']; unset($this->_JSON['message']); } if ($this->_isSuccess) { $this->addJSON('_title', $this->getHeader()->getTitleTag()); if (isset($GLOBALS['dbi'])) { $menuHash = $this->getHeader()->getMenu()->getHash(); $this->addJSON('_menuHash', $menuHash); $hashes = array(); if (isset($_REQUEST['menuHashes'])) { $hashes = explode('-', $_REQUEST['menuHashes']); } if (! in_array($menuHash, $hashes)) { $this->addJSON( '_menu', $this->getHeader() ->getMenu() ->getDisplay() ); } } $this->addJSON('_scripts', $this->getHeader()->getScripts()->getFiles()); $this->addJSON('_selflink', $this->getFooter()->getSelfUrl('unencoded')); $this->addJSON('_displayMessage', $this->getHeader()->getMessage()); $debug = $this->_footer->getDebugMessage(); if (empty($_REQUEST['no_debug']) && mb_strlen($debug) ) { $this->addJSON('_debug', $debug); } $errors = $this->_footer->getErrorMessages(); if (mb_strlen($errors)) { $this->addJSON('_errors', $errors); } $promptPhpErrors = $GLOBALS['error_handler']->hasErrorsForPrompt(); $this->addJSON('_promptPhpErrors', $promptPhpErrors); if (empty($GLOBALS['error_message'])) { $query = ''; $maxChars = $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']; if (isset($GLOBALS['sql_query']) && mb_strlen($GLOBALS['sql_query']) < $maxChars ) { $query = $GLOBALS['sql_query']; } $this->addJSON( '_reloadQuerywindow', array( 'db' => PMA_ifSetOr($GLOBALS['db'], ''), 'table' => PMA_ifSetOr($GLOBALS['table'], ''), 'sql_query' => $query ) ); if (! empty($GLOBALS['focus_querywindow'])) { $this->addJSON('_focusQuerywindow', $query); } if (! empty($GLOBALS['reload'])) { $this->addJSON('_reloadNavigation', 1); } $this->addJSON('_params', $this->getHeader()->getJsParams()); } } if (! defined('TESTSUITE')) { header('Cache-Control: no-cache'); header('Content-Type: application/json'); } echo json_encode($this->_JSON); }",True,PHP,_ajaxResponse,Response.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-01-19 08:32:34+01:00,"Set correct content type for JSON responses Signed-off-by: Michal Čihař ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2016-2045,"public function changeTableInfoAction() { $field = $_REQUEST['field']; if ($field == 'pma_null') { $this->response->addJSON('field_type', ''); $this->response->addJSON('field_collation', ''); $this->response->addJSON('field_operators', ''); $this->response->addJSON('field_value', ''); return; } $key = array_search($field, $this->_columnNames); $search_index = 0; if (PMA_isValid($_REQUEST['it'], 'integer')) { $search_index = $_REQUEST['it']; } $properties = $this->getColumnProperties($search_index, $key); $this->response->addJSON( 'field_type', htmlspecialchars($properties['type']) ); $this->response->addJSON('field_collation', $properties['collation']); $this->response->addJSON('field_operators', $properties['func']); $this->response->addJSON('field_value', $properties['value']); }" 168,function PMA_importAjaxStatus($id) { header('Content-type: application/json'); echo json_encode( $_SESSION[$GLOBALS['SESSION_KEY']]['handler']::getUploadStatus($id) ); },True,PHP,PMA_importAjaxStatus,display_import_ajax.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-01-19 08:32:34+01:00,"Set correct content type for JSON responses Signed-off-by: Michal Čihař ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2016-2045,} elseif ($part != '.' || $part === '') { $depath++; } 170,"function PMA_secureSession() { if ((PMA_PHP_INT_VERSION >= 50400 && session_status() === PHP_SESSION_ACTIVE) || (PMA_PHP_INT_VERSION < 50400 && session_id() !== '') ) { session_regenerate_id(true); } $_SESSION[' PMA_token '] = md5(uniqid(rand(), true)); }",True,PHP,PMA_secureSession,session.inc.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-01-19 08:47:51+01:00,"Use phpseclib's Crypt::Random to generate CSRF token Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-2039,"function PMA_countLines($filename) { global $LINE_COUNT; if (defined('LINE_COUNTS')) { return $LINE_COUNT[$filename]; } $depath = 1; foreach (explode('/', $filename) as $part) { if ($part == '..') { $depath--; } elseif ($part != '.' || $part === '') { $depath++; } if ($depath < 0) { return 0; } } $linecount = 0; $handle = fopen('./js/' . $filename, 'r'); while (!feof($handle)) { $line = fgets($handle); if ($line === false) { break; } $linecount++; } fclose($handle); return $linecount; }" 174,"function _setupMcrypt() { $this->_clearBuffers(); $this->enchanged = $this->dechanged = true; if (!isset($this->enmcrypt)) { static $mcrypt_modes = array( self::MODE_CTR => 'ctr', self::MODE_ECB => MCRYPT_MODE_ECB, self::MODE_CBC => MCRYPT_MODE_CBC, self::MODE_CFB => 'ncfb', self::MODE_OFB => MCRYPT_MODE_NOFB, self::MODE_STREAM => MCRYPT_MODE_STREAM, ); $this->demcrypt = mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], ''); $this->enmcrypt = mcrypt_module_open($this->cipher_name_mcrypt, '', $mcrypt_modes[$this->mode], ''); if ($this->mode == self::MODE_CFB) { $this->ecb = mcrypt_module_open($this->cipher_name_mcrypt, '', MCRYPT_MODE_ECB, ''); } } if ($this->mode == self::MODE_CFB) { mcrypt_generic_init($this->ecb, $this->key, str_repeat(""\0"", $this->block_size)); } }",True,PHP,_setupMcrypt,Base.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-01-19 08:47:51+01:00,"Update phpseclib to 2.0.1 New version uses PHP 7.0 random_bytes to generate cryptographically secure pseudo-random bytes. Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-2039,"function PMA_getUrlParams( $what, $reload, $action, $db, $table, $selected, $views, $original_sql_query, $original_url_query ) { $_url_params = array( 'query_type' => $what, 'reload' => (! empty($reload) ? 1 : 0), ); if (mb_strpos(' ' . $action, 'db_') == 1) { $_url_params['db']= $db; } elseif (mb_strpos(' ' . $action, 'tbl_') == 1 || $what == 'row_delete' ) { $_url_params['db']= $db; $_url_params['table']= $table; } foreach ($selected as $sval) { if ($what == 'row_delete') { $_url_params['selected'][] = 'DELETE FROM ' . PMA\libraries\Util::backquote($table) . ' WHERE ' . $sval . ' LIMIT 1;'; } else { $_url_params['selected'][] = $sval; } } if ($what == 'drop_tbl' && !empty($views)) { foreach ($views as $current) { $_url_params['views'][] = $current; } } if ($what == 'row_delete') { $_url_params['original_sql_query'] = $original_sql_query; if (! empty($original_url_query)) { $_url_params['original_url_query'] = $original_url_query; } } return $_url_params; }" 180,"function setPassword($password, $method = 'pbkdf2') { $key = ''; switch ($method) { default: $func_args = func_get_args(); $hash = isset($func_args[2]) ? $func_args[2] : 'sha1'; $salt = isset($func_args[3]) ? $func_args[3] : $this->password_default_salt; $count = isset($func_args[4]) ? $func_args[4] : 1000; if (isset($func_args[5])) { $dkLen = $func_args[5]; } else { $dkLen = $method == 'pbkdf1' ? 2 * $this->password_key_size : $this->password_key_size; } switch (true) { case $method == 'pbkdf1': $hashObj = new Hash(); $hashObj->setHash($hash); if ($dkLen > $hashObj->getLength()) { user_error('Derived key too long'); return false; } $t = $password . $salt; for ($i = 0; $i < $count; ++$i) { $t = $hashObj->hash($t); } $key = substr($t, 0, $dkLen); $this->setKey(substr($key, 0, $dkLen >> 1)); $this->setIV(substr($key, $dkLen >> 1)); return true; case !function_exists('hash_pbkdf2'): case !function_exists('hash_algos'): case !in_array($hash, hash_algos()): $i = 1; while (strlen($key) < $dkLen) { $hmac = new Hash(); $hmac->setHash($hash); $hmac->setKey($password); $f = $u = $hmac->hash($salt . pack('N', $i++)); for ($j = 2; $j <= $count; ++$j) { $u = $hmac->hash($u); $f^= $u; } $key.= $f; } $key = substr($key, 0, $dkLen); break; default: $key = hash_pbkdf2($hash, $password, $salt, $count, $dkLen, true); } } $this->setKey($key); return true; }",True,PHP,setPassword,Base.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-01-19 08:47:51+01:00,"Update phpseclib to 2.0.1 New version uses PHP 7.0 random_bytes to generate cryptographically secure pseudo-random bytes. Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-2039,"function PMA_linkURL($url) { if (!preg_match('#^https?: return $url; } if (!function_exists('PMA_URL_getCommon')) { include_once './libraries/url_generating.lib.php'; } $params = array(); $params['url'] = $url; $url = PMA_URL_getCommon($params); $arr = parse_url($url); parse_str($arr[""query""], $vars); $query = http_build_query(array(""url"" => $vars[""url""])); if (defined('PMA_SETUP')) { $url = '../url.php?' . $query; } else { $url = './url.php?' . $query; } return $url; }" 182,"public function postConnect($link) { if (! defined('PMA_MYSQL_INT_VERSION')) { if (PMA_Util::cacheExists('PMA_MYSQL_INT_VERSION')) { define( 'PMA_MYSQL_INT_VERSION', PMA_Util::cacheGet('PMA_MYSQL_INT_VERSION') ); define( 'PMA_MYSQL_MAJOR_VERSION', PMA_Util::cacheGet('PMA_MYSQL_MAJOR_VERSION') ); define( 'PMA_MYSQL_STR_VERSION', PMA_Util::cacheGet('PMA_MYSQL_STR_VERSION') ); define( 'PMA_MYSQL_VERSION_COMMENT', PMA_Util::cacheGet('PMA_MYSQL_VERSION_COMMENT') ); define( 'PMA_MARIADB', PMA_Util::cacheGet('PMA_MARIADB') ); define( 'PMA_DRIZZLE', PMA_Util::cacheGet('PMA_DRIZZLE') ); } else { $version = $this->fetchSingleRow( 'SELECT @@version, @@version_comment', 'ASSOC', $link ); if ($version) { $match = explode('.', $version['@@version']); define('PMA_MYSQL_MAJOR_VERSION', (int)$match[0]); define( 'PMA_MYSQL_INT_VERSION', (int) sprintf( '%d%02d%02d', $match[0], $match[1], intval($match[2]) ) ); define('PMA_MYSQL_STR_VERSION', $version['@@version']); define( 'PMA_MYSQL_VERSION_COMMENT', $version['@@version_comment'] ); } else { define('PMA_MYSQL_INT_VERSION', 50501); define('PMA_MYSQL_MAJOR_VERSION', 5); define('PMA_MYSQL_STR_VERSION', '5.05.01'); define('PMA_MYSQL_VERSION_COMMENT', ''); } PMA_Util::cacheSet( 'PMA_MYSQL_INT_VERSION', PMA_MYSQL_INT_VERSION ); PMA_Util::cacheSet( 'PMA_MYSQL_MAJOR_VERSION', PMA_MYSQL_MAJOR_VERSION ); PMA_Util::cacheSet( 'PMA_MYSQL_STR_VERSION', PMA_MYSQL_STR_VERSION ); PMA_Util::cacheSet( 'PMA_MYSQL_VERSION_COMMENT', PMA_MYSQL_VERSION_COMMENT ); if (mb_strpos(PMA_MYSQL_STR_VERSION, 'MariaDB') !== false) { define('PMA_MARIADB', true); } else { define('PMA_MARIADB', false); } PMA_Util::cacheSet( 'PMA_MARIADB', PMA_MARIADB ); $charset_result = $this->query( ""SELECT @@character_set_results"", $link ); if ($this->numRows($charset_result) == 0) { define('PMA_DRIZZLE', true); } else { define('PMA_DRIZZLE', false); } $this->freeResult($charset_result); PMA_Util::cacheSet( 'PMA_DRIZZLE', PMA_DRIZZLE ); } } if (!PMA_DRIZZLE) { if (PMA_MYSQL_INT_VERSION > 50503) { $default_charset = 'utf8mb4'; $default_collation = 'utf8mb4_general_ci'; } else { $default_charset = 'utf8'; $default_collation = 'utf8_general_ci'; } if (! empty($GLOBALS['collation_connection'])) { $this->query( ""SET CHARACTER SET '$default_charset';"", $link, self::QUERY_STORE ); if ($default_charset == 'utf8mb4' && strncmp('utf8_', $GLOBALS['collation_connection'], 5) == 0 ) { $GLOBALS['collation_connection'] = 'utf8mb4_' . substr( $GLOBALS['collation_connection'], 5 ); } $this->query( ""SET collation_connection = '"" . PMA_Util::sqlAddSlashes($GLOBALS['collation_connection']) . ""';"", $link, self::QUERY_STORE ); } else { $this->query( ""SET NAMES '$default_charset' COLLATE '$default_collation';"", $link, self::QUERY_STORE ); } } if (PMA_DRIZZLE && !PMA_Util::cacheExists('drizzle_engines')) { $sql = ""SELECT p.plugin_name, m.module_library FROM data_dictionary.plugins p JOIN data_dictionary.modules m USING (module_name) WHERE p.plugin_type = 'StorageEngine' AND p.plugin_name NOT IN ('FunctionEngine', 'schema') AND p.is_active = 'YES'""; $engines = $this->fetchResult($sql, 'plugin_name', null, $link); PMA_Util::cacheSet('drizzle_engines', $engines); } }",True,PHP,postConnect,DatabaseInterface.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-01-26 15:00:19+01:00,"Fallback to default collation connection If user supplied wrong string we should gracefully fallback. Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-2038,"private function _links() { $showIcon = true; $showText = false; $retval = ''; $retval .= '
    '; $retval .= PMA\libraries\Util::getNavigationLink( 'index.php' . PMA_URL_getCommon(), $showText, __('Home'), $showIcon, 'b_home.png' ); if ($GLOBALS['server'] != 0) { if ($GLOBALS['cfg']['Server']['auth_type'] != 'config') { $link = 'logout.php' . $GLOBALS['url_query']; $retval .= PMA\libraries\Util::getNavigationLink( $link, $showText, __('Log out'), $showIcon, 's_loggoff.png', '', true ); } } $retval .= PMA\libraries\Util::getNavigationLink( PMA\libraries\Util::getDocuLink('index'), $showText, __('phpMyAdmin documentation'), $showIcon, 'b_docs.png', '', false, 'documentation' ); $retval .= PMA\libraries\Util::getNavigationLink( PMA\libraries\Util::getMySQLDocuURL('', ''), $showText, __('Documentation'), $showIcon, 'b_sqlhelp.png', '', false, 'mysql_doc' ); $retval .= PMA\libraries\Util::getNavigationLink( '#', $showText, __('Navigation panel settings'), $showIcon, 's_cog.png', 'pma_navigation_settings_icon', false, '', defined('PMA_DISABLE_NAVI_SETTINGS') ? array('hide') : array() ); $retval .= PMA\libraries\Util::getNavigationLink( '#', $showText, __('Reload navigation panel'), $showIcon, 's_reload.png', 'pma_navigation_reload' ); $retval .= '
    '; $retval .= ''; return $retval; }" 183,"$ret[$key] = sprintf( $format, ++$i, $err[0], $err[1], $err[2], $err[3] ); } return $ret; }",True,PHP,sprintf,Error.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-02-25 09:06:52+01:00,"Escape query when displaying Signed-off-by: Michal Čihař ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2016-2559,$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key); if (isset($_COOKIE['pmaPass-' . $key])) { unset($_COOKIE['pmaPass-' . $key]); } } } else { $GLOBALS['PMA_Config']->removeCookie( 'pmaPass-' . $GLOBALS['server'] ); if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) { unset($_COOKIE['pmaPass-' . $GLOBALS['server']]); } } parent::logOut(); } 186,"public function checkHTTP($link, $get_body = false) { if (! function_exists('curl_init')) { return null; } $handle = curl_init($link); if ($handle === false) { return null; } PMA_Util::configureCurl($handle); curl_setopt($handle, CURLOPT_FOLLOWLOCATION, 0); curl_setopt($handle, CURLOPT_RETURNTRANSFER, 1); curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($handle, CURLOPT_TIMEOUT, 5); curl_setopt($handle, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); if (! defined('TESTSUITE')) { session_write_close(); } $data = @curl_exec($handle); if (! defined('TESTSUITE')) { ini_set('session.use_only_cookies', '0'); ini_set('session.use_cookies', '0'); ini_set('session.use_trans_sid', '0'); ini_set('session.cache_limiter', 'nocache'); session_start(); } if ($data === false) { return null; } $http_status = curl_getinfo($handle, CURLINFO_HTTP_CODE); if ($http_status == 200) { return $get_body ? $data : true; } if ($http_status == 404) { return false; } return null; }",True,PHP,checkHTTP,Config.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-02-25 11:08:44+01:00,"Bring back SSL certificate validation Signed-off-by: Michal Čihař ",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2016-2562,"public function testLogoutDelete() { $restoreInstance = PMA\libraries\Response::getInstance(); $mockResponse = $this->getMockBuilder('PMA\libraries\Response') ->disableOriginalConstructor() ->setMethods(array('isAjax', 'headersSent', 'header')) ->getMock(); $mockResponse->expects($this->any()) ->method('headersSent') ->with() ->will($this->returnValue(false)); $mockResponse->expects($this->once()) ->method('header') ->with('Location: ./index.php' . ((SID) ? '?' . SID : ''));" 187,"public function testCheckHTTP() { if (! function_exists('curl_init')) { $this->markTestSkipped('Missing curl extension!'); } $this->assertTrue( $this->object->checkHTTP(""http: ); $this->assertContains( ""TEST DATA"", $this->object->checkHTTP(""http: ); $this->assertFalse( $this->object->checkHTTP(""http: ); }",True,PHP,testCheckHTTP,PMA_Config_test.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-02-25 11:08:44+01:00,"Bring back SSL certificate validation Signed-off-by: Michal Čihař ",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2016-2562,"public function testLogout() { $restoreInstance = PMA\libraries\Response::getInstance(); $mockResponse = $this->getMockBuilder('PMA\libraries\Response') ->disableOriginalConstructor() ->setMethods(array('isAjax', 'headersSent', 'header')) ->getMock(); $mockResponse->expects($this->any()) ->method('headersSent') ->with() ->will($this->returnValue(false)); $mockResponse->expects($this->once()) ->method('header') ->with('Location: ./index.php' . ((SID) ? '?' . SID : ''));" 191,"$url['host'] = PMA_getenv('SERVER_NAME'); } else { $this->error_pma_uri = true; return; } if (empty($url['port']) && PMA_getenv('SERVER_PORT')) { $url['port'] = PMA_getenv('SERVER_PORT'); } if (empty($url['path'])) { if (isset($GLOBALS['PMA_PHP_SELF'])) { $path = parse_url($GLOBALS['PMA_PHP_SELF']); } else { $path = parse_url(PMA_getenv('REQUEST_URI')); } $url['path'] = $path['path']; } } $pma_absolute_uri = $url['scheme'] . ': if (!empty($url['user'])) { $pma_absolute_uri .= $url['user']; if (!empty($url['pass'])) { $pma_absolute_uri .= ':' . $url['pass']; } $pma_absolute_uri .= '@'; } $pma_absolute_uri .= $url['host']; if (! empty($url['port']) && (($url['scheme'] == 'http' && $url['port'] != 80) || ($url['scheme'] == 'https' && $url['port'] != 80) || ($url['scheme'] == 'https' && $url['port'] != 443)) ) { $pma_absolute_uri .= ':' . $url['port']; } $this->checkWebServerOs(); if ($this->get('PMA_IS_WINDOWS') == 1) { $path = str_replace(""\\"", ""/"", dirname($url['path'] . 'a')); } else { $path = dirname($url['path'] . 'a'); } if (defined('PMA_PATH_TO_BASEDIR') && PMA_PATH_TO_BASEDIR == '../') { if ($this->get('PMA_IS_WINDOWS') == 1) { $path = str_replace(""\\"", ""/"", dirname($path)); } else { $path = dirname($path); } } if ($path == '.') { $path = ''; } if (mb_substr($path, -1) != '/') { $path .= '/'; } $pma_absolute_uri .= $path; if ($this->get('ForceSSL')) { $this->set('PmaAbsoluteUri', $pma_absolute_uri); $pma_absolute_uri = $this->getSSLUri(); $this->isHttps(); } } else { if (mb_substr($pma_absolute_uri, -1) != '/') { $pma_absolute_uri .= '/'; } if (mb_substr($pma_absolute_uri, 0, 7) != 'http: && mb_substr($pma_absolute_uri, 0, 8) != 'https: ) { $pma_absolute_uri = ($is_https ? 'https' : 'http') . ':' . ( mb_substr($pma_absolute_uri, 0, 2) == '//' ? '' : '//' ) . $pma_absolute_uri; } }",True,PHP,PMA_getenv,Config.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-02-25 12:09:56+01:00,"Urlencode hostname This can come from the HTTP header, so we need to be sure to sanitize it. Signed-off-by: Michal Čihař ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2016-2560,"public function testAuthHeader() { $GLOBALS['cfg']['LoginCookieDeleteAll'] = false; $GLOBALS['cfg']['Servers'] = array(1); $restoreInstance = PMA\libraries\Response::getInstance(); $mockResponse = $this->getMockBuilder('PMA\libraries\Response') ->disableOriginalConstructor() ->setMethods(array('isAjax', 'headersSent', 'header')) ->getMock(); $mockResponse->expects($this->any()) ->method('headersSent') ->with() ->will($this->returnValue(false)); $mockResponse->expects($this->once()) ->method('header') ->with('Location: http:" 192,"public function changeTableInfoAction() { $field = $_REQUEST['field']; if ($field == 'pma_null') { $this->response->addJSON('field_type', ''); $this->response->addJSON('field_collation', ''); $this->response->addJSON('field_operators', ''); $this->response->addJSON('field_value', ''); return; } $key = array_search($field, $this->_columnNames); $properties = $this->getColumnProperties($_REQUEST['it'], $key); $this->response->addJSON( 'field_type', htmlspecialchars($properties['type']) ); $this->response->addJSON('field_collation', $properties['collation']); $this->response->addJSON('field_operators', $properties['func']); $this->response->addJSON('field_value', $properties['value']); }",True,PHP,changeTableInfoAction,TableSearchController.class.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Madhura Jayaratne,2016-02-29 12:26:44+11:00,"Fix XSS in zoom search Signed-off-by: Madhura Jayaratne ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2016-2560,"public function testAuth() { if (! defined('PMA_TEST_HEADERS')) { $this->markTestSkipped( 'Cannot redefine constant/function - missing runkit extension' ); } $GLOBALS['cfg']['Server']['SignonURL'] = ''; ob_start(); $this->object->auth(); $result = ob_get_clean(); $this->assertContains( 'You must set SignonURL!', $result ); $GLOBALS['cfg']['Server']['SignonURL'] = 'http: $GLOBALS['cfg']['Server']['LogoutURL'] = 'http: $this->object->logOut(); $this->assertContains( 'Location: http: $GLOBALS['header'][0] ); $GLOBALS['header'] = array(); $GLOBALS['cfg']['Server']['SignonURL'] = 'http: $GLOBALS['cfg']['Server']['LogoutURL'] = ''; $this->object->logOut(); $this->assertContains( 'Location: http: $GLOBALS['header'][0] ); }" 194,} elseif ($part != '.') { $depath++; },True,PHP,elseif,error_report.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-04-29 15:28:32+02:00,"Fix possible path existence disclossure On non released versions (where line counts are not precalculated) it was possible to check for file existence due to limited checks for supplied path. Signed-off-by: Michal Čihař ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2016-5098,"public function testAuthCheckToken() { $restoreInstance = PMA\libraries\Response::getInstance(); $mockResponse = $this->getMockBuilder('PMA\libraries\Response') ->disableOriginalConstructor() ->setMethods(array('isAjax', 'headersSent', 'header')) ->getMock(); $mockResponse->expects($this->any()) ->method('headersSent') ->with() ->will($this->returnValue(false)); $mockResponse->expects($this->once()) ->method('header') ->with('Location: ./index.php' . ((SID) ? '?' . SID : ''));" 195,"function PMA_countLines($filename) { global $LINE_COUNT; if (defined('LINE_COUNTS')) { return $LINE_COUNT[$filename]; } $depath = 1; foreach (explode('/', $filename) as $part) { if ($part == '..') { $depath--; } elseif ($part != '.') { $depath++; } if ($depath < 0) { return 0; } } $linecount = 0; $handle = fopen('./js/' . $filename, 'r'); while (!feof($handle)) { $line = fgets($handle); if ($line === false) { break; } $linecount++; } fclose($handle); return $linecount; }",True,PHP,PMA_countLines,error_report.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-04-29 15:28:32+02:00,"Fix possible path existence disclossure On non released versions (where line counts are not precalculated) it was possible to check for file existence due to limited checks for supplied path. Signed-off-by: Michal Čihař ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2016-5098,"function PMA_findExistingColNames($db, $cols, $allFields=false) { $cfgCentralColumns = PMA_centralColumnsGetParams(); if (empty($cfgCentralColumns)) { return array(); } $pmadb = $cfgCentralColumns['db']; $GLOBALS['dbi']->selectDb($pmadb, $GLOBALS['controllink']); $central_list_table = $cfgCentralColumns['table']; if ($allFields) { $query = 'SELECT * FROM ' . Util::backquote($central_list_table) . ' ' . 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\' AND col_name IN (' . $cols . ');'; $has_list = (array) $GLOBALS['dbi']->fetchResult( $query, null, null, $GLOBALS['controllink'] ); PMA_handleColumnExtra($has_list); } else { $query = 'SELECT col_name FROM ' . Util::backquote($central_list_table) . ' ' . 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\' AND col_name IN (' . $cols . ');'; $has_list = (array) $GLOBALS['dbi']->fetchResult( $query, null, null, $GLOBALS['controllink'] ); } return $has_list; }" 200,"function PMA_getUrlParams( $what, $reload, $action, $db, $table, $selected, $views, $original_sql_query, $original_url_query ) { $_url_params = array( 'query_type' => $what, 'reload' => (! empty($reload) ? 1 : 0), ); if (mb_strpos(' ' . $action, 'db_') == 1) { $_url_params['db']= $db; } elseif (mb_strpos(' ' . $action, 'tbl_') == 1 || $what == 'row_delete' ) { $_url_params['db']= $db; $_url_params['table']= $table; } foreach ($selected as $sval) { if ($what == 'row_delete') { $_url_params['selected'][] = 'DELETE FROM ' . PMA\libraries\Util::backquote($table) . ' WHERE ' . urldecode($sval) . ' LIMIT 1;'; } else { $_url_params['selected'][] = $sval; } } if ($what == 'drop_tbl' && !empty($views)) { foreach ($views as $current) { $_url_params['views'][] = $current; } } if ($what == 'row_delete') { $_url_params['original_sql_query'] = $original_sql_query; if (! empty($original_url_query)) { $_url_params['original_url_query'] = $original_url_query; } } return $_url_params; }",True,PHP,PMA_getUrlParams,mult_submits.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-05-23 09:12:52+02:00,"Avoid not neeedded urlencode/urldecode steps in multi submits Signed-off-by: Michal Čihař ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2016-5099,"$cols .= '\'' . Util::sqlAddSlashes($col_select) . '\','; } $cols = trim($cols, ','); $has_list = PMA_findExistingColNames($db, $cols); foreach ($field_select as $column) { if (!in_array($column, $has_list)) { $colNotExist[] = ""'"" . $column . ""'""; } } } if (!empty($colNotExist)) { $colNotExist = implode("","", array_unique($colNotExist)); $message = Message::notice( sprintf( __( 'Couldn\'t remove Column(s) %1$s ' . 'as they don\'t exist in central columns list!' ), htmlspecialchars($colNotExist) ) ); } $GLOBALS['dbi']->selectDb($pmadb, $GLOBALS['controllink']); $query = 'DELETE FROM ' . Util::backquote($central_list_table) . ' ' . 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\' AND col_name IN (' . $cols . ');'; if (!$GLOBALS['dbi']->tryQuery($query, $GLOBALS['controllink'])) { $message = Message::error(__('Could not remove columns!')); $message->addMessage('
    ' . htmlspecialchars($cols) . '
    '); $message->addMessage( Message::rawError( $GLOBALS['dbi']->getError($GLOBALS['controllink']) ) ); } return $message; }" 201,"function PMA_getQueryFromSelected($what, $table, $selected, $views) { $reload = false; $full_query_views = null; $full_query = ''; if ($what == 'drop_tbl') { $full_query_views = ''; } $selected_cnt = count($selected); $i = 0; foreach ($selected as $sval) { switch ($what) { case 'row_delete': $full_query .= 'DELETE FROM ' . PMA\libraries\Util::backquote(htmlspecialchars($table)) . ' WHERE ' . urldecode(htmlspecialchars($sval)) . ';
    '; break; case 'drop_db': $full_query .= 'DROP DATABASE ' . PMA\libraries\Util::backquote(htmlspecialchars($sval)) . ';
    '; $reload = true; break; case 'drop_tbl': $current = $sval; if (!empty($views) && in_array($current, $views)) { $full_query_views .= (empty($full_query_views) ? 'DROP VIEW ' : ', ') . PMA\libraries\Util::backquote(htmlspecialchars($current)); } else { $full_query .= (empty($full_query) ? 'DROP TABLE ' : ', ') . PMA\libraries\Util::backquote(htmlspecialchars($current)); } break; case 'empty_tbl': $full_query .= 'TRUNCATE '; $full_query .= PMA\libraries\Util::backquote(htmlspecialchars($sval)) . ';
    '; break; case 'primary_fld': if ($full_query == '') { $full_query .= 'ALTER TABLE ' . PMA\libraries\Util::backquote(htmlspecialchars($table)) . '
      DROP PRIMARY KEY,' . '
       ADD PRIMARY KEY(' . '
         ' . PMA\libraries\Util::backquote(htmlspecialchars($sval)) . ','; } else { $full_query .= '
         ' . PMA\libraries\Util::backquote(htmlspecialchars($sval)) . ','; } if ($i == $selected_cnt-1) { $full_query = preg_replace('@,$@', ');
    ', $full_query); } break; case 'drop_fld': if ($full_query == '') { $full_query .= 'ALTER TABLE ' . PMA\libraries\Util::backquote(htmlspecialchars($table)); } $full_query .= '
      DROP ' . PMA\libraries\Util::backquote(htmlspecialchars($sval)) . ','; if ($i == $selected_cnt - 1) { $full_query = preg_replace('@,$@', ';
    ', $full_query); } break; } $i++; } if ($what == 'drop_tbl') { if (!empty($full_query)) { $full_query .= ';
    ' . ""\n""; } if (!empty($full_query_views)) { $full_query .= $full_query_views . ';
    ' . ""\n""; } unset($full_query_views); } $full_query_views = isset($full_query_views)? $full_query_views : null; return array($full_query, $reload, $full_query_views); }",True,PHP,PMA_getQueryFromSelected,mult_submits.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-05-23 09:12:52+02:00,"Avoid not neeedded urlencode/urldecode steps in multi submits Signed-off-by: Michal Čihař ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2016-5099,"function PMA_getCentralColumnsCount($db) { $cfgCentralColumns = PMA_centralColumnsGetParams(); if (empty($cfgCentralColumns)) { return 0; } $pmadb = $cfgCentralColumns['db']; $GLOBALS['dbi']->selectDb($pmadb, $GLOBALS['controllink']); $central_list_table = $cfgCentralColumns['table']; $query = 'SELECT count(db_name) FROM ' . Util::backquote($central_list_table) . ' ' . 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\';'; $res = $GLOBALS['dbi']->fetchResult( $query, null, null, $GLOBALS['controllink'] ); if (isset($res[0])) { return $res[0]; } else { return 0; } }" 205,"function PMA_linkURL($url) { if (!preg_match('#^https?: return $url; } if (!function_exists('PMA_URL_getCommon')) { include_once './libraries/url_generating.lib.php'; } $params = array(); $params['url'] = $url; $url = PMA_URL_getCommon($params); $arr = parse_url($url); parse_str($arr[""query""], $vars); $query = http_build_query(array(""url"" => $vars[""url""])); $url = './url.php?' . $query; return $url; }",True,PHP,PMA_linkURL,core.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-05-23 09:40:17+02:00,"Ensure links from setup go through url.php Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5097,"function PMA_getColumnsList($db, $from=0, $num=25) { $cfgCentralColumns = PMA_centralColumnsGetParams(); if (empty($cfgCentralColumns)) { return array(); } $pmadb = $cfgCentralColumns['db']; $GLOBALS['dbi']->selectDb($pmadb, $GLOBALS['controllink']); $central_list_table = $cfgCentralColumns['table']; if ($num == 0) { $query = 'SELECT * FROM ' . Util::backquote($central_list_table) . ' ' . 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\';'; } else { $query = 'SELECT * FROM ' . Util::backquote($central_list_table) . ' ' . 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\' ' . 'LIMIT ' . $from . ', ' . $num . ';'; } $has_list = (array) $GLOBALS['dbi']->fetchResult( $query, null, null, $GLOBALS['controllink'] ); PMA_handleColumnExtra($has_list); return $has_list; }" 206,"private function _links() { $showIcon = true; $showText = false; $retval = ''; $retval .= '
    '; $retval .= PMA\libraries\Util::getNavigationLink( 'index.php' . PMA_URL_getCommon(), $showText, __('Home'), $showIcon, 'b_home.png' ); if ($GLOBALS['server'] != 0) { if ($GLOBALS['cfg']['Server']['auth_type'] != 'config') { $link = 'index.php' . $GLOBALS['url_query']; $link .= '&old_usr=' . urlencode($GLOBALS['PHP_AUTH_USER']); $retval .= PMA\libraries\Util::getNavigationLink( $link, $showText, __('Log out'), $showIcon, 's_loggoff.png', '', true ); } } $retval .= PMA\libraries\Util::getNavigationLink( PMA\libraries\Util::getDocuLink('index'), $showText, __('phpMyAdmin documentation'), $showIcon, 'b_docs.png', '', false, 'documentation' ); $retval .= PMA\libraries\Util::getNavigationLink( PMA\libraries\Util::getMySQLDocuURL('', ''), $showText, __('Documentation'), $showIcon, 'b_sqlhelp.png', '', false, 'mysql_doc' ); $retval .= PMA\libraries\Util::getNavigationLink( '#', $showText, __('Navigation panel settings'), $showIcon, 's_cog.png', 'pma_navigation_settings_icon', false, '', defined('PMA_DISABLE_NAVI_SETTINGS') ? array('hide') : array() ); $retval .= PMA\libraries\Util::getNavigationLink( '#', $showText, __('Reload navigation panel'), $showIcon, 's_reload.png', 'pma_navigation_reload' ); $retval .= '
    '; $retval .= ''; return $retval; }",True,PHP,_links,NavigationHeader.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-05-23 13:02:21+02:00,"Improve handling of logout - add separate script for handling logout - no longer require old_usr for all authentication methods (this avoids potential information leak) - require valid token for logout Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5097,"public function getCookiePath() { static $cookie_path = null; if (null !== $cookie_path && !defined('TESTSUITE')) { return $cookie_path; } $parsed_url = parse_url($GLOBALS['PMA_PHP_SELF']); $parts = explode( '/', rtrim(str_replace('\\', '/', $parsed_url['path']), '/') ); if (substr($parts[count($parts) - 1], -4) == '.php') { $parts = array_slice($parts, 0, count($parts) - 1); } if (defined('PMA_PATH_TO_BASEDIR')) { $parts = array_slice($parts, 0, count($parts) - 1); } $parts[] = ''; return implode('/', $parts); }" 211,"$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key); if (isset($_COOKIE['pmaPass-' . $key])) { unset($_COOKIE['pmaPass-' . $key]); } } } else { $GLOBALS['PMA_Config']->removeCookie( 'pmaPass-' . $GLOBALS['server'] ); if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) { unset($_COOKIE['pmaPass-' . $GLOBALS['server']]); } } } if (! empty($_REQUEST['pma_username'])) { if (! empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && ! empty($GLOBALS['cfg']['CaptchaLoginPublicKey']) ) { if (! empty($_POST[""g-recaptcha-response""])) { include_once 'libraries/plugins/auth/recaptcha/autoload.php'; $reCaptcha = new ReCaptcha( $GLOBALS['cfg']['CaptchaLoginPrivateKey'] ); $resp = $reCaptcha->verify( $_POST[""g-recaptcha-response""], $_SERVER[""REMOTE_ADDR""] ); if ($resp == null || ! $resp->isSuccess()) { $conn_error = __('Entered captcha is wrong, try again!'); return false; } } else { $conn_error = __('Please enter correct captcha!'); return false; } } $GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username']; $GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password']; if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername']) ) { if ($GLOBALS['cfg']['ArbitraryServerRegexp']) { $parts = explode(' ', $_REQUEST['pma_servername']); if (count($parts) == 2) { $tmp_host = $parts[0]; } else { $tmp_host = $_REQUEST['pma_servername']; } $match = preg_match( $GLOBALS['cfg']['ArbitraryServerRegexp'], $tmp_host ); if (! $match) { $conn_error = __( 'You are not allowed to log in to this MySQL server!' ); return false; } } $GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername']; } return true; } if ($GLOBALS['cfg']['AllowArbitraryServer'] && ! empty($_COOKIE['pmaServer-' . $GLOBALS['server']]) ) { $GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']]; } if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']]) || empty($_COOKIE['pma_iv-' . $GLOBALS['server']]) ) { return false; } $GLOBALS['PHP_AUTH_USER'] = $this->cookieDecrypt( $_COOKIE['pmaUser-' . $GLOBALS['server']], $this->_getEncryptionSecret() ); if (empty($_SESSION['last_access_time'])) { return false; } $last_access_time = time() - $GLOBALS['cfg']['LoginCookieValidity']; if ($_SESSION['last_access_time'] < $last_access_time) { Util::cacheUnset('is_create_db_priv'); Util::cacheUnset('is_reload_priv'); Util::cacheUnset('db_to_create'); Util::cacheUnset('dbs_where_create_table_allowed'); Util::cacheUnset('dbs_to_test'); Util::cacheUnset('db_priv'); Util::cacheUnset('col_priv'); Util::cacheUnset('table_priv'); Util::cacheUnset('proc_priv'); $GLOBALS['no_activity'] = true; $this->authFails(); if (! defined('TESTSUITE')) { exit; } else { return false; } } if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) { return false; } $GLOBALS['PHP_AUTH_PW'] = $this->cookieDecrypt( $_COOKIE['pmaPass-' . $GLOBALS['server']], $this->_getSessionEncryptionSecret() ); if ($GLOBALS['PHP_AUTH_PW'] == ""\xff(blank)"") { $GLOBALS['PHP_AUTH_PW'] = ''; } $GLOBALS['from_cookie'] = true; return true; }",True,PHP,removeCookie,AuthenticationCookie.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-05-23 13:02:21+02:00,"Improve handling of logout - add separate script for handling logout - no longer require old_usr for all authentication methods (this avoids potential information leak) - require valid token for logout Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5097,"function PMA_cleanupPathInfo() { global $PMA_PHP_SELF; $PMA_PHP_SELF = PMA_getenv('PHP_SELF'); if (empty($PMA_PHP_SELF)) { $PMA_PHP_SELF = urldecode(PMA_getenv('REQUEST_URI')); } $_PATH_INFO = PMA_getenv('PATH_INFO'); if (! empty($_PATH_INFO) && ! empty($PMA_PHP_SELF)) { $path_info_pos = mb_strrpos($PMA_PHP_SELF, $_PATH_INFO); if ($path_info_pos !== false) { $path_info_part = mb_substr($PMA_PHP_SELF, $path_info_pos, mb_strlen($_PATH_INFO)); if ($path_info_part == $_PATH_INFO) { $PMA_PHP_SELF = mb_substr($PMA_PHP_SELF, 0, $path_info_pos); } } } $PMA_PHP_SELF = htmlspecialchars($PMA_PHP_SELF); }" 212,"public function authForm() { if (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL']) ) { PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); if (!defined('TESTSUITE')) { exit; } else { return false; } } if (empty($GLOBALS['cfg']['Server']['auth_http_realm'])) { if (empty($GLOBALS['cfg']['Server']['verbose'])) { $server_message = $GLOBALS['cfg']['Server']['host']; } else { $server_message = $GLOBALS['cfg']['Server']['verbose']; } $realm_message = 'phpMyAdmin ' . $server_message; } else { $realm_message = $GLOBALS['cfg']['Server']['auth_http_realm']; } $response = Response::getInstance(); $realm_message = preg_replace('/[^\x20-\x7e]/i', '', $realm_message); $response->header('WWW-Authenticate: Basic realm=""' . $realm_message . '""'); $response->header('HTTP/1.0 401 Unauthorized'); if (php_sapi_name() !== 'cgi-fcgi') { $response->header('status: 401 Unauthorized'); } $footer = $response->getFooter(); $footer->setMinimal(); $header = $response->getHeader(); $header->setTitle(__('Access denied!')); $header->disableMenuAndConsole(); $header->setBodyId('loginform'); $response->addHTML('

    '); $response->addHTML(sprintf(__('Welcome to %s'), ' phpMyAdmin')); $response->addHTML('

    '); $response->addHTML('

    '); $response->addHTML( Message::error( __('Wrong username/password. Access denied.') ) ); $response->addHTML('

    '); if (@file_exists(CUSTOM_FOOTER_FILE)) { include CUSTOM_FOOTER_FILE; } if (!defined('TESTSUITE')) { exit; } else { return false; } }",True,PHP,authForm,AuthenticationHttp.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-05-23 13:02:21+02:00,"Improve handling of logout - add separate script for handling logout - no longer require old_usr for all authentication methods (this avoids potential information leak) - require valid token for logout Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5097,"foreach ($form->fields as $field => $system_path) { $work_path = array_search($system_path, $this->_systemPaths); $key = $this->_translatedPaths[$work_path]; $type = $form->getOptionType($field); if ($type == 'group') { continue; } if (!isset($_POST[$key])) { if ($type == 'boolean') { $_POST[$key] = false; } else { $this->_errors[$form->name][] = sprintf( __('Missing data for %s'), '' . PMA_langName($system_path) . '' ); $result = false; continue; } } if ($is_setup_script && isset($this->_userprefsKeys[$system_path]) ) { if (isset($this->_userprefsDisallow[$system_path]) && isset($_POST[$key . '-userprefs-allow']) ) { unset($this->_userprefsDisallow[$system_path]); } else if (!isset($_POST[$key . '-userprefs-allow'])) { $this->_userprefsDisallow[$system_path] = true; } } switch ($type) { case 'double': settype($this->_trimString($_POST[$key]), 'float'); break; case 'boolean': case 'integer': if ($_POST[$key] !== '') { settype($this->_trimString($_POST[$key]), $type); } break; case 'select': $successfully_validated = $this->_validateSelect( $_POST[$key], $form->getOptionValueList($system_path) ); if (! $successfully_validated) { $this->_errors[$work_path][] = __('Incorrect value!'); $result = false; continue; } break; case 'string': case 'short_string': $_POST[$key] = $this->_trimString($_POST[$key]); break; case 'array': $post_values = is_array($_POST[$key]) ? $_POST[$key] : explode(""\n"", $_POST[$key]); $_POST[$key] = array(); $this->_fillPostArrayParameters($post_values, $key); break; } $values[$system_path] = $_POST[$key]; if ($change_index !== false) { $work_path = str_replace( ""Servers/$form->index/"", ""Servers/$change_index/"", $work_path ); } $to_save[$work_path] = $system_path; }" 214,PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); } else { PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']); } if (!defined('TESTSUITE')) { exit(); } else { return false; } },True,PHP,PMA_sendHeaderLocation,AuthenticationSignon.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-05-23 13:02:21+02:00,"Improve handling of logout - add separate script for handling logout - no longer require old_usr for all authentication methods (this avoids potential information leak) - require valid token for logout Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5097,"public static function validateRegex($path, $values) { $result = array($path => ''); if (empty($values[$path])) { return $result; } static::testPHPErrorMsg(); $matches = array(); preg_match('/' . Util::requestString($values[$path]) . '/', '', $matches); static::testPHPErrorMsg(false); if (isset($php_errormsg)) { $error = preg_replace('/^preg_match\(\): /', '', $php_errormsg); return array($path => $error); } return $result; }" 218,public function testLogoutDelete() { $GLOBALS['cfg']['Server']['auth_swekey_config'] = ''; $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = ''; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = ''; $_REQUEST['old_usr'] = 'pmaolduser'; $GLOBALS['cfg']['LoginCookieDeleteAll'] = true; $GLOBALS['cfg']['Servers'] = array(1); $_COOKIE['pmaPass-0'] = 'test'; $this->object->authCheck(); $this->assertFalse( isset($_COOKIE['pmaPass-0']) ); },True,PHP,testLogoutDelete,AuthenticationCookieTest.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-05-23 13:02:21+02:00,"Improve handling of logout - add separate script for handling logout - no longer require old_usr for all authentication methods (this avoids potential information leak) - require valid token for logout Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5097,"public static function validateByRegex($path, $values, $regex) { if (!isset($values[$path])) { return ''; } $result = preg_match($regex, Util::requestString($values[$path])); return array($path => ($result ? '' : __('Incorrect value!'))); }" 219,public function testLogout() { $GLOBALS['cfg']['Server']['auth_swekey_config'] = ''; $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = ''; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = ''; $_REQUEST['old_usr'] = 'pmaolduser'; $GLOBALS['cfg']['LoginCookieDeleteAll'] = false; $GLOBALS['cfg']['Servers'] = array(1); $GLOBALS['server'] = 1; $_COOKIE['pmaPass-1'] = 'test'; $this->object->authCheck(); $this->assertFalse( isset($_COOKIE['pmaPass-1']) ); },True,PHP,testLogout,AuthenticationCookieTest.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-05-23 13:02:21+02:00,"Improve handling of logout - add separate script for handling logout - no longer require old_usr for all authentication methods (this avoids potential information leak) - require valid token for logout Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5097,"public static function validatePMAStorage($path, $values) { $result = array( 'Server_pmadb' => '', 'Servers/1/controluser' => '', 'Servers/1/controlpass' => '' ); $error = false; if (empty($values['Servers/1/pmadb'])) { return $result; } $result = array(); if (empty($values['Servers/1/controluser'])) { $result['Servers/1/controluser'] = __( 'Empty phpMyAdmin control user while using phpMyAdmin configuration ' . 'storage!' ); $error = true; } if (empty($values['Servers/1/controlpass'])) { $result['Servers/1/controlpass'] = __( 'Empty phpMyAdmin control user password while using phpMyAdmin ' . 'configuration storage!' ); $error = true; } if (! $error) { $test = static::testDBConnection( empty($values['Servers/1/connect_type']) ? '' : $values['Servers/1/connect_type'], empty($values['Servers/1/host']) ? '' : $values['Servers/1/host'], empty($values['Servers/1/port']) ? '' : $values['Servers/1/port'], empty($values['Servers/1/socket']) ? '' : $values['Servers/1/socket'], empty($values['Servers/1/controluser']) ? '' : $values['Servers/1/controluser'], empty($values['Servers/1/controlpass']) ? '' : $values['Servers/1/controlpass'], 'Server_pmadb' ); if ($test !== true) { $result = array_merge($result, $test); } } return $result; }" 220,"public function testAuthHeader() { $restoreInstance = PMA\libraries\Response::getInstance(); $mockResponse = $this->getMockBuilder('PMA\libraries\Response') ->disableOriginalConstructor() ->setMethods(array('isAjax', 'headersSent', 'header')) ->getMock(); $mockResponse->expects($this->once()) ->method('isAjax') ->with() ->will($this->returnValue(false)); $mockResponse->expects($this->any()) ->method('headersSent') ->with() ->will($this->returnValue(false)); $mockResponse->expects($this->once()) ->method('header') ->with('Location: http:",True,PHP,testAuthHeader,AuthenticationCookieTest.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-05-23 13:02:21+02:00,"Improve handling of logout - add separate script for handling logout - no longer require old_usr for all authentication methods (this avoids potential information leak) - require valid token for logout Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5097,"public static function validateServer($path, $values) { $result = array( 'Server' => '', 'Servers/1/user' => '', 'Servers/1/SignonSession' => '', 'Servers/1/SignonURL' => '' ); $error = false; if (empty($values['Servers/1/auth_type'])) { $values['Servers/1/auth_type'] = ''; $result['Servers/1/auth_type'] = __('Invalid authentication type!'); $error = true; } if ($values['Servers/1/auth_type'] == 'config' && empty($values['Servers/1/user']) ) { $result['Servers/1/user'] = __( 'Empty username while using [kbd]config[/kbd] authentication method!' ); $error = true; } if ($values['Servers/1/auth_type'] == 'signon' && empty($values['Servers/1/SignonSession']) ) { $result['Servers/1/SignonSession'] = __( 'Empty signon session name ' . 'while using [kbd]signon[/kbd] authentication method!' ); $error = true; } if ($values['Servers/1/auth_type'] == 'signon' && empty($values['Servers/1/SignonURL']) ) { $result['Servers/1/SignonURL'] = __( 'Empty signon URL while using [kbd]signon[/kbd] authentication ' . 'method!' ); $error = true; } if (! $error && $values['Servers/1/auth_type'] == 'config') { $password = !empty($values['Servers/1/nopassword']) && $values['Servers/1/nopassword'] ? null : (empty($values['Servers/1/password']) ? '' : $values['Servers/1/password']); $test = static::testDBConnection( empty($values['Servers/1/connect_type']) ? '' : $values['Servers/1/connect_type'], empty($values['Servers/1/host']) ? '' : $values['Servers/1/host'], empty($values['Servers/1/port']) ? '' : $values['Servers/1/port'], empty($values['Servers/1/socket']) ? '' : $values['Servers/1/socket'], empty($values['Servers/1/user']) ? '' : $values['Servers/1/user'], $password, 'Server' ); if ($test !== true) { $result = array_merge($result, $test); } } return $result; }" 222,"public function testAuth() { if (! defined('PMA_TEST_HEADERS')) { $this->markTestSkipped( 'Cannot redefine constant/function - missing runkit extension' ); } $GLOBALS['cfg']['Server']['SignonURL'] = ''; ob_start(); $this->object->auth(); $result = ob_get_clean(); $this->assertContains( 'You must set SignonURL!', $result ); $GLOBALS['cfg']['Server']['SignonURL'] = 'http: $_REQUEST['old_usr'] = 'oldUser'; $GLOBALS['cfg']['Server']['LogoutURL'] = 'http: $this->object->auth(); $this->assertContains( 'Location: http: $GLOBALS['header'][0] ); $GLOBALS['header'] = array(); $GLOBALS['cfg']['Server']['SignonURL'] = 'http: $_REQUEST['old_usr'] = ''; $GLOBALS['cfg']['Server']['LogoutURL'] = ''; $this->object->auth(); $this->assertContains( 'Location: http: $GLOBALS['header'][0] ); }",True,PHP,testAuth,AuthenticationSignonTest.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-05-23 13:02:21+02:00,"Improve handling of logout - add separate script for handling logout - no longer require old_usr for all authentication methods (this avoids potential information leak) - require valid token for logout Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5097,"public static function validateNumber( $path, $values, $allow_neg, $allow_zero, $max_value, $error_string ) { if (empty($values[$path])) { return ''; } $value = Util::requestString($values[$path]); if (intval($value) != $value || (! $allow_neg && $value < 0) || (! $allow_zero && $value == 0) || $value > $max_value ) { return $error_string; } return ''; }" 223,"public function testAuthCheckToken() { $GLOBALS['cfg']['Server']['SignonURL'] = 'http: $GLOBALS['cfg']['Server']['SignonSession'] = 'session123'; $GLOBALS['cfg']['Server']['host'] = 'localhost'; $GLOBALS['cfg']['Server']['port'] = '80'; $GLOBALS['cfg']['Server']['user'] = 'user'; $GLOBALS['cfg']['Server']['SignonScript'] = ''; $_COOKIE['session123'] = true; $_REQUEST['old_usr'] = 'oldUser'; $_SESSION['PMA_single_signon_user'] = 'user123'; $_SESSION['PMA_single_signon_password'] = 'pass123'; $_SESSION['PMA_single_signon_host'] = 'local'; $_SESSION['PMA_single_signon_port'] = '12'; $_SESSION['PMA_single_signon_cfgupdate'] = array('foo' => 'bar'); $_SESSION['PMA_single_signon_token'] = 'pmaToken'; $sessionName = session_name(); $sessionID = session_id(); $this->assertFalse( $this->object->authCheck() ); $this->assertEquals( array( 'SignonURL' => 'http: 'SignonScript' => '', 'SignonSession' => 'session123', 'host' => 'local', 'port' => '12', 'user' => 'user', 'foo' => 'bar' ), $GLOBALS['cfg']['Server'] ); $this->assertEquals( 'pmaToken', $_SESSION[' PMA_token '] ); $this->assertEquals( $sessionName, session_name() ); $this->assertEquals( $sessionID, session_id() ); $this->assertFalse( isset($_SESSION['LAST_SIGNON_URL']) ); }",True,PHP,testAuthCheckToken,AuthenticationSignonTest.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-05-23 13:02:21+02:00,"Improve handling of logout - add separate script for handling logout - no longer require old_usr for all authentication methods (this avoids potential information leak) - require valid token for logout Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5097,"public function transformationDataProvider() { return array( array( new Image_JPEG_Upload(), array( 'test', array(150, 100) ), 'test' ), array( new Text_Plain_FileUpload(), array( 'test', array() ), 'test' ), array( new Text_Plain_RegexValidation(), array( 'phpMyAdmin', array('/php/i') ), 'phpMyAdmin', true, '' ), array( new Text_Plain_RegexValidation(), array( 'qwerty', array('/^a/') ), 'qwerty', false, 'Validation failed for the input string qwerty.' ), array( new Application_Octetstream_Download(), array( 'PMA_BUFFER', array(""filename"", 'wrapper_link'=>'PMA_wrapper_link') ), 'filename' ), array( new Application_Octetstream_Download(), array( 'PMA_BUFFER', array("""", 'cloumn', 'wrapper_link'=>'PMA_wrapper_link') ), 'binary_file.dat' ), array( new Application_Octetstream_Hex(), array( '11111001', array(3) ), '313 131 313 130 303 1 ' ), array( new Application_Octetstream_Hex(), array( '11111001', array(0) ), '3131313131303031' ), array( new Application_Octetstream_Hex(), array( '11111001', array() ), '31 31 31 31 31 30 30 31 ' ), array( new Image_JPEG_Inline(), array( 'PMA_JPEG_Inline', array(""./image/"", ""200"", ""wrapper_link""=>""PMA_wrapper_link"") ), '' ), array( new Image_JPEG_Link(), array( 'PMA_IMAGE_LINK', array(""./image/"", ""200"", ""wrapper_link""=>""PMA_wrapper_link"") ), '[BLOB]' ), array( new Image_PNG_Inline(), array( 'PMA_PNG_Inline', array(""./image/"", ""200"", ""wrapper_link""=>""PMA_wrapper_link"") ), '' ), array( new Text_Plain_Dateformat(), array( 12345, array(0), (object) array( 'type' => 'int' ) ), '' . 'Jan 01, 1970 at 03:25 AM' ), array( new Text_Plain_Dateformat(), array( 12345678, array(0), (object) array( 'type' => 'string' ) ), '' . 'May 23, 1970 at 09:21 PM' ), array( new Text_Plain_Dateformat(), array( 123456789, array(0), (object) array( 'type' => null ) ), '' . 'Nov 29, 1973 at 09:33 PM' ), array( new Text_Plain_Dateformat(), array( '20100201', array(0), (object) array( 'type' => null ) ), '' . 'Feb 01, 2010 at 12:00 AM' ), array( new Text_Plain_External(), array( 'PMA_BUFFER', array(""/dev/null -i -wrap -q"", ""/dev/null -i -wrap -q"") ), 'PMA_BUFFER' ), array( new Text_Plain_Formatted(), array( ""' . 'PMA_IMAGE' ), array( new Text_Plain_Sql(), array( 'select *', array(""option1"", ""option2"") ), '
    ' . ""\n"" . 'select *' . ""\n"" . '
    ' ), array( new Text_Plain_Link(), array( 'PMA_TXT_LINK', array(""./php/"", ""text_name"") ), 'text_name' ), array( new Text_Plain_Longtoipv4(), array( 42949672, array(""option1"", ""option2"") ), '2.143.92.40' ), array( new Text_Plain_Longtoipv4(), array( 4294967295, array(""option1"", ""option2"") ), '255.255.255.255' ), array( new Text_Plain_PreApPend(), array( 'My', array('php', 'Admin') ), 'phpMyAdmin' ), array( new Text_Plain_Substring(), array( 'PMA_BUFFER', array(1, 3, 'suffix') ), 'suffixMA_suffix' ), ); }" 225,"function PMA_findExistingColNames($db, $cols, $allFields=false) { $cfgCentralColumns = PMA_centralColumnsGetParams(); if (empty($cfgCentralColumns)) { return array(); } $pmadb = $cfgCentralColumns['db']; $GLOBALS['dbi']->selectDb($pmadb, $GLOBALS['controllink']); $central_list_table = $cfgCentralColumns['table']; if ($allFields) { $query = 'SELECT * FROM ' . Util::backquote($central_list_table) . ' ' . 'WHERE db_name = \'' . $db . '\' AND col_name IN (' . $cols . ');'; $has_list = (array) $GLOBALS['dbi']->fetchResult( $query, null, null, $GLOBALS['controllink'] ); PMA_handleColumnExtra($has_list); } else { $query = 'SELECT col_name FROM ' . Util::backquote($central_list_table) . ' ' . 'WHERE db_name = \'' . $db . '\' AND col_name IN (' . $cols . ');'; $has_list = (array) $GLOBALS['dbi']->fetchResult( $query, null, null, $GLOBALS['controllink'] ); } return $has_list; }",True,PHP,PMA_findExistingColNames,central_columns.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-06-15 11:29:31+02:00,"Properly escape database name in central column queries Signed-off-by: Michal Čihař ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-5703,"private function _getMetaTags() { $retval = ''; $retval .= ''; $retval .= ''; $retval .= ''; if (! $GLOBALS['cfg']['AllowThirdPartyFraming']) { $retval .= ''; } return $retval; }" 226,"$cols .= '\'' . Util::sqlAddSlashes($col_select) . '\','; } $cols = trim($cols, ','); $has_list = PMA_findExistingColNames($db, $cols); foreach ($field_select as $column) { if (!in_array($column, $has_list)) { $colNotExist[] = ""'"" . $column . ""'""; } } } if (!empty($colNotExist)) { $colNotExist = implode("","", array_unique($colNotExist)); $message = Message::notice( sprintf( __( 'Couldn\'t remove Column(s) %1$s ' . 'as they don\'t exist in central columns list!' ), htmlspecialchars($colNotExist) ) ); } $GLOBALS['dbi']->selectDb($pmadb, $GLOBALS['controllink']); $query = 'DELETE FROM ' . Util::backquote($central_list_table) . ' ' . 'WHERE db_name = \'' . $db . '\' AND col_name IN (' . $cols . ');'; if (!$GLOBALS['dbi']->tryQuery($query, $GLOBALS['controllink'])) { $message = Message::error(__('Could not remove columns!')); $message->addMessage('
    ' . htmlspecialchars($cols) . '
    '); $message->addMessage( Message::rawError( $GLOBALS['dbi']->getError($GLOBALS['controllink']) ) ); } return $message; }",True,PHP,sqlAddSlashes,central_columns.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-06-15 11:29:31+02:00,"Properly escape database name in central column queries Signed-off-by: Michal Čihař ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-5703,"$result[$index][1] = preg_replace( $find, $replaceWith, $row[0] ); } } return $result; }" 227,"function PMA_getCentralColumnsCount($db) { $cfgCentralColumns = PMA_centralColumnsGetParams(); if (empty($cfgCentralColumns)) { return 0; } $pmadb = $cfgCentralColumns['db']; $GLOBALS['dbi']->selectDb($pmadb, $GLOBALS['controllink']); $central_list_table = $cfgCentralColumns['table']; $query = 'SELECT count(db_name) FROM ' . Util::backquote($central_list_table) . ' ' . 'WHERE db_name = \'' . $db . '\';'; $res = $GLOBALS['dbi']->fetchResult( $query, null, null, $GLOBALS['controllink'] ); if (isset($res[0])) { return $res[0]; } else { return 0; } }",True,PHP,PMA_getCentralColumnsCount,central_columns.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-06-15 11:29:31+02:00,"Properly escape database name in central column queries Signed-off-by: Michal Čihař ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-5703,"static public function handleQuery($query) { if (mb_strstr($query, """")) { return; } if (! (substr($query, -1) == ';')) { $query = $query . "";\n""; } $result = self::parseQuery($query); $dbname = trim(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', '`'); if (empty($dbname)) { return; } if (isset($result['identifier'])) { $version = self::getVersion( $dbname, $result['tablename'], $result['identifier'] ); if ($GLOBALS['cfg']['Server']['tracking_version_auto_create'] == true && self::isTracked($dbname, $result['tablename']) == false && $version == -1 ) { switch ($result['identifier']) { case 'CREATE TABLE': self::createVersion($dbname, $result['tablename'], '1'); break; case 'CREATE VIEW': self::createVersion( $dbname, $result['tablename'], '1', '', true ); break; case 'CREATE DATABASE': self::createDatabaseVersion($dbname, '1', $query); break; } } if (self::isTracked($dbname, $result['tablename']) && $version != -1) { if ($result['type'] == 'DDL') { $save_to = 'schema_sql'; } elseif ($result['type'] == 'DML') { $save_to = 'data_sql'; } else { $save_to = ''; } $date = date('Y-m-d H:i:s'); $query = preg_replace( '/`' . preg_quote($dbname, '/') . '`\s?\./', '', $query ); $query = self::getLogComment() . $query ; $sql_query = "" \n"" . "" UPDATE "" . self::_getTrackingTable() . "" SET "" . Util::backquote($save_to) . "" = CONCAT( "" . Util::backquote($save_to) . "",'\n"" . Util::sqlAddSlashes($query) . ""') ,"" . "" `date_updated` = '"" . $date . ""' ""; if ($result['identifier'] == 'RENAME TABLE') { $sql_query .= ', `table_name` = \'' . Util::sqlAddSlashes($result['tablename_after_rename']) . '\' '; } $sql_query .= "" WHERE FIND_IN_SET('"" . $result['identifier'] . ""',tracking) > 0"" . "" AND `db_name` = '"" . Util::sqlAddSlashes($dbname) . ""' "" . "" AND `table_name` = '"" . Util::sqlAddSlashes($result['tablename']) . ""' "" . "" AND `version` = '"" . Util::sqlAddSlashes($version) . ""' ""; PMA_queryAsControlUser($sql_query); } } }" 229,"function PMA_getColumnsList($db, $from=0, $num=25) { $cfgCentralColumns = PMA_centralColumnsGetParams(); if (empty($cfgCentralColumns)) { return array(); } $pmadb = $cfgCentralColumns['db']; $GLOBALS['dbi']->selectDb($pmadb, $GLOBALS['controllink']); $central_list_table = $cfgCentralColumns['table']; if ($num == 0) { $query = 'SELECT * FROM ' . Util::backquote($central_list_table) . ' ' . 'WHERE db_name = \'' . $db . '\';'; } else { $query = 'SELECT * FROM ' . Util::backquote($central_list_table) . ' ' . 'WHERE db_name = \'' . $db . '\' ' . 'LIMIT ' . $from . ', ' . $num . ';'; } $has_list = (array) $GLOBALS['dbi']->fetchResult( $query, null, null, $GLOBALS['controllink'] ); PMA_handleColumnExtra($has_list); return $has_list; }",True,PHP,PMA_getColumnsList,central_columns.lib.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-06-15 11:29:31+02:00,"Properly escape database name in central column queries Signed-off-by: Michal Čihař ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-5703,"function testMissingExtensionFatal() { $ext = 'php_ext'; $warn = 'The ' . $ext . ' extension is missing. Please check your PHP configuration.'; $this->expectOutputRegex('@' . preg_quote($warn, '@') . '@'); PMA_warnMissingExtension($ext, true); }" 234,"public function getCookiePath() { static $cookie_path = null; if (null !== $cookie_path && !defined('TESTSUITE')) { return $cookie_path; } if (isset($GLOBALS['PMA_PHP_SELF'])) { $parsed_url = parse_url($GLOBALS['PMA_PHP_SELF']); } else { $parsed_url = parse_url(PMA_getenv('REQUEST_URI')); } $parts = explode( '/', rtrim(str_replace('\\', '/', $parsed_url['path']), '/') ); if (substr($parts[count($parts) - 1], -4) == '.php') { $parts = array_slice($parts, 0, count($parts) - 1); } if (defined('PMA_PATH_TO_BASEDIR')) { $parts = array_slice($parts, 0, count($parts) - 1); } $parts[] = ''; return implode('/', $parts); }",True,PHP,getCookiePath,Config.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-06-16 09:35:56+02:00,"Improve detection of script name In case PHP_SELF was not set by server, we used REQUEST_URI, which might embed PATH_INFO as well. However we really need to know the path without it, so let's strip it as well. Signed-off-by: Michal Čihař ",CWE-254,7PK - Security Features,"Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.",https://cwe.mitre.org/data/definitions/254.html,CVE-2016-5702,": htmlspecialchars($host['User'])) . '' . ""\n"" . '' . htmlspecialchars($host['Host']) . '' . ""\n""; $html_output .= ''; $password_column = 'Password'; $check_plugin_query = ""SELECT * FROM `mysql`.`user` WHERE "" . ""`User` = '"" . $host['User'] . ""' AND `Host` = '"" . $host['Host'] . ""'""; $res = $GLOBALS['dbi']->fetchSingleRow($check_plugin_query); if ((isset($res['authentication_string']) && ! empty($res['authentication_string'])) || (isset($res['Password']) && ! empty($res['Password'])) ) { $host[$password_column] = 'Y'; } else { $host[$password_column] = 'N'; } switch ($host[$password_column]) { case 'Y': $html_output .= __('Yes'); break; case 'N': $html_output .= ''; break; default: $html_output .= '--'; break; } $html_output .= '' . ""\n""; $html_output .= '' . ""\n"" . '' . implode(',' . ""\n"" . ' ', $host['privs']) . ""\n"" . '' . ""\n""; if ($cfgRelation['menuswork']) { $html_output .= '' . ""\n"" . (isset($group_assignment[$host['User']]) ? htmlspecialchars($group_assignment[$host['User']]) : '' ) . '' . ""\n""; }" 241,$v = trim($v); if ($v !== '') { $_POST[$key][] = $v; } } },True,PHP,trim,FormDisplay.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-06-17 09:12:28+02:00,"Properly convert POST parameters We can get array instead of single parameter, so handle this gracefully. Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5730,"$key_str .= urlencode(""key[{$v}]"") . '=' . urlencode($rs->fields[$v]); } if ($has_nulls) { echo "" \n""; } else { echo ""{$lang['stredit']}\n""; echo ""{$lang['strdelete']}\n""; } } print printTableRowCells($rs, $fkey_information, isset($object)); echo ""\n""; $rs->moveNext(); $i++; } echo ""\n""; echo ""

    "", $rs->recordCount(), "" {$lang['strrows']}

    \n""; $misc->printPages($_REQUEST['page'], $max_pages, ""display.php?page=%s&{$gets}&{$getsort}&strings="" . urlencode($_REQUEST['strings'])); } else echo ""

    {$lang['strnodata']}

    \n""; echo ""\n""; }" 247,"public static function validateRegex($path, $values) { $result = array($path => ''); if ($values[$path] == '') { return $result; } static::testPHPErrorMsg(); $matches = array(); preg_match('/' . $values[$path] . '/', '', $matches); static::testPHPErrorMsg(false); if (isset($php_errormsg)) { $error = preg_replace('/^preg_match\(\): /', '', $php_errormsg); return array($path => $error); } return $result; }",True,PHP,validateRegex,Validator.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-06-17 10:14:13+02:00,"Validate input of validator We can not trust the input here, so we can expect anything and deal with missing parameters or invalid values. Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5730,"function realCharForNumericEntities($matches) { $newstringnumentity = $matches[1]; if (preg_match('/^x/i', $newstringnumentity)) { $newstringnumentity = hexdec(preg_replace('/;$/', '', preg_replace('/^x/i', '', $newstringnumentity))); } if (($newstringnumentity >= 65 && $newstringnumentity <= 90) || ($newstringnumentity >= 97 && $newstringnumentity <= 122)) { return chr((int) $newstringnumentity); } return '& }" 249,"public static function validatePMAStorage($path, $values) { $result = array( 'Server_pmadb' => '', 'Servers/1/controluser' => '', 'Servers/1/controlpass' => '' ); $error = false; if ($values['Servers/1/pmadb'] == '') { return $result; } $result = array(); if ($values['Servers/1/controluser'] == '') { $result['Servers/1/controluser'] = __( 'Empty phpMyAdmin control user while using phpMyAdmin configuration ' . 'storage!' ); $error = true; } if ($values['Servers/1/controlpass'] == '') { $result['Servers/1/controlpass'] = __( 'Empty phpMyAdmin control user password while using phpMyAdmin ' . 'configuration storage!' ); $error = true; } if (! $error) { $test = static::testDBConnection( $values['Servers/1/connect_type'], $values['Servers/1/host'], $values['Servers/1/port'], $values['Servers/1/socket'], $values['Servers/1/controluser'], $values['Servers/1/controlpass'], 'Server_pmadb' ); if ($test !== true) { $result = array_merge($result, $test); } } return $result; }",True,PHP,validatePMAStorage,Validator.php,https://github.com/phpmyadmin/phpmyadmin,phpmyadmin,Michal Čihař,2016-06-17 10:14:13+02:00,"Validate input of validator We can not trust the input here, so we can expect anything and deal with missing parameters or invalid values. Signed-off-by: Michal Čihař ",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2016-5730,"function test_sql_and_script_inject($val, $type) { $inj = 0; if ($type != 2) { $inj += preg_match('/updatexml^(/i', $val); $inj += preg_match('/delete\s+from/i', $val); $inj += preg_match('/create\s+table/i', $val); $inj += preg_match('/update.+set.+=/i', $val); $inj += preg_match('/insert\s+into/i', $val); $inj += preg_match('/select.+from/i', $val); $inj += preg_match('/union.+select/i', $val); $inj += preg_match('/into\s+(outfile|dumpfile)/i', $val); $inj += preg_match('/(\.\.%2f)+/i', $val); } $inj += preg_match('/'; } }",True,PHP,cntctfrm_admin_head,contact_form.php,https://github.com/wp-plugins/contact-form-plugin,wp-plugins,bestwebsoft,2014-08-07 16:23:48+00:00,"V3.82 - Security Exploit was fixed. The French language file is updated. git-svn-id: https://plugins.svn.wordpress.org/contact-form-plugin/trunk@961828 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-125095,"function buddystream_init() { global $bp; define('BP_BUDDYSTREAM_VERSION', '2.6.3'); define('BP_BUDDYSTREAM_IS_INSTALLED', 1); define('BP_BUDDYSTREAM_DIR', dirname(__FILE__)); define('BP_BUDDYSTREAM_URL', $bp->root_domain.""/"".str_replace(ABSPATH,"""",dirname(__FILE__))); buddyStreamLoadTranslations(); buddyStreamInitDatabase(); buddyStreamInitSettings(); include_once('lib/BuddyStreamCurl.php'); include_once('lib/BuddyStreamOAuth.php'); include_once('lib/BuddyStreamLog.php'); include_once('lib/BuddyStreamExtensions.php'); include_once('lib/BuddyStreamFilters.php'); include_once('lib/BuddyStreamSupport.php'); include_once('lib/BuddyStreamPageLoader.php'); include_once('lib/BuddyStreamCore.php'); }" 393,"function hd_add_playlist() { global $wpdb; $p_name = addslashes(trim($_POST['p_name'])); $p_description = addslashes(trim($_POST['p_description'])); $p_playlistorder = $_POST['sortorder']; if (empty($p_playlistorder)) $p_playlistorder = ""ASC""; $playlistname1 = ""select playlist_name from "" . $wpdb->prefix . ""hdflv_playlist where playlist_name='"" . $p_name . ""'""; $planame1 = mysql_query($playlistname1); if (mysql_fetch_array($planame1, MYSQL_NUM)) { render_error(__('Failed, Playlist name already exist', 'hdflv')); return; } if (!empty($p_name)) { $insert_plist = $wpdb->query("" INSERT INTO "" . $wpdb->prefix . ""hdflv_playlist (playlist_name, playlist_desc, playlist_order) VALUES ('$p_name', '$p_description', '$p_playlistorder')""); if ($insert_plist != 0) { $pid = $wpdb->insert_id; render_message(__('Playlist', 'hdflv') . ' ' . $p_name . __(' added successfully', 'hdflv')); } } return; }",True,PHP,hd_add_playlist,functions.php,https://github.com/wp-plugins/contus-hd-flv-player,wp-plugins,hdflvplayer,2012-07-24 08:31:46+00:00,"vulnerabilities issues fixed in trunk folder git-svn-id: https://plugins.svn.wordpress.org/contus-hd-flv-player/trunk@576511 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2012-10011,"function getUserInformation($user_id) { $user_id = escape($user_id); $result = mysql_query(""SELECT username, email, name FROM users WHERE id='$user_id'""); if($row = mysql_fetch_array($result)) { return array($row[0], $row[1], $row[2]); } else { return FALSE; } }" 395,"function hd_update_playlist() { global $wpdb; $p_id = (int) ($_POST['p_id']); $p_name = addslashes(trim($_POST['p_name'])); $p_description = addslashes(trim($_POST['p_description'])); $p_playlistorder = $_POST['sortorder']; $siteUrl = 'admin.php?page=hdflvplaylist'.$_GET['page'].'&mode='.$_GET['mode'].'&sus=1'; if (!empty($p_name)) { $wpdb->query("" UPDATE "" . $wpdb->prefix . ""hdflv_playlist SET playlist_name = '$p_name', playlist_desc = '$p_description', playlist_order = '$p_playlistorder' WHERE pid = '$p_id' ""); render_message(__('Playlist', 'hdflv') . ' ' . $p_name.' '.__('Update Successfully', 'hdflv')); } return; }",True,PHP,hd_update_playlist,functions.php,https://github.com/wp-plugins/contus-hd-flv-player,wp-plugins,hdflvplayer,2012-07-24 08:31:46+00:00,"vulnerabilities issues fixed in trunk folder git-svn-id: https://plugins.svn.wordpress.org/contus-hd-flv-player/trunk@576511 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2012-10011,"function checkLogin($username, $password) { if(!checkLock(""checkuser"")) { return -2; } $config = $GLOBALS['config']; if(!$config['app_enabled']) { return -3; } $username = escape($username); $password = escape(chash($password)); $result = mysql_query(""SELECT id,password FROM users WHERE username='"" . $username . ""'""); if($row = mysql_fetch_array($result)) { if(strcmp($password, $row['password']) == 0) { $loginTime = time(); mysql_query(""UPDATE users SET accessed = '$loginTime' WHERE id = '"" . $row['id'] . ""'""); return $row['id']; } else { lockAction(""checkuser""); return -1; } } else { lockAction(""checkuser""); return -1; } }" 396,"function hd_update_thumb($wptfile_abspath,$showPath,$updateID) { global $wpdb; $uploadPath = $wpdb->get_col(""SELECT upload_path FROM "" . $wpdb->prefix . ""hdflv_settings""); $uPath = $uploadPath[0]; if($uPath != ''){ $wp_urlpath = $wptfile_abspath.$uPath.'/'; }else{ $wp_urlpath = $wptfile_abspath.'/'; } if ($_FILES [""edit_thumb""][""error""] == 0 && $_FILES [""edit_thumb""][""type""]== 'image/jpeg' || $_FILES [""edit_thumb""][""type""]== 'image/gif' || $_FILES [""edit_thumb""][""type""]== 'image/pjpeg' || $_FILES [""edit_thumb""][""type""]== 'image/png') { $cname = $_FILES[""edit_thumb""][""name""]; $tname = $_FILES[""edit_thumb""][""tmp_name""]; $random_digit = rand(0000,9999); $new_file_name=$random_digit.'_'.$cname; if(move_uploaded_file($tname ,$wp_urlpath . $new_file_name)){ $updated_thumb=$new_file_name; } } if($uPath != ''){ $wp_showPath = $showPath.$uPath.'/'; }else{ $wp_showPath = $showPath.'/'; } $updated_thumb_value = $wp_showPath.$updated_thumb; $wpdb->query("" UPDATE "" . $wpdb->prefix . ""hdflv SET image= '$updated_thumb_value' WHERE vid = '$updateID'""); render_message(__('Image Update Successfully', 'hdflv')); return; }",True,PHP,hd_update_thumb,functions.php,https://github.com/wp-plugins/contus-hd-flv-player,wp-plugins,hdflvplayer,2012-07-24 08:31:46+00:00,"vulnerabilities issues fixed in trunk folder git-svn-id: https://plugins.svn.wordpress.org/contus-hd-flv-player/trunk@576511 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2012-10011,"function findPostWhereLike($title = """") { $title = strtolower($title); $where = "" (post_type = 'post' OR post_type = 'page') AND post_status = 'publish' AND (LOWER(post_title) like '%"".$title.""%')""; return $where; }" 398,"function hd_update_preview($wptfile_abspath,$showPath,$updateID) { global $wpdb; $uploadPath = $wpdb->get_col(""SELECT upload_path FROM "" . $wpdb->prefix . ""hdflv_settings""); $uPath = $uploadPath[0]; if($uPath != ''){ $wp_urlpath = $wptfile_abspath.$uPath.'/'; }else{ $wp_urlpath = $wptfile_abspath.'/'; } if ($_FILES [""edit_preview""][""error""] == 0 && $_FILES [""edit_preview""][""type""]== 'image/jpeg' || $_FILES [""edit_preview""][""type""]== 'image/gif' || $_FILES [""edit_preview""][""type""]== 'image/pjpeg' || $_FILES [""edit_preview""][""type""]== 'image/png' ) { $cname = $_FILES[""edit_preview""][""name""]; $tname = $_FILES[""edit_preview""][""tmp_name""]; $random_digit = rand(0000,9999); $new_file_name=$random_digit.'_'.$cname; if(move_uploaded_file($tname ,$wp_urlpath . $new_file_name)){ $updated_preview = $new_file_name; } } if($uPath != ''){ $wp_showPath = $showPath.$uPath.'/'; }else{ $wp_showPath = $showPath.'/'; } $updated_preview_value = $wp_showPath.$updated_preview; $wpdb->query("" UPDATE "" . $wpdb->prefix . ""hdflv SET opimage= '$updated_preview_value' WHERE vid = '$updateID'""); render_message(__('Image Update Successfully', 'hdflv')); return; }",True,PHP,hd_update_preview,functions.php,https://github.com/wp-plugins/contus-hd-flv-player,wp-plugins,hdflvplayer,2012-07-24 08:31:46+00:00,"vulnerabilities issues fixed in trunk folder git-svn-id: https://plugins.svn.wordpress.org/contus-hd-flv-player/trunk@576511 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2012-10011,"function findPostWhereLikeNameTitle($title = """") { $title = strtolower($title); $where .= "" (post_type = 'post' OR post_type = 'page') AND post_status = 'publish' AND (LOWER(post_name) like '%"".$title.""%' OR post_title like '%"".$title.""%')""; return $where; }" 409," $value ) { ?> ",True,PHP,foreach,bws_menu.php,https://github.com/wp-plugins/facebook-button-plugin,wp-plugins,bestwebsoft,2014-08-13 12:20:42+00:00,"V2.34 - Security Exploit was fixed. git-svn-id: https://plugins.svn.wordpress.org/facebook-button-plugin/trunk@965089 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-125097,"function cntctfrm_admin_head() { if ( isset( $_REQUEST['page'] ) && ( 'contact_form.php' == $_REQUEST['page'] ) ) { global $wp_version; wp_enqueue_style( 'cntctfrm_stylesheet', plugins_url( 'css/style.css', __FILE__ ) ); if ( 3.5 > $wp_version ) wp_enqueue_script( 'cntctfrm_script', plugins_url( 'js/script_wp_before_3.5.js', __FILE__ ) ); else wp_enqueue_script( 'cntctfrm_script', plugins_url( 'js/script.js', __FILE__ ) ); echo ''; } }" 413,"function fcbkbttn_update_option() { global $fcbkbttn_options; if ( 'standart' == $fcbkbttn_options['display_option'] ) { $fb_img_link = plugins_url( 'images/standart-facebook-ico.png', __FILE__ ); } else if ( 'custom' == $fcbkbttn_options['display_option'] ) { $upload_dir = wp_upload_dir(); $fb_img_link = $upload_dir['baseurl'] . '/facebook-image/facebook-ico' . $fcbkbttn_options['count_icon'] . '.' . $fcbkbttn_options['extention']; } $fcbkbttn_options['fb_img_link'] = $fb_img_link ; update_option( 'fcbk_bttn_plgn_options', $fcbkbttn_options ); }",True,PHP,fcbkbttn_update_option,facebook-button-plugin.php,https://github.com/wp-plugins/facebook-button-plugin,wp-plugins,bestwebsoft,2014-08-13 12:20:42+00:00,"V2.34 - Security Exploit was fixed. git-svn-id: https://plugins.svn.wordpress.org/facebook-button-plugin/trunk@965089 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-125097,"function hd_add_playlist() { global $wpdb; $p_name = strip_tags(trim($_POST['p_name'])); $p_name = preg_replace(""/[^a-zA-Z0-9\/_-\s]/"", '', $p_name); $p_description = strip_tags(trim($_POST['p_description'])); $p_playlistorder = $_POST['sortorder']; if (empty($p_playlistorder)) $p_playlistorder = ""ASC""; $playlistname1 = ""select playlist_name from "" . $wpdb->prefix . ""hdflv_playlist where playlist_name='"" . $p_name . ""'""; $planame1 = mysql_query($playlistname1); if (mysql_fetch_array($planame1, MYSQL_NUM)) { render_error(__('Failed, Playlist name already exist', 'hdflv')); return; } if (!empty($p_name)) { $insert_plist = $wpdb->query("" INSERT INTO "" . $wpdb->prefix . ""hdflv_playlist (playlist_name, playlist_desc, playlist_order) VALUES ('$p_name', '$p_description', '$p_playlistorder')""); if ($insert_plist != 0) { $pid = $wpdb->insert_id; render_message(__('Playlist', 'hdflv') . ' ' . $p_name . __(' added successfully', 'hdflv')); } } return; }" 415,"function backend_localization_set_login_language(){ setcookie('kau-boys_backend_localization_language', """", time() - 3600, '/'); setcookie('kau-boys_backend_localization_language', $_REQUEST['kau-boys_backend_localization_language'], time()+60*60*24*30, '/'); }",True,PHP,backend_localization_set_login_language,backend_localization.php,https://github.com/wp-plugins/kau-boys-backend-localization,wp-plugins,Kau-Boy,2012-07-30 23:01:34+00:00,"Adding Version 2.0: Adding some new languages. Fixing link to switch languages in backend. Thanks to Justin! Fixing XSS vulnerabilities. Many Thanks to Matt Fuller from MOZILLA! git-svn-id: https://plugins.svn.wordpress.org/kau-boys-backend-localization/trunk@579507 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-10013,"function hd_update_playlist() { global $wpdb; $p_id = (int) ($_POST['p_id']); $p_name = strip_tags(trim($_POST['p_name'])); $p_name = preg_replace(""/[^a-zA-Z0-9\/_-\s]/"", '', $p_name); $p_description = strip_tags(trim($_POST['p_description'])); $p_playlistorder = $_POST['sortorder']; $siteUrl = 'admin.php?page=hdflvplaylist'.$_GET['page'].'&mode='.$_GET['mode'].'&sus=1'; if (!empty($p_name)) { $wpdb->query("" UPDATE "" . $wpdb->prefix . ""hdflv_playlist SET playlist_name = '$p_name', playlist_desc = '$p_description', playlist_order = '$p_playlistorder' WHERE pid = '$p_id' ""); render_message(__('Playlist', 'hdflv') . ' ' . $p_name.' '.__('Update Successfully', 'hdflv')); } return; }" 416,"function backend_localization_admin_settings(){ global $wp_locale_all, $wp_version; if(isset($_POST['save'])){ update_option('kau-boys_backend_localization_loginselect', $_POST['kau-boys_backend_localization_loginselect']); } $loginselect = get_option('kau-boys_backend_localization_loginselect'); $backend_locale = backend_localization_get_locale(); if(empty($backend_locale)) $backend_locale = 'en_US'; ?>

    Kau-Boy's Backend Localization

    />

    "" id=""kau-boys_backend_localization_language_"" name=""kau-boys_backend_localization_language"" />

    "" />

    get_col(""SELECT upload_path FROM "" . $wpdb->prefix . ""hdflv_settings""); $uPath = $uploadPath[0]; $uploadStatus = ''; if($uPath != ''){ $wp_urlpath = $wptfile_abspath.$uPath.'/'; }else{ $wp_urlpath = $wptfile_abspath.'/'; } if ($_FILES [""edit_thumb""][""error""] == 0 && $_FILES [""edit_thumb""][""type""]== 'image/jpeg' || $_FILES [""edit_thumb""][""type""]== 'image/gif' || $_FILES [""edit_thumb""][""type""]== 'image/pjpeg' || $_FILES [""edit_thumb""][""type""]== 'image/png') { $cname = $_FILES[""edit_thumb""][""name""]; $tname = $_FILES[""edit_thumb""][""tmp_name""]; $random_digit = rand(0000,9999); $new_file_name=$random_digit.'_'.$cname; if(move_uploaded_file($tname ,$wp_urlpath . $new_file_name)){ $uploadStatus = true; $updated_thumb=$new_file_name; } }else{ $uploadStatus = false; render_error(__('Invalid File Format Uploaded', 'hdflv')); } if($uPath != ''){ $wp_showPath = $showPath.$uPath.'/'; }else{ $wp_showPath = $showPath.'/'; } if($uploadStatus == '1'){ $updated_thumb_value = $wp_showPath.$updated_thumb; $wpdb->query("" UPDATE "" . $wpdb->prefix . ""hdflv SET image= '$updated_thumb_value' WHERE vid = '$updateID'""); render_message(__('Image Update Successfully', 'hdflv')); return; } }" 417,"$fileParts = pathinfo($file); if($fileParts['extension'] == 'mo' && (strlen($fileParts['filename']) <= 5)){ $fileParts['filename'] = substr($fileParts['basename'], 0,strpos($fileParts['basename'],'.')); $backend_locale_array[] = $fileParts['filename']; } } } if(!in_array('en_US', $backend_locale_array)){ $backend_locale_array[] = 'en_US'; } sort($backend_locale_array); return $backend_locale_array; }",True,PHP,pathinfo,backend_localization.php,https://github.com/wp-plugins/kau-boys-backend-localization,wp-plugins,Kau-Boy,2012-07-30 23:01:34+00:00,"Adding Version 2.0: Adding some new languages. Fixing link to switch languages in backend. Thanks to Justin! Fixing XSS vulnerabilities. Many Thanks to Matt Fuller from MOZILLA! git-svn-id: https://plugins.svn.wordpress.org/kau-boys-backend-localization/trunk@579507 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-10013,"function hd_update_preview($wptfile_abspath,$showPath,$updateID) { global $wpdb; $uploadPath = $wpdb->get_col(""SELECT upload_path FROM "" . $wpdb->prefix . ""hdflv_settings""); $uPath = $uploadPath[0]; $uploadStatus = ''; if($uPath != ''){ $wp_urlpath = $wptfile_abspath.$uPath.'/'; }else{ $wp_urlpath = $wptfile_abspath.'/'; } if ($_FILES [""edit_preview""][""error""] == 0 && $_FILES [""edit_preview""][""type""]== 'image/jpeg' || $_FILES [""edit_preview""][""type""]== 'image/gif' || $_FILES [""edit_preview""][""type""]== 'image/pjpeg' || $_FILES [""edit_preview""][""type""]== 'image/png' ) { $cname = $_FILES[""edit_preview""][""name""]; $tname = $_FILES[""edit_preview""][""tmp_name""]; $random_digit = rand(0000,9999); $new_file_name=$random_digit.'_'.$cname; if(move_uploaded_file($tname ,$wp_urlpath . $new_file_name)){ $uploadStatus = true; $updated_preview = $new_file_name; } }else{ $uploadStatus = false; render_error(__('Invalid File Format Uploaded', 'hdflv')); } if($uPath != ''){ $wp_showPath = $showPath.$uPath.'/'; }else{ $wp_showPath = $showPath.'/'; } if($uploadStatus == '1'){ $updated_preview_value = $wp_showPath.$updated_preview; $wpdb->query("" UPDATE "" . $wpdb->prefix . ""hdflv SET opimage= '$updated_preview_value' WHERE vid = '$updateID'""); render_message(__('Image Update Successfully', 'hdflv')); return; } }" 427,"function backend_localization_save_setting(){ if(isset($_REQUEST['kau-boys_backend_localization_language'])){ setcookie('kau-boys_backend_localization_language', $_REQUEST['kau-boys_backend_localization_language'], time()+60*60*24*30, '/'); } return true; }",True,PHP,backend_localization_save_setting,backend_localization.php,https://github.com/wp-plugins/kau-boys-backend-localization,wp-plugins,Kau-Boy,2012-07-30 23:01:34+00:00,"Adding Version 2.0: Adding some new languages. Fixing link to switch languages in backend. Thanks to Justin! Fixing XSS vulnerabilities. Many Thanks to Matt Fuller from MOZILLA! git-svn-id: https://plugins.svn.wordpress.org/kau-boys-backend-localization/trunk@579507 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-10013,"function fcbkbttn_settings() { global $wpmu, $fcbkbttn_options, $fcbkbttn_plugin_info; if ( ! $fcbkbttn_plugin_info ) { if ( ! function_exists( 'get_plugin_data' ) ) require_once( ABSPATH . 'wp-admin/includes/plugin.php' ); $fcbkbttn_plugin_info = get_plugin_data( __FILE__ ); } $fcbkbttn_options_default = array( 'plugin_option_version' => $fcbkbttn_plugin_info[""Version""], 'link' => '', 'my_page' => 1, 'like' => 1, 'share' => 0, 'where' => '', 'display_option' => 'standard', 'count_icon' => 1, 'extention' => 'png', 'fb_img_link' => plugins_url( ""images/standard-facebook-ico.png"", __FILE__ ), 'locale' => 'en_US', 'html5' => 0 ); if ( 1 == $wpmu ) { if ( ! get_site_option( 'fcbk_bttn_plgn_options' ) ) { if ( false !== get_site_option( 'fcbk_bttn_plgn_options_array' ) ) { $old_options = get_site_option( 'fcbk_bttn_plgn_options_array' ); foreach ( $fcbkbttn_options_default as $key => $value ) { if ( isset( $old_options['fcbk_bttn_plgn_' . $key] ) ) $fcbkbttn_options_default[$key] = $old_options['fcbk_bttn_plgn_' . $key]; } update_site_option( 'fcbk_bttn_plgn_options', $fcbkbttn_options_default ); delete_site_option( 'fcbk_bttn_plgn_options_array' ); } add_site_option( 'fcbk_bttn_plgn_options', $fcbkbttn_options_default, '', 'yes' ); } } else { if ( ! get_option( 'fcbk_bttn_plgn_options' ) ) { if ( false !== get_option( 'fcbk_bttn_plgn_options_array' ) ) { $old_options = get_option( 'fcbk_bttn_plgn_options_array' ); foreach ( $fcbkbttn_options_default as $key => $value ) { if ( isset( $old_options['fcbk_bttn_plgn_' . $key] ) ) $fcbkbttn_options_default[$key] = $old_options['fcbk_bttn_plgn_' . $key]; } update_option( 'fcbk_bttn_plgn_options', $fcbkbttn_options_default ); delete_option( 'fcbk_bttn_plgn_options_array' ); } add_option( 'fcbk_bttn_plgn_options', $fcbkbttn_options_default, '', 'yes' ); } } $fcbkbttn_options = ( 1 == $wpmu ) ? get_site_option( 'fcbk_bttn_plgn_options' ) : get_option( 'fcbk_bttn_plgn_options' ); if ( ! isset( $fcbkbttn_options['plugin_option_version'] ) || $fcbkbttn_options['plugin_option_version'] != $fcbkbttn_plugin_info[""Version""] ) { if ( stristr( $fcbkbttn_options['fb_img_link'], 'standart-facebook-ico.jpg' ) || stristr( $fcbkbttn_options['fb_img_link'], 'standart-facebook-ico.png' ) ) $fcbkbttn_options['fb_img_link'] = plugins_url( ""images/standard-facebook-ico.png"", __FILE__ ); if ( 'standart' == $fcbkbttn_options['display_option'] ) $fcbkbttn_options['display_option'] = 'standard'; if ( stristr( $fcbkbttn_options['fb_img_link'], 'img/' ) ) $fcbkbttn_options['fb_img_link'] = plugins_url( str_replace( 'img/', 'images/', $fcbkbttn_options['fb_img_link'] ), __FILE__ ); $fcbkbttn_options = array_merge( $fcbkbttn_options_default, $fcbkbttn_options ); $fcbkbttn_options['plugin_option_version'] = $fcbkbttn_plugin_info[""Version""]; update_option( 'fcbk_bttn_plgn_options', $fcbkbttn_options ); } }" 428,function backend_localization_get_locale(){ return isset($_REQUEST['kau-boys_backend_localization_language']) ? $_REQUEST['kau-boys_backend_localization_language'] : ( isset($_COOKIE['kau-boys_backend_localization_language']) ? $_COOKIE['kau-boys_backend_localization_language'] : get_option('kau-boys_backend_localization_language')); },True,PHP,backend_localization_get_locale,backend_localization.php,https://github.com/wp-plugins/kau-boys-backend-localization,wp-plugins,Kau-Boy,2012-07-30 23:01:34+00:00,"Adding Version 2.0: Adding some new languages. Fixing link to switch languages in backend. Thanks to Justin! Fixing XSS vulnerabilities. Many Thanks to Matt Fuller from MOZILLA! git-svn-id: https://plugins.svn.wordpress.org/kau-boys-backend-localization/trunk@579507 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-10013,"function fcbkbttn_update_option() { global $fcbkbttn_options; if ( 'standard' == $fcbkbttn_options['display_option'] ) { $fb_img_link = plugins_url( 'images/standard-facebook-ico.png', __FILE__ ); } else if ( 'custom' == $fcbkbttn_options['display_option'] ) { $upload_dir = wp_upload_dir(); $fb_img_link = $upload_dir['baseurl'] . '/facebook-image/facebook-ico' . $fcbkbttn_options['count_icon'] . '.' . $fcbkbttn_options['extention']; } $fcbkbttn_options['fb_img_link'] = $fb_img_link ; update_option( 'fcbk_bttn_plgn_options', $fcbkbttn_options ); }" 431,function localize_backend($locale){ if(defined('WP_ADMIN') || (isset($_REQUEST['pwd']) && isset($_REQUEST['kau-boys_backend_localization_language']))) { $locale = backend_localization_get_locale(); } return $locale; },True,PHP,localize_backend,backend_localization.php,https://github.com/wp-plugins/kau-boys-backend-localization,wp-plugins,Kau-Boy,2012-07-30 23:01:34+00:00,"Adding Version 2.0: Adding some new languages. Fixing link to switch languages in backend. Thanks to Justin! Fixing XSS vulnerabilities. Many Thanks to Matt Fuller from MOZILLA! git-svn-id: https://plugins.svn.wordpress.org/kau-boys-backend-localization/trunk@579507 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-10013,"function backend_localization_set_login_language(){ setcookie( 'kau-boys_backend_localization_language', """", time() - 3600, '/' ); setcookie( 'kau-boys_backend_localization_language', backend_localization_filter_var( $_REQUEST['kau-boys_backend_localization_language'] ), time()+60*60*24*30, '/' ); }" 434,"function backend_localization_filter_plugin_actions($links, $file){ static $this_plugin; if (!$this_plugin) $this_plugin = plugin_basename(__FILE__); if ($file == $this_plugin){ $settings_link = ''.__('Settings').''; array_unshift($links, $settings_link); } return $links; }",True,PHP,backend_localization_filter_plugin_actions,backend_localization.php,https://github.com/wp-plugins/kau-boys-backend-localization,wp-plugins,Kau-Boy,2012-07-30 23:01:34+00:00,"Adding Version 2.0: Adding some new languages. Fixing link to switch languages in backend. Thanks to Justin! Fixing XSS vulnerabilities. Many Thanks to Matt Fuller from MOZILLA! git-svn-id: https://plugins.svn.wordpress.org/kau-boys-backend-localization/trunk@579507 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-10013,"function backend_localization_admin_settings(){ global $wp_locale_all, $wp_version; if( isset($_POST['save'] ) ) { update_option( 'kau-boys_backend_localization_loginselect', $_POST['kau-boys_backend_localization_loginselect'] ); } $loginselect = get_option( 'kau-boys_backend_localization_loginselect' ); $backend_locale = backend_localization_get_locale(); if(isset($_GET['godashboard'])) { echo '

    ' . __( 'Switching Language', 'backend-localization' ) . '

    ' . sprintf( __( 'Switching language to %1$s... If the Dashboard isn\'t loading, use this link.', 'backend-localization' ), $wp_locale_all[$locale_value], admin_url() ) . ''; exit(); } if( empty( $backend_locale ) ) $backend_locale = 'en_US'; ?>

    Kau-Boy's Backend Localization

    />

    "" id=""kau-boys_backend_localization_language_"" name=""kau-boys_backend_localization_language"" />

    "" />

    ' . __( 'Switching Language', 'backend-localization' ) . '' . sprintf( __( 'Switching language to %1$s... If the Dashboard isn\'t loading, use this link.', 'backend-localization' ), $wp_locale_all[$locale_value], admin_url() ) . ''; exit(); } if( empty( $backend_locale ) ) $backend_locale = 'en_US'; ?>

    Kau-Boy's Backend Localization

    />

    "" id=""kau-boys_backend_localization_language_"" name=""kau-boys_backend_localization_language"" />

    "" />

    $value ) { ?> ",True,PHP,foreach,bws_menu.php,https://github.com/wp-plugins/twitter-plugin,wp-plugins,bestwebsoft,2014-08-07 15:47:35+00:00,"V2.37 - Security Exploit was fixed. git-svn-id: https://plugins.svn.wordpress.org/twitter-plugin/trunk@961807 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-125103,function localize_backend($locale){ if( defined( 'WP_ADMIN' ) || ( isset( $_REQUEST['pwd'] ) && isset( $_REQUEST['kau-boys_backend_localization_language'] ) ) ){ $locale = backend_localization_get_locale(); } return $locale; } 446,@unlink ( $twttr_cstm_mg_folder . $value ); } @rmdir( $twttr_cstm_mg_folder ); } delete_option( 'twttr_options' ); delete_site_option( 'twttr_options' ); },True,PHP,unlink,twitter.php,https://github.com/wp-plugins/twitter-plugin,wp-plugins,bestwebsoft,2014-08-07 15:47:35+00:00,"V2.37 - Security Exploit was fixed. git-svn-id: https://plugins.svn.wordpress.org/twitter-plugin/trunk@961807 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2014-125103,"function backend_localization_filter_plugin_actions( $links, $file ){ static $this_plugin; if ( !$this_plugin ) $this_plugin = plugin_basename( __FILE__ ); if ( $file == $this_plugin ){ $settings_link = '' . __( 'Settings' ) . ''; array_unshift( $links, $settings_link ); } return $links; }" 448,"function twttr_settings_page () { global $twttr_options_array; $message = """"; $error = """"; if ( isset ( $_REQUEST['twttr_position'] ) && isset ( $_REQUEST['twttr_url_twitter'] ) ) { $twttr_options_array['twttr_url_twitter'] = $_REQUEST['twttr_url_twitter']; $twttr_options_array['twttr_position'] = $_REQUEST['twttr_position']; update_option ( ""twttr_options_array"", $twttr_options_array ); $message = __( ""Options saved."", 'twitter' ); } ?>

    >

    >

    '/>

    &
    />
    />

    "" />
    header->addJS('minified.js', 'core', false); } else { $this->header->addJS('jquery/jquery.js', 'core'); $this->header->addJS('jquery/jquery.ui.js', 'core'); $this->header->addJS('jquery/jquery.ui.dialog.patch.js', 'core'); $this->header->addJS('jquery/jquery.tools.js', 'core'); $this->header->addJS('jquery/jquery.backend.js', 'core'); } $this->header->addJS('utils.js', 'core', true); $this->header->addJS('backend.js', 'core', true); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getModule() . '.js')) { $this->header->addJS($this->getModule() . '.js', null, true); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getAction() . '.js')) { $this->header->addJS($this->getAction() . '.js', null, true); } if(!SPOON_DEBUG && SpoonFile::exists(BACKEND_CORE_PATH . '/layout/css/minified.css')) { $this->header->addCSS('minified.css', 'core'); } else { $this->header->addCSS('reset.css', 'core'); $this->header->addCSS('jquery_ui/fork/jquery_ui.css', 'core'); $this->header->addCSS('debug.css', 'core'); $this->header->addCSS('screen.css', 'core'); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/layout/css/' . $this->getModule() . '.css')) { $this->header->addCSS($this->getModule() . '.css', null); } $var = $this->getParameter('var', 'array'); if($this->getParameter('report') !== null) { $this->tpl->assign('report', true); $messageName = SpoonFilter::toCamelCase($this->getParameter('report'), '-'); if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); else $this->tpl->assign('reportMessage', BL::msg($messageName)); if($this->getParameter('highlight')) $this->tpl->assign('highlight', $this->getParameter('highlight')); } if($this->getParameter('error') !== null) { $errorName = SpoonFilter::toCamelCase($this->getParameter('error'), '-'); if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); else $this->tpl->assign('errorMessage', BL::err($errorName)); } }",True,PHP,execute,base.php,https://github.com/forkcms/forkcms,forkcms,Frederik Heyninck,2012-02-13 20:23:02+01:00,This should fix the backend XSS.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-1208,"function backend_localization_set_login_language(){ setcookie( 'kau-boys_backend_localization_language', """", time() - 3600, '/' ); setcookie( 'kau-boys_backend_localization_language', htmlspecialchars( $_REQUEST['kau-boys_backend_localization_language'] ), time()+60*60*24*30, '/' ); }" 452,"public function execute() { if(!SPOON_DEBUG && SpoonFile::exists(BACKEND_CORE_PATH . '/js/minified.js')) { $this->header->addJS('minified.js', 'core', false); } else { $this->header->addJS('jquery/jquery.js', 'core'); $this->header->addJS('jquery/jquery.ui.js', 'core'); $this->header->addJS('jquery/jquery.ui.dialog.patch.js', 'core'); $this->header->addJS('jquery/jquery.tools.js', 'core'); $this->header->addJS('jquery/jquery.backend.js', 'core'); } $this->header->addJS('utils.js', 'core', true); $this->header->addJS('backend.js', 'core', true); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getModule() . '.js')) { $this->header->addJS($this->getModule() . '.js', null, true); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getAction() . '.js')) { $this->header->addJS($this->getAction() . '.js', null, true); } if(!SPOON_DEBUG && SpoonFile::exists(BACKEND_CORE_PATH . '/layout/css/minified.css')) { $this->header->addCSS('minified.css', 'core'); } else { $this->header->addCSS('reset.css', 'core'); $this->header->addCSS('jquery_ui/fork/jquery_ui.css', 'core'); $this->header->addCSS('debug.css', 'core'); $this->header->addCSS('screen.css', 'core'); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/layout/css/' . $this->getModule() . '.css')) { $this->header->addCSS($this->getModule() . '.css', null); } $var = $this->getParameter('var', 'array'); if($this->getParameter('report') !== null) { $this->tpl->assign('report', true); $messageName = SpoonFilter::toCamelCase($this->getParameter('report'), '-'); if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); else $this->tpl->assign('reportMessage', BL::msg($messageName)); if($this->getParameter('highlight')) $this->tpl->assign('highlight', $this->getParameter('highlight')); } if($this->getParameter('error') !== null) { $errorName = SpoonFilter::toCamelCase($this->getParameter('error'), '-'); if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); else $this->tpl->assign('errorMessage', BL::err($errorName)); } }",True,PHP,execute,base.php,https://github.com/forkcms/forkcms,forkcms,Frederik Heyninck,2012-02-13 20:23:02+01:00,This should fix the backend XSS.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-1209,"function backend_localization_admin_settings(){ global $wp_locale_all, $wp_version; if( isset($_POST['save'] ) ) { update_option( 'kau-boys_backend_localization_loginselect', $_POST['kau-boys_backend_localization_loginselect'] ); } $loginselect = get_option( 'kau-boys_backend_localization_loginselect' ); $backend_locale = backend_localization_get_locale(); if( empty( $backend_locale ) ) $backend_locale = 'en_US'; if(isset($_GET['godashboard'])) { echo '

    ' . __( 'Switching Language', 'backend-localization' ) . '

    ' . sprintf( __( 'Switching language to %1$s... If the Dashboard isn\'t loading, use this link.', 'backend-localization' ), $wp_locale_all[$backend_locale], admin_url() ) . ''; exit(); } ?>

    Kau-Boy's Backend Localization

    />

    "" id=""kau-boys_backend_localization_language_"" name=""kau-boys_backend_localization_language"" />

    "" />

    header->addJS('jquery/jquery.js', 'core', false); $this->header->addJS('jquery/jquery.ui.js', 'core', false); $this->header->addJS('jquery/jquery.ui.dialog.patch.js', 'core'); $this->header->addJS('jquery/jquery.tools.js', 'core', false); $this->header->addJS('jquery/jquery.backend.js', 'core'); $this->header->addJS('utils.js', 'core'); $this->header->addJS('backend.js', 'core', false, true); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getModule() . '.js')) { $this->header->addJS($this->getModule() . '.js', null, false, true); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getAction() . '.js')) { $this->header->addJS($this->getAction() . '.js', null, false, true); } $this->header->addCSS('reset.css', 'core'); $this->header->addCSS('jquery_ui/fork/jquery_ui.css', 'core', false, false); $this->header->addCSS('screen.css', 'core'); $this->header->addCSS('debug.css', 'core'); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/layout/css/' . $this->getModule() . '.css')) { $this->header->addCSS($this->getModule() . '.css'); } $var = $this->getParameter('var', 'array'); if($this->getParameter('report') !== null) { $this->tpl->assign('report', true); $messageName = SpoonFilter::toCamelCase($this->getParameter('report'), '-'); if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); else $this->tpl->assign('reportMessage', BL::msg($messageName)); if($this->getParameter('highlight')) $this->tpl->assign('highlight', $this->getParameter('highlight')); } if($this->getParameter('error') !== null) { $errorName = SpoonFilter::toCamelCase($this->getParameter('error'), '-'); if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); else $this->tpl->assign('errorMessage', BL::err($errorName)); } }",True,PHP,execute,base.php,https://github.com/forkcms/forkcms,forkcms,Bauffman,2012-02-14 09:12:17+01:00,Disallow html in the report.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-1208,"function backend_localization_save_setting(){ if( isset( $_REQUEST['kau-boys_backend_localization_language'] ) ){ setcookie( 'kau-boys_backend_localization_language', htmlspecialchars( $_REQUEST['kau-boys_backend_localization_language'] ), time()+60*60*24*30, '/' ); } return true; }" 458,"public function execute() { $this->header->addJS('jquery/jquery.js', 'core', false); $this->header->addJS('jquery/jquery.ui.js', 'core', false); $this->header->addJS('jquery/jquery.ui.dialog.patch.js', 'core'); $this->header->addJS('jquery/jquery.tools.js', 'core', false); $this->header->addJS('jquery/jquery.backend.js', 'core'); $this->header->addJS('utils.js', 'core'); $this->header->addJS('backend.js', 'core', false, true); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getModule() . '.js')) { $this->header->addJS($this->getModule() . '.js', null, false, true); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getAction() . '.js')) { $this->header->addJS($this->getAction() . '.js', null, false, true); } $this->header->addCSS('reset.css', 'core'); $this->header->addCSS('jquery_ui/fork/jquery_ui.css', 'core', false, false); $this->header->addCSS('screen.css', 'core'); $this->header->addCSS('debug.css', 'core'); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/layout/css/' . $this->getModule() . '.css')) { $this->header->addCSS($this->getModule() . '.css'); } $var = $this->getParameter('var', 'array'); if($this->getParameter('report') !== null) { $this->tpl->assign('report', true); $messageName = strip_tags(SpoonFilter::toCamelCase($this->getParameter('report'), '-')); if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); else $this->tpl->assign('reportMessage', BL::msg($messageName)); if($this->getParameter('highlight')) $this->tpl->assign('highlight', $this->getParameter('highlight')); } if($this->getParameter('error') !== null) { $errorName = SpoonFilter::toCamelCase($this->getParameter('error'), '-'); if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); else $this->tpl->assign('errorMessage', BL::err($errorName)); } }",True,PHP,execute,base.php,https://github.com/forkcms/forkcms,forkcms,Bauffman,2012-02-14 09:16:47+01:00,Make sure the highlight string doesn't contain html tags.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-1209,@unlink ( $twttr_cstm_mg_folder . $value ); } @rmdir( $twttr_cstm_mg_folder ); } } delete_option( 'twttr_options' ); delete_site_option( 'twttr_options' ); } 460,"public function execute() { $this->header->addJS('jquery/jquery.js', 'core', false); $this->header->addJS('jquery/jquery.ui.js', 'core', false); $this->header->addJS('jquery/jquery.ui.dialog.patch.js', 'core'); $this->header->addJS('jquery/jquery.tools.js', 'core', false); $this->header->addJS('jquery/jquery.backend.js', 'core'); $this->header->addJS('utils.js', 'core'); $this->header->addJS('backend.js', 'core', false, true); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getModule() . '.js')) { $this->header->addJS($this->getModule() . '.js', null, false, true); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getAction() . '.js')) { $this->header->addJS($this->getAction() . '.js', null, false, true); } $this->header->addCSS('reset.css', 'core'); $this->header->addCSS('jquery_ui/fork/jquery_ui.css', 'core', false, false); $this->header->addCSS('screen.css', 'core'); $this->header->addCSS('debug.css', 'core'); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/layout/css/' . $this->getModule() . '.css')) { $this->header->addCSS($this->getModule() . '.css'); } $var = $this->getParameter('var', 'array'); if($this->getParameter('report') !== null) { $this->tpl->assign('report', true); $messageName = strip_tags(SpoonFilter::toCamelCase($this->getParameter('report'), '-')); if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); else $this->tpl->assign('reportMessage', BL::msg($messageName)); if($this->getParameter('highlight')) { $this->tpl->assign('highlight', strip_tags($this->getParameter('highlight'))); } } if($this->getParameter('error') !== null) { $errorName = SpoonFilter::toCamelCase($this->getParameter('error'), '-'); if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); else $this->tpl->assign('errorMessage', BL::err($errorName)); } }",True,PHP,execute,base.php,https://github.com/forkcms/forkcms,forkcms,Bauffman,2012-02-14 09:17:46+01:00,Make sure the error doesn't contain any html tags.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-1208,"function twttr_settings_page () { global $twttr_options_array; $message = """"; $error = """"; if ( isset ( $_REQUEST['twttr_position'] ) && isset ( $_REQUEST['twttr_url_twitter'] ) && check_admin_referer( plugin_basename(__FILE__), 'twttr_nonce_name' ) ) { $twttr_options_array['twttr_url_twitter'] = $_REQUEST['twttr_url_twitter']; $twttr_options_array['twttr_position'] = $_REQUEST['twttr_position']; update_option ( ""twttr_options_array"", $twttr_options_array ); $message = __( ""Options saved."", 'twitter' ); } ?>

    >

    >

    '/>

    &
    />
    />

    "" />
    getParameter('type'); switch($errorType) { case 'module-not-allowed': case 'action-not-allowed': SpoonHTTP::setHeadersByCode(403); break; case 'not-found': SpoonHTTP::setHeadersByCode(404); break; } if($this->getParameter('querystring') !== null) { $chunks = explode('?', $this->getParameter('querystring')); $extension = SpoonFile::getExtension($chunks[0]); if($extension != '' && $extension != $chunks[0]) { SpoonHTTP::setHeadersByCode(404); echo 'Requested file (' . implode('?', $chunks) . ') not found.'; exit; } } $this->tpl->assign('message', BL::err(SpoonFilter::toCamelCase($errorType, '-'))); }",True,PHP,parse,index.php,https://github.com/forkcms/forkcms,forkcms,mlitn,2012-02-28 18:16:27+01:00,resolve xss vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-1188,"public function execute() { if(!SPOON_DEBUG && SpoonFile::exists(BACKEND_CORE_PATH . '/js/minified.js')) { $this->header->addJS('minified.js', 'core', false); } else { $this->header->addJS('jquery/jquery.js', 'core'); $this->header->addJS('jquery/jquery.ui.js', 'core'); $this->header->addJS('jquery/jquery.ui.dialog.patch.js', 'core'); $this->header->addJS('jquery/jquery.tools.js', 'core'); $this->header->addJS('jquery/jquery.backend.js', 'core'); } $this->header->addJS('utils.js', 'core', true); $this->header->addJS('backend.js', 'core', true); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getModule() . '.js')) { $this->header->addJS($this->getModule() . '.js', null, true); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getAction() . '.js')) { $this->header->addJS($this->getAction() . '.js', null, true); } if(!SPOON_DEBUG && SpoonFile::exists(BACKEND_CORE_PATH . '/layout/css/minified.css')) { $this->header->addCSS('minified.css', 'core'); } else { $this->header->addCSS('reset.css', 'core'); $this->header->addCSS('jquery_ui/fork/jquery_ui.css', 'core'); $this->header->addCSS('debug.css', 'core'); $this->header->addCSS('screen.css', 'core'); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/layout/css/' . $this->getModule() . '.css')) { $this->header->addCSS($this->getModule() . '.css', null); } $var = $this->getParameter('var', 'array'); if($this->getParameter('report') !== null) { $this->tpl->assign('report', true); $messageName = SpoonFilter::toCamelCase(SpoonFilter::stripHTML($this->getParameter('report')), '-'); if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); else $this->tpl->assign('reportMessage', BL::msg($messageName)); if($this->getParameter('highlight')) $this->tpl->assign('highlight', SpoonFilter::stripHTML($this->getParameter('highlight'))); } if($this->getParameter('error') !== null) { $errorName = SpoonFilter::toCamelCase(SpoonFilter::stripHTML($this->getParameter('error')), '-'); if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); else $this->tpl->assign('errorMessage', BL::err($errorName)); } }" 463,"protected function parse() { parent::parse(); $errorType = $this->getParameter('type'); switch($errorType) { case 'module-not-allowed': case 'action-not-allowed': SpoonHTTP::setHeadersByCode(403); break; case 'not-found': SpoonHTTP::setHeadersByCode(404); break; } if($this->getParameter('querystring') !== null) { $chunks = explode('?', $this->getParameter('querystring')); $extension = SpoonFile::getExtension($chunks[0]); if($extension != '' && $extension != $chunks[0]) { SpoonHTTP::setHeadersByCode(404); echo 'Requested file (' . implode('?', $chunks) . ') not found.'; exit; } } $this->tpl->assign('message', BL::err(SpoonFilter::toCamelCase(htmlspecialchars($errorType), '-'))); }",True,PHP,parse,index.php,https://github.com/forkcms/forkcms,forkcms,mlitn,2012-02-28 18:35:43+01:00,fix xss vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-1188,"public function execute() { if(!SPOON_DEBUG && SpoonFile::exists(BACKEND_CORE_PATH . '/js/minified.js')) { $this->header->addJS('minified.js', 'core', false); } else { $this->header->addJS('jquery/jquery.js', 'core'); $this->header->addJS('jquery/jquery.ui.js', 'core'); $this->header->addJS('jquery/jquery.ui.dialog.patch.js', 'core'); $this->header->addJS('jquery/jquery.tools.js', 'core'); $this->header->addJS('jquery/jquery.backend.js', 'core'); } $this->header->addJS('utils.js', 'core', true); $this->header->addJS('backend.js', 'core', true); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getModule() . '.js')) { $this->header->addJS($this->getModule() . '.js', null, true); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getAction() . '.js')) { $this->header->addJS($this->getAction() . '.js', null, true); } if(!SPOON_DEBUG && SpoonFile::exists(BACKEND_CORE_PATH . '/layout/css/minified.css')) { $this->header->addCSS('minified.css', 'core'); } else { $this->header->addCSS('reset.css', 'core'); $this->header->addCSS('jquery_ui/fork/jquery_ui.css', 'core'); $this->header->addCSS('debug.css', 'core'); $this->header->addCSS('screen.css', 'core'); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/layout/css/' . $this->getModule() . '.css')) { $this->header->addCSS($this->getModule() . '.css', null); } $var = $this->getParameter('var', 'array'); if($this->getParameter('report') !== null) { $this->tpl->assign('report', true); $messageName = SpoonFilter::toCamelCase(SpoonFilter::stripHTML($this->getParameter('report')), '-'); if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); else $this->tpl->assign('reportMessage', BL::msg($messageName)); if($this->getParameter('highlight')) $this->tpl->assign('highlight', SpoonFilter::stripHTML($this->getParameter('highlight'))); } if($this->getParameter('error') !== null) { $errorName = SpoonFilter::toCamelCase(SpoonFilter::stripHTML($this->getParameter('error')), '-'); if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); else $this->tpl->assign('errorMessage', BL::err($errorName)); } }" 465,"public function execute() { parent::execute(); $term = SpoonFilter::getPostValue('term', null, ''); $limit = (int) FrontendModel::getModuleSetting('search', 'autocomplete_num_items', 10); if($term == '') $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.'); $matches = FrontendSearchModel::getStartsWith($term, FRONTEND_LANGUAGE, $limit); $url = FrontendNavigation::getURLForBlock('search'); foreach($matches as &$match) $match['url'] = $url . '?form=search&q=' . $match['term']; $this->output(self::OK, $matches); }",True,PHP,execute,autocomplete.php,https://github.com/forkcms/forkcms,forkcms,jelmersnoeck,2012-03-01 11:05:54+01:00,XSS: Escape the input on ajax searches.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-5164,"public function execute() { if(!SPOON_DEBUG && SpoonFile::exists(BACKEND_CORE_PATH . '/js/minified.js')) { $this->header->addJS('minified.js', 'core', false); } else { $this->header->addJS('jquery/jquery.js', 'core'); $this->header->addJS('jquery/jquery.ui.js', 'core'); $this->header->addJS('jquery/jquery.ui.dialog.patch.js', 'core'); $this->header->addJS('jquery/jquery.tools.js', 'core'); $this->header->addJS('jquery/jquery.backend.js', 'core'); } $this->header->addJS('utils.js', 'core', true); $this->header->addJS('backend.js', 'core', true); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getModule() . '.js')) { $this->header->addJS($this->getModule() . '.js', null, true); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getAction() . '.js')) { $this->header->addJS($this->getAction() . '.js', null, true); } if(!SPOON_DEBUG && SpoonFile::exists(BACKEND_CORE_PATH . '/layout/css/minified.css')) { $this->header->addCSS('minified.css', 'core'); } else { $this->header->addCSS('reset.css', 'core'); $this->header->addCSS('jquery_ui/fork/jquery_ui.css', 'core'); $this->header->addCSS('debug.css', 'core'); $this->header->addCSS('screen.css', 'core'); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/layout/css/' . $this->getModule() . '.css')) { $this->header->addCSS($this->getModule() . '.css', null); } $var = $this->getParameter('var', 'array'); if($this->getParameter('report') !== null) { $this->tpl->assign('report', true); $messageName = SpoonFilter::toCamelCase(SpoonFilter::stripHTML($this->getParameter('report')), '-'); if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); else $this->tpl->assign('reportMessage', BL::msg($messageName)); if($this->getParameter('highlight')) $this->tpl->assign('highlight', SpoonFilter::stripHTML($this->getParameter('highlight'))); } if($this->getParameter('error') !== null) { $errorName = SpoonFilter::toCamelCase(SpoonFilter::stripHTML($this->getParameter('error')), '-'); if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); else $this->tpl->assign('errorMessage', BL::err($errorName)); } }" 468,"public function execute() { parent::execute(); $term = SpoonFilter::getPostValue('term', null, ''); if($term == '') $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.'); $previousTerm = SpoonSession::exists('searchTerm') ? SpoonSession::get('searchTerm') : ''; SpoonSession::set('searchTerm', ''); if($previousTerm != $term) { $this->statistics = array(); $this->statistics['term'] = $term; $this->statistics['language'] = FRONTEND_LANGUAGE; $this->statistics['time'] = FrontendModel::getUTCDate(); $this->statistics['data'] = serialize(array('server' => $_SERVER)); $this->statistics['num_results'] = FrontendSearchModel::getTotal($term); FrontendSearchModel::save($this->statistics); } SpoonSession::set('searchTerm', $term); $this->output(self::OK); }",True,PHP,execute,save.php,https://github.com/forkcms/forkcms,forkcms,jelmersnoeck,2012-03-01 11:05:54+01:00,XSS: Escape the input on ajax searches.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-5164,"public function execute() { if(!SPOON_DEBUG && SpoonFile::exists(BACKEND_CORE_PATH . '/js/minified.js')) { $this->header->addJS('minified.js', 'core', false); } else { $this->header->addJS('jquery/jquery.js', 'core'); $this->header->addJS('jquery/jquery.ui.js', 'core'); $this->header->addJS('jquery/jquery.ui.dialog.patch.js', 'core'); $this->header->addJS('jquery/jquery.tools.js', 'core'); $this->header->addJS('jquery/jquery.backend.js', 'core'); } $this->header->addJS('utils.js', 'core', true); $this->header->addJS('backend.js', 'core', true); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getModule() . '.js')) { $this->header->addJS($this->getModule() . '.js', null, true); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getAction() . '.js')) { $this->header->addJS($this->getAction() . '.js', null, true); } if(!SPOON_DEBUG && SpoonFile::exists(BACKEND_CORE_PATH . '/layout/css/minified.css')) { $this->header->addCSS('minified.css', 'core'); } else { $this->header->addCSS('reset.css', 'core'); $this->header->addCSS('jquery_ui/fork/jquery_ui.css', 'core'); $this->header->addCSS('debug.css', 'core'); $this->header->addCSS('screen.css', 'core'); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/layout/css/' . $this->getModule() . '.css')) { $this->header->addCSS($this->getModule() . '.css', null); } $var = $this->getParameter('var', 'array'); if($this->getParameter('report') !== null) { $this->tpl->assign('report', true); $messageName = SpoonFilter::toCamelCase(SpoonFilter::stripHTML($this->getParameter('report')), '-'); if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); else $this->tpl->assign('reportMessage', BL::msg($messageName)); if($this->getParameter('highlight')) $this->tpl->assign('highlight', SpoonFilter::stripHTML($this->getParameter('highlight'))); } if($this->getParameter('error') !== null) { $errorName = SpoonFilter::toCamelCase(SpoonFilter::stripHTML($this->getParameter('error')), '-'); if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); else $this->tpl->assign('errorMessage', BL::err($errorName)); } }" 470,"public static function textEncode( $mix ) { if ( is_array( $mix ) ) return implode(',', array_map( array('ezjscAjaxContent', 'textEncode'), array_filter( $mix ) ) ); return $mix; }",True,PHP,textEncode,ezjscajaxcontent.php,https://github.com/ezsystems/ezjscore,ezsystems,André R,2012-05-09 12:17:22+02:00,Fixed #019245: XSS exploit on eZJSCore RUN command,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-1597,"public function execute() { $this->header->addJS('jquery/jquery.js', 'core', false); $this->header->addJS('jquery/jquery.ui.js', 'core', false); $this->header->addJS('jquery/jquery.ui.dialog.patch.js', 'core'); $this->header->addJS('jquery/jquery.tools.js', 'core', false); $this->header->addJS('jquery/jquery.backend.js', 'core'); $this->header->addJS('utils.js', 'core'); $this->header->addJS('backend.js', 'core', false, true); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getModule() . '.js')) { $this->header->addJS($this->getModule() . '.js', null, false, true); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getAction() . '.js')) { $this->header->addJS($this->getAction() . '.js', null, false, true); } $this->header->addCSS('reset.css', 'core'); $this->header->addCSS('jquery_ui/fork/jquery_ui.css', 'core', false, false); $this->header->addCSS('screen.css', 'core'); $this->header->addCSS('debug.css', 'core'); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/layout/css/' . $this->getModule() . '.css')) { $this->header->addCSS($this->getModule() . '.css'); } $var = $this->getParameter('var', 'array'); if($this->getParameter('report') !== null) { $this->tpl->assign('report', true); $messageName = strip_tags(SpoonFilter::toCamelCase($this->getParameter('report'), '-')); if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); else $this->tpl->assign('reportMessage', BL::msg($messageName)); if($this->getParameter('highlight')) $this->tpl->assign('highlight', $this->getParameter('highlight')); } if($this->getParameter('error') !== null) { $errorName = SpoonFilter::toCamelCase($this->getParameter('error'), '-'); if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); else $this->tpl->assign('errorMessage', BL::err($errorName)); } }" 472,"public function show() { global $lang; if (!isset($this->RevInfo1, $this->RevInfo2)) { $this->handle(); $this->preProcess(); } $rev1Title = trim($this->RevInfo1->showRevisionTitle() .' '. $this->RevInfo1->showCurrentIndicator()); $rev1Summary = ($this->RevInfo1->val('date')) ? $this->RevInfo1->showEditSummary() .' '. $this->RevInfo1->showEditor() : ''; if ($this->RevInfo2->val('extra') == 'compareWith') { $rev2Title = $lang['yours']; $rev2Summary = ''; } else { $rev2Title = trim($this->RevInfo2->showRevisionTitle() .' '. $this->RevInfo2->showCurrentIndicator()); $rev2Summary = ($this->RevInfo2->val('date')) ? $this->RevInfo2->showEditSummary() .' '. $this->RevInfo2->showEditor() : ''; } $Difference = new \Diff( explode(""\n"", $this->RevInfo1->val('text')), explode(""\n"", $this->RevInfo2->val('text')) ); [$rev1Navi, $rev2Navi] = $this->buildRevisionsNavigation(); if ($this->preference['showIntro']) echo p_locale_xhtml('diff'); $this->showDiffViewSelector(); $classEditType = function ($changeType) { return ($changeType === DOKU_CHANGE_TYPE_MINOR_EDIT) ? ' class=""minor""' : ''; }; echo '
    '; echo 'preference['difftype'] .'"">'; switch ($this->preference['difftype']) { case 'inline': $title1 = $rev1Title . ($rev1Summary ? '
    '.$rev1Summary : ''); $title2 = $rev2Title . ($rev2Summary ? '
    '.$rev2Summary : '');",True,PHP,show,PageDiff.php,https://github.com/splitbrain/dokuwiki,splitbrain,Andreas Gohr,2022-09-03 18:51:00+02:00,SECURITY fix difftype handling. #3761,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-3123,"public function execute() { $this->header->addJS('jquery/jquery.js', 'core', false); $this->header->addJS('jquery/jquery.ui.js', 'core', false); $this->header->addJS('jquery/jquery.ui.dialog.patch.js', 'core'); $this->header->addJS('jquery/jquery.tools.js', 'core', false); $this->header->addJS('jquery/jquery.backend.js', 'core'); $this->header->addJS('utils.js', 'core'); $this->header->addJS('backend.js', 'core', false, true); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getModule() . '.js')) { $this->header->addJS($this->getModule() . '.js', null, false, true); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getAction() . '.js')) { $this->header->addJS($this->getAction() . '.js', null, false, true); } $this->header->addCSS('reset.css', 'core'); $this->header->addCSS('jquery_ui/fork/jquery_ui.css', 'core', false, false); $this->header->addCSS('screen.css', 'core'); $this->header->addCSS('debug.css', 'core'); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/layout/css/' . $this->getModule() . '.css')) { $this->header->addCSS($this->getModule() . '.css'); } $var = $this->getParameter('var', 'array'); if($this->getParameter('report') !== null) { $this->tpl->assign('report', true); $messageName = strip_tags(SpoonFilter::toCamelCase($this->getParameter('report'), '-')); if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); else $this->tpl->assign('reportMessage', BL::msg($messageName)); if($this->getParameter('highlight')) { $this->tpl->assign('highlight', strip_tags($this->getParameter('highlight'))); } } if($this->getParameter('error') !== null) { $errorName = SpoonFilter::toCamelCase($this->getParameter('error'), '-'); if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); else $this->tpl->assign('errorMessage', BL::err($errorName)); } }" 473,"protected function handle() { global $INPUT; if (!isset($this->RevInfo1, $this->RevInfo2)) { parent::handle(); } if ($INPUT->has('difftype')) { $this->preference['difftype'] = $INPUT->str('difftype'); } else { $mode = get_doku_pref('difftype', null); if (isset($mode)) $this->preference['difftype'] = $mode; } if (!$INPUT->has('rev') && !$INPUT->has('rev2')) { global $INFO, $REV; if ($this->id == $INFO['id']) $REV = $this->rev1; } }",True,PHP,handle,PageDiff.php,https://github.com/splitbrain/dokuwiki,splitbrain,Andreas Gohr,2022-09-03 18:51:00+02:00,SECURITY fix difftype handling. #3761,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-3123,"public function execute() { $this->header->addJS('jquery/jquery.js', 'core', false); $this->header->addJS('jquery/jquery.ui.js', 'core', false); $this->header->addJS('jquery/jquery.ui.dialog.patch.js', 'core'); $this->header->addJS('jquery/jquery.tools.js', 'core', false); $this->header->addJS('jquery/jquery.backend.js', 'core'); $this->header->addJS('utils.js', 'core'); $this->header->addJS('backend.js', 'core', false, true); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getModule() . '.js')) { $this->header->addJS($this->getModule() . '.js', null, false, true); } if(SpoonFile::exists(BACKEND_MODULE_PATH . '/js/' . $this->getAction() . '.js')) { $this->header->addJS($this->getAction() . '.js', null, false, true); } $this->header->addCSS('reset.css', 'core'); $this->header->addCSS('jquery_ui/fork/jquery_ui.css', 'core', false, false); $this->header->addCSS('screen.css', 'core'); $this->header->addCSS('debug.css', 'core'); if(SpoonFile::exists(BACKEND_MODULE_PATH . '/layout/css/' . $this->getModule() . '.css')) { $this->header->addCSS($this->getModule() . '.css'); } $var = $this->getParameter('var', 'array'); if($this->getParameter('report') !== null) { $this->tpl->assign('report', true); $messageName = strip_tags(SpoonFilter::toCamelCase($this->getParameter('report'), '-')); if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var)); else $this->tpl->assign('reportMessage', BL::msg($messageName)); if($this->getParameter('highlight')) { $this->tpl->assign('highlight', strip_tags($this->getParameter('highlight'))); } } if($this->getParameter('error') !== null) { $errorName = strip_tags(SpoonFilter::toCamelCase($this->getParameter('error'), '-')); if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var)); else $this->tpl->assign('errorMessage', BL::err($errorName)); } }" 476,"function html_edit_form($param) { global $TEXT; if ($param['target'] !== 'section') { msg('No editor for edit target ' . $param['target'] . ' found.', -1); } $attr = array('tabindex'=>'1'); if (!$param['wr']) $attr['readonly'] = 'readonly'; $param['form']->addElement(form_makeWikiText($TEXT, $attr)); }",True,PHP,html_edit_form,html.php,https://github.com/splitbrain/dokuwiki,splitbrain,Andreas Gohr,2012-04-19 11:26:46+02:00,"escape target error message (SECURITY) FS#2487 FS#2488 The error message when a non-existant editor was tried to load wasn't escaped correctly, allowing to introduce arbitrary JavaScript to the output, leading to a XSS vulnerability. Note: the reported second XCRF vulnerability is the same bug, the xploit code simply uses JavaScript to extract a valid CSRF token from the site",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-2129,"protected function parse() { parent::parse(); $errorType = $this->getParameter('type'); switch($errorType) { case 'module-not-allowed': case 'action-not-allowed': SpoonHTTP::setHeadersByCode(403); break; case 'not-found': SpoonHTTP::setHeadersByCode(404); break; } if($this->getParameter('querystring') !== null) { $chunks = explode('?', $this->getParameter('querystring')); $extension = SpoonFile::getExtension($chunks[0]); if($extension != '' && $extension != $chunks[0]) { SpoonHTTP::setHeadersByCode(404); echo 'Requested file (' . implode('?', $chunks) . ') not found.'; exit; } } $this->tpl->assign('message', BL::err(SpoonFilter::toCamelCase(htmlspecialchars($errorType), '-'))); }" 479,"private function _new_password($user_id = 0, $password, $token) { $auth = Auth::instance(); $user = ORM::factory('user',$user_id); if ($user->loaded == true) { if (kohana::config('riverid.enable') == TRUE AND ! empty($user->riverid)) { $user->password = $password; $user->save(); $riverid = new RiverID; $riverid->email = $user->email; $riverid->token = $token; $riverid->new_password = $password; if ($riverid->setpassword() == FALSE) { } } else { if($auth->hash_password($user->email.$user->last_login, $auth->find_salt($token)) == $token) { $user->password = $password; $user->save(); } else { } } return TRUE; } return FALSE; }",True,PHP,_new_password,login.php,https://github.com/ushahidi/Ushahidi_Web,ushahidi,Robbie Mackay,2012-11-12 16:41:11+13:00,"Make forgot password tokens use better random token #646 Fixes security issue discovered by Timothy D. Morgan Forgotten password challenges were guessable based on users last login and email address. Tokens are now generated based on a HMAC of login time and email address using a salt and secret key specifically for these tokens.",CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2012-5618,"protected function parse() { parent::parse(); $errorType = $this->getParameter('type'); switch($errorType) { case 'module-not-allowed': case 'action-not-allowed': SpoonHTTP::setHeadersByCode(403); break; case 'not-found': SpoonHTTP::setHeadersByCode(404); break; } if($this->getParameter('querystring') !== null) { $chunks = explode('?', $this->getParameter('querystring')); $extension = SpoonFile::getExtension($chunks[0]); if($extension != '' && $extension != $chunks[0]) { SpoonHTTP::setHeadersByCode(404); echo 'Requested file (' . htmlspecialchars($this->getParameter('querystring')) . ') not found.'; exit; } } $this->tpl->assign('message', BL::err(SpoonFilter::toCamelCase(htmlspecialchars($errorType), '-'))); }" 487,"public function write($template = '') { if (!empty($this->script_files)) { $this->set_env('request_token', $this->app->get_request_token()); } $commands = $this->get_js_commands($framed); if ($framed) { $this->scripts = array(); $this->script_files = array(); $this->header = ''; $this->footer = ''; } $this->add_script($commands, 'head_top'); $iframe = $this->framed || $this->env['framed']; if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin'))) { header('X-Frame-Options: ' . ($iframe && $xframe == 'deny' ? 'sameorigin' : $xframe)); }",True,PHP,write,rcmail_output_html.php,https://github.com/roundcube/roundcubemail,roundcube,Aleksander Machniak,2016-03-06 14:31:07+01:00,"Protect download urls against CSRF using unique request tokens (#1490642) Send X-Frame-Options headers with every HTTP response",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2016-4069,"public function execute() { parent::execute(); $searchTerm = SpoonFilter::getPostValue('term', null, ''); $term = (SPOON_CHARSET == 'utf-8') ? SpoonFilter::htmlspecialchars($searchTerm) : SpoonFilter::htmlentities($searchTerm); $limit = (int) FrontendModel::getModuleSetting('search', 'autocomplete_num_items', 10); if($term == '') $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.'); $matches = FrontendSearchModel::getStartsWith($term, FRONTEND_LANGUAGE, $limit); $url = FrontendNavigation::getURLForBlock('search'); foreach($matches as &$match) $match['url'] = $url . '?form=search&q=' . $match['term']; $this->output(self::OK, $matches); }" 488,"function __construct($uid, $folder = null, $is_safe = false) { if (preg_match('/^\d+-.+/', $uid)) { list($uid, $folder) = explode('-', $uid, 2); } $this->uid = $uid; $this->app = rcube::get_instance(); $this->storage = $this->app->get_storage(); $this->folder = strlen($folder) ? $folder : $this->storage->get_folder(); $this->storage->set_folder($this->folder); $this->storage->set_options(array('all_headers' => true)); $this->headers = $this->storage->get_message($uid); if (!$this->headers) { return; } $this->mime = new rcube_mime($this->headers->charset); $this->subject = $this->headers->get('subject'); list(, $this->sender) = each($this->mime->decode_address_list($this->headers->from, 1)); $this->set_safe($is_safe || $_SESSION['safe_messages'][$this->folder.':'.$uid]); $this->opt = array( 'safe' => $this->is_safe, 'prefer_html' => $this->app->config->get('prefer_html'), 'get_url' => $this->app->url(array( 'action' => 'get', 'mbox' => $this->folder, 'uid' => $uid)) ); if (!empty($this->headers->structure)) { $this->get_mime_numbers($this->headers->structure); $this->parse_structure($this->headers->structure); } else { $this->body = $this->storage->get_body($uid); } $this->app->plugins->exec_hook('message_load', array('object' => $this)); }",True,PHP,__construct,rcube_message.php,https://github.com/roundcube/roundcubemail,roundcube,Aleksander Machniak,2016-03-06 14:31:07+01:00,"Protect download urls against CSRF using unique request tokens (#1490642) Send X-Frame-Options headers with every HTTP response",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2016-4069,"public function execute() { parent::execute(); $searchTerm = SpoonFilter::getPostValue('term', null, ''); $term = (SPOON_CHARSET == 'utf-8') ? SpoonFilter::htmlspecialchars($searchTerm) : SpoonFilter::htmlentities($searchTerm); if($term == '') $this->output(self::BAD_REQUEST, null, 'term-parameter is missing.'); $previousTerm = SpoonSession::exists('searchTerm') ? SpoonSession::get('searchTerm') : ''; SpoonSession::set('searchTerm', ''); if($previousTerm != $term) { $this->statistics = array(); $this->statistics['term'] = $term; $this->statistics['language'] = FRONTEND_LANGUAGE; $this->statistics['time'] = FrontendModel::getUTCDate(); $this->statistics['data'] = serialize(array('server' => $_SERVER)); $this->statistics['num_results'] = FrontendSearchModel::getTotal($term); FrontendSearchModel::save($this->statistics); } SpoonSession::set('searchTerm', $term); $this->output(self::OK); }" 492,"public static function scanFile($path){ $file=OC_Filesystem::getLocalFile($path); if(!self::isMusic($path)){ return; } if(!self::$getID3){ self::$getID3=@new getID3(); self::$getID3->encoding='UTF-8'; } $data=@self::$getID3->analyze($file); getid3_lib::CopyTagsToComments($data); if(!isset($data['comments'])){ OCP\Util::writeLog('media',""error reading id3 tags in '$file'"",OCP\Util::WARN); return; } if(!isset($data['comments']['artist'])){ OCP\Util::writeLog('media',""error reading artist tag in '$file'"",OCP\Util::WARN); $artist='unknown'; }else{ $artist=stripslashes($data['comments']['artist'][0]); } if(!isset($data['comments']['album'])){ OCP\Util::writeLog('media',""error reading album tag in '$file'"",OCP\Util::WARN); $album='unknown'; }else{ $album=stripslashes($data['comments']['album'][0]); } if(!isset($data['comments']['title'])){ OCP\Util::writeLog('media',""error reading title tag in '$file'"",OCP\Util::WARN); $title='unknown'; }else{ $title=stripslashes($data['comments']['title'][0]); } $size=$data['filesize']; if (isset($data['comments']['track'])) { $track = $data['comments']['track'][0]; } else if (isset($data['comments']['track_number'])) { $track = $data['comments']['track_number'][0]; $track = explode('/',$track); $track = $track[0]; } else { $track = 0; } $length=isset($data['playtime_seconds'])?round($data['playtime_seconds']):0; if(!isset(self::$artists[$artist])){ $artistId=OC_MEDIA_COLLECTION::addArtist($artist); self::$artists[$artist]=$artistId; }else{ $artistId=self::$artists[$artist]; } if(!isset(self::$albums[$artist.'/'.$album])){ $albumId=OC_MEDIA_COLLECTION::addAlbum($album,$artistId); self::$albums[$artist.'/'.$album]=$albumId; }else{ $albumId=self::$albums[$artist.'/'.$album]; } $songId=OC_MEDIA_COLLECTION::addSong($title,$path,$artistId,$albumId,$length,$track,$size); return (!($title=='unkown' && $artist=='unkown' && $album=='unkown'))?$songId:0; }",True,PHP,scanFile,lib_scanner.php,https://github.com/owncloud/core,owncloud,Bjoern Schiessle,2012-06-05 10:49:26+02:00,xss vulnerability fixed,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-4396,"public static function textEncode( $mix ) { if ( is_array( $mix ) ) return implode(',', array_map( array('ezjscAjaxContent', 'textEncode'), array_filter( $mix ) ) ); return htmlspecialchars( $mix ); }" 495,"public function get() { $r = '
    '.$this->stack_name.'
    '; for ($i = 0; $i < count($this->tiles_array); $i++) { $top = rand(-5, 5); $left = rand(-5, 5); $img_w = $this->tiles_array[$i]->getWidth(); $extra = ''; if ($img_w < IMAGE_WIDTH) { $extra = 'width:'.$img_w.'px;'; } $r .= '
    tiles_array[$i]->getMiniatureSrc().'\');margin-top:'.$top.'px; margin-left:'.$left.'px;'.$extra.'"">
    '; } return $r; }",True,PHP,get,tiles.php,https://github.com/owncloud/core,owncloud,Lukas Reschke,2012-06-11 11:54:03+02:00,Sanitizing user input,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-4396,"public function show() { global $lang; if (!isset($this->RevInfo1, $this->RevInfo2)) { $this->handle(); $this->preProcess(); } $rev1Title = trim($this->RevInfo1->showRevisionTitle() .' '. $this->RevInfo1->showCurrentIndicator()); $rev1Summary = ($this->RevInfo1->val('date')) ? $this->RevInfo1->showEditSummary() .' '. $this->RevInfo1->showEditor() : ''; if ($this->RevInfo2->val('extra') == 'compareWith') { $rev2Title = $lang['yours']; $rev2Summary = ''; } else { $rev2Title = trim($this->RevInfo2->showRevisionTitle() .' '. $this->RevInfo2->showCurrentIndicator()); $rev2Summary = ($this->RevInfo2->val('date')) ? $this->RevInfo2->showEditSummary() .' '. $this->RevInfo2->showEditor() : ''; } $Difference = new \Diff( explode(""\n"", $this->RevInfo1->val('text')), explode(""\n"", $this->RevInfo2->val('text')) ); [$rev1Navi, $rev2Navi] = $this->buildRevisionsNavigation(); if ($this->preference['showIntro']) echo p_locale_xhtml('diff'); $this->showDiffViewSelector(); $classEditType = function ($changeType) { return ($changeType === DOKU_CHANGE_TYPE_MINOR_EDIT) ? ' class=""minor""' : ''; }; echo '
    '; echo '
    preference['difftype']) .'"">'; switch ($this->preference['difftype']) { case 'inline': $title1 = $rev1Title . ($rev1Summary ? '
    '.$rev1Summary : ''); $title2 = $rev2Title . ($rev2Summary ? '
    '.$rev2Summary : '');" 497,public function getOnClickAction() { return 'javascript:openNewGal(\''.$this->stack_name.'\');'; },True,PHP,getOnClickAction,tiles.php,https://github.com/owncloud/core,owncloud,Lukas Reschke,2012-06-11 11:54:03+02:00,Sanitizing user input,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2012-4396,"protected function handle() { global $INPUT; if (!isset($this->RevInfo1, $this->RevInfo2)) { parent::handle(); } $mode = ''; if ($INPUT->has('difftype')) { $mode = $INPUT->str('difftype'); } else { $mode = get_doku_pref('difftype', null); } if(in_array($mode, ['inline','sidebyside'])) $this->preference['difftype'] = $mode; if (!$INPUT->has('rev') && !$INPUT->has('rev2')) { global $INFO, $REV; if ($this->id == $INFO['id']) $REV = $this->rev1; } }" 498,"public function bind($dn = null, $password = null) { if (empty($dn)) { $dn = $this->_config['binddn']; } if (empty($password)) { $password = $this->_config['bindpw']; } if (!$this->_link) { $olddn = $this->_config['binddn']; $oldpw = $this->_config['bindpw']; $this->_config['binddn'] = $dn; $this->_config['bindpw'] = $password; $msg = $this->_connect(); $this->_config['binddn'] = $olddn; $this->_config['bindpw'] = $oldpw; return; } if (empty($dn)) { $msg = @ldap_bind($this->_link); } else { $msg = @ldap_bind($this->_link, $dn, $password); } if (!$msg) { throw new Horde_Ldap_Exception('Bind failed: ' . @ldap_error($this->_link), @ldap_errno($this->_link)); } }",True,PHP,bind,Ldap.php,https://github.com/horde/horde,horde,Jan Schneider,2014-06-03 10:29:46+02:00,Stricter parameter check.,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2014-3999,"function html_edit_form($param) { global $TEXT; if ($param['target'] !== 'section') { msg('No editor for edit target ' . hsc($param['target']) . ' found.', -1); } $attr = array('tabindex'=>'1'); if (!$param['wr']) $attr['readonly'] = 'readonly'; $param['form']->addElement(form_makeWikiText($TEXT, $attr)); }" 502,"protected function _renderVarInput_number($form, &$var, &$vars) { $value = $var->getValue($vars); if ($var->type->getProperty('fraction')) { $value = sprintf('%01.' . $var->type->getProperty('fraction') . 'f', $value); } $linfo = Horde_Nls::getLocaleInfo(); if (!empty($linfo['mon_decimal_point'])) { $value = str_replace('.', $linfo['mon_decimal_point'], $value); } return sprintf('', htmlspecialchars($var->getVarName()), $this->_genID($var->getVarName(), false), $value, $this->_getActionScripts($form, $var) ); }",True,PHP,_renderVarInput_number,Html.php,https://github.com/horde/horde,horde,Michael J Rubinsky,2015-12-14 09:27:09-05:00,"Escape form value. Even though this is a numeric field, this isn't enforced until the form is submitted.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-8807,"private function _new_password($user_id = 0, $password, $token) { $auth = Auth::instance(); $user = ORM::factory('user',$user_id); if ($user->loaded == true) { if (kohana::config('riverid.enable') == TRUE AND ! empty($user->riverid)) { $user->password = $password; $user->save(); $riverid = new RiverID; $riverid->email = $user->email; $riverid->token = $token; $riverid->new_password = $password; if ($riverid->setpassword() == FALSE) { } } else { if($user->check_forgot_password_token($token)) { $user->password = $password; $user->save(); } else { } } return TRUE; } return FALSE; }" 503,"function getUserGroupID($name, $affilid=DEFAULT_AFFILID) { $query = ""SELECT id "" . ""FROM usergroup "" . ""WHERE name = '$name' AND "" . ""affiliationid = $affilid""; $qh = doQuery($query, 300); if($row = mysql_fetch_row($qh)) { return $row[0]; } $query = ""INSERT INTO usergroup "" . ""(name, "" . ""affiliationid, "" . ""custom, "" . ""courseroll) "" . ""VALUES "" . ""('$name', "" . ""$affilid, "" . ""0, "" . ""0)""; doQuery($query, 301); $qh = doQuery(""SELECT LAST_INSERT_ID() FROM usergroup"", 302); if(! $row = mysql_fetch_row($qh)) { abort(303); } return $row[0]; }",True,PHP,getUserGroupID,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"public function write($template = '') { if (!empty($this->script_files)) { $this->set_env('request_token', $this->app->get_request_token()); } $commands = $this->get_js_commands($framed); if ($framed) { $this->scripts = array(); $this->script_files = array(); $this->header = ''; $this->footer = ''; } $this->add_script($commands, 'head_top'); $iframe = $this->framed || $this->env['framed']; if (!headers_sent() && $iframe && $this->app->config->get('x_frame_options', 'sameorigin') === 'deny') { header('X-Frame-Options: sameorigin', true); } $this->_write($template, $this->config->get('skin_path')); }" 504,"function getUserGroupID($name, $affilid=DEFAULT_AFFILID) { $query = ""SELECT id "" . ""FROM usergroup "" . ""WHERE name = '$name' AND "" . ""affiliationid = $affilid""; $qh = doQuery($query, 300); if($row = mysql_fetch_row($qh)) { return $row[0]; } $query = ""INSERT INTO usergroup "" . ""(name, "" . ""affiliationid, "" . ""custom, "" . ""courseroll) "" . ""VALUES "" . ""('$name', "" . ""$affilid, "" . ""0, "" . ""0)""; doQuery($query, 301); $qh = doQuery(""SELECT LAST_INSERT_ID() FROM usergroup"", 302); if(! $row = mysql_fetch_row($qh)) { abort(303); } return $row[0]; }",True,PHP,getUserGroupID,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function __construct($uid, $folder = null, $is_safe = false) { if (preg_match('/^\d+-.+/', $uid)) { list($uid, $folder) = explode('-', $uid, 2); } $this->uid = $uid; $this->app = rcube::get_instance(); $this->storage = $this->app->get_storage(); $this->folder = strlen($folder) ? $folder : $this->storage->get_folder(); $this->storage->set_folder($this->folder); $this->storage->set_options(array('all_headers' => true)); $this->headers = $this->storage->get_message($uid); if (!$this->headers) { return; } $this->mime = new rcube_mime($this->headers->charset); $this->subject = $this->headers->get('subject'); list(, $this->sender) = each($this->mime->decode_address_list($this->headers->from, 1)); $this->set_safe($is_safe || $_SESSION['safe_messages'][$this->folder.':'.$uid]); $this->opt = array( 'safe' => $this->is_safe, 'prefer_html' => $this->app->config->get('prefer_html'), 'get_url' => $this->app->url(array( 'action' => 'get', 'mbox' => $this->folder, 'uid' => $uid), false, false, true) ); if (!empty($this->headers->structure)) { $this->get_mime_numbers($this->headers->structure); $this->parse_structure($this->headers->structure); } else { $this->body = $this->storage->get_body($uid); } $this->app->plugins->exec_hook('message_load', array('object' => $this)); }" 509,"function getResourceGroups($type="""") { $return = array(); $query = ""SELECT g.id AS id, "" . ""g.name AS name, "" . ""t.name AS type, "" . ""g.ownerusergroupid AS ownerid, "" . ""CONCAT(u.name, '@', a.name) AS owner "" . ""FROM resourcegroup g, "" . ""resourcetype t, "" . ""usergroup u, "" . ""affiliation a "" . ""WHERE g.resourcetypeid = t.id AND "" . ""g.ownerusergroupid = u.id AND "" . ""u.affiliationid = a.id ""; if(! empty($type)) $query .= ""AND t.name = '$type' ""; $query .= ""ORDER BY t.name, g.name""; $qh = doQuery($query, 281); while($row = mysql_fetch_assoc($qh)) { if(empty($type)) $return[$row[""id""]][""name""] = $row[""type""] . ""/"" . $row[""name""]; else $return[$row[""id""]][""name""] = $row[""name""]; $return[$row[""id""]][""ownerid""] = $row[""ownerid""]; $return[$row[""id""]][""owner""] = $row[""owner""]; } return $return; }",True,PHP,getResourceGroups,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"public static function scanFile($path){ $file=OC_Filesystem::getLocalFile($path); if(!self::isMusic($path)){ return; } if(!self::$getID3){ self::$getID3=@new getID3(); self::$getID3->encoding='UTF-8'; } $data=@self::$getID3->analyze($file); getid3_lib::CopyTagsToComments($data); if(!isset($data['comments'])){ OCP\Util::writeLog('media',""error reading id3 tags in '$file'"",OCP\Util::WARN); return; } if(!isset($data['comments']['artist'])){ OCP\Util::writeLog('media',""error reading artist tag in '$file'"",OCP\Util::WARN); $artist='unknown'; }else{ $artist=strip_tags(stripslashes($data['comments']['artist'][0])); } if(!isset($data['comments']['album'])){ OCP\Util::writeLog('media',""error reading album tag in '$file'"",OCP\Util::WARN); $album='unknown'; }else{ $album=strip_tags(stripslashes($data['comments']['album'][0])); } if(!isset($data['comments']['title'])){ OCP\Util::writeLog('media',""error reading title tag in '$file'"",OCP\Util::WARN); $title='unknown'; }else{ $title=strip_tags(stripslashes($data['comments']['title'][0])); } $size=$data['filesize']; if (isset($data['comments']['track'])) { $track = $data['comments']['track'][0]; } else if (isset($data['comments']['track_number'])) { $track = $data['comments']['track_number'][0]; $track = explode('/',$track); $track = $track[0]; } else { $track = 0; } $length=isset($data['playtime_seconds'])?round($data['playtime_seconds']):0; if(!isset(self::$artists[$artist])){ $artistId=OC_MEDIA_COLLECTION::addArtist($artist); self::$artists[$artist]=$artistId; }else{ $artistId=self::$artists[$artist]; } if(!isset(self::$albums[$artist.'/'.$album])){ $albumId=OC_MEDIA_COLLECTION::addAlbum($album,$artistId); self::$albums[$artist.'/'.$album]=$albumId; }else{ $albumId=self::$albums[$artist.'/'.$album]; } $songId=OC_MEDIA_COLLECTION::addSong($title,$path,$artistId,$albumId,$length,$track,$size); return (!($title=='unkown' && $artist=='unkown' && $album=='unkown'))?$songId:0; }" 510,"function getResourceGroups($type="""") { $return = array(); $query = ""SELECT g.id AS id, "" . ""g.name AS name, "" . ""t.name AS type, "" . ""g.ownerusergroupid AS ownerid, "" . ""CONCAT(u.name, '@', a.name) AS owner "" . ""FROM resourcegroup g, "" . ""resourcetype t, "" . ""usergroup u, "" . ""affiliation a "" . ""WHERE g.resourcetypeid = t.id AND "" . ""g.ownerusergroupid = u.id AND "" . ""u.affiliationid = a.id ""; if(! empty($type)) $query .= ""AND t.name = '$type' ""; $query .= ""ORDER BY t.name, g.name""; $qh = doQuery($query, 281); while($row = mysql_fetch_assoc($qh)) { if(empty($type)) $return[$row[""id""]][""name""] = $row[""type""] . ""/"" . $row[""name""]; else $return[$row[""id""]][""name""] = $row[""name""]; $return[$row[""id""]][""ownerid""] = $row[""ownerid""]; $return[$row[""id""]][""owner""] = $row[""owner""]; } return $return; }",True,PHP,getResourceGroups,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"public function get() { $r = '
    '.htmlentities($this->stack_name).'
    '; for ($i = 0; $i < count($this->tiles_array); $i++) { $top = rand(-5, 5); $left = rand(-5, 5); $img_w = $this->tiles_array[$i]->getWidth(); $extra = ''; if ($img_w < IMAGE_WIDTH) { $extra = 'width:'.$img_w.'px;'; } $r .= '
    tiles_array[$i]->getMiniatureSrc().'\');margin-top:'.$top.'px; margin-left:'.$left.'px;'.$extra.'"">
    '; } return $r; }" 515,"$return[$index] = strip_tags($value); if($return[$index] == 'zero') $return[$index] = '0'; } } elseif($type == ARG_MULTISTRING) { foreach($return as $index => $value) { $return[$index] = strip_tags($value); } } else $return = strip_tags($return); if(! empty($return) && $type == ARG_NUMERIC) { if(! is_numeric($return)) { return preg_replace('([^\d])', '', $return); } } elseif(! empty($return) && $type == ARG_STRING) { if(! is_string($return)) $return = $defaultvalue; } elseif(! empty($return) && $type == ARG_MULTINUMERIC) { foreach($return as $index => $value) { if(! is_numeric($value)) { $return[$index] = preg_replace('([^\d])', '', $value); } } return $return; } elseif(! empty($return) && $type == ARG_MULTISTRING) { foreach($return as $index => $value) { if(! is_string($value)) $return[$index] = $defaultvalue; elseif($addslashes) $return[$index] = addslashes($value); } return $return; } if(is_string($return)) { if(strlen($return) == 0) $return = $defaultvalue; elseif($addslashes) $return = addslashes($return); } return $return; }",True,PHP,strip_tags,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,public function getOnClickAction() { return 'javascript:openNewGal(\''.htmlentities($this->stack_name).'\');'; } 516,"$return[$index] = strip_tags($value); if($return[$index] == 'zero') $return[$index] = '0'; } } elseif($type == ARG_MULTISTRING) { foreach($return as $index => $value) { $return[$index] = strip_tags($value); } } else $return = strip_tags($return); if(! empty($return) && $type == ARG_NUMERIC) { if(! is_numeric($return)) { return preg_replace('([^\d])', '', $return); } } elseif(! empty($return) && $type == ARG_STRING) { if(! is_string($return)) $return = $defaultvalue; } elseif(! empty($return) && $type == ARG_MULTINUMERIC) { foreach($return as $index => $value) { if(! is_numeric($value)) { $return[$index] = preg_replace('([^\d])', '', $value); } } return $return; } elseif(! empty($return) && $type == ARG_MULTISTRING) { foreach($return as $index => $value) { if(! is_string($value)) $return[$index] = $defaultvalue; elseif($addslashes) $return[$index] = addslashes($value); } return $return; } if(is_string($return)) { if(strlen($return) == 0) $return = $defaultvalue; elseif($addslashes) $return = addslashes($return); } return $return; }",True,PHP,strip_tags,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"public function bind($dn = null, $password = null) { if (is_null($dn)) { $dn = $this->_config['binddn']; } if (is_null($password)) { $password = $this->_config['bindpw']; } if (!$this->_link) { $olddn = $this->_config['binddn']; $oldpw = $this->_config['bindpw']; $this->_config['binddn'] = $dn; $this->_config['bindpw'] = $password; $msg = $this->_connect(); $this->_config['binddn'] = $olddn; $this->_config['bindpw'] = $oldpw; return; } if (empty($dn)) { $msg = @ldap_bind($this->_link); } else { $msg = @ldap_bind($this->_link, $dn, $password); } if (!$msg) { throw new Horde_Ldap_Exception('Bind failed: ' . @ldap_error($this->_link), @ldap_errno($this->_link)); } }" 519,"function getTypes($subtype=""both"") { $types = array(""users"" => array(), ""resources"" => array()); if($subtype == ""users"" || $subtype == ""both"") { $query = ""SELECT id, name FROM userprivtype""; $qh = doQuery($query, 365); while($row = mysql_fetch_assoc($qh)) { if($row[""name""] == ""block"" || $row[""name""] == ""cascade"") continue; $types[""users""][$row[""id""]] = $row[""name""]; } } if($subtype == ""resources"" || $subtype == ""both"") { $query = ""SELECT id, name FROM resourcetype""; $qh = doQuery($query, 366); while($row = mysql_fetch_assoc($qh)) { if($row[""name""] == ""block"" || $row[""name""] == ""cascade"") continue; $types[""resources""][$row[""id""]] = $row[""name""]; } } return $types; }",True,PHP,getTypes,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"protected function _renderVarInput_number($form, &$var, &$vars) { $value = $var->getValue($vars); if ($var->type->getProperty('fraction')) { $value = sprintf('%01.' . $var->type->getProperty('fraction') . 'f', $value); } $linfo = Horde_Nls::getLocaleInfo(); if (!empty($linfo['mon_decimal_point'])) { $value = str_replace('.', $linfo['mon_decimal_point'], $value); } return sprintf('', htmlspecialchars($var->getVarName()), $this->_genID($var->getVarName(), false), htmlspecialchars($value), $this->_getActionScripts($form, $var) ); }" 520,"function getTypes($subtype=""both"") { $types = array(""users"" => array(), ""resources"" => array()); if($subtype == ""users"" || $subtype == ""both"") { $query = ""SELECT id, name FROM userprivtype""; $qh = doQuery($query, 365); while($row = mysql_fetch_assoc($qh)) { if($row[""name""] == ""block"" || $row[""name""] == ""cascade"") continue; $types[""users""][$row[""id""]] = $row[""name""]; } } if($subtype == ""resources"" || $subtype == ""both"") { $query = ""SELECT id, name FROM resourcetype""; $qh = doQuery($query, 366); while($row = mysql_fetch_assoc($qh)) { if($row[""name""] == ""block"" || $row[""name""] == ""cascade"") continue; $types[""resources""][$row[""id""]] = $row[""name""]; } } return $types; }",True,PHP,getTypes,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"$items['id'] = getUserGroupID($esc_name, $affilid); } } if($custom && array_key_exists('owner', $items)) { if(! validateUserid($items['owner'])) { return array('status' => 'error', 'errorcode' => 20, 'errormsg' => 'submitted owner is invalid'); } } if($custom && array_key_exists('managingGroup', $items)) { $parts = explode('@', $items['managingGroup']); if(count($parts) != 2) { return array('status' => 'error', 'errorcode' => 24, 'errormsg' => 'submitted managingGroup is invalid'); } $mgaffilid = getAffiliationID($parts[1]); if(is_null($mgaffilid) || ! checkForGroupName($parts[0], 'user', '', $mgaffilid)) { return array('status' => 'error', 'errorcode' => 25, 'errormsg' => 'submitted managingGroup does not exist'); } $items['managingGroupID'] = getUserGroupID($parts[0], $mgaffilid); $items['managingGroupName'] = $parts[0]; $items['managingGroupAffilid'] = $mgaffilid; } $items['status'] = 'success'; return $items; }" 527,foreach($return as $index => $value) { if(! is_string($value)) $return[$index] = $defaultvalue; elseif($addslashes) $return[$index] = addslashes($value); },True,PHP,foreach,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function getUserGroupID($name, $affilid=DEFAULT_AFFILID, $noadd=0) { $query = ""SELECT id "" . ""FROM usergroup "" . ""WHERE name = '$name' AND "" . ""affiliationid = $affilid""; $qh = doQuery($query, 300); if($row = mysql_fetch_row($qh)) return $row[0]; elseif($noadd) return NULL; $query = ""INSERT INTO usergroup "" . ""(name, "" . ""affiliationid, "" . ""custom, "" . ""courseroll) "" . ""VALUES "" . ""('$name', "" . ""$affilid, "" . ""0, "" . ""0)""; doQuery($query, 301); $qh = doQuery(""SELECT LAST_INSERT_ID() FROM usergroup"", 302); if(! $row = mysql_fetch_row($qh)) { abort(303); } return $row[0]; }" 528,foreach($return as $index => $value) { if(! is_string($value)) $return[$index] = $defaultvalue; elseif($addslashes) $return[$index] = addslashes($value); },True,PHP,foreach,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"$items['id'] = getUserGroupID($esc_name, $affilid); } } if($custom && array_key_exists('owner', $items)) { if(! validateUserid($items['owner'])) { return array('status' => 'error', 'errorcode' => 20, 'errormsg' => 'submitted owner is invalid'); } } if($custom && array_key_exists('managingGroup', $items)) { $parts = explode('@', $items['managingGroup']); if(count($parts) != 2) { return array('status' => 'error', 'errorcode' => 24, 'errormsg' => 'submitted managingGroup is invalid'); } $mgaffilid = getAffiliationID($parts[1]); if(is_null($mgaffilid) || ! checkForGroupName($parts[0], 'user', '', $mgaffilid)) { return array('status' => 'error', 'errorcode' => 25, 'errormsg' => 'submitted managingGroup does not exist'); } $items['managingGroupID'] = getUserGroupID($parts[0], $mgaffilid); $items['managingGroupName'] = $parts[0]; $items['managingGroupAffilid'] = $mgaffilid; } $items['status'] = 'success'; return $items; }" 531,"function getResourceGroupID($groupdname) { list($type, $name) = explode('/', $groupdname); $query = ""SELECT g.id "" . ""FROM resourcegroup g, "" . ""resourcetype t "" . ""WHERE g.name = '$name' AND "" . ""t.name = '$type' AND "" . ""g.resourcetypeid = t.id""; $qh = doQuery($query, 371); if($row = mysql_fetch_row($qh)) return $row[0]; else return NULL; }",True,PHP,getResourceGroupID,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"$items['id'] = getUserGroupID($esc_name, $affilid); } } if($custom && array_key_exists('owner', $items)) { if(! validateUserid($items['owner'])) { return array('status' => 'error', 'errorcode' => 20, 'errormsg' => 'submitted owner is invalid'); } } if($custom && array_key_exists('managingGroup', $items)) { $parts = explode('@', $items['managingGroup']); if(count($parts) != 2) { return array('status' => 'error', 'errorcode' => 24, 'errormsg' => 'submitted managingGroup is invalid'); } $mgaffilid = getAffiliationID($parts[1]); if(is_null($mgaffilid) || ! checkForGroupName($parts[0], 'user', '', $mgaffilid)) { return array('status' => 'error', 'errorcode' => 25, 'errormsg' => 'submitted managingGroup does not exist'); } $items['managingGroupID'] = getUserGroupID($parts[0], $mgaffilid); $items['managingGroupName'] = $parts[0]; $items['managingGroupAffilid'] = $mgaffilid; } $items['status'] = 'success'; return $items; }" 532,"function getResourceGroupID($groupdname) { list($type, $name) = explode('/', $groupdname); $query = ""SELECT g.id "" . ""FROM resourcegroup g, "" . ""resourcetype t "" . ""WHERE g.name = '$name' AND "" . ""t.name = '$type' AND "" . ""g.resourcetypeid = t.id""; $qh = doQuery($query, 371); if($row = mysql_fetch_row($qh)) return $row[0]; else return NULL; }",True,PHP,getResourceGroupID,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function getUserGroupID($name, $affilid=DEFAULT_AFFILID, $noadd=0) { $query = ""SELECT id "" . ""FROM usergroup "" . ""WHERE name = '$name' AND "" . ""affiliationid = $affilid""; $qh = doQuery($query, 300); if($row = mysql_fetch_row($qh)) return $row[0]; elseif($noadd) return NULL; $query = ""INSERT INTO usergroup "" . ""(name, "" . ""affiliationid, "" . ""custom, "" . ""courseroll) "" . ""VALUES "" . ""('$name', "" . ""$affilid, "" . ""0, "" . ""0)""; doQuery($query, 301); $qh = doQuery(""SELECT LAST_INSERT_ID() FROM usergroup"", 302); if(! $row = mysql_fetch_row($qh)) { abort(303); } return $row[0]; }" 537,"function xmlrpccall() { global $xmlrpc_handle, $HTTP_RAW_POST_DATA, $user; $xmlrpc_handle = xmlrpc_server_create(); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCtest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetImages"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddRequestWithEnding"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestStatus"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestConnectData"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCextendRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCsetRequestEnding"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCendRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestIds"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCblockAllocation"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCprocessBlockTime"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupAttributes"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCdeleteUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCeditUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupMembers"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUsersToGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUsersFromGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCautoCapture"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCdeployServer"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetNodes"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddNode"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveNode"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCnodeExists"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddResourceGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveResourceGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetResourceGroupPrivs"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUserGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUserGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupPrivs"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddResourceGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetResourceGroups"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveResourceGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroups"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddImageToGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveImageFromGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetGroupImages"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddImageGroupToComputerGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveImageGroupFromComputerGroup"", ""xmlRPChandler""); print xmlrpc_server_call_method($xmlrpc_handle, $HTTP_RAW_POST_DATA, ''); xmlrpc_server_destroy($xmlrpc_handle); semUnlock(); dbDisconnect(); exit; }",True,PHP,xmlrpccall,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function getUserGroupID($name, $affilid=DEFAULT_AFFILID, $noadd=0) { $query = ""SELECT id "" . ""FROM usergroup "" . ""WHERE name = '$name' AND "" . ""affiliationid = $affilid""; $qh = doQuery($query, 300); if($row = mysql_fetch_row($qh)) return $row[0]; elseif($noadd) return NULL; $query = ""INSERT INTO usergroup "" . ""(name, "" . ""affiliationid, "" . ""custom, "" . ""courseroll) "" . ""VALUES "" . ""('$name', "" . ""$affilid, "" . ""0, "" . ""0)""; doQuery($query, 301); $qh = doQuery(""SELECT LAST_INSERT_ID() FROM usergroup"", 302); if(! $row = mysql_fetch_row($qh)) { abort(303); } return $row[0]; }" 538,"function xmlrpccall() { global $xmlrpc_handle, $HTTP_RAW_POST_DATA, $user; $xmlrpc_handle = xmlrpc_server_create(); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCtest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetImages"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddRequestWithEnding"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestStatus"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestConnectData"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCextendRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCsetRequestEnding"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCendRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestIds"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCblockAllocation"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCprocessBlockTime"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupAttributes"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCdeleteUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCeditUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupMembers"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUsersToGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUsersFromGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCautoCapture"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCdeployServer"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetNodes"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddNode"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveNode"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCnodeExists"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddResourceGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveResourceGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetResourceGroupPrivs"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUserGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUserGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupPrivs"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddResourceGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetResourceGroups"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveResourceGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroups"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddImageToGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveImageFromGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetGroupImages"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddImageGroupToComputerGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveImageGroupFromComputerGroup"", ""xmlRPChandler""); print xmlrpc_server_call_method($xmlrpc_handle, $HTTP_RAW_POST_DATA, ''); xmlrpc_server_destroy($xmlrpc_handle); semUnlock(); dbDisconnect(); exit; }",True,PHP,xmlrpccall,utils.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function getResourceGroups($type='', $id='') { $return = array(); $query = ""SELECT g.id AS id, "" . ""g.name AS name, "" . ""t.name AS type, "" . ""g.ownerusergroupid AS ownerid, "" . ""CONCAT(u.name, '@', a.name) AS owner "" . ""FROM resourcegroup g, "" . ""resourcetype t, "" . ""usergroup u, "" . ""affiliation a "" . ""WHERE g.resourcetypeid = t.id AND "" . ""g.ownerusergroupid = u.id AND "" . ""u.affiliationid = a.id ""; if(! empty($type)) $query .= ""AND t.name = '$type' ""; if(! empty($id)) $query .= ""AND g.id = $id ""; $query .= ""ORDER BY t.name, g.name""; $qh = doQuery($query, 281); while($row = mysql_fetch_assoc($qh)) { if(empty($type)) $return[$row[""id""]][""name""] = $row[""type""] . ""/"" . $row[""name""]; else $return[$row[""id""]][""name""] = $row[""name""]; $return[$row[""id""]][""ownerid""] = $row[""ownerid""]; $return[$row[""id""]][""owner""] = $row[""owner""]; } return $return; }" 539,"function XMLRPCautoCapture($requestid) { global $user, $xmlrpcBlockAPIUsers; if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) { return array('status' => 'error', 'errorcode' => 47, 'errormsg' => 'access denied to XMLRPCautoCapture'); } $query = ""SELECT id FROM request WHERE id = $requestid""; $qh = doQuery($query, 101); if(! mysql_num_rows($qh)) { return array('status' => 'error', 'errorcode' => 52, 'errormsg' => 'specified request does not exist'); } $reqData = getRequestInfo($requestid); if($reqData['stateid'] != 14 || $reqData['laststateid'] != 8) { return array('status' => 'error', 'errorcode' => 51, 'errormsg' => 'reservation not in valid state'); } if(count($reqData['reservations']) > 1) { return array('status' => 'error', 'errorcode' => 48, 'errormsg' => 'cannot image a cluster reservation'); } require_once("".ht-inc/images.php""); $imageid = $reqData['reservations'][0]['imageid']; $imageData = getImages(0, $imageid); $captime = unixToDatetime(time()); $comments = ""start: {$reqData['start']}
    "" . ""end: {$reqData['end']}
    "" . ""computer: {$reqData['reservations'][0]['reservedIP']}
    "" . ""capture time: $captime""; if($imageData[$imageid]['installtype'] != 'kickstart' && $reqData['userid'] == $imageData[$imageid]['ownerid']) { $rc = updateExistingImage($requestid, $reqData['userid'], $comments, 1); if($rc == 0) { return array('status' => 'error', 'errorcode' => 49, 'errormsg' => 'error encountered while attempting to create new revision'); } } else { $ownerdata = getUserInfo($reqData['userid'], 1, 1); $desc = ""This is an autocaptured image.
    "" . ""captured from image: {$reqData['reservations'][0]['prettyimage']}
    "" . ""captured on: $captime
    "" . ""owner: {$ownerdata['unityid']}@{$ownerdata['affiliation']}
    ""; $connectmethods = getImageConnectMethods($imageid, $reqData['reservations'][0]['imagerevisionid']); $data = array('requestid' => $requestid, 'description' => $desc, 'usage' => '', 'owner' => ""{$ownerdata['unityid']}@{$ownerdata['affiliation']}"", 'prettyname' => ""Autocaptured ({$ownerdata['unityid']} - $requestid)"", 'minram' => 64, 'minprocnumber' => 1, 'minprocspeed' => 500, 'minnetwork' => 10, 'maxconcurrent' => '', 'checkuser' => 1, 'rootaccess' => 1, 'sysprep' => 1, 'comments' => $comments, 'connectmethodids' => implode(',', array_keys($connectmethods))); $rc = submitAddImage($data, 1); if($rc == 0) { return array('status' => 'error', 'errorcode' => 50, 'errormsg' => 'error encountered while attempting to create image'); } } return array('status' => 'success'); }",True,PHP,XMLRPCautoCapture,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function getResourceGroups($type='', $id='') { $return = array(); $query = ""SELECT g.id AS id, "" . ""g.name AS name, "" . ""t.name AS type, "" . ""g.ownerusergroupid AS ownerid, "" . ""CONCAT(u.name, '@', a.name) AS owner "" . ""FROM resourcegroup g, "" . ""resourcetype t, "" . ""usergroup u, "" . ""affiliation a "" . ""WHERE g.resourcetypeid = t.id AND "" . ""g.ownerusergroupid = u.id AND "" . ""u.affiliationid = a.id ""; if(! empty($type)) $query .= ""AND t.name = '$type' ""; if(! empty($id)) $query .= ""AND g.id = $id ""; $query .= ""ORDER BY t.name, g.name""; $qh = doQuery($query, 281); while($row = mysql_fetch_assoc($qh)) { if(empty($type)) $return[$row[""id""]][""name""] = $row[""type""] . ""/"" . $row[""name""]; else $return[$row[""id""]][""name""] = $row[""name""]; $return[$row[""id""]][""ownerid""] = $row[""ownerid""]; $return[$row[""id""]][""owner""] = $row[""owner""]; } return $return; }" 540,"function XMLRPCautoCapture($requestid) { global $user, $xmlrpcBlockAPIUsers; if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) { return array('status' => 'error', 'errorcode' => 47, 'errormsg' => 'access denied to XMLRPCautoCapture'); } $query = ""SELECT id FROM request WHERE id = $requestid""; $qh = doQuery($query, 101); if(! mysql_num_rows($qh)) { return array('status' => 'error', 'errorcode' => 52, 'errormsg' => 'specified request does not exist'); } $reqData = getRequestInfo($requestid); if($reqData['stateid'] != 14 || $reqData['laststateid'] != 8) { return array('status' => 'error', 'errorcode' => 51, 'errormsg' => 'reservation not in valid state'); } if(count($reqData['reservations']) > 1) { return array('status' => 'error', 'errorcode' => 48, 'errormsg' => 'cannot image a cluster reservation'); } require_once("".ht-inc/images.php""); $imageid = $reqData['reservations'][0]['imageid']; $imageData = getImages(0, $imageid); $captime = unixToDatetime(time()); $comments = ""start: {$reqData['start']}
    "" . ""end: {$reqData['end']}
    "" . ""computer: {$reqData['reservations'][0]['reservedIP']}
    "" . ""capture time: $captime""; if($imageData[$imageid]['installtype'] != 'kickstart' && $reqData['userid'] == $imageData[$imageid]['ownerid']) { $rc = updateExistingImage($requestid, $reqData['userid'], $comments, 1); if($rc == 0) { return array('status' => 'error', 'errorcode' => 49, 'errormsg' => 'error encountered while attempting to create new revision'); } } else { $ownerdata = getUserInfo($reqData['userid'], 1, 1); $desc = ""This is an autocaptured image.
    "" . ""captured from image: {$reqData['reservations'][0]['prettyimage']}
    "" . ""captured on: $captime
    "" . ""owner: {$ownerdata['unityid']}@{$ownerdata['affiliation']}
    ""; $connectmethods = getImageConnectMethods($imageid, $reqData['reservations'][0]['imagerevisionid']); $data = array('requestid' => $requestid, 'description' => $desc, 'usage' => '', 'owner' => ""{$ownerdata['unityid']}@{$ownerdata['affiliation']}"", 'prettyname' => ""Autocaptured ({$ownerdata['unityid']} - $requestid)"", 'minram' => 64, 'minprocnumber' => 1, 'minprocspeed' => 500, 'minnetwork' => 10, 'maxconcurrent' => '', 'checkuser' => 1, 'rootaccess' => 1, 'sysprep' => 1, 'comments' => $comments, 'connectmethodids' => implode(',', array_keys($connectmethods))); $rc = submitAddImage($data, 1); if($rc == 0) { return array('status' => 'error', 'errorcode' => 50, 'errormsg' => 'error encountered while attempting to create image'); } } return array('status' => 'success'); }",True,PHP,XMLRPCautoCapture,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function getResourceGroups($type='', $id='') { $return = array(); $query = ""SELECT g.id AS id, "" . ""g.name AS name, "" . ""t.name AS type, "" . ""g.ownerusergroupid AS ownerid, "" . ""CONCAT(u.name, '@', a.name) AS owner "" . ""FROM resourcegroup g, "" . ""resourcetype t, "" . ""usergroup u, "" . ""affiliation a "" . ""WHERE g.resourcetypeid = t.id AND "" . ""g.ownerusergroupid = u.id AND "" . ""u.affiliationid = a.id ""; if(! empty($type)) $query .= ""AND t.name = '$type' ""; if(! empty($id)) $query .= ""AND g.id = $id ""; $query .= ""ORDER BY t.name, g.name""; $qh = doQuery($query, 281); while($row = mysql_fetch_assoc($qh)) { if(empty($type)) $return[$row[""id""]][""name""] = $row[""type""] . ""/"" . $row[""name""]; else $return[$row[""id""]][""name""] = $row[""name""]; $return[$row[""id""]][""ownerid""] = $row[""ownerid""]; $return[$row[""id""]][""owner""] = $row[""owner""]; } return $return; }" 549,"function XMLRPCblockAllocation($imageid, $start, $end, $numMachines, $usergroupid, $ignoreprivileges=0) { global $user, $xmlrpcBlockAPIUsers; if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) { return array('status' => 'error', 'errorcode' => 34, 'errormsg' => 'access denied for managing block allocations'); } $ownerid = getUserlistID('vclreload@Local'); $name = ""API:$start""; $managementnodes = getManagementNodes('future'); if(empty($managementnodes)) { return array('status' => 'error', 'errorcode' => 12, 'errormsg' => 'could not allocate a management node to handle block allocation'); } $mnid = array_rand($managementnodes); $query = ""INSERT INTO blockRequest "" . ""(name, "" . ""imageid, "" . ""numMachines, "" . ""groupid, "" . ""repeating, "" . ""ownerid, "" . ""admingroupid, "" . ""managementnodeid, "" . ""expireTime, "" . ""status) "" . ""VALUES "" . ""('$name', "" . ""$imageid, "" . ""$numMachines, "" . ""$usergroupid, "" . ""'list', "" . ""$ownerid, "" . ""0, "" . ""$mnid, "" . ""'$end', "" . ""'accepted')""; doQuery($query, 101); $brid = dbLastInsertID(); $query = ""INSERT INTO blockTimes "" . ""(blockRequestid, "" . ""start, "" . ""end) "" . ""VALUES "" . ""($brid, "" . ""'$start', "" . ""'$end')""; doQuery($query, 101); $btid = dbLastInsertID(); $return = XMLRPCprocessBlockTime($btid, $ignoreprivileges); $return['blockTimesid'] = $btid; return $return; }",True,PHP,XMLRPCblockAllocation,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function getResourceGroups($type='', $id='') { $return = array(); $query = ""SELECT g.id AS id, "" . ""g.name AS name, "" . ""t.name AS type, "" . ""g.ownerusergroupid AS ownerid, "" . ""CONCAT(u.name, '@', a.name) AS owner "" . ""FROM resourcegroup g, "" . ""resourcetype t, "" . ""usergroup u, "" . ""affiliation a "" . ""WHERE g.resourcetypeid = t.id AND "" . ""g.ownerusergroupid = u.id AND "" . ""u.affiliationid = a.id ""; if(! empty($type)) $query .= ""AND t.name = '$type' ""; if(! empty($id)) $query .= ""AND g.id = $id ""; $query .= ""ORDER BY t.name, g.name""; $qh = doQuery($query, 281); while($row = mysql_fetch_assoc($qh)) { if(empty($type)) $return[$row[""id""]][""name""] = $row[""type""] . ""/"" . $row[""name""]; else $return[$row[""id""]][""name""] = $row[""name""]; $return[$row[""id""]][""ownerid""] = $row[""ownerid""]; $return[$row[""id""]][""owner""] = $row[""owner""]; } return $return; }" 550,"function XMLRPCblockAllocation($imageid, $start, $end, $numMachines, $usergroupid, $ignoreprivileges=0) { global $user, $xmlrpcBlockAPIUsers; if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) { return array('status' => 'error', 'errorcode' => 34, 'errormsg' => 'access denied for managing block allocations'); } $ownerid = getUserlistID('vclreload@Local'); $name = ""API:$start""; $managementnodes = getManagementNodes('future'); if(empty($managementnodes)) { return array('status' => 'error', 'errorcode' => 12, 'errormsg' => 'could not allocate a management node to handle block allocation'); } $mnid = array_rand($managementnodes); $query = ""INSERT INTO blockRequest "" . ""(name, "" . ""imageid, "" . ""numMachines, "" . ""groupid, "" . ""repeating, "" . ""ownerid, "" . ""admingroupid, "" . ""managementnodeid, "" . ""expireTime, "" . ""status) "" . ""VALUES "" . ""('$name', "" . ""$imageid, "" . ""$numMachines, "" . ""$usergroupid, "" . ""'list', "" . ""$ownerid, "" . ""0, "" . ""$mnid, "" . ""'$end', "" . ""'accepted')""; doQuery($query, 101); $brid = dbLastInsertID(); $query = ""INSERT INTO blockTimes "" . ""(blockRequestid, "" . ""start, "" . ""end) "" . ""VALUES "" . ""($brid, "" . ""'$start', "" . ""'$end')""; doQuery($query, 101); $btid = dbLastInsertID(); $return = XMLRPCprocessBlockTime($btid, $ignoreprivileges); $return['blockTimesid'] = $btid; return $return; }",True,PHP,XMLRPCblockAllocation,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"$return[$index] = strip_tags($value); if($return[$index] == 'zero') $return[$index] = '0'; } } elseif($type == ARG_MULTISTRING) { foreach($return as $index => $value) { $return[$index] = strip_tags($value); } } else $return = strip_tags($return); if(! empty($return) && $type == ARG_NUMERIC) { if(! is_numeric($return)) { return preg_replace('([^\d])', '', $return); } } elseif(! empty($return) && $type == ARG_STRING) { if(! is_string($return)) $return = $defaultvalue; } elseif(! empty($return) && $type == ARG_MULTINUMERIC) { foreach($return as $index => $value) { if(! is_numeric($value)) { $return[$index] = preg_replace('([^\d])', '', $value); } } return $return; } elseif(! empty($return) && $type == ARG_MULTISTRING) { foreach($return as $index => $value) { if(! is_string($value)) $return[$index] = $defaultvalue; elseif($addslashes) $return[$index] = mysql_real_escape_string($value); } return $return; } if(is_string($return)) { if(strlen($return) == 0) $return = $defaultvalue; elseif($addslashes) $return = mysql_real_escape_string($return); } return $return; }" 551,"function XMLRPCaddImageToGroup($name, $imageid){ $groups = getUserResources(array(""imageAdmin""), array(""manageGroup""), 1); if($groupid = getResourceGroupID(""image/$name"")){ if(!array_key_exists($groupid, $groups['image'])){ return array('status' => 'error', 'errorcode' => 46, 'errormsg' => 'Unable to access image group'); } $resources = getUserResources(array(""imageAdmin""), array(""manageGroup"")); if(!array_key_exists($imageid, $resources['image'])){ return array('status' => 'error', 'errorcode' => 47, 'errormsg' => 'Unable to access image'); } $allimages = getImages(); $query = ""INSERT IGNORE INTO resourcegroupmembers "" . ""(resourceid, resourcegroupid) VALUES "" . ""({$allimages[$imageid]['resourceid']}, $groupid)""; doQuery($query, 287); return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }",True,PHP,XMLRPCaddImageToGroup,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"$return[$index] = strip_tags($value); if($return[$index] == 'zero') $return[$index] = '0'; } } elseif($type == ARG_MULTISTRING) { foreach($return as $index => $value) { $return[$index] = strip_tags($value); } } else $return = strip_tags($return); if(! empty($return) && $type == ARG_NUMERIC) { if(! is_numeric($return)) { return preg_replace('([^\d])', '', $return); } } elseif(! empty($return) && $type == ARG_STRING) { if(! is_string($return)) $return = $defaultvalue; } elseif(! empty($return) && $type == ARG_MULTINUMERIC) { foreach($return as $index => $value) { if(! is_numeric($value)) { $return[$index] = preg_replace('([^\d])', '', $value); } } return $return; } elseif(! empty($return) && $type == ARG_MULTISTRING) { foreach($return as $index => $value) { if(! is_string($value)) $return[$index] = $defaultvalue; elseif($addslashes) $return[$index] = mysql_real_escape_string($value); } return $return; } if(is_string($return)) { if(strlen($return) == 0) $return = $defaultvalue; elseif($addslashes) $return = mysql_real_escape_string($return); } return $return; }" 552,"function XMLRPCaddImageToGroup($name, $imageid){ $groups = getUserResources(array(""imageAdmin""), array(""manageGroup""), 1); if($groupid = getResourceGroupID(""image/$name"")){ if(!array_key_exists($groupid, $groups['image'])){ return array('status' => 'error', 'errorcode' => 46, 'errormsg' => 'Unable to access image group'); } $resources = getUserResources(array(""imageAdmin""), array(""manageGroup"")); if(!array_key_exists($imageid, $resources['image'])){ return array('status' => 'error', 'errorcode' => 47, 'errormsg' => 'Unable to access image'); } $allimages = getImages(); $query = ""INSERT IGNORE INTO resourcegroupmembers "" . ""(resourceid, resourcegroupid) VALUES "" . ""({$allimages[$imageid]['resourceid']}, $groupid)""; doQuery($query, 287); return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }",True,PHP,XMLRPCaddImageToGroup,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"$return[$index] = strip_tags($value); if($return[$index] == 'zero') $return[$index] = '0'; } } elseif($type == ARG_MULTISTRING) { foreach($return as $index => $value) { $return[$index] = strip_tags($value); } } else $return = strip_tags($return); if(! empty($return) && $type == ARG_NUMERIC) { if(! is_numeric($return)) { return preg_replace('([^\d])', '', $return); } } elseif(! empty($return) && $type == ARG_STRING) { if(! is_string($return)) $return = $defaultvalue; } elseif(! empty($return) && $type == ARG_MULTINUMERIC) { foreach($return as $index => $value) { if(! is_numeric($value)) { $return[$index] = preg_replace('([^\d])', '', $value); } } return $return; } elseif(! empty($return) && $type == ARG_MULTISTRING) { foreach($return as $index => $value) { if(! is_string($value)) $return[$index] = $defaultvalue; elseif($addslashes) $return[$index] = mysql_real_escape_string($value); } return $return; } if(is_string($return)) { if(strlen($return) == 0) $return = $defaultvalue; elseif($addslashes) $return = mysql_real_escape_string($return); } return $return; }" 555,"function XMLRPCaddImageGroupToComputerGroup($imageGroup, $computerGroup){ $imageid = getResourceGroupID(""image/$imageGroup""); $compid = getResourceGroupID(""computer/$computerGroup""); if($imageid && $compid){ $tmp = getUserResources(array(""imageAdmin""), array(""manageMapping""), 1); $imagegroups = $tmp['image']; $tmp = getUserResources(array(""computerAdmin""), array(""manageMapping""), 1); $computergroups = $tmp['computer']; if(array_key_exists($compid, $computergroups) && array_key_exists($imageid, $imagegroups)){ $mapping = getResourceMapping(""image"", ""computer"", $imageid, $compid); if(!array_key_exists($imageid, $mapping) || !array_key_exists($compid, $mapping[$imageid])){ $query = ""INSERT INTO resourcemap "" . ""(resourcegroupid1, "" . ""resourcetypeid1, "" . ""resourcegroupid2, "" . ""resourcetypeid2) "" . ""VALUES ($imageid, "" . ""13, "" . ""$compid, "" . ""12)""; doQuery($query, 101); } return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 84, 'errormsg' => 'cannot access computer and/or image group'); } } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }",True,PHP,XMLRPCaddImageGroupToComputerGroup,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"$return[$index] = strip_tags($value); if($return[$index] == 'zero') $return[$index] = '0'; } } elseif($type == ARG_MULTISTRING) { foreach($return as $index => $value) { $return[$index] = strip_tags($value); } } else $return = strip_tags($return); if(! empty($return) && $type == ARG_NUMERIC) { if(! is_numeric($return)) { return preg_replace('([^\d])', '', $return); } } elseif(! empty($return) && $type == ARG_STRING) { if(! is_string($return)) $return = $defaultvalue; } elseif(! empty($return) && $type == ARG_MULTINUMERIC) { foreach($return as $index => $value) { if(! is_numeric($value)) { $return[$index] = preg_replace('([^\d])', '', $value); } } return $return; } elseif(! empty($return) && $type == ARG_MULTISTRING) { foreach($return as $index => $value) { if(! is_string($value)) $return[$index] = $defaultvalue; elseif($addslashes) $return[$index] = mysql_real_escape_string($value); } return $return; } if(is_string($return)) { if(strlen($return) == 0) $return = $defaultvalue; elseif($addslashes) $return = mysql_real_escape_string($return); } return $return; }" 556,"function XMLRPCaddImageGroupToComputerGroup($imageGroup, $computerGroup){ $imageid = getResourceGroupID(""image/$imageGroup""); $compid = getResourceGroupID(""computer/$computerGroup""); if($imageid && $compid){ $tmp = getUserResources(array(""imageAdmin""), array(""manageMapping""), 1); $imagegroups = $tmp['image']; $tmp = getUserResources(array(""computerAdmin""), array(""manageMapping""), 1); $computergroups = $tmp['computer']; if(array_key_exists($compid, $computergroups) && array_key_exists($imageid, $imagegroups)){ $mapping = getResourceMapping(""image"", ""computer"", $imageid, $compid); if(!array_key_exists($imageid, $mapping) || !array_key_exists($compid, $mapping[$imageid])){ $query = ""INSERT INTO resourcemap "" . ""(resourcegroupid1, "" . ""resourcetypeid1, "" . ""resourcegroupid2, "" . ""resourcetypeid2) "" . ""VALUES ($imageid, "" . ""13, "" . ""$compid, "" . ""12)""; doQuery($query, 101); } return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 84, 'errormsg' => 'cannot access computer and/or image group'); } } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }",True,PHP,XMLRPCaddImageGroupToComputerGroup,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function getTypes($subtype=""both"") { $types = array(""users"" => array(), ""resources"" => array()); if($subtype == ""users"" || $subtype == ""both"") { $query = ""SELECT id, name FROM userprivtype""; $qh = doQuery($query, 365); while($row = mysql_fetch_assoc($qh)) { if($row[""name""] == ""block"" || $row[""name""] == ""cascade"") continue; $types[""users""][$row[""id""]] = $row[""name""]; } } if($subtype == ""resources"" || $subtype == ""both"") { $query = ""SELECT id, name FROM resourcetype""; $qh = doQuery($query, 366); while($row = mysql_fetch_assoc($qh)) $types[""resources""][$row[""id""]] = $row[""name""]; } return $types; }" 565,"function XMLRPCremoveResourceGroupPriv($name, $type, $nodeid, $permissions){ require_once("".ht-inc/privileges.php""); global $user; if(! checkUserHasPriv(""resourceGrant"", $user['id'], $nodeid)){ return array('status' => 'error', 'errorcode' => 53, 'errormsg' => 'Unable to remove group privileges on this node'); } if($typeid = getResourceTypeID($type)){ if(!checkForGroupName($name, 'resource', '', $typeid)){ return array('status' => 'error', 'errorcode' => 28, 'errormsg' => 'resource group does not exist'); } $perms = explode(':', $permissions); updateResourcePrivs(""$type/$name"", $nodeid, array(), $perms); return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 56, 'errormsg' => 'Invalid resource type'); } }",True,PHP,XMLRPCremoveResourceGroupPriv,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function getTypes($subtype=""both"") { $types = array(""users"" => array(), ""resources"" => array()); if($subtype == ""users"" || $subtype == ""both"") { $query = ""SELECT id, name FROM userprivtype""; $qh = doQuery($query, 365); while($row = mysql_fetch_assoc($qh)) { if($row[""name""] == ""block"" || $row[""name""] == ""cascade"") continue; $types[""users""][$row[""id""]] = $row[""name""]; } } if($subtype == ""resources"" || $subtype == ""both"") { $query = ""SELECT id, name FROM resourcetype""; $qh = doQuery($query, 366); while($row = mysql_fetch_assoc($qh)) $types[""resources""][$row[""id""]] = $row[""name""]; } return $types; }" 566,"function XMLRPCremoveResourceGroupPriv($name, $type, $nodeid, $permissions){ require_once("".ht-inc/privileges.php""); global $user; if(! checkUserHasPriv(""resourceGrant"", $user['id'], $nodeid)){ return array('status' => 'error', 'errorcode' => 53, 'errormsg' => 'Unable to remove group privileges on this node'); } if($typeid = getResourceTypeID($type)){ if(!checkForGroupName($name, 'resource', '', $typeid)){ return array('status' => 'error', 'errorcode' => 28, 'errormsg' => 'resource group does not exist'); } $perms = explode(':', $permissions); updateResourcePrivs(""$type/$name"", $nodeid, array(), $perms); return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 56, 'errormsg' => 'Invalid resource type'); } }",True,PHP,XMLRPCremoveResourceGroupPriv,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function printXMLRPCerror($errcode) { global $XMLRPCERRORS; print ""\n""; print ""\n""; print ""\n""; print "" \n""; print "" \n""; print "" \n""; print "" faultString\n""; print "" \n""; print "" {$XMLRPCERRORS[$errcode]}\n""; print "" \n""; print "" \n""; print "" \n""; print "" faultCode\n""; print "" \n""; print "" $errcode\n""; print "" \n""; print "" \n""; print "" \n""; print "" \n""; print ""\n""; print ""\n""; }" 567,"function XMLRPCendRequest($requestid) { global $user; $requestid = processInputData($requestid, ARG_NUMERIC); $userRequests = getUserRequests('all', $user['id']); $found = 0; foreach($userRequests as $req) { if($req['id'] == $requestid) { $request = getRequestInfo($requestid); $found = 1; break; } } if(! $found) return array('status' => 'error', 'errorcode' => 1, 'errormsg' => 'unknown requestid'); deleteRequest($request); return array('status' => 'success'); }",True,PHP,XMLRPCendRequest,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function printXMLRPCerror($errcode) { global $XMLRPCERRORS; print ""\n""; print ""\n""; print ""\n""; print "" \n""; print "" \n""; print "" \n""; print "" faultString\n""; print "" \n""; print "" {$XMLRPCERRORS[$errcode]}\n""; print "" \n""; print "" \n""; print "" \n""; print "" faultCode\n""; print "" \n""; print "" $errcode\n""; print "" \n""; print "" \n""; print "" \n""; print "" \n""; print ""\n""; print ""\n""; }" 568,"function XMLRPCendRequest($requestid) { global $user; $requestid = processInputData($requestid, ARG_NUMERIC); $userRequests = getUserRequests('all', $user['id']); $found = 0; foreach($userRequests as $req) { if($req['id'] == $requestid) { $request = getRequestInfo($requestid); $found = 1; break; } } if(! $found) return array('status' => 'error', 'errorcode' => 1, 'errormsg' => 'unknown requestid'); deleteRequest($request); return array('status' => 'success'); }",True,PHP,XMLRPCendRequest,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function printXMLRPCerror($errcode) { global $XMLRPCERRORS; print ""\n""; print ""\n""; print ""\n""; print "" \n""; print "" \n""; print "" \n""; print "" faultString\n""; print "" \n""; print "" {$XMLRPCERRORS[$errcode]}\n""; print "" \n""; print "" \n""; print "" \n""; print "" faultCode\n""; print "" \n""; print "" $errcode\n""; print "" \n""; print "" \n""; print "" \n""; print "" \n""; print ""\n""; print ""\n""; }" 581,"array_push($newgroupprivs, $type); } if(empty($newgroupprivs) || (count($newgroupprivs) == 1 && in_array(""cascade"", $newgroupprivs))) { return array('status' => 'error', 'errorcode' => 53, 'errormsg' => 'Invalid or missing permissions list supplied'); } updateUserOrGroupPrivs($groupid, $nodeid, $newgroupprivs, array(), ""group""); return array('status' => 'success'); }",True,PHP,array_push,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function printXMLRPCerror($errcode) { global $XMLRPCERRORS; print ""\n""; print ""\n""; print ""\n""; print "" \n""; print "" \n""; print "" \n""; print "" faultString\n""; print "" \n""; print "" {$XMLRPCERRORS[$errcode]}\n""; print "" \n""; print "" \n""; print "" \n""; print "" faultCode\n""; print "" \n""; print "" $errcode\n""; print "" \n""; print "" \n""; print "" \n""; print "" \n""; print ""\n""; print ""\n""; }" 582,"array_push($newgroupprivs, $type); } if(empty($newgroupprivs) || (count($newgroupprivs) == 1 && in_array(""cascade"", $newgroupprivs))) { return array('status' => 'error', 'errorcode' => 53, 'errormsg' => 'Invalid or missing permissions list supplied'); } updateUserOrGroupPrivs($groupid, $nodeid, $newgroupprivs, array(), ""group""); return array('status' => 'success'); }",True,PHP,array_push,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,foreach($return as $index => $value) { if(! is_string($value)) $return[$index] = $defaultvalue; elseif($addslashes) $return[$index] = mysql_real_escape_string($value); } 585,"function XMLRPCremoveNode($nodeID){ require_once("".ht-inc/privileges.php""); global $user; if(!in_array(""nodeAdmin"", $user['privileges'])){ return array( 'status' => 'error', 'errorcode' => 56, 'errormsg' => 'User cannot administer nodes'); } if(!checkUserHasPriv(""nodeAdmin"", $user['id'], $nodeID)){ return array( 'status' => 'error', 'errorcode' => 57, 'errormsg' => 'User cannot edit this node'); } $nodes = recurseGetChildren($nodeID); array_push($nodes, $nodeID); $deleteNodes = implode(',', $nodes); $query = ""DELETE FROM privnode "" . ""WHERE id IN ($deleteNodes)""; doQuery($query, 345); return array( 'status' => 'success'); }",True,PHP,XMLRPCremoveNode,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,foreach($return as $index => $value) { if(! is_string($value)) $return[$index] = $defaultvalue; elseif($addslashes) $return[$index] = mysql_real_escape_string($value); } 586,"function XMLRPCremoveNode($nodeID){ require_once("".ht-inc/privileges.php""); global $user; if(!in_array(""nodeAdmin"", $user['privileges'])){ return array( 'status' => 'error', 'errorcode' => 56, 'errormsg' => 'User cannot administer nodes'); } if(!checkUserHasPriv(""nodeAdmin"", $user['id'], $nodeID)){ return array( 'status' => 'error', 'errorcode' => 57, 'errormsg' => 'User cannot edit this node'); } $nodes = recurseGetChildren($nodeID); array_push($nodes, $nodeID); $deleteNodes = implode(',', $nodes); $query = ""DELETE FROM privnode "" . ""WHERE id IN ($deleteNodes)""; doQuery($query, 345); return array( 'status' => 'success'); }",True,PHP,XMLRPCremoveNode,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,foreach($return as $index => $value) { if(! is_string($value)) $return[$index] = $defaultvalue; elseif($addslashes) $return[$index] = mysql_real_escape_string($value); } 607,"function XMLRPCtest($string) { $string = processInputData($string, ARG_STRING); return array('status' => 'success', 'message' => 'RPC call worked successfully', 'string' => $string); }",True,PHP,XMLRPCtest,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,foreach($return as $index => $value) { if(! is_string($value)) $return[$index] = $defaultvalue; elseif($addslashes) $return[$index] = mysql_real_escape_string($value); } 608,"function XMLRPCtest($string) { $string = processInputData($string, ARG_STRING); return array('status' => 'success', 'message' => 'RPC call worked successfully', 'string' => $string); }",True,PHP,XMLRPCtest,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function getResourceGroupID($groupname) { list($type, $name) = explode('/', $groupname); $type = mysql_real_escape_string($type); $name = mysql_real_escape_string($name); $query = ""SELECT g.id "" . ""FROM resourcegroup g, "" . ""resourcetype t "" . ""WHERE g.name = '$name' AND "" . ""t.name = '$type' AND "" . ""g.resourcetypeid = t.id""; $qh = doQuery($query, 371); if($row = mysql_fetch_row($qh)) return $row[0]; else return NULL; }" 609,"function XMLRPCgetUserGroupPrivs($name, $affiliation, $nodeid){ require_once("".ht-inc/privileges.php""); global $user; if(! checkUserHasPriv(""userGrant"", $user['id'], $nodeid)){ return array('status' => 'error', 'errorcode' => 53, 'errormsg' => 'Unable to add resource group to this node'); } $validate = array('name' => $name, 'affiliation' => $affiliation); $rc = validateAPIgroupInput($validate, 1); if($rc['status'] == 'error') return $rc; $privileges = array(); $nodePrivileges = getNodePrivileges($nodeid, 'usergroups'); $cascadedNodePrivileges = getNodeCascadePrivileges($nodeid, 'usergroups'); $cngp = $cascadedNodePrivileges['usergroups']; $ngp = $nodePrivileges['usergroups']; if(array_key_exists($name, $cngp)){ foreach($cngp[$name]['privs'] as $p){ if(! array_key_exists($name, $ngp) || ! in_array(""block"", $ngp[$name]['privs'])){ array_push($privileges, $p); } } } if(array_key_exists($name, $ngp)){ foreach($ngp[$name]['privs'] as $p){ if($p != ""block""){ array_push($privileges, $p); } } } return array( 'status' => 'success', 'privileges' => array_unique($privileges)); }",True,PHP,XMLRPCgetUserGroupPrivs,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function getResourceGroupID($groupname) { list($type, $name) = explode('/', $groupname); $type = mysql_real_escape_string($type); $name = mysql_real_escape_string($name); $query = ""SELECT g.id "" . ""FROM resourcegroup g, "" . ""resourcetype t "" . ""WHERE g.name = '$name' AND "" . ""t.name = '$type' AND "" . ""g.resourcetypeid = t.id""; $qh = doQuery($query, 371); if($row = mysql_fetch_row($qh)) return $row[0]; else return NULL; }" 610,"function XMLRPCgetUserGroupPrivs($name, $affiliation, $nodeid){ require_once("".ht-inc/privileges.php""); global $user; if(! checkUserHasPriv(""userGrant"", $user['id'], $nodeid)){ return array('status' => 'error', 'errorcode' => 53, 'errormsg' => 'Unable to add resource group to this node'); } $validate = array('name' => $name, 'affiliation' => $affiliation); $rc = validateAPIgroupInput($validate, 1); if($rc['status'] == 'error') return $rc; $privileges = array(); $nodePrivileges = getNodePrivileges($nodeid, 'usergroups'); $cascadedNodePrivileges = getNodeCascadePrivileges($nodeid, 'usergroups'); $cngp = $cascadedNodePrivileges['usergroups']; $ngp = $nodePrivileges['usergroups']; if(array_key_exists($name, $cngp)){ foreach($cngp[$name]['privs'] as $p){ if(! array_key_exists($name, $ngp) || ! in_array(""block"", $ngp[$name]['privs'])){ array_push($privileges, $p); } } } if(array_key_exists($name, $ngp)){ foreach($ngp[$name]['privs'] as $p){ if($p != ""block""){ array_push($privileges, $p); } } } return array( 'status' => 'success', 'privileges' => array_unique($privileges)); }",True,PHP,XMLRPCgetUserGroupPrivs,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function getResourceGroupID($groupname) { list($type, $name) = explode('/', $groupname); $type = mysql_real_escape_string($type); $name = mysql_real_escape_string($name); $query = ""SELECT g.id "" . ""FROM resourcegroup g, "" . ""resourcetype t "" . ""WHERE g.name = '$name' AND "" . ""t.name = '$type' AND "" . ""g.resourcetypeid = t.id""; $qh = doQuery($query, 371); if($row = mysql_fetch_row($qh)) return $row[0]; else return NULL; }" 613,"function XMLRPCremoveImageFromGroup($name, $imageid){ $groups = getUserResources(array(""imageAdmin""), array(""manageGroup""), 1); if($groupid = getResourceGroupID(""image/$name"")){ if(!array_key_exists($groupid, $groups['image'])){ return array('status' => 'error', 'errorcode' => 46, 'errormsg' => 'Unable to access image group'); } $resources = getUserResources(array(""imageAdmin""), array(""manageGroup"")); if(!array_key_exists($imageid, $resources['image'])){ return array('status' => 'error', 'errorcode' => 47, 'errormsg' => 'Unable to access image'); } $allimages = getImages(); $query = ""DELETE FROM resourcegroupmembers "" . ""WHERE resourceid={$allimages[$imageid]['resourceid']} "" . ""AND resourcegroupid=$groupid""; doQuery($query, 287); return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }",True,PHP,XMLRPCremoveImageFromGroup,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function getResourceGroupID($groupname) { list($type, $name) = explode('/', $groupname); $type = mysql_real_escape_string($type); $name = mysql_real_escape_string($name); $query = ""SELECT g.id "" . ""FROM resourcegroup g, "" . ""resourcetype t "" . ""WHERE g.name = '$name' AND "" . ""t.name = '$type' AND "" . ""g.resourcetypeid = t.id""; $qh = doQuery($query, 371); if($row = mysql_fetch_row($qh)) return $row[0]; else return NULL; }" 614,"function XMLRPCremoveImageFromGroup($name, $imageid){ $groups = getUserResources(array(""imageAdmin""), array(""manageGroup""), 1); if($groupid = getResourceGroupID(""image/$name"")){ if(!array_key_exists($groupid, $groups['image'])){ return array('status' => 'error', 'errorcode' => 46, 'errormsg' => 'Unable to access image group'); } $resources = getUserResources(array(""imageAdmin""), array(""manageGroup"")); if(!array_key_exists($imageid, $resources['image'])){ return array('status' => 'error', 'errorcode' => 47, 'errormsg' => 'Unable to access image'); } $allimages = getImages(); $query = ""DELETE FROM resourcegroupmembers "" . ""WHERE resourceid={$allimages[$imageid]['resourceid']} "" . ""AND resourcegroupid=$groupid""; doQuery($query, 287); return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }",True,PHP,XMLRPCremoveImageFromGroup,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function xmlrpccall() { global $xmlrpc_handle, $HTTP_RAW_POST_DATA, $user; $xmlrpc_handle = xmlrpc_server_create(); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCtest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetImages"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddRequestWithEnding"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestStatus"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestConnectData"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCextendRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCsetRequestEnding"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCendRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestIds"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCblockAllocation"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCprocessBlockTime"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupAttributes"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCdeleteUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCeditUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupMembers"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUsersToGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUsersFromGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCautoCapture"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCdeployServer"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetNodes"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddNode"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveNode"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCnodeExists"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddResourceGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveResourceGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetResourceGroupPrivs"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUserGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUserGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupPrivs"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddResourceGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetResourceGroups"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveResourceGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroups"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddImageToGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveImageFromGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetGroupImages"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddImageGroupToComputerGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveImageGroupFromComputerGroup"", ""xmlRPChandler""); print xmlrpc_server_call_method($xmlrpc_handle, $HTTP_RAW_POST_DATA, ''); xmlrpc_server_destroy($xmlrpc_handle); semUnlock(); dbDisconnect(); exit; }" 615,"function XMLRPCaddResourceGroupPriv($name, $type, $nodeid, $permissions){ require_once("".ht-inc/privileges.php""); global $user; if(! checkUserHasPriv(""resourceGrant"", $user['id'], $nodeid)){ return array('status' => 'error', 'errorcode' => 53, 'errormsg' => 'Unable to add resource group to this node'); } if($typeid = getResourceTypeID($type)){ if(!checkForGroupName($name, 'resource', '', $typeid)){ return array('status' => 'error', 'errorcode' => 28, 'errormsg' => 'resource group does not exist'); } $perms = explode(':', $permissions); updateResourcePrivs(""$type/$name"", $nodeid, $perms, array()); return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 56, 'errormsg' => 'Invalid resource type'); } }",True,PHP,XMLRPCaddResourceGroupPriv,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function xmlrpccall() { global $xmlrpc_handle, $HTTP_RAW_POST_DATA, $user; $xmlrpc_handle = xmlrpc_server_create(); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCtest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetImages"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddRequestWithEnding"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestStatus"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestConnectData"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCextendRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCsetRequestEnding"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCendRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestIds"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCblockAllocation"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCprocessBlockTime"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupAttributes"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCdeleteUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCeditUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupMembers"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUsersToGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUsersFromGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCautoCapture"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCdeployServer"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetNodes"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddNode"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveNode"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCnodeExists"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddResourceGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveResourceGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetResourceGroupPrivs"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUserGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUserGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupPrivs"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddResourceGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetResourceGroups"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveResourceGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroups"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddImageToGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveImageFromGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetGroupImages"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddImageGroupToComputerGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveImageGroupFromComputerGroup"", ""xmlRPChandler""); print xmlrpc_server_call_method($xmlrpc_handle, $HTTP_RAW_POST_DATA, ''); xmlrpc_server_destroy($xmlrpc_handle); semUnlock(); dbDisconnect(); exit; }" 616,"function XMLRPCaddResourceGroupPriv($name, $type, $nodeid, $permissions){ require_once("".ht-inc/privileges.php""); global $user; if(! checkUserHasPriv(""resourceGrant"", $user['id'], $nodeid)){ return array('status' => 'error', 'errorcode' => 53, 'errormsg' => 'Unable to add resource group to this node'); } if($typeid = getResourceTypeID($type)){ if(!checkForGroupName($name, 'resource', '', $typeid)){ return array('status' => 'error', 'errorcode' => 28, 'errormsg' => 'resource group does not exist'); } $perms = explode(':', $permissions); updateResourcePrivs(""$type/$name"", $nodeid, $perms, array()); return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 56, 'errormsg' => 'Invalid resource type'); } }",True,PHP,XMLRPCaddResourceGroupPriv,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function xmlrpccall() { global $xmlrpc_handle, $HTTP_RAW_POST_DATA, $user; $xmlrpc_handle = xmlrpc_server_create(); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCtest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetImages"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddRequestWithEnding"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestStatus"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestConnectData"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCextendRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCsetRequestEnding"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCendRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestIds"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCblockAllocation"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCprocessBlockTime"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupAttributes"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCdeleteUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCeditUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupMembers"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUsersToGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUsersFromGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCautoCapture"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCdeployServer"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetNodes"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddNode"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveNode"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCnodeExists"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddResourceGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveResourceGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetResourceGroupPrivs"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUserGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUserGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupPrivs"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddResourceGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetResourceGroups"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveResourceGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroups"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddImageToGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveImageFromGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetGroupImages"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddImageGroupToComputerGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveImageGroupFromComputerGroup"", ""xmlRPChandler""); print xmlrpc_server_call_method($xmlrpc_handle, $HTTP_RAW_POST_DATA, ''); xmlrpc_server_destroy($xmlrpc_handle); semUnlock(); dbDisconnect(); exit; }" 623,"array_push($stack, $node); } } return array( 'status' => 'success', 'nodes' => $nodes); } else { return array( 'status' => 'error', 'errorcode' => 56, 'errormsg' => 'User cannot access node content'); } }",True,PHP,array_push,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function xmlrpccall() { global $xmlrpc_handle, $HTTP_RAW_POST_DATA, $user; $xmlrpc_handle = xmlrpc_server_create(); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCtest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetImages"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddRequestWithEnding"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestStatus"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestConnectData"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCextendRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCsetRequestEnding"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCendRequest"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetRequestIds"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCblockAllocation"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCprocessBlockTime"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupAttributes"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCdeleteUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCeditUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupMembers"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUsersToGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUsersFromGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCautoCapture"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCdeployServer"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetNodes"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddNode"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveNode"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCnodeExists"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddResourceGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveResourceGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetResourceGroupPrivs"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddUserGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUserGroupPriv"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroupPrivs"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddResourceGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetResourceGroups"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveResourceGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetUserGroups"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveUserGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddImageToGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveImageFromGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCgetGroupImages"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCaddImageGroupToComputerGroup"", ""xmlRPChandler""); xmlrpc_server_register_method($xmlrpc_handle, ""XMLRPCremoveImageGroupFromComputerGroup"", ""xmlRPChandler""); print xmlrpc_server_call_method($xmlrpc_handle, $HTTP_RAW_POST_DATA, ''); xmlrpc_server_destroy($xmlrpc_handle); semUnlock(); dbDisconnect(); exit; }" 624,"array_push($stack, $node); } } return array( 'status' => 'success', 'nodes' => $nodes); } else { return array( 'status' => 'error', 'errorcode' => 56, 'errormsg' => 'User cannot access node content'); } }",True,PHP,array_push,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function XMLRPCautoCapture($requestid) { global $user, $xmlrpcBlockAPIUsers; if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) { return array('status' => 'error', 'errorcode' => 47, 'errormsg' => 'access denied to XMLRPCautoCapture'); } $query = ""SELECT id FROM request WHERE id = $requestid""; $qh = doQuery($query, 101); if(! mysql_num_rows($qh)) { return array('status' => 'error', 'errorcode' => 52, 'errormsg' => 'specified request does not exist'); } $reqData = getRequestInfo($requestid); if($reqData['stateid'] != 14 || $reqData['laststateid'] != 8) { return array('status' => 'error', 'errorcode' => 51, 'errormsg' => 'reservation not in valid state'); } if(count($reqData['reservations']) > 1) { return array('status' => 'error', 'errorcode' => 48, 'errormsg' => 'cannot image a cluster reservation'); } require_once("".ht-inc/images.php""); $imageid = $reqData['reservations'][0]['imageid']; $imageData = getImages(0, $imageid); $captime = unixToDatetime(time()); $comments = ""start: {$reqData['start']}
    "" . ""end: {$reqData['end']}
    "" . ""computer: {$reqData['reservations'][0]['reservedIP']}
    "" . ""capture time: $captime""; if($imageData[$imageid]['installtype'] != 'kickstart' && $reqData['userid'] == $imageData[$imageid]['ownerid']) { $rc = updateExistingImage($requestid, $reqData['userid'], $comments, 1); if($rc == 0) { return array('status' => 'error', 'errorcode' => 49, 'errormsg' => 'error encountered while attempting to create new revision'); } } else { $ownerdata = getUserInfo($reqData['userid'], 1, 1); $desc = ""This is an autocaptured image.
    "" . ""captured from image: {$reqData['reservations'][0]['prettyimage']}
    "" . ""captured on: $captime
    "" . ""owner: {$ownerdata['unityid']}@{$ownerdata['affiliation']}
    ""; $connectmethods = getImageConnectMethods($imageid, $reqData['reservations'][0]['imagerevisionid']); $data = array('requestid' => $requestid, 'description' => $desc, 'usage' => '', 'owner' => ""{$ownerdata['unityid']}@{$ownerdata['affiliation']}"", 'prettyname' => ""Autocaptured ({$ownerdata['unityid']} - $requestid)"", 'minram' => 64, 'minprocnumber' => 1, 'minprocspeed' => 500, 'minnetwork' => 10, 'maxconcurrent' => '', 'checkuser' => 1, 'rootaccess' => 1, 'sysprep' => 1, 'comments' => $comments, 'connectmethodids' => implode(',', array_keys($connectmethods))); $rc = submitAddImage($data, 1); if($rc == 0) { return array('status' => 'error', 'errorcode' => 50, 'errormsg' => 'error encountered while attempting to create image'); } } return array('status' => 'success'); }" 627,"function XMLRPCaddNode($nodeName, $parentNode){ require_once("".ht-inc/privileges.php""); global $user; if(in_array(""nodeAdmin"", $user['privileges'])){ if(!$parentNode){ $topNodes = getChildNodes(); $keys = array_keys($topNodes); $parentNode = array_shift($keys); } if(!preg_match(""/^[-A-Za-z0-9_\. ]+$/"", $nodeName)){ return array('status' => 'error', 'errorcode' => 48, 'errormsg' => 'Invalid node name'); } if(checkUserHasPriv(""nodeAdmin"", $user['id'], $parentNode)){ $nodeInfo = getNodeInfo($parentNode); $query = ""SELECT id "" . ""FROM privnode "" . ""WHERE name = '$nodeName' AND parent = $parentNode""; $qh = doQuery($query, 335); if(mysql_num_rows($qh)){ return array('status' => 'error', 'errorcode' => 50, 'errormsg' => 'A node of that name already exists under ' . $nodeInfo['name']); } $query = ""INSERT IGNORE INTO privnode "" . ""(parent, name) "" . ""VALUES "" . ""($parentNode, '$nodeName')""; doQuery($query, 337); $qh = doQuery(""SELECT LAST_INSERT_ID() FROM privnode"", 101); if(!$row = mysql_fetch_row($qh)){ return array('status' => 'error', 'errorcode' => 51, 'errormsg' => 'Could not add node to database'); } $nodeid = $row[0]; return array('status' => 'success', 'nodeid' => $nodeid); } else { return array('status' => 'error', 'errorcode' => 49, 'errormsg' => 'Unable to add node at this location'); } } else { return array( 'status' => 'error', 'errorcode' => 56, 'errormsg' => 'User cannot access node content'); } }",True,PHP,XMLRPCaddNode,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function XMLRPCautoCapture($requestid) { global $user, $xmlrpcBlockAPIUsers; if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) { return array('status' => 'error', 'errorcode' => 47, 'errormsg' => 'access denied to XMLRPCautoCapture'); } $query = ""SELECT id FROM request WHERE id = $requestid""; $qh = doQuery($query, 101); if(! mysql_num_rows($qh)) { return array('status' => 'error', 'errorcode' => 52, 'errormsg' => 'specified request does not exist'); } $reqData = getRequestInfo($requestid); if($reqData['stateid'] != 14 || $reqData['laststateid'] != 8) { return array('status' => 'error', 'errorcode' => 51, 'errormsg' => 'reservation not in valid state'); } if(count($reqData['reservations']) > 1) { return array('status' => 'error', 'errorcode' => 48, 'errormsg' => 'cannot image a cluster reservation'); } require_once("".ht-inc/images.php""); $imageid = $reqData['reservations'][0]['imageid']; $imageData = getImages(0, $imageid); $captime = unixToDatetime(time()); $comments = ""start: {$reqData['start']}
    "" . ""end: {$reqData['end']}
    "" . ""computer: {$reqData['reservations'][0]['reservedIP']}
    "" . ""capture time: $captime""; if($imageData[$imageid]['installtype'] != 'kickstart' && $reqData['userid'] == $imageData[$imageid]['ownerid']) { $rc = updateExistingImage($requestid, $reqData['userid'], $comments, 1); if($rc == 0) { return array('status' => 'error', 'errorcode' => 49, 'errormsg' => 'error encountered while attempting to create new revision'); } } else { $ownerdata = getUserInfo($reqData['userid'], 1, 1); $desc = ""This is an autocaptured image.
    "" . ""captured from image: {$reqData['reservations'][0]['prettyimage']}
    "" . ""captured on: $captime
    "" . ""owner: {$ownerdata['unityid']}@{$ownerdata['affiliation']}
    ""; $connectmethods = getImageConnectMethods($imageid, $reqData['reservations'][0]['imagerevisionid']); $data = array('requestid' => $requestid, 'description' => $desc, 'usage' => '', 'owner' => ""{$ownerdata['unityid']}@{$ownerdata['affiliation']}"", 'prettyname' => ""Autocaptured ({$ownerdata['unityid']} - $requestid)"", 'minram' => 64, 'minprocnumber' => 1, 'minprocspeed' => 500, 'minnetwork' => 10, 'maxconcurrent' => '', 'checkuser' => 1, 'rootaccess' => 1, 'sysprep' => 1, 'comments' => $comments, 'connectmethodids' => implode(',', array_keys($connectmethods))); $rc = submitAddImage($data, 1); if($rc == 0) { return array('status' => 'error', 'errorcode' => 50, 'errormsg' => 'error encountered while attempting to create image'); } } return array('status' => 'success'); }" 628,"function XMLRPCaddNode($nodeName, $parentNode){ require_once("".ht-inc/privileges.php""); global $user; if(in_array(""nodeAdmin"", $user['privileges'])){ if(!$parentNode){ $topNodes = getChildNodes(); $keys = array_keys($topNodes); $parentNode = array_shift($keys); } if(!preg_match(""/^[-A-Za-z0-9_\. ]+$/"", $nodeName)){ return array('status' => 'error', 'errorcode' => 48, 'errormsg' => 'Invalid node name'); } if(checkUserHasPriv(""nodeAdmin"", $user['id'], $parentNode)){ $nodeInfo = getNodeInfo($parentNode); $query = ""SELECT id "" . ""FROM privnode "" . ""WHERE name = '$nodeName' AND parent = $parentNode""; $qh = doQuery($query, 335); if(mysql_num_rows($qh)){ return array('status' => 'error', 'errorcode' => 50, 'errormsg' => 'A node of that name already exists under ' . $nodeInfo['name']); } $query = ""INSERT IGNORE INTO privnode "" . ""(parent, name) "" . ""VALUES "" . ""($parentNode, '$nodeName')""; doQuery($query, 337); $qh = doQuery(""SELECT LAST_INSERT_ID() FROM privnode"", 101); if(!$row = mysql_fetch_row($qh)){ return array('status' => 'error', 'errorcode' => 51, 'errormsg' => 'Could not add node to database'); } $nodeid = $row[0]; return array('status' => 'success', 'nodeid' => $nodeid); } else { return array('status' => 'error', 'errorcode' => 49, 'errormsg' => 'Unable to add node at this location'); } } else { return array( 'status' => 'error', 'errorcode' => 56, 'errormsg' => 'User cannot access node content'); } }",True,PHP,XMLRPCaddNode,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function XMLRPCautoCapture($requestid) { global $user, $xmlrpcBlockAPIUsers; if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) { return array('status' => 'error', 'errorcode' => 47, 'errormsg' => 'access denied to XMLRPCautoCapture'); } $query = ""SELECT id FROM request WHERE id = $requestid""; $qh = doQuery($query, 101); if(! mysql_num_rows($qh)) { return array('status' => 'error', 'errorcode' => 52, 'errormsg' => 'specified request does not exist'); } $reqData = getRequestInfo($requestid); if($reqData['stateid'] != 14 || $reqData['laststateid'] != 8) { return array('status' => 'error', 'errorcode' => 51, 'errormsg' => 'reservation not in valid state'); } if(count($reqData['reservations']) > 1) { return array('status' => 'error', 'errorcode' => 48, 'errormsg' => 'cannot image a cluster reservation'); } require_once("".ht-inc/images.php""); $imageid = $reqData['reservations'][0]['imageid']; $imageData = getImages(0, $imageid); $captime = unixToDatetime(time()); $comments = ""start: {$reqData['start']}
    "" . ""end: {$reqData['end']}
    "" . ""computer: {$reqData['reservations'][0]['reservedIP']}
    "" . ""capture time: $captime""; if($imageData[$imageid]['installtype'] != 'kickstart' && $reqData['userid'] == $imageData[$imageid]['ownerid']) { $rc = updateExistingImage($requestid, $reqData['userid'], $comments, 1); if($rc == 0) { return array('status' => 'error', 'errorcode' => 49, 'errormsg' => 'error encountered while attempting to create new revision'); } } else { $ownerdata = getUserInfo($reqData['userid'], 1, 1); $desc = ""This is an autocaptured image.
    "" . ""captured from image: {$reqData['reservations'][0]['prettyimage']}
    "" . ""captured on: $captime
    "" . ""owner: {$ownerdata['unityid']}@{$ownerdata['affiliation']}
    ""; $connectmethods = getImageConnectMethods($imageid, $reqData['reservations'][0]['imagerevisionid']); $data = array('requestid' => $requestid, 'description' => $desc, 'usage' => '', 'owner' => ""{$ownerdata['unityid']}@{$ownerdata['affiliation']}"", 'prettyname' => ""Autocaptured ({$ownerdata['unityid']} - $requestid)"", 'minram' => 64, 'minprocnumber' => 1, 'minprocspeed' => 500, 'minnetwork' => 10, 'maxconcurrent' => '', 'checkuser' => 1, 'rootaccess' => 1, 'sysprep' => 1, 'comments' => $comments, 'connectmethodids' => implode(',', array_keys($connectmethods))); $rc = submitAddImage($data, 1); if($rc == 0) { return array('status' => 'error', 'errorcode' => 50, 'errormsg' => 'error encountered while attempting to create image'); } } return array('status' => 'success'); }" 633,"$connecttext = preg_replace(""/ $connectMethods[$key][""connecttext""] = $connecttext; } return array('status' => 'ready', 'serverIP' => $serverIP, 'user' => $thisuser, 'password' => $passwd, 'connectport' => $connectport, 'connectMethods' => $connectMethods); } return array('status' => 'notready'); }",True,PHP,preg_replace,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function XMLRPCautoCapture($requestid) { global $user, $xmlrpcBlockAPIUsers; if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) { return array('status' => 'error', 'errorcode' => 47, 'errormsg' => 'access denied to XMLRPCautoCapture'); } $query = ""SELECT id FROM request WHERE id = $requestid""; $qh = doQuery($query, 101); if(! mysql_num_rows($qh)) { return array('status' => 'error', 'errorcode' => 52, 'errormsg' => 'specified request does not exist'); } $reqData = getRequestInfo($requestid); if($reqData['stateid'] != 14 || $reqData['laststateid'] != 8) { return array('status' => 'error', 'errorcode' => 51, 'errormsg' => 'reservation not in valid state'); } if(count($reqData['reservations']) > 1) { return array('status' => 'error', 'errorcode' => 48, 'errormsg' => 'cannot image a cluster reservation'); } require_once("".ht-inc/images.php""); $imageid = $reqData['reservations'][0]['imageid']; $imageData = getImages(0, $imageid); $captime = unixToDatetime(time()); $comments = ""start: {$reqData['start']}
    "" . ""end: {$reqData['end']}
    "" . ""computer: {$reqData['reservations'][0]['reservedIP']}
    "" . ""capture time: $captime""; if($imageData[$imageid]['installtype'] != 'kickstart' && $reqData['userid'] == $imageData[$imageid]['ownerid']) { $rc = updateExistingImage($requestid, $reqData['userid'], $comments, 1); if($rc == 0) { return array('status' => 'error', 'errorcode' => 49, 'errormsg' => 'error encountered while attempting to create new revision'); } } else { $ownerdata = getUserInfo($reqData['userid'], 1, 1); $desc = ""This is an autocaptured image.
    "" . ""captured from image: {$reqData['reservations'][0]['prettyimage']}
    "" . ""captured on: $captime
    "" . ""owner: {$ownerdata['unityid']}@{$ownerdata['affiliation']}
    ""; $connectmethods = getImageConnectMethods($imageid, $reqData['reservations'][0]['imagerevisionid']); $data = array('requestid' => $requestid, 'description' => $desc, 'usage' => '', 'owner' => ""{$ownerdata['unityid']}@{$ownerdata['affiliation']}"", 'prettyname' => ""Autocaptured ({$ownerdata['unityid']} - $requestid)"", 'minram' => 64, 'minprocnumber' => 1, 'minprocspeed' => 500, 'minnetwork' => 10, 'maxconcurrent' => '', 'checkuser' => 1, 'rootaccess' => 1, 'sysprep' => 1, 'comments' => $comments, 'connectmethodids' => implode(',', array_keys($connectmethods))); $rc = submitAddImage($data, 1); if($rc == 0) { return array('status' => 'error', 'errorcode' => 50, 'errormsg' => 'error encountered while attempting to create image'); } } return array('status' => 'success'); }" 634,"$connecttext = preg_replace(""/ $connectMethods[$key][""connecttext""] = $connecttext; } return array('status' => 'ready', 'serverIP' => $serverIP, 'user' => $thisuser, 'password' => $passwd, 'connectport' => $connectport, 'connectMethods' => $connectMethods); } return array('status' => 'notready'); }",True,PHP,preg_replace,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function XMLRPCblockAllocation($imageid, $start, $end, $numMachines, $usergroupid, $ignoreprivileges=0) { global $user, $xmlrpcBlockAPIUsers; if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) { return array('status' => 'error', 'errorcode' => 34, 'errormsg' => 'access denied for managing block allocations'); } $resources = getUserResources(array(""imageAdmin"", ""imageCheckOut"")); $resources[""image""] = removeNoCheckout($resources[""image""]); if(! array_key_exists($imageid, $resources['image'])) { return array('status' => 'error', 'errorcode' => 3, 'errormsg' => ""access denied to $imageid""); } $dtreg = '([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})'; $startts = datetimeToUnix($start); $endts = datetimeToUnix($end); $maxend = datetimeToUnix(""2038-01-01 00:00:00""); if(! preg_match(""/^$dtreg$/"", $start) || $startts < 0 || $startts > $maxend) { return array('status' => 'error', 'errorcode' => 4, 'errormsg' => ""received invalid input for start""); } if(! preg_match(""/^$dtreg$/"", $end) || $endts < 0 || $endts > $maxend) { return array('status' => 'error', 'errorcode' => 36, 'errormsg' => ""received invalid input for end""); } if(! is_numeric($numMachines) || $numMachines < MIN_BLOCK_MACHINES || $numMachines > MAX_BLOCK_MACHINES) { return array('status' => 'error', 'errorcode' => 64, 'errormsg' => 'The submitted number of seats must be between ' . MIN_BLOCK_MACHINES . ' and ' . MAX_BLOCK_MACHINES . '.'); } $groups = getUserGroups(); if(! array_key_exists($usergroupid, $groups)) { return array('status' => 'error', 'errorcode' => 67, 'errormsg' => 'Submitted user group does not exist'); } if(! is_numeric($ignoreprivileges) || $ignoreprivileges < 0 || $ignoreprivileges > 1) { return array('status' => 'error', 'errorcode' => 86, 'errormsg' => 'ignoreprivileges must be 0 or 1'); } $ownerid = getUserlistID('vclreload@Local'); $name = ""API:$start""; $managementnodes = getManagementNodes('future'); if(empty($managementnodes)) { return array('status' => 'error', 'errorcode' => 12, 'errormsg' => 'could not allocate a management node to handle block allocation'); } $mnid = array_rand($managementnodes); $query = ""INSERT INTO blockRequest "" . ""(name, "" . ""imageid, "" . ""numMachines, "" . ""groupid, "" . ""repeating, "" . ""ownerid, "" . ""admingroupid, "" . ""managementnodeid, "" . ""expireTime, "" . ""status) "" . ""VALUES "" . ""('$name', "" . ""$imageid, "" . ""$numMachines, "" . ""$usergroupid, "" . ""'list', "" . ""$ownerid, "" . ""0, "" . ""$mnid, "" . ""'$end', "" . ""'accepted')""; doQuery($query, 101); $brid = dbLastInsertID(); $query = ""INSERT INTO blockTimes "" . ""(blockRequestid, "" . ""start, "" . ""end) "" . ""VALUES "" . ""($brid, "" . ""'$start', "" . ""'$end')""; doQuery($query, 101); $btid = dbLastInsertID(); $query = ""INSERT INTO blockWebDate "" . ""(blockRequestid, "" . ""start, "" . ""end, "" . ""days) "" . ""VALUES "" . ""($brid, "" . ""'$start', "" . ""'$end', "" . ""0)""; doQuery($query); $sh = date('g', $startts); $smi = date('i', $startts); $sme = date('a', $startts); $eh = date('g', $startts); $emi = date('i', $startts); $eme = date('a', $startts); $query = ""INSERT INTO blockWebTime "" . ""(blockRequestid, "" . ""starthour, "" . ""startminute, "" . ""startmeridian, "" . ""endhour, "" . ""endminute, "" . ""endmeridian, "" . ""`order`) "" . ""VALUES "" . ""($brid, "" . ""$sh,"" . ""$smi,"" . ""'$sme',"" . ""$eh,"" . ""$emi,"" . ""'$eme',"" . ""0)""; doQuery($query); $return = XMLRPCprocessBlockTime($btid, $ignoreprivileges); $return['blockTimesid'] = $btid; return $return; }" 637,"addChangeLogEntry($request[""logid""], NULL, unixToDatetime($end), $request['start'], NULL, NULL, 0); return array('status' => 'error', 'errorcode' => 44, 'errormsg' => 'concurrent license restriction'); }",True,PHP,addChangeLogEntry,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function XMLRPCblockAllocation($imageid, $start, $end, $numMachines, $usergroupid, $ignoreprivileges=0) { global $user, $xmlrpcBlockAPIUsers; if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) { return array('status' => 'error', 'errorcode' => 34, 'errormsg' => 'access denied for managing block allocations'); } $resources = getUserResources(array(""imageAdmin"", ""imageCheckOut"")); $resources[""image""] = removeNoCheckout($resources[""image""]); if(! array_key_exists($imageid, $resources['image'])) { return array('status' => 'error', 'errorcode' => 3, 'errormsg' => ""access denied to $imageid""); } $dtreg = '([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})'; $startts = datetimeToUnix($start); $endts = datetimeToUnix($end); $maxend = datetimeToUnix(""2038-01-01 00:00:00""); if(! preg_match(""/^$dtreg$/"", $start) || $startts < 0 || $startts > $maxend) { return array('status' => 'error', 'errorcode' => 4, 'errormsg' => ""received invalid input for start""); } if(! preg_match(""/^$dtreg$/"", $end) || $endts < 0 || $endts > $maxend) { return array('status' => 'error', 'errorcode' => 36, 'errormsg' => ""received invalid input for end""); } if(! is_numeric($numMachines) || $numMachines < MIN_BLOCK_MACHINES || $numMachines > MAX_BLOCK_MACHINES) { return array('status' => 'error', 'errorcode' => 64, 'errormsg' => 'The submitted number of seats must be between ' . MIN_BLOCK_MACHINES . ' and ' . MAX_BLOCK_MACHINES . '.'); } $groups = getUserGroups(); if(! array_key_exists($usergroupid, $groups)) { return array('status' => 'error', 'errorcode' => 67, 'errormsg' => 'Submitted user group does not exist'); } if(! is_numeric($ignoreprivileges) || $ignoreprivileges < 0 || $ignoreprivileges > 1) { return array('status' => 'error', 'errorcode' => 86, 'errormsg' => 'ignoreprivileges must be 0 or 1'); } $ownerid = getUserlistID('vclreload@Local'); $name = ""API:$start""; $managementnodes = getManagementNodes('future'); if(empty($managementnodes)) { return array('status' => 'error', 'errorcode' => 12, 'errormsg' => 'could not allocate a management node to handle block allocation'); } $mnid = array_rand($managementnodes); $query = ""INSERT INTO blockRequest "" . ""(name, "" . ""imageid, "" . ""numMachines, "" . ""groupid, "" . ""repeating, "" . ""ownerid, "" . ""admingroupid, "" . ""managementnodeid, "" . ""expireTime, "" . ""status) "" . ""VALUES "" . ""('$name', "" . ""$imageid, "" . ""$numMachines, "" . ""$usergroupid, "" . ""'list', "" . ""$ownerid, "" . ""0, "" . ""$mnid, "" . ""'$end', "" . ""'accepted')""; doQuery($query, 101); $brid = dbLastInsertID(); $query = ""INSERT INTO blockTimes "" . ""(blockRequestid, "" . ""start, "" . ""end) "" . ""VALUES "" . ""($brid, "" . ""'$start', "" . ""'$end')""; doQuery($query, 101); $btid = dbLastInsertID(); $query = ""INSERT INTO blockWebDate "" . ""(blockRequestid, "" . ""start, "" . ""end, "" . ""days) "" . ""VALUES "" . ""($brid, "" . ""'$start', "" . ""'$end', "" . ""0)""; doQuery($query); $sh = date('g', $startts); $smi = date('i', $startts); $sme = date('a', $startts); $eh = date('g', $startts); $emi = date('i', $startts); $eme = date('a', $startts); $query = ""INSERT INTO blockWebTime "" . ""(blockRequestid, "" . ""starthour, "" . ""startminute, "" . ""startmeridian, "" . ""endhour, "" . ""endminute, "" . ""endmeridian, "" . ""`order`) "" . ""VALUES "" . ""($brid, "" . ""$sh,"" . ""$smi,"" . ""'$sme',"" . ""$eh,"" . ""$emi,"" . ""'$eme',"" . ""0)""; doQuery($query); $return = XMLRPCprocessBlockTime($btid, $ignoreprivileges); $return['blockTimesid'] = $btid; return $return; }" 638,"addChangeLogEntry($request[""logid""], NULL, unixToDatetime($end), $request['start'], NULL, NULL, 0); return array('status' => 'error', 'errorcode' => 44, 'errormsg' => 'concurrent license restriction'); }",True,PHP,addChangeLogEntry,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function XMLRPCblockAllocation($imageid, $start, $end, $numMachines, $usergroupid, $ignoreprivileges=0) { global $user, $xmlrpcBlockAPIUsers; if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) { return array('status' => 'error', 'errorcode' => 34, 'errormsg' => 'access denied for managing block allocations'); } $resources = getUserResources(array(""imageAdmin"", ""imageCheckOut"")); $resources[""image""] = removeNoCheckout($resources[""image""]); if(! array_key_exists($imageid, $resources['image'])) { return array('status' => 'error', 'errorcode' => 3, 'errormsg' => ""access denied to $imageid""); } $dtreg = '([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})'; $startts = datetimeToUnix($start); $endts = datetimeToUnix($end); $maxend = datetimeToUnix(""2038-01-01 00:00:00""); if(! preg_match(""/^$dtreg$/"", $start) || $startts < 0 || $startts > $maxend) { return array('status' => 'error', 'errorcode' => 4, 'errormsg' => ""received invalid input for start""); } if(! preg_match(""/^$dtreg$/"", $end) || $endts < 0 || $endts > $maxend) { return array('status' => 'error', 'errorcode' => 36, 'errormsg' => ""received invalid input for end""); } if(! is_numeric($numMachines) || $numMachines < MIN_BLOCK_MACHINES || $numMachines > MAX_BLOCK_MACHINES) { return array('status' => 'error', 'errorcode' => 64, 'errormsg' => 'The submitted number of seats must be between ' . MIN_BLOCK_MACHINES . ' and ' . MAX_BLOCK_MACHINES . '.'); } $groups = getUserGroups(); if(! array_key_exists($usergroupid, $groups)) { return array('status' => 'error', 'errorcode' => 67, 'errormsg' => 'Submitted user group does not exist'); } if(! is_numeric($ignoreprivileges) || $ignoreprivileges < 0 || $ignoreprivileges > 1) { return array('status' => 'error', 'errorcode' => 86, 'errormsg' => 'ignoreprivileges must be 0 or 1'); } $ownerid = getUserlistID('vclreload@Local'); $name = ""API:$start""; $managementnodes = getManagementNodes('future'); if(empty($managementnodes)) { return array('status' => 'error', 'errorcode' => 12, 'errormsg' => 'could not allocate a management node to handle block allocation'); } $mnid = array_rand($managementnodes); $query = ""INSERT INTO blockRequest "" . ""(name, "" . ""imageid, "" . ""numMachines, "" . ""groupid, "" . ""repeating, "" . ""ownerid, "" . ""admingroupid, "" . ""managementnodeid, "" . ""expireTime, "" . ""status) "" . ""VALUES "" . ""('$name', "" . ""$imageid, "" . ""$numMachines, "" . ""$usergroupid, "" . ""'list', "" . ""$ownerid, "" . ""0, "" . ""$mnid, "" . ""'$end', "" . ""'accepted')""; doQuery($query, 101); $brid = dbLastInsertID(); $query = ""INSERT INTO blockTimes "" . ""(blockRequestid, "" . ""start, "" . ""end) "" . ""VALUES "" . ""($brid, "" . ""'$start', "" . ""'$end')""; doQuery($query, 101); $btid = dbLastInsertID(); $query = ""INSERT INTO blockWebDate "" . ""(blockRequestid, "" . ""start, "" . ""end, "" . ""days) "" . ""VALUES "" . ""($brid, "" . ""'$start', "" . ""'$end', "" . ""0)""; doQuery($query); $sh = date('g', $startts); $smi = date('i', $startts); $sme = date('a', $startts); $eh = date('g', $startts); $emi = date('i', $startts); $eme = date('a', $startts); $query = ""INSERT INTO blockWebTime "" . ""(blockRequestid, "" . ""starthour, "" . ""startminute, "" . ""startmeridian, "" . ""endhour, "" . ""endminute, "" . ""endmeridian, "" . ""`order`) "" . ""VALUES "" . ""($brid, "" . ""$sh,"" . ""$smi,"" . ""'$sme',"" . ""$eh,"" . ""$emi,"" . ""'$eme',"" . ""0)""; doQuery($query); $return = XMLRPCprocessBlockTime($btid, $ignoreprivileges); $return['blockTimesid'] = $btid; return $return; }" 641,"function XMLRPCremoveImageGroupFromComputerGroup($imageGroup, $computerGroup){ $imageid = getResourceGroupID(""image/$imageGroup""); $compid = getResourceGroupID(""computer/$computerGroup""); if($imageid && $compid){ $tmp = getUserResources(array(""imageAdmin""), array(""manageMapping""), 1); $imagegroups = $tmp['image']; $tmp = getUserResources(array(""computerAdmin""), array(""manageMapping""), 1); $computergroups = $tmp['computer']; if(array_key_exists($compid, $computergroups) && array_key_exists($imageid, $imagegroups)){ $mapping = getResourceMapping(""image"", ""computer"", $imageid, $compid); if(array_key_exists($imageid, $mapping) && array_key_exists($compid, $mapping[$imageid])){ $query = ""DELETE FROM resourcemap "" . ""WHERE resourcegroupid1 = $imageid AND "" . ""resourcetypeid1 = 13 AND "" . ""resourcegroupid2 = $compid AND "" . ""resourcetypeid2 = 12""; doQuery($query, 101); } return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 84, 'errormsg' => 'cannot access computer and/or image group'); } } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }",True,PHP,XMLRPCremoveImageGroupFromComputerGroup,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function XMLRPCblockAllocation($imageid, $start, $end, $numMachines, $usergroupid, $ignoreprivileges=0) { global $user, $xmlrpcBlockAPIUsers; if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) { return array('status' => 'error', 'errorcode' => 34, 'errormsg' => 'access denied for managing block allocations'); } $resources = getUserResources(array(""imageAdmin"", ""imageCheckOut"")); $resources[""image""] = removeNoCheckout($resources[""image""]); if(! array_key_exists($imageid, $resources['image'])) { return array('status' => 'error', 'errorcode' => 3, 'errormsg' => ""access denied to $imageid""); } $dtreg = '([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})'; $startts = datetimeToUnix($start); $endts = datetimeToUnix($end); $maxend = datetimeToUnix(""2038-01-01 00:00:00""); if(! preg_match(""/^$dtreg$/"", $start) || $startts < 0 || $startts > $maxend) { return array('status' => 'error', 'errorcode' => 4, 'errormsg' => ""received invalid input for start""); } if(! preg_match(""/^$dtreg$/"", $end) || $endts < 0 || $endts > $maxend) { return array('status' => 'error', 'errorcode' => 36, 'errormsg' => ""received invalid input for end""); } if(! is_numeric($numMachines) || $numMachines < MIN_BLOCK_MACHINES || $numMachines > MAX_BLOCK_MACHINES) { return array('status' => 'error', 'errorcode' => 64, 'errormsg' => 'The submitted number of seats must be between ' . MIN_BLOCK_MACHINES . ' and ' . MAX_BLOCK_MACHINES . '.'); } $groups = getUserGroups(); if(! array_key_exists($usergroupid, $groups)) { return array('status' => 'error', 'errorcode' => 67, 'errormsg' => 'Submitted user group does not exist'); } if(! is_numeric($ignoreprivileges) || $ignoreprivileges < 0 || $ignoreprivileges > 1) { return array('status' => 'error', 'errorcode' => 86, 'errormsg' => 'ignoreprivileges must be 0 or 1'); } $ownerid = getUserlistID('vclreload@Local'); $name = ""API:$start""; $managementnodes = getManagementNodes('future'); if(empty($managementnodes)) { return array('status' => 'error', 'errorcode' => 12, 'errormsg' => 'could not allocate a management node to handle block allocation'); } $mnid = array_rand($managementnodes); $query = ""INSERT INTO blockRequest "" . ""(name, "" . ""imageid, "" . ""numMachines, "" . ""groupid, "" . ""repeating, "" . ""ownerid, "" . ""admingroupid, "" . ""managementnodeid, "" . ""expireTime, "" . ""status) "" . ""VALUES "" . ""('$name', "" . ""$imageid, "" . ""$numMachines, "" . ""$usergroupid, "" . ""'list', "" . ""$ownerid, "" . ""0, "" . ""$mnid, "" . ""'$end', "" . ""'accepted')""; doQuery($query, 101); $brid = dbLastInsertID(); $query = ""INSERT INTO blockTimes "" . ""(blockRequestid, "" . ""start, "" . ""end) "" . ""VALUES "" . ""($brid, "" . ""'$start', "" . ""'$end')""; doQuery($query, 101); $btid = dbLastInsertID(); $query = ""INSERT INTO blockWebDate "" . ""(blockRequestid, "" . ""start, "" . ""end, "" . ""days) "" . ""VALUES "" . ""($brid, "" . ""'$start', "" . ""'$end', "" . ""0)""; doQuery($query); $sh = date('g', $startts); $smi = date('i', $startts); $sme = date('a', $startts); $eh = date('g', $startts); $emi = date('i', $startts); $eme = date('a', $startts); $query = ""INSERT INTO blockWebTime "" . ""(blockRequestid, "" . ""starthour, "" . ""startminute, "" . ""startmeridian, "" . ""endhour, "" . ""endminute, "" . ""endmeridian, "" . ""`order`) "" . ""VALUES "" . ""($brid, "" . ""$sh,"" . ""$smi,"" . ""'$sme',"" . ""$eh,"" . ""$emi,"" . ""'$eme',"" . ""0)""; doQuery($query); $return = XMLRPCprocessBlockTime($btid, $ignoreprivileges); $return['blockTimesid'] = $btid; return $return; }" 642,"function XMLRPCremoveImageGroupFromComputerGroup($imageGroup, $computerGroup){ $imageid = getResourceGroupID(""image/$imageGroup""); $compid = getResourceGroupID(""computer/$computerGroup""); if($imageid && $compid){ $tmp = getUserResources(array(""imageAdmin""), array(""manageMapping""), 1); $imagegroups = $tmp['image']; $tmp = getUserResources(array(""computerAdmin""), array(""manageMapping""), 1); $computergroups = $tmp['computer']; if(array_key_exists($compid, $computergroups) && array_key_exists($imageid, $imagegroups)){ $mapping = getResourceMapping(""image"", ""computer"", $imageid, $compid); if(array_key_exists($imageid, $mapping) && array_key_exists($compid, $mapping[$imageid])){ $query = ""DELETE FROM resourcemap "" . ""WHERE resourcegroupid1 = $imageid AND "" . ""resourcetypeid1 = 13 AND "" . ""resourcegroupid2 = $compid AND "" . ""resourcetypeid2 = 12""; doQuery($query, 101); } return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 84, 'errormsg' => 'cannot access computer and/or image group'); } } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }",True,PHP,XMLRPCremoveImageGroupFromComputerGroup,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function XMLRPCaddImageToGroup($name, $imageid) { if($groupid = getResourceGroupID(""image/$name"")) { $groups = getUserResources(array(""imageAdmin""), array(""manageGroup""), 1); if(! array_key_exists($groupid, $groups['image'])) { return array('status' => 'error', 'errorcode' => 46, 'errormsg' => 'Unable to access image group'); } $resources = getUserResources(array(""imageAdmin""), array(""manageGroup"")); if(! array_key_exists($imageid, $resources['image'])) { return array('status' => 'error', 'errorcode' => 47, 'errormsg' => 'Unable to access image'); } $allimages = getImages(0, $imageid); $query = ""INSERT IGNORE INTO resourcegroupmembers "" . ""(resourceid, "" . ""resourcegroupid) "" . ""VALUES "" . ""({$allimages[$imageid]['resourceid']}, "" . ""$groupid)""; doQuery($query); return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }" 645,"function XMLRPCgetUserGroups($groupType=0, $affiliationid=0) { global $user; $groups = getUserGroups($groupType, $affiliationid); $usergroups = array(); foreach($groups as $id => $group){ if($group['ownerid'] == $user['id'] || (array_key_exists(""editgroupid"", $group) && array_key_exists($group['editgroupid'], $user[""groups""])) || (array_key_exists($id, $user[""groups""]))){ array_push($usergroups, $group); } } return array( ""status"" => ""success"", ""groups"" => $usergroups); }",True,PHP,XMLRPCgetUserGroups,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function XMLRPCaddImageToGroup($name, $imageid) { if($groupid = getResourceGroupID(""image/$name"")) { $groups = getUserResources(array(""imageAdmin""), array(""manageGroup""), 1); if(! array_key_exists($groupid, $groups['image'])) { return array('status' => 'error', 'errorcode' => 46, 'errormsg' => 'Unable to access image group'); } $resources = getUserResources(array(""imageAdmin""), array(""manageGroup"")); if(! array_key_exists($imageid, $resources['image'])) { return array('status' => 'error', 'errorcode' => 47, 'errormsg' => 'Unable to access image'); } $allimages = getImages(0, $imageid); $query = ""INSERT IGNORE INTO resourcegroupmembers "" . ""(resourceid, "" . ""resourcegroupid) "" . ""VALUES "" . ""({$allimages[$imageid]['resourceid']}, "" . ""$groupid)""; doQuery($query); return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }" 646,"function XMLRPCgetUserGroups($groupType=0, $affiliationid=0) { global $user; $groups = getUserGroups($groupType, $affiliationid); $usergroups = array(); foreach($groups as $id => $group){ if($group['ownerid'] == $user['id'] || (array_key_exists(""editgroupid"", $group) && array_key_exists($group['editgroupid'], $user[""groups""])) || (array_key_exists($id, $user[""groups""]))){ array_push($usergroups, $group); } } return array( ""status"" => ""success"", ""groups"" => $usergroups); }",True,PHP,XMLRPCgetUserGroups,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function XMLRPCaddImageGroupToComputerGroup($imageGroup, $computerGroup) { $imageid = getResourceGroupID(""image/$imageGroup""); $compid = getResourceGroupID(""computer/$computerGroup""); if($imageid && $compid) { $tmp = getUserResources(array(""imageAdmin""), array(""manageMapping""), 1); $imagegroups = $tmp['image']; $tmp = getUserResources(array(""computerAdmin""), array(""manageMapping""), 1); $computergroups = $tmp['computer']; if(array_key_exists($compid, $computergroups) && array_key_exists($imageid, $imagegroups)) { $mapping = getResourceMapping(""image"", ""computer"", $imageid, $compid); if(! array_key_exists($imageid, $mapping) || ! in_array($compid, $mapping[$imageid])) { $query = ""INSERT INTO resourcemap "" . ""(resourcegroupid1, "" . ""resourcetypeid1, "" . ""resourcegroupid2, "" . ""resourcetypeid2) "" . ""VALUES ($imageid, "" . ""13, "" . ""$compid, "" . ""12)""; doQuery($query, 101); } return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 84, 'errormsg' => 'cannot access computer and/or image group'); } } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }" 647,"function XMLRPCgetResourceGroupPrivs($name, $type, $nodeid){ require_once("".ht-inc/privileges.php""); global $user; if(! checkUserHasPriv(""resourceGrant"", $user['id'], $nodeid)){ return array('status' => 'error', 'errorcode' => 53, 'errormsg' => 'Unable to add resource group to this node'); } if($typeid = getResourceTypeID($type)){ if(!checkForGroupName($name, 'resource', '', $typeid)){ return array('status' => 'error', 'errorcode' => 28, 'errormsg' => 'resource group does not exist'); } $nodePrivileges = getNodePrivileges($nodeid, 'resources'); $nodePrivileges = getNodeCascadePrivileges($nodeid, 'resources', $nodePrivileges); foreach($nodePrivileges['resources'] as $resource => $privs){ if(strstr($resource, ""$type/$name"")){ return array( 'status' => 'success', 'privileges' => $privs); } } return array( 'status' => 'error', 'errorcode' => 29, 'errormsg' => 'could not find resource name in privilege list'); } else { return array('status' => 'error', 'errorcode' => 56, 'errormsg' => 'Invalid resource type'); } }",True,PHP,XMLRPCgetResourceGroupPrivs,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function XMLRPCaddImageGroupToComputerGroup($imageGroup, $computerGroup) { $imageid = getResourceGroupID(""image/$imageGroup""); $compid = getResourceGroupID(""computer/$computerGroup""); if($imageid && $compid) { $tmp = getUserResources(array(""imageAdmin""), array(""manageMapping""), 1); $imagegroups = $tmp['image']; $tmp = getUserResources(array(""computerAdmin""), array(""manageMapping""), 1); $computergroups = $tmp['computer']; if(array_key_exists($compid, $computergroups) && array_key_exists($imageid, $imagegroups)) { $mapping = getResourceMapping(""image"", ""computer"", $imageid, $compid); if(! array_key_exists($imageid, $mapping) || ! in_array($compid, $mapping[$imageid])) { $query = ""INSERT INTO resourcemap "" . ""(resourcegroupid1, "" . ""resourcetypeid1, "" . ""resourcegroupid2, "" . ""resourcetypeid2) "" . ""VALUES ($imageid, "" . ""13, "" . ""$compid, "" . ""12)""; doQuery($query, 101); } return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 84, 'errormsg' => 'cannot access computer and/or image group'); } } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }" 648,"function XMLRPCgetResourceGroupPrivs($name, $type, $nodeid){ require_once("".ht-inc/privileges.php""); global $user; if(! checkUserHasPriv(""resourceGrant"", $user['id'], $nodeid)){ return array('status' => 'error', 'errorcode' => 53, 'errormsg' => 'Unable to add resource group to this node'); } if($typeid = getResourceTypeID($type)){ if(!checkForGroupName($name, 'resource', '', $typeid)){ return array('status' => 'error', 'errorcode' => 28, 'errormsg' => 'resource group does not exist'); } $nodePrivileges = getNodePrivileges($nodeid, 'resources'); $nodePrivileges = getNodeCascadePrivileges($nodeid, 'resources', $nodePrivileges); foreach($nodePrivileges['resources'] as $resource => $privs){ if(strstr($resource, ""$type/$name"")){ return array( 'status' => 'success', 'privileges' => $privs); } } return array( 'status' => 'error', 'errorcode' => 29, 'errormsg' => 'could not find resource name in privilege list'); } else { return array('status' => 'error', 'errorcode' => 56, 'errormsg' => 'Invalid resource type'); } }",True,PHP,XMLRPCgetResourceGroupPrivs,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-264,"Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.",https://cwe.mitre.org/data/definitions/264.html,CVE-2013-0267,"function XMLRPCaddImageGroupToComputerGroup($imageGroup, $computerGroup) { $imageid = getResourceGroupID(""image/$imageGroup""); $compid = getResourceGroupID(""computer/$computerGroup""); if($imageid && $compid) { $tmp = getUserResources(array(""imageAdmin""), array(""manageMapping""), 1); $imagegroups = $tmp['image']; $tmp = getUserResources(array(""computerAdmin""), array(""manageMapping""), 1); $computergroups = $tmp['computer']; if(array_key_exists($compid, $computergroups) && array_key_exists($imageid, $imagegroups)) { $mapping = getResourceMapping(""image"", ""computer"", $imageid, $compid); if(! array_key_exists($imageid, $mapping) || ! in_array($compid, $mapping[$imageid])) { $query = ""INSERT INTO resourcemap "" . ""(resourcegroupid1, "" . ""resourcetypeid1, "" . ""resourcegroupid2, "" . ""resourcetypeid2) "" . ""VALUES ($imageid, "" . ""13, "" . ""$compid, "" . ""12)""; doQuery($query, 101); } return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 84, 'errormsg' => 'cannot access computer and/or image group'); } } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }" 651,"function XMLRPCremoveUserGroupPriv($name, $affiliation, $nodeid, $permissions){ require_once("".ht-inc/privileges.php""); global $user; if(! checkUserHasPriv(""userGrant"", $user['id'], $nodeid)){ return array('status' => 'error', 'errorcode' => 53, 'errormsg' => 'Unable to remove group privileges on this node'); } $validate = array('name' => $name, 'affiliation' => $affiliation); $rc = validateAPIgroupInput($validate, 1); if($rc['status'] == 'error') return $rc; $groupid = $rc['id']; $groupname = ""$name@$affiliation""; $perms = explode(':', $permissions); $usertypes = getTypes('users'); array_push($usertypes[""users""], ""block""); array_push($usertypes[""users""], ""cascade""); $cascadePrivs = getNodeCascadePriviliges($nodeid, ""usergroups""); $removegroupprivs = array(); if(array_key_exists($groupname, $cascadePrivs['usergroups'])){ foreach($perms as $permission){ if(in_array($permission, $cascadePrivs['usergroups'][$groupname]['privs'])){ array_push($removegroupprivs, $permission); } } $diff = array_diff($cascadePrivs['usergroups'][$groupname], $removegroupprivs); if(count($diff) == 1 && in_array(""cascade"", $diff)){ array_push($removegroupprivs, ""cascade""); } } if(empty($removegroupprivs)){ return array('status' => 'error', 'errorcode' => 53, 'errormsg' => 'Invalid or missing permissions list supplied'); } updateUserOrGroupPrivs($groupid, $nodeid, array(), $removegroupprivs, ""group""); return array('status' => 'success'); }",True,PHP,XMLRPCremoveUserGroupPriv,xmlrpcWrappers.php,https://github.com/apache/vcl,apache,Josh Thompson,2013-02-07 19:43:01+00:00,"xmlrpcWrappers.php: -added option to supply name of reservation to XMLRPCdeployServer -XMLRPCremoveUserGroup and XMLRPCdeleteUserGroup did the same thing; made XMLRPCdeleteUserGroup just call XMLRPCremoveUserGroup - kept both so that scripts would not have to change because one was dropped -did some updates to headers to provide better documentation generation -changed some whitespace formatting -modified XMLRPCgetRequestIds - added OS, isserver, state, and if it is a server, servername to returned data-modified XMLRPCgetUserGroupAttributes - added overlapResCount to returned data; modified error return code to not be duplicated with an different error -modified XMLRPCremoveUserGroup - added ability to delete federated groups if user has access; added check for group being in use before deleting it and return error if it is in use -modified XMLRPCeditUserGroup - added ability to modify federated groups if user has access; do not attempt to update name and affiliation if they are not changed (resulted in an duplicate group name error) -modified XMLRPCgetUserGroupMembers - added ability to modify federated groups if user has access privileges.php: -additional parameter checking -modified viewNodes - added serverProfileAdmin to $privs array used to determine which resource groups can be added at the node -modified AJsubmitAddChildNode - moved updateUserOrGroupPrivs to inside if conditional (no need to call it if no changes) -modified getNodeCascadePrivileges - located problem where blocking cascaded privileges does not continue to child nodes; added fix and commented it out until can properly prepare users for change utils.php: -modified getResourceGroups - optional argument of $id to limit returned data to just a specified resource group -modified getUserGroupID - added optional argument of $noadd that causes the function to return NULL instead of adding the group if it does not already exist -modified getTypes - removed conditional that checks for 'block' and 'cascade' with resource groups - type here is computer, image, etc. groups.php: -modified addGroup - moved conditional for editgroupid to inside 'user' section",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2013-0267,"function XMLRPCaddImageGroupToComputerGroup($imageGroup, $computerGroup) { $imageid = getResourceGroupID(""image/$imageGroup""); $compid = getResourceGroupID(""computer/$computerGroup""); if($imageid && $compid) { $tmp = getUserResources(array(""imageAdmin""), array(""manageMapping""), 1); $imagegroups = $tmp['image']; $tmp = getUserResources(array(""computerAdmin""), array(""manageMapping""), 1); $computergroups = $tmp['computer']; if(array_key_exists($compid, $computergroups) && array_key_exists($imageid, $imagegroups)) { $mapping = getResourceMapping(""image"", ""computer"", $imageid, $compid); if(! array_key_exists($imageid, $mapping) || ! in_array($compid, $mapping[$imageid])) { $query = ""INSERT INTO resourcemap "" . ""(resourcegroupid1, "" . ""resourcetypeid1, "" . ""resourcegroupid2, "" . ""resourcetypeid2) "" . ""VALUES ($imageid, "" . ""13, "" . ""$compid, "" . ""12)""; doQuery($query, 101); } return array('status' => 'success'); } else { return array('status' => 'error', 'errorcode' => 84, 'errormsg' => 'cannot access computer and/or image group'); } } else { return array('status' => 'error', 'errorcode' => 83, 'errormsg' => 'invalid resource group name'); } }" 667,"function checkID($con,$id_check) { $id_check = $con->real_escape_string($id_check); $query = ""SELECT * FROM sessions WHERE s_sid='"" . $id_check . ""'""; $result = $con->query($query); if(count($result->fetch_array(MYSQLI_NUM)) > 0) { return false; } return true; }",True,PHP,checkID,create.php,https://github.com/aeharding/classroom-engagement-system,aeharding,aeharding@gmail.com,2013-03-21 04:35:50+00:00,"real_escape_string() to prevent SQL injections on database. Removed old welcomeEmail.php",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2013-10011,"function XMLRPCremoveResourceGroupPriv($name, $type, $nodeid, $permissions) { return _XMLRPCchangeResourceGroupPriv_sub('remove', $name, $type, $nodeid, $permissions); }" 669,"public function show() { global $USER, $PLANET, $resource, $LNG, $reslist, $CONF; $action = HTTP::_GP('action', ''); $galaxyLeft = HTTP::_GP('galaxyLeft', ''); $galaxyRight = HTTP::_GP('galaxyRight', ''); $systemLeft = HTTP::_GP('systemLeft', ''); $systemRight = HTTP::_GP('systemRight', ''); $galaxy = min(max(HTTP::_GP('galaxy', $PLANET['galaxy']), 1), Config::get('max_galaxy')); $system = min(max(HTTP::_GP('system', $PLANET['system']), 1), Config::get('max_system')); $planet = min(max(HTTP::_GP('planet', $PLANET['planet']), 1), Config::get('max_planets')); $type = HTTP::_GP('type', 1); $current = HTTP::_GP('current', 0); if (!empty($galaxyLeft)) $galaxy = max($galaxy - 1, 1); elseif (!empty($galaxyRight)) $galaxy = min($galaxy + 1, Config::get('max_galaxy')); if (!empty($systemLeft)) $system = max($system - 1, 1); elseif (!empty($systemRight)) $system = min($system + 1, Config::get('max_system')); if ($galaxy != $PLANET['galaxy'] || $system != $PLANET['system']) { if($PLANET['deuterium'] < Config::get('deuterium_cost_galaxy')) { $this->printMessage($LNG['gl_no_deuterium_to_view_galaxy'], array(""game.php?page=galaxy"", 3)); exit; } else { $PLANET['deuterium'] -= Config::get('deuterium_cost_galaxy'); } } $targetDefensive = $reslist['defense']; $targetDefensive[] = 502; $MissleSelector[0] = $LNG['gl_all_defenses']; foreach($targetDefensive as $Element) { $MissleSelector[$Element] = $LNG['tech'][$Element]; } $galaxyRows = new GalaxyRows; $galaxyRows->setGalaxy($galaxy); $galaxyRows->setSystem($system); $Result = $galaxyRows->getGalaxyData(); $this->tplObj->loadscript('galaxy.js'); $this->tplObj->assign_vars(array( 'GalaxyRows' => $Result, 'planetcount' => sprintf($LNG['gl_populed_planets'], count($Result)), 'action' => $action, 'galaxy' => $galaxy, 'system' => $system, 'planet' => $planet, 'type' => $type, 'current' => $current, 'maxfleetcount' => FleetFunctions::GetCurrentFleets($USER['id']), 'fleetmax' => FleetFunctions::GetMaxFleetSlots($USER), 'currentmip' => $PLANET[$resource[503]], 'grecyclers' => $PLANET[$resource[219]], 'recyclers' => $PLANET[$resource[209]], 'spyprobes' => $PLANET[$resource[210]], 'missile_count' => sprintf($LNG['gl_missil_to_launch'], $PLANET[$resource[503]]), 'spyShips' => array(210 => $USER['spio_anz']), 'settings_fleetactions' => $USER['settings_fleetactions'], 'current_galaxy' => $PLANET['galaxy'], 'current_system' => $PLANET['system'], 'current_planet' => $PLANET['planet'], 'planet_type' => $PLANET['planet_type'], 'max_planets' => Config::get('max_planets'), 'MissleSelector' => $MissleSelector, 'ShortStatus' => array( 'vacation' => $LNG['gl_short_vacation'], 'banned' => $LNG['gl_short_ban'], 'inactive' => $LNG['gl_short_inactive'], 'longinactive' => $LNG['gl_short_long_inactive'], 'noob' => $LNG['gl_short_newbie'], 'strong' => $LNG['gl_short_strong'], 'enemy' => $LNG['gl_short_enemy'], 'friend' => $LNG['gl_short_friend'], 'member' => $LNG['gl_short_member'], ), )); $this->display('page.galaxy.default.tpl'); }",True,PHP,show,class.ShowGalaxyPage.php,https://github.com/oktora24/2moons,oktora24,slaver7,2013-01-18 11:31:33+00:00,fix possible sql injections.,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2013-10014,"function XMLRPCremoveResourceGroupPriv($name, $type, $nodeid, $permissions) { return _XMLRPCchangeResourceGroupPriv_sub('remove', $name, $type, $nodeid, $permissions); }" 671,"function a_form_section_page() { if (isset($_POST[""action""])) { if ($_POST[""action""] == ""Update"") { AFormSection::update(); } if ($_POST[""action""] == ""Create"") { AFormSection::create(); } } if ($_GET[""action""] == ""delete"") { AFormSection::delete(); } ?> ""); } if (isset($_GET[""action""]) && $_GET[""action""] != ""delete"") { if ($_GET[""action""] == ""edit"") { $a_form = tom_get_row_by_id(""a_form_sections"", ""*"", ""ID"", esc_html($_GET[""id""])); ?>
    "", $record); if ($key_value[0] == $form_name.$field_name && $key_value[1] != """") { $field_values[$field_name] = $key_value[1]; } } } } } else { $content = str_replace('\""', ""\"""", esc_html($_POST[$form_name.$field_name])); $content = str_replace(""\'"", '\'', $content); $email_content .= $field->field_label."": "".$content.""\n\n""; $field_values[$field_name] = $content; } }",True,PHP,explode,a-forms.php,https://github.com/wp-plugins/a-forms,wp-plugins,MMDeveloper,2013-08-20 01:07:25+00:00,"Fixed yet another issue with critical cross-site scripting. I've forced SiteLock to check and check, and I think its finally fixed. git-svn-id: https://plugins.svn.wordpress.org/a-forms/trunk@758898 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2013-10020,"function XMLRPCendRequest($requestid) { global $user; $requestid = processInputData($requestid, ARG_NUMERIC); $userRequests = getUserRequests('all', $user['id']); $found = 0; foreach($userRequests as $req) { if($req['id'] == $requestid) { $request = getRequestInfo($requestid); $found = 1; break; } } if(! $found) return array('status' => 'error', 'errorcode' => 1, 'errormsg' => 'unknown requestid'); deleteRequest($request); return array('status' => 'success'); }" 676,"function a_form_page() { if (tom_get_query_string_value(""a_form_page"") != ""section"") { if (isset($_POST[""action""])) { $action = esc_html($_POST[""action""]); if ($action == ""Update"") { AForm::update(); } if ($action == ""Create"") { AForm::create(); } } if ($_GET[""action""] == ""delete"") { AForm::delete(); } } ?> ""); } if (isset($_GET[""action""]) && $_GET[""action""] != ""delete"") { if ($_GET[""action""] == ""edit"") { $a_form = tom_get_row_by_id(""a_form_forms"", ""*"", ""ID"", esc_html($_GET[""id""])); ?>
    Start by creating a form.

    ""); } else { tom_generate_datatable(""a_form_forms"", array(""ID"", ""form_name"", ""include_admin_in_emails"", ""to_email"", ""tracking_enabled""), ""ID"", """", array(""form_name ASC""), __AFORMS_DEFAULT_LIMIT__, get_option(""siteurl"").""/wp-admin/admin.php?page=a-forms/a-forms.php"", false, true, true, true, true); } ?>
    'error', 'errorcode' => 1, 'errormsg' => 'unknown requestid'); deleteRequest($request); return array('status' => 'success'); }" 677,"foreach ($fields as $field) { $content = $fields_array[str_replace("" "", ""_"", strtolower($field->field_label))]; echo(""""); }",True,PHP,foreach,a-forms.php,https://github.com/wp-plugins/a-forms,wp-plugins,MMDeveloper,2013-08-20 01:07:25+00:00,"Fixed yet another issue with critical cross-site scripting. I've forced SiteLock to check and check, and I think its finally fixed. git-svn-id: https://plugins.svn.wordpress.org/a-forms/trunk@758898 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2013-10020,"function XMLRPCendRequest($requestid) { global $user; $requestid = processInputData($requestid, ARG_NUMERIC); $userRequests = getUserRequests('all', $user['id']); $found = 0; foreach($userRequests as $req) { if($req['id'] == $requestid) { $request = getRequestInfo($requestid); $found = 1; break; } } if(! $found) return array('status' => 'error', 'errorcode' => 1, 'errormsg' => 'unknown requestid'); deleteRequest($request); return array('status' => 'success'); }" 683,"function exit_page_admin() { if ($_POST['xx']) { update_option('exitpagecontents', $_POST['xx']); update_option('redirecttoparent', $_POST['redirectpar']); } $oldtemp = stripcslashes(get_option(""exitpagecontents"")); $chkd = 1; $chkd2 = get_option(""redirecttoparent""); if ($chkd) { $chkd = ""checked='checked'""; } else { $chkd = """"; } if ($chkd2) { $chkd2 = ""checked='checked'""; } else { $chkd2 = """"; } echo <<< EOFT

    Wordpress Exit Strategy

    ""); if ($content != """" && $field->field_type == ""file"") { echo(""download""); } else { echo(preg_replace(""/, $/"", """", $content)); } echo(""
    '; echo ''; $format_bottom = ob_get_clean(); echo '
    '; echo ''; echo '

    '.$langmessage['new_file'].'

    '; echo '
    GetUrl('Admin/Menu/Ajax').'"" method=""post"">'; if( isset($_REQUEST['redir']) ){ echo ''; } echo '

    Exit Page Options

    '; } } }",True,PHP,isset,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function authenticate(CakeRequest $request, CakeResponse $response) { return self::getUser($request); }" 6202,"$class = isset($this->class) ? $this->class : 'page'; $params['dir'] = 'ASC'; if ($col == $current) { $class = 'current '.strtolower($this->order_direction); $params['dir'] = $this->order_direction == 'ASC' ? 'DESC' : 'ASC'; } $params['order'] = $col; $this->header_columns .= ''; } } }",True,PHP,isset,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function fetchSGOrgRow($id, $removable = false, $extend = false) { $this->layout = false; $this->autoRender = false; $this->set('id', (int)$id); $this->set('removable', $removable); $this->set('extend', $extend); $this->render('ajax/sg_org_row_empty'); }" 6203,"$class = isset($this->class) ? $this->class : 'page'; $params['dir'] = 'ASC'; if ($col == $current) { $class = 'current '.strtolower($this->order_direction); $params['dir'] = $this->order_direction == 'ASC' ? 'DESC' : 'ASC'; } $params['order'] = $col; $this->header_columns .= ''; } } }",True,PHP,isset,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function edit() { $currentUser = $this->User->find('first', array( 'conditions' => array('User.id' => $this->Auth->user('id')), 'recursive' => -1 )); if (empty($currentUser)) { throw new NotFoundException('Something went wrong. Your user account could not be accessed.'); } $id = $currentUser['User']['id']; if ($this->request->is('post') || $this->request->is('put')) { if (empty($this->request->data['User'])) { $this->request->data = array('User' => $this->request->data); } $abortPost = false; if (!empty($this->request->data['User']['email']) && !$this->_isSiteAdmin()) { $organisation = $this->User->Organisation->find('first', array( 'conditions' => array('Organisation.id' => $this->Auth->user('org_id')), 'recursive' => -1 )); if (!empty($organisation['Organisation']['restricted_to_domain'])) { $abortPost = true; foreach ($organisation['Organisation']['restricted_to_domain'] as $restriction) { if ( strlen($this->request->data['User']['email']) > strlen($restriction) && substr($this->request->data['User']['email'], (-1 * strlen($restriction))) === $restriction && in_array($this->request->data['User']['email'][strlen($this->request->data['User']['email']) - strlen($restriction) -1], array('@', '.')) ) { $abortPost = false; } } if ($abortPost) { $message = __('Invalid e-mail domain. Your user is restricted to creating users for the following domain(s): ') . implode(', ', $organisation['Organisation']['restricted_to_domain']); } } } if (!$abortPost && (!$this->_isRest() || empty($this->request->header('Authorization')))) { if (Configure::read('Security.require_password_confirmation')) { if (!empty($this->request->data['User']['current_password'])) { $hashed = $this->User->verifyPassword($this->Auth->user('id'), $this->request->data['User']['current_password']); if (!$hashed) { $abortPost = true; $this->Flash->error('Invalid password. Please enter your current password to continue.'); } unset($this->request->data['User']['current_password']); } else { $abortPost = true; $this->Flash->info('Please enter your current password to continue.'); } } } if (!$abortPost) { $fieldList = array('autoalert', 'gpgkey', 'certif_public', 'nids_sid', 'contactalert', 'disabled', 'date_modified'); if ($this->__canChangeLogin()) { $fieldList[] = 'email'; } if ($this->__canChangePassword() && !empty($this->request->data['User']['password'])) { $fieldList[] = 'password'; $fieldList[] = 'confirm_password'; } foreach ($this->request->data['User'] as $k => $v) { $currentUser['User'][$k] = $v; } if ($this->_isRest()) { if (!empty($this->request->data['User']['password'])) { if ($this->request->data['User']['password'] === '*****') { unset($this->request->data['User']['password']); } else { $currentUser['User']['confirm_password'] = $this->request->data['User']['password']; } } } if ($this->User->save($currentUser, true, $fieldList)) { if ($this->_isRest()) { $user = $this->User->find('first', array( 'conditions' => array('User.id' => $id), 'recursive' => -1, 'contain' => array( 'Organisation', 'Role', 'UserSetting' ) )); return $this->RestResponse->viewData($this->__massageUserObject($user), $this->response->type()); } else { $this->Flash->success(__('The profile has been updated')); $this->redirect(array('action' => 'view', $id)); } } else { $message = __('The profile could not be updated. Please, try again.'); $abortPost = true; } } if ($abortPost) { $this->request->data['User']['password'] = ''; $this->request->data['User']['confirm_password'] = ''; if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Users', 'edit', $id, $message, $this->response->type()); } else { $this->Flash->error($message); } } } else { $this->User->data = $currentUser; $this->User->set('password', ''); $this->request->data = $this->User->data; } $this->loadModel('Server'); $this->set('complexity', !empty(Configure::read('Security.password_policy_complexity')) ? Configure::read('Security.password_policy_complexity') : $this->Server->serverSettings['Security']['password_policy_complexity']['value']); $this->set('length', !empty(Configure::read('Security.password_policy_length')) ? Configure::read('Security.password_policy_length') : $this->Server->serverSettings['Security']['password_policy_length']['value']); $roles = $this->User->Role->find('list'); $this->set('roles', $roles); $this->set('id', $id); $this->set('canChangePassword', $this->__canChangePassword()); $this->set('canChangeLogin', $this->__canChangeLogin()); }" 6204,"$class = isset($this->class) ? $this->class : 'page'; $params['dir'] = 'ASC'; if ($col == $current) { $class = 'current '.strtolower($this->order_direction); $params['dir'] = $this->order_direction == 'ASC' ? 'DESC' : 'ASC'; } $params['order'] = $col; $this->header_columns .= ''; } } }",True,PHP,isset,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function beforeFilter() { parent::beforeFilter(); $this->Security->unlockedActions = array('uploadFile', 'deleteTemporaryFile'); }" 6205,"$class = isset($this->class) ? $this->class : 'page'; $params['dir'] = 'ASC'; if ($col == $current) { $class = 'current '.strtolower($this->order_direction); $params['dir'] = $this->order_direction == 'ASC' ? 'DESC' : 'ASC'; } $params['order'] = $col; $this->header_columns .= ''; } } }",True,PHP,isset,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"public function getUser(CakeRequest $request) { if (empty(self::$user)) { if (self::$client) { self::$user = self::$client; $sync = Configure::read('CertAuth.syncUser'); if ($sync) { if (!self::getRestUser()) return false; } $userModelKey = empty(Configure::read('CertAuth.userModelKey')) ? 'email' : Configure::read('CertAuth.userModelKey'); $userDefaults = Configure::read('CertAuth.userDefaults'); $this->User = ClassRegistry::init('User'); if (!empty(self::$user[$userModelKey])) { $existingUser = $this->User->find('first', array( 'conditions' => array($userModelKey => self::$user[$userModelKey]), 'recursive' => false )); } if ($existingUser) { if ($sync) { if (!isset(self::$user['org_id']) && isset(self::$user['org'])) { self::$user['org_id'] = $this->User->Organisation->createOrgFromName(self::$user['org'], $existingUser['User']['id'], true); if (self::$user['org_id'] && $existingUser['User']['org_id'] != self::$user['org_id']) { if ($userDefaults && is_array($userDefaults)) { self::$user = array_merge($userDefaults + self::$user); } } unset(self::$user['org']); } $write = array(); foreach (self::$user as $k => $v) { if (isset($existingUser['User'][$k]) && trim($existingUser['User'][$k]) != trim($v)) { $write[] = $k; $existingUser['User'][$k] = trim($v); } } if (!empty($write) && !$this->User->save($existingUser['User'], true, $write)) { CakeLog::write('alert', 'Could not update model at database with RestAPI data.'); } } self::$user = $this->User->getAuthUser($existingUser['User']['id']); if (isset(self::$user['gpgkey'])) unset(self::$user['gpgkey']); } else if ($sync && !empty(self::$user)) { $org = isset(self::$client['org']) ? self::$client['org'] : null; if ($org == null) return false; if (!isset(self::$user['org_id']) && isset(self::$user['org'])) { self::$user['org_id'] = $this->User->Organisation->createOrgFromName($org, 0, true); unset(self::$user['org']); } if ($userDefaults && is_array($userDefaults)) { self::$user = array_merge(self::$user, $userDefaults); } $this->User->create(); if ($this->User->save(self::$user)) { $id = $this->User->id; self::$user = $this->User->getAuthUser($id); if (isset(self::$user['gpgkey'])) unset(self::$user['gpgkey']); } else { CakeLog::write('alert', 'Could not insert model at database from RestAPI data. Reason: ' . json_encode($this->User->validationErrors)); } } else { self::$user = false; } } } return self::$user; }" 6206,"$class = isset($this->class) ? $this->class : 'page'; $params['dir'] = 'ASC'; if ($col == $current) { $class = 'current '.strtolower($this->order_direction); $params['dir'] = $this->order_direction == 'ASC' ? 'DESC' : 'ASC'; } $params['order'] = $col; $this->header_columns .= ''; } } }",True,PHP,isset,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"if ($field != 'confirm_password') array_push($fieldsOldValues, $this->User->field($field)); else array_push($fieldsOldValues, $this->User->field('password')); } if ( isset($this->request->data['User']['enable_password']) && $this->request->data['User']['enable_password'] != '0' && isset($this->request->data['User']['password']) && """" != $this->request->data['User']['password'] ) { $fields[] = 'password'; if ($this->_isRest() && !isset($this->request->data['User']['confirm_password'])) { $this->request->data['User']['confirm_password'] = $this->request->data['User']['password']; $fields[] = 'confirm_password'; } } if (!$this->_isRest()) { $fields[] = 'role_id'; } if (!$this->_isSiteAdmin()) { $this->loadModel('Role'); $this->Role->recursive = -1; $chosenRole = $this->Role->findById($this->request->data['User']['role_id']); if (empty($chosenRole) || (($chosenRole['Role']['id'] != $allowedRole) && ($chosenRole['Role']['perm_site_admin'] == 1 || $chosenRole['Role']['perm_regexp_access'] == 1 || $chosenRole['Role']['perm_sync'] == 1))) { throw new Exception('You are not authorised to assign that role to a user.'); } } if ($this->User->save($this->request->data, true, $fields)) { $fieldsNewValues = array(); foreach ($fields as $field) { if ($field != 'confirm_password') { $newValue = $this->data['User'][$field]; if (gettype($newValue) == 'array') { $newValueStr = ''; $cP = 0; foreach ($newValue as $newValuePart) { if ($cP < 2) $newValueStr .= '-' . $newValuePart; else $newValueStr = $newValuePart . $newValueStr; $cP++; } array_push($fieldsNewValues, $newValueStr); } else { array_push($fieldsNewValues, $newValue); } } else { array_push($fieldsNewValues, $this->data['User']['password']); } } $fieldsResultStr = ''; $c = 0; foreach ($fields as $field) { if (isset($fieldsOldValues[$c]) && $fieldsOldValues[$c] != $fieldsNewValues[$c]) { if ($field != 'confirm_password' && $field != 'enable_password') { $fieldsResultStr = $fieldsResultStr . ', ' . $field . ' (' . $fieldsOldValues[$c] . ') => (' . $fieldsNewValues[$c] . ')'; } } $c++; } $fieldsResultStr = substr($fieldsResultStr, 2); $this->__extralog(""edit"", ""user"", $fieldsResultStr); if ($this->_isRest()) { $user = $this->User->find('first', array( 'conditions' => array('User.id' => $this->User->id), 'recursive' => -1 )); $user['User']['password'] = '******'; return $this->RestResponse->viewData($user, $this->response->type()); } else { $this->Session->setFlash(__('The user has been saved')); $this->_refreshAuth(); $this->redirect(array('action' => 'index')); } } else { if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Users', 'admin_edit', $id, $this->User->validationErrors, $this->response->type()); } else { $this->Session->setFlash(__('The user could not be saved. Please, try again.')); } } } } else {" 6207,"$class = isset($this->class) ? $this->class : 'page'; $params['dir'] = 'ASC'; if ($col == $current) { $class = 'current '.strtolower($this->order_direction); $params['dir'] = $this->order_direction == 'ASC' ? 'DESC' : 'ASC'; } $params['order'] = $col; $this->header_columns .= ''; } } }",True,PHP,isset,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,public function offset($offset) { $this->ar_offset = (int) $offset; return $this; } 6222,"static function convertUTF($string) { return $string = str_replace('?', '', htmlspecialchars($string, ENT_IGNORE, 'UTF-8')); }",True,PHP,convertUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"private function encloseForCSV($field) { $cleanCSV = new CleanCSV(); return '""' . $cleanCSV->escapeField($field) . '""'; }" 6223,"static function convertUTF($string) { return $string = str_replace('?', '', htmlspecialchars($string, ENT_IGNORE, 'UTF-8')); }",True,PHP,convertUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"private function encloseForCSV($field) { $cleanCSV = new CleanCSV(); return '""' . $cleanCSV->escapeField($field) . '""'; }" 6224,"static function convertUTF($string) { return $string = str_replace('?', '', htmlspecialchars($string, ENT_IGNORE, 'UTF-8')); }",True,PHP,convertUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"private function encloseForCSV($field) { $cleanCSV = new CleanCSV(); return '""' . $cleanCSV->escapeField($field) . '""'; }" 6225,"static function convertUTF($string) { return $string = str_replace('?', '', htmlspecialchars($string, ENT_IGNORE, 'UTF-8')); }",True,PHP,convertUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"private function encloseForCSV($field) { $cleanCSV = new CleanCSV(); return '""' . $cleanCSV->escapeField($field) . '""'; }" 6226,"static function convertUTF($string) { return $string = str_replace('?', '', htmlspecialchars($string, ENT_IGNORE, 'UTF-8')); }",True,PHP,convertUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"public function testCreateRelationshipMeta() { $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), null); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), 'Contacts'); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), 'Contacts', true); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', null, null, array(), 'Contacts'); self::assertCount(8, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', $this->db, null, array(), 'Contacts'); self::assertNotTrue(isset($GLOBALS['log']->calls['fatal'])); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('Nonexists1', $this->db, null, array(), 'Nonexists2'); self::assertCount(1, $GLOBALS['log']->calls['debug']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', null, null, array(), 'Contacts'); self::assertCount(8, $GLOBALS['log']->calls['fatal']); }" 6227,"static function convertUTF($string) { return $string = str_replace('?', '', htmlspecialchars($string, ENT_IGNORE, 'UTF-8')); }",True,PHP,convertUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"public function testCreateRelationshipMeta() { $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), null); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), 'Contacts'); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), 'Contacts', true); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', null, null, array(), 'Contacts'); self::assertCount(8, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', $this->db, null, array(), 'Contacts'); self::assertNotTrue(isset($GLOBALS['log']->calls['fatal'])); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('Nonexists1', $this->db, null, array(), 'Nonexists2'); self::assertCount(1, $GLOBALS['log']->calls['debug']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', null, null, array(), 'Contacts'); self::assertCount(8, $GLOBALS['log']->calls['fatal']); }" 6228,"static function convertUTF($string) { return $string = str_replace('?', '', htmlspecialchars($string, ENT_IGNORE, 'UTF-8')); }",True,PHP,convertUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function testCreateRelationshipMeta() { $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), null); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), 'Contacts'); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), 'Contacts', true); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', null, null, array(), 'Contacts'); self::assertCount(8, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', $this->db, null, array(), 'Contacts'); self::assertNotTrue(isset($GLOBALS['log']->calls['fatal'])); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('Nonexists1', $this->db, null, array(), 'Nonexists2'); self::assertCount(1, $GLOBALS['log']->calls['debug']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', null, null, array(), 'Contacts'); self::assertCount(8, $GLOBALS['log']->calls['fatal']); }" 6236,"$rst[$key] = self::parseAndTrim($st, $unescape); } return $rst; } $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace('""',""""",$str); $str = str_replace(""'"",""& $str = str_replace(""’"",""’"",$str); $str = str_replace(""‘"",""‘"",$str); $str = str_replace(""®"",""& $str = str_replace(""–"",""-"", $str); $str = str_replace(""—"",""& $str = str_replace(""”"",""”"", $str); $str = str_replace(""“"",""“"", $str); $str = str_replace(""¼"",""& $str = str_replace(""½"",""& $str = str_replace(""¾"",""& $str = str_replace(""™"",""™"", $str); $str = trim($str); if ($unescape) { $str = stripcslashes($str); } else { $str = addslashes($str); } return $str; }",True,PHP,parseAndTrim,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function testCreateRelationshipMeta() { $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), null); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), 'Contacts'); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), 'Contacts', true); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', null, null, array(), 'Contacts'); self::assertCount(8, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', $this->db, null, array(), 'Contacts'); self::assertNotTrue(isset($GLOBALS['log']->calls['fatal'])); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('Nonexists1', $this->db, null, array(), 'Nonexists2'); self::assertCount(1, $GLOBALS['log']->calls['debug']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', null, null, array(), 'Contacts'); self::assertCount(8, $GLOBALS['log']->calls['fatal']); }" 6237,"$rst[$key] = self::parseAndTrim($st, $unescape); } return $rst; } $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace('""',""""",$str); $str = str_replace(""'"",""& $str = str_replace(""’"",""’"",$str); $str = str_replace(""‘"",""‘"",$str); $str = str_replace(""®"",""& $str = str_replace(""–"",""-"", $str); $str = str_replace(""—"",""& $str = str_replace(""”"",""”"", $str); $str = str_replace(""“"",""“"", $str); $str = str_replace(""¼"",""& $str = str_replace(""½"",""& $str = str_replace(""¾"",""& $str = str_replace(""™"",""™"", $str); $str = trim($str); if ($unescape) { $str = stripcslashes($str); } else { $str = addslashes($str); } return $str; }",True,PHP,parseAndTrim,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function createDatabase($dbname = null) { $stmt = Database::prepare(""CREATE DATABASE :dbname""); Database::pexecute($stmt, [ 'dbname' => $dbname ]); }" 6238,"$rst[$key] = self::parseAndTrim($st, $unescape); } return $rst; } $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace('""',""""",$str); $str = str_replace(""'"",""& $str = str_replace(""’"",""’"",$str); $str = str_replace(""‘"",""‘"",$str); $str = str_replace(""®"",""& $str = str_replace(""–"",""-"", $str); $str = str_replace(""—"",""& $str = str_replace(""”"",""”"", $str); $str = str_replace(""“"",""“"", $str); $str = str_replace(""¼"",""& $str = str_replace(""½"",""& $str = str_replace(""¾"",""& $str = str_replace(""™"",""™"", $str); $str = trim($str); if ($unescape) { $str = stripcslashes($str); } else { $str = addslashes($str); } return $str; }",True,PHP,parseAndTrim,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function sendMail($customerid = - 1, $template_subject = null, $default_subject = null, $template_body = null, $default_body = null) { global $mail, $theme; if ($customerid != - 1) { $usr_stmt = Database::prepare(' SELECT `name`, `firstname`, `company`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :customerid'); $usr = Database::pexecute_first($usr_stmt, array( 'customerid' => $customerid )); $replace_arr = array( 'FIRSTNAME' => $usr['firstname'], 'NAME' => $usr['name'], 'COMPANY' => $usr['company'], 'SALUTATION' => getCorrectUserSalutation($usr), 'SUBJECT' => $this->Get('subject', true) ); } else { $replace_arr = array( 'SUBJECT' => $this->Get('subject', true) ); } $tpl_seldata = array( 'adminid' => $this->userinfo['adminid'], 'lang' => $this->userinfo['def_language'], 'tplsubject' => $template_subject ); $result_stmt = Database::prepare("" SELECT `value` FROM `"" . TABLE_PANEL_TEMPLATES . ""` WHERE `adminid`= :adminid AND `language`= :lang AND `templategroup`= 'mails' AND `varname`= :tplsubject""); $result = Database::pexecute_first($result_stmt, $tpl_seldata); $mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_subject), $replace_arr)); unset($tpl_seldata['tplsubject']); $tpl_seldata['tplmailbody'] = $template_body; $result_stmt = Database::prepare("" SELECT `value` FROM `"" . TABLE_PANEL_TEMPLATES . ""` WHERE `adminid`= :adminid AND `language`= :lang AND `templategroup`= 'mails' AND `varname`= :tplmailbody""); $result = Database::pexecute_first($result_stmt, $tpl_seldata); $mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_body), $replace_arr)); if ($customerid != - 1) { $_mailerror = false; try { $mail->SetFrom(Settings::Get('ticket.noreply_email'), Settings::Get('ticket.noreply_name')); $mail->Subject = $mail_subject; $mail->AltBody = $mail_body; $mail->MsgHTML(str_replace(""\n"", ""
    "", $mail_body)); $mail->AddAddress($usr['email'], $usr['firstname'] . ' ' . $usr['name']); $mail->Send(); } catch (phpmailerException $e) { $mailerr_msg = $e->errorMessage(); $_mailerror = true; } catch (Exception $e) { $mailerr_msg = $e->getMessage(); $_mailerror = true; } if ($_mailerror) { $rstlog = FroxlorLogger::getInstanceOf(array( 'loginname' => 'ticket_class' )); $rstlog->logAction(ADM_ACTION, LOG_ERR, ""Error sending mail: "" . $mailerr_msg); standard_error('errorsendingmail', $usr['email']); } $mail->ClearAddresses(); } else { $admin_stmt = Database::prepare("" SELECT `name`, `email` FROM `"" . TABLE_PANEL_ADMINS . ""` WHERE `adminid` = :adminid""); $admin = Database::pexecute_first($admin_stmt, array( 'adminid' => $this->userinfo['adminid'] )); $_mailerror = false; try { $mail->SetFrom(Settings::Get('ticket.noreply_email'), Settings::Get('ticket.noreply_name')); $mail->Subject = $mail_subject; $mail->AltBody = $mail_body; $mail->MsgHTML(str_replace(""\n"", ""
    "", $mail_body)); $mail->AddAddress($admin['email'], $admin['name']); $mail->Send(); } catch (phpmailerException $e) { $mailerr_msg = $e->errorMessage(); $_mailerror = true; } catch (Exception $e) { $mailerr_msg = $e->getMessage(); $_mailerror = true; } if ($_mailerror) { $rstlog = FroxlorLogger::getInstanceOf(array( 'loginname' => 'ticket_class' )); $rstlog->logAction(ADM_ACTION, LOG_ERR, ""Error sending mail: "" . $mailerr_msg); standard_error('errorsendingmail', $admin['email']); } $mail->ClearAddresses(); } }" 6239,"$rst[$key] = self::parseAndTrim($st, $unescape); } return $rst; } $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace('""',""""",$str); $str = str_replace(""'"",""& $str = str_replace(""’"",""’"",$str); $str = str_replace(""‘"",""‘"",$str); $str = str_replace(""®"",""& $str = str_replace(""–"",""-"", $str); $str = str_replace(""—"",""& $str = str_replace(""”"",""”"", $str); $str = str_replace(""“"",""“"", $str); $str = str_replace(""¼"",""& $str = str_replace(""½"",""& $str = str_replace(""¾"",""& $str = str_replace(""™"",""™"", $str); $str = trim($str); if ($unescape) { $str = stripcslashes($str); } else { $str = addslashes($str); } return $str; }",True,PHP,parseAndTrim,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"static public function getPriorityText($_lng, $_priority = 0) { switch ($_priority) { case 1: return $_lng['ticket']['high']; break; case 2: return $_lng['ticket']['normal']; break; default: return $_lng['ticket']['low']; break; } }" 6240,"$rst[$key] = self::parseAndTrim($st, $unescape); } return $rst; } $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace('""',""""",$str); $str = str_replace(""'"",""& $str = str_replace(""’"",""’"",$str); $str = str_replace(""‘"",""‘"",$str); $str = str_replace(""®"",""& $str = str_replace(""–"",""-"", $str); $str = str_replace(""—"",""& $str = str_replace(""”"",""”"", $str); $str = str_replace(""“"",""“"", $str); $str = str_replace(""¼"",""& $str = str_replace(""½"",""& $str = str_replace(""¾"",""& $str = str_replace(""™"",""™"", $str); $str = trim($str); if ($unescape) { $str = stripcslashes($str); } else { $str = addslashes($str); } return $str; }",True,PHP,parseAndTrim,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"static public function getLastArchived($_num = 10, $_admin = 1) { if ($_num > 0) { $archived = array(); $counter = 0; $result_stmt = Database::prepare("" SELECT *, ( SELECT COUNT(`sub`.`id`) FROM `"" . TABLE_PANEL_TICKETS . ""` `sub` WHERE `sub`.`answerto` = `main`.`id` ) as `ticket_answers` FROM `"" . TABLE_PANEL_TICKETS . ""` `main` WHERE `main`.`answerto` = '0' AND `main`.`archived` = '1' AND `main`.`adminid` = :adminid ORDER BY `main`.`lastchange` DESC LIMIT 0, "" . (int) $_num); Database::pexecute($result_stmt, array( 'adminid' => $_admin )); while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { $archived[$counter]['id'] = $row['id']; $archived[$counter]['customerid'] = $row['customerid']; $archived[$counter]['adminid'] = $row['adminid']; $archived[$counter]['lastreplier'] = $row['lastreplier']; $archived[$counter]['ticket_answers'] = $row['ticket_answers']; $archived[$counter]['category'] = $row['category']; $archived[$counter]['priority'] = $row['priority']; $archived[$counter]['subject'] = $row['subject']; $archived[$counter]['message'] = $row['message']; $archived[$counter]['dt'] = $row['dt']; $archived[$counter]['lastchange'] = $row['lastchange']; $archived[$counter]['status'] = $row['status']; $archived[$counter]['by'] = $row['by']; $counter ++; } if (isset($archived[0]['id'])) { return $archived; } else { return false; } }" 6241,"$rst[$key] = self::parseAndTrim($st, $unescape); } return $rst; } $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace('""',""""",$str); $str = str_replace(""'"",""& $str = str_replace(""’"",""’"",$str); $str = str_replace(""‘"",""‘"",$str); $str = str_replace(""®"",""& $str = str_replace(""–"",""-"", $str); $str = str_replace(""—"",""& $str = str_replace(""”"",""”"", $str); $str = str_replace(""“"",""“"", $str); $str = str_replace(""¼"",""& $str = str_replace(""½"",""& $str = str_replace(""¾"",""& $str = str_replace(""™"",""™"", $str); $str = trim($str); if ($unescape) { $str = stripcslashes($str); } else { $str = addslashes($str); } return $str; }",True,PHP,parseAndTrim,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"static public function getCategoryName($_id = 0) { if ($_id != 0) { $stmt = Database::prepare("" SELECT `name` FROM `"" . TABLE_PANEL_TICKET_CATS . ""` WHERE `id` = :id""); $category = Database::pexecute_first($stmt, array( 'id' => $_id )); return $category['name']; } return null; }" 6242,"$rst[$key] = self::parseAndTrim($st, $unescape); } return $rst; } $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""
    "","" "",$str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace('""',""""",$str); $str = str_replace(""'"",""& $str = str_replace(""’"",""’"",$str); $str = str_replace(""‘"",""‘"",$str); $str = str_replace(""®"",""& $str = str_replace(""–"",""-"", $str); $str = str_replace(""—"",""& $str = str_replace(""”"",""”"", $str); $str = str_replace(""“"",""“"", $str); $str = str_replace(""¼"",""& $str = str_replace(""½"",""& $str = str_replace(""¾"",""& $str = str_replace(""™"",""™"", $str); $str = trim($str); if ($unescape) { $str = stripcslashes($str); } else { $str = addslashes($str); } return $str; }",True,PHP,parseAndTrim,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"static public function addCategory($_category = null, $_admin = 1, $_order = 1) { if ($_category != null && $_category != '') { if ($_order < 1) { $_order = 1; } $ins_stmt = Database::prepare("" INSERT INTO `"" . TABLE_PANEL_TICKET_CATS . ""` SET `name` = :name, `adminid` = :adminid, `logicalorder` = :lo""); $ins_data = array( 'name' => $_category, 'adminid' => $_admin, 'lo' => $_order ); Database::pexecute($ins_stmt, $ins_data); return true; } return false; }" 6243,"static function convertXMLFeedSafeChar($str) { $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""""",'""',$str); $str = str_replace(""& $str = str_replace(""’"",""'"",$str); $str = str_replace(""‘"",""'"",$str); $str = str_replace(""& $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""”"",'""', $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""“"",'""', $str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace(""�"","" 1/4"",$str); $str = str_replace(""& $str = str_replace(""�"","" 1/2"",$str); $str = str_replace(""& $str = str_replace(""�"","" 3/4"",$str); $str = str_replace(""& $str = str_replace(""�"", ""(TM)"", $str); $str = str_replace(""™"",""(TM)"", $str); $str = str_replace(""®"",""(R)"", $str); $str = str_replace(""�"",""(R)"",$str); $str = str_replace(""&"",""&"",$str); $str = str_replace("">"","">"",$str); return trim($str); }",True,PHP,convertXMLFeedSafeChar,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false) { if ($_var != '' && $_value != '') { if (! $_vartrusted) { $_var = strip_tags($_var); } if (! $_valuetrusted) { $_value = strip_tags($_value, '
    '); } if (strtolower($_var) == 'message' || strtolower($_var) == 'subject') { $_value = $this->convertLatin1ToHtml($_value); } $this->t_data[$_var] = $_value; } }" 6244,"static function convertXMLFeedSafeChar($str) { $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""""",'""',$str); $str = str_replace(""& $str = str_replace(""’"",""'"",$str); $str = str_replace(""‘"",""'"",$str); $str = str_replace(""& $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""”"",'""', $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""“"",'""', $str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace(""�"","" 1/4"",$str); $str = str_replace(""& $str = str_replace(""�"","" 1/2"",$str); $str = str_replace(""& $str = str_replace(""�"","" 3/4"",$str); $str = str_replace(""& $str = str_replace(""�"", ""(TM)"", $str); $str = str_replace(""™"",""(TM)"", $str); $str = str_replace(""®"",""(R)"", $str); $str = str_replace(""�"",""(R)"",$str); $str = str_replace(""&"",""&"",$str); $str = str_replace("">"","">"",$str); return trim($str); }",True,PHP,convertXMLFeedSafeChar,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"private function initData() { $this->Set('customer', 0, true, true); $this->Set('admin', 1, true, true); $this->Set('subject', '', true, true); $this->Set('category', '0', true, true); $this->Set('priority', '2', true, true); $this->Set('message', '', true, true); $this->Set('dt', 0, true, true); $this->Set('lastchange', 0, true, true); $this->Set('ip', '', true, true); $this->Set('status', '0', true, true); $this->Set('lastreplier', '0', true, true); $this->Set('by', '0', true, true); $this->Set('answerto', '0', true, true); $this->Set('archived', '0', true, true); }" 6245,"static function convertXMLFeedSafeChar($str) { $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""""",'""',$str); $str = str_replace(""& $str = str_replace(""’"",""'"",$str); $str = str_replace(""‘"",""'"",$str); $str = str_replace(""& $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""”"",'""', $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""“"",'""', $str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace(""�"","" 1/4"",$str); $str = str_replace(""& $str = str_replace(""�"","" 1/2"",$str); $str = str_replace(""& $str = str_replace(""�"","" 3/4"",$str); $str = str_replace(""& $str = str_replace(""�"", ""(TM)"", $str); $str = str_replace(""™"",""(TM)"", $str); $str = str_replace(""®"",""(R)"", $str); $str = str_replace(""�"",""(R)"",$str); $str = str_replace(""&"",""&"",$str); $str = str_replace("">"","">"",$str); return trim($str); }",True,PHP,convertXMLFeedSafeChar,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function Archive() { $upd_stmt = Database::prepare(' UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = ""1"" WHERE `id` = :tid'); Database::pexecute($upd_stmt, array( 'tid' => $this->tid )); $upd_stmt = Database::prepare(' UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = ""1"" WHERE `answerto` = :tid'); Database::pexecute($upd_stmt, array( 'tid' => $this->tid )); return true; }" 6246,"static function convertXMLFeedSafeChar($str) { $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""""",'""',$str); $str = str_replace(""& $str = str_replace(""’"",""'"",$str); $str = str_replace(""‘"",""'"",$str); $str = str_replace(""& $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""”"",'""', $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""“"",'""', $str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace(""�"","" 1/4"",$str); $str = str_replace(""& $str = str_replace(""�"","" 1/2"",$str); $str = str_replace(""& $str = str_replace(""�"","" 3/4"",$str); $str = str_replace(""& $str = str_replace(""�"", ""(TM)"", $str); $str = str_replace(""™"",""(TM)"", $str); $str = str_replace(""®"",""(R)"", $str); $str = str_replace(""�"",""(R)"",$str); $str = str_replace(""&"",""&"",$str); $str = str_replace("">"","">"",$str); return trim($str); }",True,PHP,convertXMLFeedSafeChar,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"static public function deleteCategory($_id = 0) { if ($_id != 0) { $result_stmt = Database::prepare("" SELECT COUNT(`id`) as `numtickets` FROM `"" . TABLE_PANEL_TICKETS . ""` WHERE `category` = :cat""); $result = Database::pexecute_first($result_stmt, array( 'cat' => $_id )); if ($result['numtickets'] == ""0"") { $del_stmt = Database::prepare("" DELETE FROM `"" . TABLE_PANEL_TICKET_CATS . ""` WHERE `id` = :id""); Database::pexecute($del_stmt, array( 'id' => $_id )); return true; } else { return false; } } return false; }" 6247,"static function convertXMLFeedSafeChar($str) { $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""""",'""',$str); $str = str_replace(""& $str = str_replace(""’"",""'"",$str); $str = str_replace(""‘"",""'"",$str); $str = str_replace(""& $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""”"",'""', $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""“"",'""', $str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace(""�"","" 1/4"",$str); $str = str_replace(""& $str = str_replace(""�"","" 1/2"",$str); $str = str_replace(""& $str = str_replace(""�"","" 3/4"",$str); $str = str_replace(""& $str = str_replace(""�"", ""(TM)"", $str); $str = str_replace(""™"",""(TM)"", $str); $str = str_replace(""®"",""(R)"", $str); $str = str_replace(""�"",""(R)"",$str); $str = str_replace(""&"",""&"",$str); $str = str_replace("">"","">"",$str); return trim($str); }",True,PHP,convertXMLFeedSafeChar,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"private function readData() { if (isset($this->tid) && $this->tid != - 1) { if ($this->userinfo['customerid'] > 0) { $_ticket_stmt = Database::prepare(' SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid AND `customerid` = :cid'); $tdata = array( 'tid' => $this->tid, 'cid' => $this->userinfo['customerid'] ); } else { $_ticket_stmt = Database::prepare(' SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid' . ($this->userinfo['customers_see_all'] ? '' : ' AND `adminid` = :adminid')); $tdata = array( 'tid' => $this->tid ); if ($this->userinfo['customers_see_all'] != '1') { $tdata['adminid'] = $this->userinfo['adminid']; } } $_ticket = Database::pexecute_first($_ticket_stmt, $tdata); if ($_ticket == false) { throw new Exception(""Invalid ticket id""); } $this->Set('customer', $_ticket['customerid'], true, false); $this->Set('admin', $_ticket['adminid'], true, false); $this->Set('subject', $_ticket['subject'], true, false); $this->Set('category', $_ticket['category'], true, false); $this->Set('priority', $_ticket['priority'], true, false); $this->Set('message', $_ticket['message'], true, false); $this->Set('dt', $_ticket['dt'], true, false); $this->Set('lastchange', $_ticket['lastchange'], true, false); $this->Set('ip', $_ticket['ip'], true, false); $this->Set('status', $_ticket['status'], true, false); $this->Set('lastreplier', $_ticket['lastreplier'], true, false); $this->Set('by', $_ticket['by'], true, false); $this->Set('answerto', $_ticket['answerto'], true, false); $this->Set('archived', $_ticket['archived'], true, false); }" 6248,"static function convertXMLFeedSafeChar($str) { $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""""",'""',$str); $str = str_replace(""& $str = str_replace(""’"",""'"",$str); $str = str_replace(""‘"",""'"",$str); $str = str_replace(""& $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""”"",'""', $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""“"",'""', $str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace(""�"","" 1/4"",$str); $str = str_replace(""& $str = str_replace(""�"","" 1/2"",$str); $str = str_replace(""& $str = str_replace(""�"","" 3/4"",$str); $str = str_replace(""& $str = str_replace(""�"", ""(TM)"", $str); $str = str_replace(""™"",""(TM)"", $str); $str = str_replace(""®"",""(R)"", $str); $str = str_replace(""�"",""(R)"",$str); $str = str_replace(""&"",""&"",$str); $str = str_replace("">"","">"",$str); return trim($str); }",True,PHP,convertXMLFeedSafeChar,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"static public function getHighestOrderNumber($_uid = 0) { $where = ''; $sel_data = array(); if ($_uid > 0) { $where = "" WHERE `adminid` = :adminid""; $sel_data['adminid'] = $_uid; } $sql = ""SELECT MAX(`logicalorder`) as `highestorder` FROM `"" . TABLE_PANEL_TICKET_CATS . ""`"" . $where . "";""; $result_stmt = Database::prepare($sql); $result = Database::pexecute_first($result_stmt, $sel_data); return (isset($result['highestorder']) ? (int) $result['highestorder'] : 0); }" 6249,"static function convertXMLFeedSafeChar($str) { $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""
    "","""",$str); $str = str_replace(""""",'""',$str); $str = str_replace(""& $str = str_replace(""’"",""'"",$str); $str = str_replace(""‘"",""'"",$str); $str = str_replace(""& $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"",""-"", $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""”"",'""', $str); $str = str_replace(""�"", '""', $str); $str = str_replace(""“"",'""', $str); $str = str_replace(""\r\n"","" "",$str); $str = str_replace(""�"","" 1/4"",$str); $str = str_replace(""& $str = str_replace(""�"","" 1/2"",$str); $str = str_replace(""& $str = str_replace(""�"","" 3/4"",$str); $str = str_replace(""& $str = str_replace(""�"", ""(TM)"", $str); $str = str_replace(""™"",""(TM)"", $str); $str = str_replace(""®"",""(R)"", $str); $str = str_replace(""�"",""(R)"",$str); $str = str_replace(""&"",""&"",$str); $str = str_replace("">"","">"",$str); return trim($str); }",True,PHP,convertXMLFeedSafeChar,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function Delete() { $del_stmt = Database::prepare(' DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid'); Database::pexecute($del_stmt, array( 'tid' => $this->tid )); $del_stmt = Database::prepare(' DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = :tid'); Database::pexecute($del_stmt, array( 'tid' => $this->tid )); return true; }" 6264,"static function validUTF($string) { if(!mb_check_encoding($string, 'UTF-8') OR !($string === mb_convert_encoding(mb_convert_encoding($string, 'UTF-32', 'UTF-8' ), 'UTF-8', 'UTF-32'))) { return false; } return true; }",True,PHP,validUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function Update() { $upd_stmt = Database::prepare(' UPDATE `' . TABLE_PANEL_TICKETS . '` SET `priority` = :priority, `lastchange` = :lastchange, `status` = :status, `lastreplier` = :lastreplier WHERE `id` = :tid'); $upd_data = array( 'priority' => $this->Get('priority'), 'lastchange' => $this->Get('lastchange'), 'status' => $this->Get('status'), 'lastreplier' => $this->Get('lastreplier'), 'tid' => $this->tid ); Database::pexecute($upd_stmt, $upd_data); return true; }" 6265,"static function validUTF($string) { if(!mb_check_encoding($string, 'UTF-8') OR !($string === mb_convert_encoding(mb_convert_encoding($string, 'UTF-32', 'UTF-8' ), 'UTF-8', 'UTF-32'))) { return false; } return true; }",True,PHP,validUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"private function __construct($userinfo, $tid = - 1) { $this->userinfo = $userinfo; $this->tid = $tid; $this->initData(); $this->readData(); }" 6266,"static function validUTF($string) { if(!mb_check_encoding($string, 'UTF-8') OR !($string === mb_convert_encoding(mb_convert_encoding($string, 'UTF-32', 'UTF-8' ), 'UTF-8', 'UTF-32'))) { return false; } return true; }",True,PHP,validUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"static public function customerHasTickets($_cid = 0) { if ($_cid != 0) { $result_stmt = Database::prepare("" SELECT `id` FROM `"" . TABLE_PANEL_TICKETS . ""` WHERE `customerid` = :cid""); Database::pexecute($result_stmt, array( 'cid' => $_cid )); $tickets = array(); while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { $tickets[] = $row['id']; } return $tickets; } return false; }" 6267,"static function validUTF($string) { if(!mb_check_encoding($string, 'UTF-8') OR !($string === mb_convert_encoding(mb_convert_encoding($string, 'UTF-32', 'UTF-8' ), 'UTF-8', 'UTF-32'))) { return false; } return true; }",True,PHP,validUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function Insert() { $ins_stmt = Database::prepare("" INSERT INTO `"" . TABLE_PANEL_TICKETS . ""` SET `customerid` = :customerid, `adminid` = :adminid, `category` = :category, `priority` = :priority, `subject` = :subject, `message` = :message, `dt` = :dt, `lastchange` = :lastchange, `ip` = :ip, `status` = :status, `lastreplier` = :lastreplier, `by` = :by, `answerto` = :answerto""); $ins_data = array( 'customerid' => $this->Get('customer'), 'adminid' => $this->Get('admin'), 'category' => $this->Get('category'), 'priority' => $this->Get('priority'), 'subject' => $this->Get('subject'), 'message' => $this->Get('message'), 'dt' => time(), 'lastchange' => time(), 'ip' => $this->Get('ip'), 'status' => $this->Get('status'), 'lastreplier' => $this->Get('lastreplier'), 'by' => $this->Get('by'), 'answerto' => $this->Get('answerto') ); Database::pexecute($ins_stmt, $ins_data); $this->tid = Database::lastInsertId(); return true; }" 6268,"static function validUTF($string) { if(!mb_check_encoding($string, 'UTF-8') OR !($string === mb_convert_encoding(mb_convert_encoding($string, 'UTF-32', 'UTF-8' ), 'UTF-8', 'UTF-32'))) { return false; } return true; }",True,PHP,validUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"static public function getStatusText($_lng, $_status = 0) { switch ($_status) { case 0: return $_lng['ticket']['open']; break; case 1: return $_lng['ticket']['wait_reply']; break; case 2: return $_lng['ticket']['replied']; break; default: return $_lng['ticket']['closed']; break; } }" 6269,"static function validUTF($string) { if(!mb_check_encoding($string, 'UTF-8') OR !($string === mb_convert_encoding(mb_convert_encoding($string, 'UTF-32', 'UTF-8' ), 'UTF-8', 'UTF-32'))) { return false; } return true; }",True,PHP,validUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"static public function getInstanceOf($_usernfo, $_tid) { if (! isset(self::$tickets[$_tid . '-' . $_usernfo['userid']])) { self::$tickets[$_tid . '-' . $_usernfo['userid']] = new ticket($_usernfo, $_tid); } return self::$tickets[$_tid . '-' . $_usernfo['userid']]; }" 6270,"static function validUTF($string) { if(!mb_check_encoding($string, 'UTF-8') OR !($string === mb_convert_encoding(mb_convert_encoding($string, 'UTF-32', 'UTF-8' ), 'UTF-8', 'UTF-32'))) { return false; } return true; }",True,PHP,validUTF,expString.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"@$listener = DevblocksPlatform::importGPC($_POST['a']); } if(!empty($listener)) $parts[] = DevblocksPlatform::strAlphaNum($listener, '\_'); } if(isset($parts[0])) { $parts[0] = DevblocksPlatform::strAlphaNum($parts[0], '\_\-\.'); } $path = $parts; switch(array_shift($path)) { case ""resource"": $plugin_id = array_shift($path); if(null == ($plugin = DevblocksPlatform::getPlugin($plugin_id))) break; $file = implode(DIRECTORY_SEPARATOR, $path); $dir = $plugin->getStoragePath() . '/' . 'resources'; if(!is_dir($dir)) die(""""); $resource = $dir . '/' . $file; if(0 != strstr($dir,$resource)) die(""""); $ext = @array_pop(explode('.', $resource)); if(!is_file($resource) || 'php' == $ext) die(""""); switch($ext) { case 'css': case 'gif': case 'jpg': case 'js': case 'png': case 'ttf': case 'woff': header('Cache-control: max-age=604800', true); header('Expires: ' . gmdate('D, d M Y H:i:s',time()+604800) . ' GMT'); break; } switch($ext) { case 'css': header('Content-type: text/css'); break; case 'gif': header('Content-type: image/gif'); break; case 'jpeg': case 'jpg': header('Content-type: image/jpeg'); break; case 'js': header('Content-type: text/javascript'); break; case 'pdf': header('Content-type: application/pdf'); break; case 'png': header('Content-type: image/png'); break; case 'ttf': header('Content-type: application/x-font-ttf'); break; case 'woff': header('Content-type: application/font-woff'); break; case 'xml': header('Content-type: text/xml'); break; } $out = file_get_contents($resource, false); if($out) { header('Content-Length: '. strlen($out)); echo $out; } exit; break; default: break; } $method = strtoupper(@$_SERVER['REQUEST_METHOD']); $request = new DevblocksHttpRequest($parts,$queryArgs,$method); $request->csrf_token = isset($_SERVER['HTTP_X_CSRF_TOKEN']) ? $_SERVER['HTTP_X_CSRF_TOKEN'] : @$_REQUEST['_csrf_token']; DevblocksPlatform::setHttpRequest($request); return $request; }" 6299,"public function delete() { global $user; $count = $this->address->find('count', 'user_id=' . $user->id); if($count > 1) { $address = new address($this->params['id']); if ($user->isAdmin() || ($user->id == $address->user_id)) { if ($address->is_billing) { $billAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $billAddress->is_billing = true; $billAddress->save(); } if ($address->is_shipping) { $shipAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $shipAddress->is_shipping = true; $shipAddress->save(); } parent::delete(); } } else { flash(""error"", gt(""You must have at least one address."")); } expHistory::back(); }",True,PHP,delete,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function settings_save() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else if (!AuthUser::hasPermission('admin_edit')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } if (!isset($_POST['settings'])) { Flash::set('error', 'File Manager - ' . __('form was not posted.')); redirect(get_url('plugin/file_manager/settings')); } else { $settings = $_POST['settings']; if ($settings['umask'] == 0) $settings['umask'] = 0; elseif (!preg_match('/^0?[0-7]{3}$/', $settings['umask'])) $settings['umask'] = 0; if (strlen($settings['umask']) === 3) $settings['umask'] = '0' . $settings['umask']; elseif (strlen($settings['umask']) !== 4 && $settings['umask'] != 0) $settings['umask'] = 0; if (!preg_match('/^0?[0-7]{3}$/', $settings['dirmode'])) $settings['dirmode'] = '0755'; if (strlen($settings['dirmode']) === 3) $settings['dirmode'] = '0' . $settings['dirmode']; if (!preg_match('/^0?[0-7]{3}$/', $settings['filemode'])) $settings['filemode'] = '0755'; if (strlen($settings['filemode']) === 3) $settings['filemode'] = '0' . $settings['filemode']; } if (Plugin::setAllSettings($settings, 'file_manager')) Flash::setNow('success', 'File Manager - ' . __('plugin settings saved.')); else Flash::setNow('error', 'File Manager - ' . __('plugin settings not saved!')); $this->display('file_manager/views/settings', array('settings' => $settings)); }" 6300,"public function delete() { global $user; $count = $this->address->find('count', 'user_id=' . $user->id); if($count > 1) { $address = new address($this->params['id']); if ($user->isAdmin() || ($user->id == $address->user_id)) { if ($address->is_billing) { $billAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $billAddress->is_billing = true; $billAddress->save(); } if ($address->is_shipping) { $shipAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $shipAddress->is_shipping = true; $shipAddress->save(); } parent::delete(); } } else { flash(""error"", gt(""You must have at least one address."")); } expHistory::back(); }",True,PHP,delete,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function chmod() { if (!AuthUser::hasPermission('file_manager_chmod')) { Flash::set('error', __('You do not have sufficient permissions to change the permissions on a file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/chmod')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['name'] = str_replace('..', '', $data['name']); $file = FILES_DIR . '/' . $data['name']; if (file_exists($file)) { if (@!chmod($file, octdec($data['mode']))) Flash::set('error', __('Permission denied!')); } else { Flash::set('error', __('File or directory not found!')); } $path = substr($data['name'], 0, strrpos($data['name'], '/')); redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6301,"public function delete() { global $user; $count = $this->address->find('count', 'user_id=' . $user->id); if($count > 1) { $address = new address($this->params['id']); if ($user->isAdmin() || ($user->id == $address->user_id)) { if ($address->is_billing) { $billAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $billAddress->is_billing = true; $billAddress->save(); } if ($address->is_shipping) { $shipAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $shipAddress->is_shipping = true; $shipAddress->save(); } parent::delete(); } } else { flash(""error"", gt(""You must have at least one address."")); } expHistory::back(); }",True,PHP,delete,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function chmod() { if (!AuthUser::hasPermission('file_manager_chmod')) { Flash::set('error', __('You do not have sufficient permissions to change the permissions on a file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/chmod')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['name'] = str_replace('..', '', $data['name']); $file = FILES_DIR . '/' . $data['name']; if (file_exists($file)) { if (@!chmod($file, octdec($data['mode']))) Flash::set('error', __('Permission denied!')); } else { Flash::set('error', __('File or directory not found!')); } $path = substr($data['name'], 0, strrpos($data['name'], '/')); redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6302,"public function delete() { global $user; $count = $this->address->find('count', 'user_id=' . $user->id); if($count > 1) { $address = new address($this->params['id']); if ($user->isAdmin() || ($user->id == $address->user_id)) { if ($address->is_billing) { $billAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $billAddress->is_billing = true; $billAddress->save(); } if ($address->is_shipping) { $shipAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $shipAddress->is_shipping = true; $shipAddress->save(); } parent::delete(); } } else { flash(""error"", gt(""You must have at least one address."")); } expHistory::back(); }",True,PHP,delete,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function chmod() { if (!AuthUser::hasPermission('file_manager_chmod')) { Flash::set('error', __('You do not have sufficient permissions to change the permissions on a file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/chmod')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['name'] = str_replace('..', '', $data['name']); $file = FILES_DIR . '/' . $data['name']; if (file_exists($file)) { if (@!chmod($file, octdec($data['mode']))) Flash::set('error', __('Permission denied!')); } else { Flash::set('error', __('File or directory not found!')); } $path = substr($data['name'], 0, strrpos($data['name'], '/')); redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6303,"public function delete() { global $user; $count = $this->address->find('count', 'user_id=' . $user->id); if($count > 1) { $address = new address($this->params['id']); if ($user->isAdmin() || ($user->id == $address->user_id)) { if ($address->is_billing) { $billAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $billAddress->is_billing = true; $billAddress->save(); } if ($address->is_shipping) { $shipAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $shipAddress->is_shipping = true; $shipAddress->save(); } parent::delete(); } } else { flash(""error"", gt(""You must have at least one address."")); } expHistory::back(); }",True,PHP,delete,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"public function chmod() { if (!AuthUser::hasPermission('file_manager_chmod')) { Flash::set('error', __('You do not have sufficient permissions to change the permissions on a file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/chmod')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['name'] = str_replace('..', '', $data['name']); $file = FILES_DIR . '/' . $data['name']; if (file_exists($file)) { if (@!chmod($file, octdec($data['mode']))) Flash::set('error', __('Permission denied!')); } else { Flash::set('error', __('File or directory not found!')); } $path = substr($data['name'], 0, strrpos($data['name'], '/')); redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6304,"public function delete() { global $user; $count = $this->address->find('count', 'user_id=' . $user->id); if($count > 1) { $address = new address($this->params['id']); if ($user->isAdmin() || ($user->id == $address->user_id)) { if ($address->is_billing) { $billAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $billAddress->is_billing = true; $billAddress->save(); } if ($address->is_shipping) { $shipAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $shipAddress->is_shipping = true; $shipAddress->save(); } parent::delete(); } } else { flash(""error"", gt(""You must have at least one address."")); } expHistory::back(); }",True,PHP,delete,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"public function browse() { $params = func_get_args(); $this->path = join('/', $params); if (substr($this->path, -1, 1) != '/') $this->path .= '/'; if (strpos($this->path, '..') !== false) { } $this->path = str_replace('..', '', $this->path); $this->path = str_replace('//', '', $this->path); $this->path = preg_replace('/^\ $this->fullpath = FILES_DIR . '/' . $this->path; $this->fullpath = preg_replace('/\/\ $this->display('file_manager/views/index', array( 'dir' => htmlContextCleaner($this->path), 'files' => $this->_listFiles() )); }" 6305,"public function delete() { global $user; $count = $this->address->find('count', 'user_id=' . $user->id); if($count > 1) { $address = new address($this->params['id']); if ($user->isAdmin() || ($user->id == $address->user_id)) { if ($address->is_billing) { $billAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $billAddress->is_billing = true; $billAddress->save(); } if ($address->is_shipping) { $shipAddress = $this->address->find('first', 'user_id=' . $user->id . "" AND id != "" . $address->id); $shipAddress->is_shipping = true; $shipAddress->save(); } parent::delete(); } } else { flash(""error"", gt(""You must have at least one address."")); } expHistory::back(); }",True,PHP,delete,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function browse() { $params = func_get_args(); $this->path = join('/', $params); if (substr($this->path, -1, 1) != '/') $this->path .= '/'; if (strpos($this->path, '..') !== false) { } $this->path = str_replace('..', '', $this->path); $this->path = str_replace('//', '', $this->path); $this->path = preg_replace('/^\ $this->fullpath = FILES_DIR . '/' . $this->path; $this->fullpath = preg_replace('/\/\ $this->display('file_manager/views/index', array( 'dir' => htmlContextCleaner($this->path), 'files' => $this->_listFiles() )); }" 6306,"public function update() { global $user; if (expSession::get('customer-signup')) expSession::set('customer-signup', false); if (isset($this->params['address_country_id'])) { $this->params['country'] = $this->params['address_country_id']; unset($this->params['address_country_id']); } if (isset($this->params['address_region_id'])) { $this->params['state'] = $this->params['address_region_id']; unset($this->params['address_region_id']); } if ($user->isLoggedIn()) { $count = $this->address->find('count', 'user_id='.$user->id); if ($count == 0) { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; } $this->params['user_id'] = $user->id; $this->address->update($this->params); } else { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; $this->address->update($this->params); } expHistory::back(); }",True,PHP,update,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function browse() { $params = func_get_args(); $this->path = join('/', $params); if (substr($this->path, -1, 1) != '/') $this->path .= '/'; if (strpos($this->path, '..') !== false) { } $this->path = str_replace('..', '', $this->path); $this->path = str_replace('//', '', $this->path); $this->path = preg_replace('/^\ $this->fullpath = FILES_DIR . '/' . $this->path; $this->fullpath = preg_replace('/\/\ $this->display('file_manager/views/index', array( 'dir' => htmlContextCleaner($this->path), 'files' => $this->_listFiles() )); }" 6307,"public function update() { global $user; if (expSession::get('customer-signup')) expSession::set('customer-signup', false); if (isset($this->params['address_country_id'])) { $this->params['country'] = $this->params['address_country_id']; unset($this->params['address_country_id']); } if (isset($this->params['address_region_id'])) { $this->params['state'] = $this->params['address_region_id']; unset($this->params['address_region_id']); } if ($user->isLoggedIn()) { $count = $this->address->find('count', 'user_id='.$user->id); if ($count == 0) { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; } $this->params['user_id'] = $user->id; $this->address->update($this->params); } else { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; $this->address->update($this->params); } expHistory::back(); }",True,PHP,update,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function browse() { $params = func_get_args(); $this->path = join('/', $params); if (substr($this->path, -1, 1) != '/') $this->path .= '/'; if (strpos($this->path, '..') !== false) { } $this->path = str_replace('..', '', $this->path); $this->path = str_replace('//', '', $this->path); $this->path = preg_replace('/^\ $this->fullpath = FILES_DIR . '/' . $this->path; $this->fullpath = preg_replace('/\/\ $this->display('file_manager/views/index', array( 'dir' => htmlContextCleaner($this->path), 'files' => $this->_listFiles() )); }" 6308,"public function update() { global $user; if (expSession::get('customer-signup')) expSession::set('customer-signup', false); if (isset($this->params['address_country_id'])) { $this->params['country'] = $this->params['address_country_id']; unset($this->params['address_country_id']); } if (isset($this->params['address_region_id'])) { $this->params['state'] = $this->params['address_region_id']; unset($this->params['address_region_id']); } if ($user->isLoggedIn()) { $count = $this->address->find('count', 'user_id='.$user->id); if ($count == 0) { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; } $this->params['user_id'] = $user->id; $this->address->update($this->params); } else { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; $this->address->update($this->params); } expHistory::back(); }",True,PHP,update,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function delete() { if (!AuthUser::hasPermission('file_manager_delete')) { Flash::set('error', __('You do not have sufficient permissions to delete a file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } $paths = func_get_args(); $file = urldecode(join('/', $paths)); if (isset($_GET['csrf_token'])) { $csrf_token = $_GET['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/delete/'.$file)) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $file = FILES_DIR . '/' . str_replace('..', '', $file); $filename = array_pop($paths); $paths = join('/', $paths); if (is_file($file)) { if (!unlink($file)) Flash::set('error', __('Permission denied!')); } else { if (!$this->_rrmdir($file)) Flash::set('error', __('Permission denied!')); } redirect(get_url('plugin/file_manager/browse/' . $paths)); }" 6309,"public function update() { global $user; if (expSession::get('customer-signup')) expSession::set('customer-signup', false); if (isset($this->params['address_country_id'])) { $this->params['country'] = $this->params['address_country_id']; unset($this->params['address_country_id']); } if (isset($this->params['address_region_id'])) { $this->params['state'] = $this->params['address_region_id']; unset($this->params['address_region_id']); } if ($user->isLoggedIn()) { $count = $this->address->find('count', 'user_id='.$user->id); if ($count == 0) { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; } $this->params['user_id'] = $user->id; $this->address->update($this->params); } else { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; $this->address->update($this->params); } expHistory::back(); }",True,PHP,update,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function delete() { if (!AuthUser::hasPermission('file_manager_delete')) { Flash::set('error', __('You do not have sufficient permissions to delete a file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } $paths = func_get_args(); $file = urldecode(join('/', $paths)); if (isset($_GET['csrf_token'])) { $csrf_token = $_GET['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/delete/'.$file)) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $file = FILES_DIR . '/' . str_replace('..', '', $file); $filename = array_pop($paths); $paths = join('/', $paths); if (is_file($file)) { if (!unlink($file)) Flash::set('error', __('Permission denied!')); } else { if (!$this->_rrmdir($file)) Flash::set('error', __('Permission denied!')); } redirect(get_url('plugin/file_manager/browse/' . $paths)); }" 6310,"public function update() { global $user; if (expSession::get('customer-signup')) expSession::set('customer-signup', false); if (isset($this->params['address_country_id'])) { $this->params['country'] = $this->params['address_country_id']; unset($this->params['address_country_id']); } if (isset($this->params['address_region_id'])) { $this->params['state'] = $this->params['address_region_id']; unset($this->params['address_region_id']); } if ($user->isLoggedIn()) { $count = $this->address->find('count', 'user_id='.$user->id); if ($count == 0) { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; } $this->params['user_id'] = $user->id; $this->address->update($this->params); } else { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; $this->address->update($this->params); } expHistory::back(); }",True,PHP,update,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"public function delete() { if (!AuthUser::hasPermission('file_manager_delete')) { Flash::set('error', __('You do not have sufficient permissions to delete a file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } $paths = func_get_args(); $file = urldecode(join('/', $paths)); if (isset($_GET['csrf_token'])) { $csrf_token = $_GET['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/delete/'.$file)) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $file = FILES_DIR . '/' . str_replace('..', '', $file); $filename = array_pop($paths); $paths = join('/', $paths); if (is_file($file)) { if (!unlink($file)) Flash::set('error', __('Permission denied!')); } else { if (!$this->_rrmdir($file)) Flash::set('error', __('Permission denied!')); } redirect(get_url('plugin/file_manager/browse/' . $paths)); }" 6311,"public function update() { global $user; if (expSession::get('customer-signup')) expSession::set('customer-signup', false); if (isset($this->params['address_country_id'])) { $this->params['country'] = $this->params['address_country_id']; unset($this->params['address_country_id']); } if (isset($this->params['address_region_id'])) { $this->params['state'] = $this->params['address_region_id']; unset($this->params['address_region_id']); } if ($user->isLoggedIn()) { $count = $this->address->find('count', 'user_id='.$user->id); if ($count == 0) { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; } $this->params['user_id'] = $user->id; $this->address->update($this->params); } else { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; $this->address->update($this->params); } expHistory::back(); }",True,PHP,update,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"public function delete() { if (!AuthUser::hasPermission('file_manager_delete')) { Flash::set('error', __('You do not have sufficient permissions to delete a file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } $paths = func_get_args(); $file = urldecode(join('/', $paths)); if (isset($_GET['csrf_token'])) { $csrf_token = $_GET['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/delete/'.$file)) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $file = FILES_DIR . '/' . str_replace('..', '', $file); $filename = array_pop($paths); $paths = join('/', $paths); if (is_file($file)) { if (!unlink($file)) Flash::set('error', __('Permission denied!')); } else { if (!$this->_rrmdir($file)) Flash::set('error', __('Permission denied!')); } redirect(get_url('plugin/file_manager/browse/' . $paths)); }" 6312,"public function update() { global $user; if (expSession::get('customer-signup')) expSession::set('customer-signup', false); if (isset($this->params['address_country_id'])) { $this->params['country'] = $this->params['address_country_id']; unset($this->params['address_country_id']); } if (isset($this->params['address_region_id'])) { $this->params['state'] = $this->params['address_region_id']; unset($this->params['address_region_id']); } if ($user->isLoggedIn()) { $count = $this->address->find('count', 'user_id='.$user->id); if ($count == 0) { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; } $this->params['user_id'] = $user->id; $this->address->update($this->params); } else { $this->params['is_default'] = 1; $this->params['is_billing'] = 1; $this->params['is_shipping'] = 1; $this->address->update($this->params); } expHistory::back(); }",True,PHP,update,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function rename() { if (!AuthUser::hasPermission('file_manager_rename')) { Flash::set('error', __('You do not have sufficient permissions to rename this file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/rename')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['current_name'] = str_replace('..', '', $data['current_name']); $data['new_name'] = str_replace('..', '', $data['new_name']); $data['new_name'] = preg_replace('/ /', '_', $data['new_name']); $data['new_name'] = preg_replace('/[^a-z0-9_\-\.]/i', '', $data['new_name']); $path = substr($data['current_name'], 0, strrpos($data['current_name'], '/')); $file = FILES_DIR . '/' . $data['current_name']; $ext = strtolower(pathinfo($data['new_name'], PATHINFO_EXTENSION)); if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) { Flash::set('error', __('Not allowed to rename to :ext', $ext)); redirect(get_url('plugin/file_manager/browse/' . $path)); } if (file_exists(FILES_DIR . '/' . $path . '/' . $data['new_name'])) { Flash::set('error', __('A file or directory with that name already exists!')); redirect(get_url('plugin/file_manager/browse/' . $path)); } if (file_exists($file)) { if (!rename($file, FILES_DIR . '/' . $path . '/' . $data['new_name'])) Flash::set('error', __('Permission denied!')); } else { Flash::set('error', __('File or directory not found!' . $file)); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6313,"public function activate_address() { global $db, $user; $object = new stdClass(); $object->id = $this->params['id']; $db->setUniqueFlag($object, 'addresses', $this->params['is_what'], ""user_id="" . $user->id); flash(""message"", gt(""Successfully updated address."")); expHistory::back(); }",True,PHP,activate_address,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function rename() { if (!AuthUser::hasPermission('file_manager_rename')) { Flash::set('error', __('You do not have sufficient permissions to rename this file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/rename')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['current_name'] = str_replace('..', '', $data['current_name']); $data['new_name'] = str_replace('..', '', $data['new_name']); $data['new_name'] = preg_replace('/ /', '_', $data['new_name']); $data['new_name'] = preg_replace('/[^a-z0-9_\-\.]/i', '', $data['new_name']); $path = substr($data['current_name'], 0, strrpos($data['current_name'], '/')); $file = FILES_DIR . '/' . $data['current_name']; $ext = strtolower(pathinfo($data['new_name'], PATHINFO_EXTENSION)); if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) { Flash::set('error', __('Not allowed to rename to :ext', $ext)); redirect(get_url('plugin/file_manager/browse/' . $path)); } if (file_exists(FILES_DIR . '/' . $path . '/' . $data['new_name'])) { Flash::set('error', __('A file or directory with that name already exists!')); redirect(get_url('plugin/file_manager/browse/' . $path)); } if (file_exists($file)) { if (!rename($file, FILES_DIR . '/' . $path . '/' . $data['new_name'])) Flash::set('error', __('Permission denied!')); } else { Flash::set('error', __('File or directory not found!' . $file)); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6314,"public function activate_address() { global $db, $user; $object = new stdClass(); $object->id = $this->params['id']; $db->setUniqueFlag($object, 'addresses', $this->params['is_what'], ""user_id="" . $user->id); flash(""message"", gt(""Successfully updated address."")); expHistory::back(); }",True,PHP,activate_address,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function rename() { if (!AuthUser::hasPermission('file_manager_rename')) { Flash::set('error', __('You do not have sufficient permissions to rename this file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/rename')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['current_name'] = str_replace('..', '', $data['current_name']); $data['new_name'] = str_replace('..', '', $data['new_name']); $data['new_name'] = preg_replace('/ /', '_', $data['new_name']); $data['new_name'] = preg_replace('/[^a-z0-9_\-\.]/i', '', $data['new_name']); $path = substr($data['current_name'], 0, strrpos($data['current_name'], '/')); $file = FILES_DIR . '/' . $data['current_name']; $ext = strtolower(pathinfo($data['new_name'], PATHINFO_EXTENSION)); if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) { Flash::set('error', __('Not allowed to rename to :ext', $ext)); redirect(get_url('plugin/file_manager/browse/' . $path)); } if (file_exists(FILES_DIR . '/' . $path . '/' . $data['new_name'])) { Flash::set('error', __('A file or directory with that name already exists!')); redirect(get_url('plugin/file_manager/browse/' . $path)); } if (file_exists($file)) { if (!rename($file, FILES_DIR . '/' . $path . '/' . $data['new_name'])) Flash::set('error', __('Permission denied!')); } else { Flash::set('error', __('File or directory not found!' . $file)); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6315,"public function activate_address() { global $db, $user; $object = new stdClass(); $object->id = $this->params['id']; $db->setUniqueFlag($object, 'addresses', $this->params['is_what'], ""user_id="" . $user->id); flash(""message"", gt(""Successfully updated address."")); expHistory::back(); }",True,PHP,activate_address,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function rename() { if (!AuthUser::hasPermission('file_manager_rename')) { Flash::set('error', __('You do not have sufficient permissions to rename this file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/rename')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['current_name'] = str_replace('..', '', $data['current_name']); $data['new_name'] = str_replace('..', '', $data['new_name']); $data['new_name'] = preg_replace('/ /', '_', $data['new_name']); $data['new_name'] = preg_replace('/[^a-z0-9_\-\.]/i', '', $data['new_name']); $path = substr($data['current_name'], 0, strrpos($data['current_name'], '/')); $file = FILES_DIR . '/' . $data['current_name']; $ext = strtolower(pathinfo($data['new_name'], PATHINFO_EXTENSION)); if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) { Flash::set('error', __('Not allowed to rename to :ext', $ext)); redirect(get_url('plugin/file_manager/browse/' . $path)); } if (file_exists(FILES_DIR . '/' . $path . '/' . $data['new_name'])) { Flash::set('error', __('A file or directory with that name already exists!')); redirect(get_url('plugin/file_manager/browse/' . $path)); } if (file_exists($file)) { if (!rename($file, FILES_DIR . '/' . $path . '/' . $data['new_name'])) Flash::set('error', __('Permission denied!')); } else { Flash::set('error', __('File or directory not found!' . $file)); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6316,"public function activate_address() { global $db, $user; $object = new stdClass(); $object->id = $this->params['id']; $db->setUniqueFlag($object, 'addresses', $this->params['is_what'], ""user_id="" . $user->id); flash(""message"", gt(""Successfully updated address."")); expHistory::back(); }",True,PHP,activate_address,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function save() { $data = $_POST['file']; $data['name'] = str_replace('..', '', $data['name']); $file = FILES_DIR . DS . $data['name']; if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/save/'.$data['name'])) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/view/'.$data['name'])); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/view/'.$data['name'])); } if (file_exists($file)) { if (file_put_contents($file, $data['content']) !== false) { Flash::set('success', __('File has been saved with success!')); } else { Flash::set('error', __('File is not writable! File has not been saved!')); } } else { if (file_put_contents($file, $data['content'])) { Flash::set('success', __('File :name has been created with success!', array(':name' => $data['name']))); } else { Flash::set('error', __('Directory is not writable! File has not been saved!')); } } if (isset($_POST['commit'])) { redirect(get_url('plugin/file_manager/browse/' . substr($data['name'], 0, strrpos($data['name'], '/')))); } else { redirect(get_url('plugin/file_manager/view/' . $data['name'] . (endsWith($data['name'], URL_SUFFIX) ? '?has_url_suffix=1' : ''))); }" 6317,"public function activate_address() { global $db, $user; $object = new stdClass(); $object->id = $this->params['id']; $db->setUniqueFlag($object, 'addresses', $this->params['is_what'], ""user_id="" . $user->id); flash(""message"", gt(""Successfully updated address."")); expHistory::back(); }",True,PHP,activate_address,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"public function save() { $data = $_POST['file']; $data['name'] = str_replace('..', '', $data['name']); $file = FILES_DIR . DS . $data['name']; if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/save/'.$data['name'])) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/view/'.$data['name'])); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/view/'.$data['name'])); } if (file_exists($file)) { if (file_put_contents($file, $data['content']) !== false) { Flash::set('success', __('File has been saved with success!')); } else { Flash::set('error', __('File is not writable! File has not been saved!')); } } else { if (file_put_contents($file, $data['content'])) { Flash::set('success', __('File :name has been created with success!', array(':name' => $data['name']))); } else { Flash::set('error', __('Directory is not writable! File has not been saved!')); } } if (isset($_POST['commit'])) { redirect(get_url('plugin/file_manager/browse/' . substr($data['name'], 0, strrpos($data['name'], '/')))); } else { redirect(get_url('plugin/file_manager/view/' . $data['name'] . (endsWith($data['name'], URL_SUFFIX) ? '?has_url_suffix=1' : ''))); }" 6318,"public function activate_address() { global $db, $user; $object = new stdClass(); $object->id = $this->params['id']; $db->setUniqueFlag($object, 'addresses', $this->params['is_what'], ""user_id="" . $user->id); flash(""message"", gt(""Successfully updated address."")); expHistory::back(); }",True,PHP,activate_address,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"public function save() { $data = $_POST['file']; $data['name'] = str_replace('..', '', $data['name']); $file = FILES_DIR . DS . $data['name']; if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/save/'.$data['name'])) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/view/'.$data['name'])); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/view/'.$data['name'])); } if (file_exists($file)) { if (file_put_contents($file, $data['content']) !== false) { Flash::set('success', __('File has been saved with success!')); } else { Flash::set('error', __('File is not writable! File has not been saved!')); } } else { if (file_put_contents($file, $data['content'])) { Flash::set('success', __('File :name has been created with success!', array(':name' => $data['name']))); } else { Flash::set('error', __('Directory is not writable! File has not been saved!')); } } if (isset($_POST['commit'])) { redirect(get_url('plugin/file_manager/browse/' . substr($data['name'], 0, strrpos($data['name'], '/')))); } else { redirect(get_url('plugin/file_manager/view/' . $data['name'] . (endsWith($data['name'], URL_SUFFIX) ? '?has_url_suffix=1' : ''))); }" 6319,"public function activate_address() { global $db, $user; $object = new stdClass(); $object->id = $this->params['id']; $db->setUniqueFlag($object, 'addresses', $this->params['is_what'], ""user_id="" . $user->id); flash(""message"", gt(""Successfully updated address."")); expHistory::back(); }",True,PHP,activate_address,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function save() { $data = $_POST['file']; $data['name'] = str_replace('..', '', $data['name']); $file = FILES_DIR . DS . $data['name']; if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/save/'.$data['name'])) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/view/'.$data['name'])); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/view/'.$data['name'])); } if (file_exists($file)) { if (file_put_contents($file, $data['content']) !== false) { Flash::set('success', __('File has been saved with success!')); } else { Flash::set('error', __('File is not writable! File has not been saved!')); } } else { if (file_put_contents($file, $data['content'])) { Flash::set('success', __('File :name has been created with success!', array(':name' => $data['name']))); } else { Flash::set('error', __('Directory is not writable! File has not been saved!')); } } if (isset($_POST['commit'])) { redirect(get_url('plugin/file_manager/browse/' . substr($data['name'], 0, strrpos($data['name'], '/')))); } else { redirect(get_url('plugin/file_manager/view/' . $data['name'] . (endsWith($data['name'], URL_SUFFIX) ? '?has_url_suffix=1' : ''))); }" 6327,"public function manage() { expHistory::set('manageable',$this->params); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions )); }",True,PHP,manage,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function settings() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else if (!AuthUser::hasPermission('admin_edit')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } $settings = Plugin::getAllSettings('file_manager'); if (!$settings) { Flash::set('error', 'Files - ' . __('unable to retrieve plugin settings.')); return; } $this->display('file_manager/views/settings', array('settings' => $settings)); }" 6328,"public function manage() { expHistory::set('manageable',$this->params); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions )); }",True,PHP,manage,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function settings() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else if (!AuthUser::hasPermission('admin_edit')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } $settings = Plugin::getAllSettings('file_manager'); if (!$settings) { Flash::set('error', 'Files - ' . __('unable to retrieve plugin settings.')); return; } $this->display('file_manager/views/settings', array('settings' => $settings)); }" 6329,"public function manage() { expHistory::set('manageable',$this->params); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions )); }",True,PHP,manage,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function settings() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else if (!AuthUser::hasPermission('admin_edit')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } $settings = Plugin::getAllSettings('file_manager'); if (!$settings) { Flash::set('error', 'Files - ' . __('unable to retrieve plugin settings.')); return; } $this->display('file_manager/views/settings', array('settings' => $settings)); }" 6330,"public function manage() { expHistory::set('manageable',$this->params); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions )); }",True,PHP,manage,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function settings() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else if (!AuthUser::hasPermission('admin_edit')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } $settings = Plugin::getAllSettings('file_manager'); if (!$settings) { Flash::set('error', 'Files - ' . __('unable to retrieve plugin settings.')); return; } $this->display('file_manager/views/settings', array('settings' => $settings)); }" 6331,"public function manage() { expHistory::set('manageable',$this->params); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions )); }",True,PHP,manage,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"$object->size = convert_size($cur->getSize()); $object->mtime = date('D, j M, Y', $cur->getMTime()); list($object->perms, $object->chmod) = $this->_getPermissions($cur->getPerms()); $object->type = $this->_getFileType($cur); if ($cur->isDir()) { $object->link = 'path . $object->name) . '"">' . $object->name . ''; } else { $object->link = 'path . $object->name . (endsWith($object->name, URL_SUFFIX) ? '?has_url_suffix=1' : '')) . '"">' . $object->name . ''; } $files[$object->name] = $object; }" 6332,"public function manage() { expHistory::set('manageable',$this->params); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions )); }",True,PHP,manage,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"$object->size = convert_size($cur->getSize()); $object->mtime = date('D, j M, Y', $cur->getMTime()); list($object->perms, $object->chmod) = $this->_getPermissions($cur->getPerms()); $object->type = $this->_getFileType($cur); if ($cur->isDir()) { $object->link = 'path . $object->name) . '"">' . $object->name . ''; } else { $object->link = 'path . $object->name . (endsWith($object->name, URL_SUFFIX) ? '?has_url_suffix=1' : '')) . '"">' . $object->name . ''; } $files[$object->name] = $object; }" 6333,"public function manage() { expHistory::set('manageable',$this->params); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions )); }",True,PHP,manage,addressController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"$object->size = convert_size($cur->getSize()); $object->mtime = date('D, j M, Y', $cur->getMTime()); list($object->perms, $object->chmod) = $this->_getPermissions($cur->getPerms()); $object->type = $this->_getFileType($cur); if ($cur->isDir()) { $object->link = 'path . $object->name) . '"">' . $object->name . ''; } else { $object->link = 'path . $object->name . (endsWith($object->name, URL_SUFFIX) ? '?has_url_suffix=1' : '')) . '"">' . $object->name . ''; } $files[$object->name] = $object; }" 6348,"$iloc = expUnserialize($container->internal); if ($db->selectObject('sectionref',""module='"".$iloc->mod.""' AND source='"".$iloc->src.""'"") == null) { if ($container->external != ""N;"") { $newSecRef = new stdClass(); $newSecRef->module = $iloc->mod; $newSecRef->source = $iloc->src; $newSecRef->internal = ''; $newSecRef->refcount = 1; $eloc = expUnserialize($container->external); $section = $db->selectObject('sectionref',""module='container' AND source='"".$eloc->src.""'""); if (!empty($section)) { $newSecRef->section = $section->id; $db->insertObject($newSecRef,""sectionref""); $missing_sectionrefs[] = gt(""Missing sectionref for container replaced"")."": "".$iloc->mod."" - "".$iloc->src."" - PageID } else { $db->delete('container','id=""'.$container->id.'""'); $missing_sectionrefs[] = gt(""Cant' find the container page for container"")."": "".$iloc->mod."" - "".$iloc->src.' - '.gt('deleted'); } } } } assign_to_template(array( 'missing_sectionrefs'=>$missing_sectionrefs, )); }",True,PHP,expUnserialize,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"$object->size = convert_size($cur->getSize()); $object->mtime = date('D, j M, Y', $cur->getMTime()); list($object->perms, $object->chmod) = $this->_getPermissions($cur->getPerms()); $object->type = $this->_getFileType($cur); if ($cur->isDir()) { $object->link = 'path . $object->name) . '"">' . $object->name . ''; } else { $object->link = 'path . $object->name . (endsWith($object->name, URL_SUFFIX) ? '?has_url_suffix=1' : '')) . '"">' . $object->name . ''; } $files[$object->name] = $object; }" 6349,"$iloc = expUnserialize($container->internal); if ($db->selectObject('sectionref',""module='"".$iloc->mod.""' AND source='"".$iloc->src.""'"") == null) { if ($container->external != ""N;"") { $newSecRef = new stdClass(); $newSecRef->module = $iloc->mod; $newSecRef->source = $iloc->src; $newSecRef->internal = ''; $newSecRef->refcount = 1; $eloc = expUnserialize($container->external); $section = $db->selectObject('sectionref',""module='container' AND source='"".$eloc->src.""'""); if (!empty($section)) { $newSecRef->section = $section->id; $db->insertObject($newSecRef,""sectionref""); $missing_sectionrefs[] = gt(""Missing sectionref for container replaced"")."": "".$iloc->mod."" - "".$iloc->src."" - PageID } else { $db->delete('container','id=""'.$container->id.'""'); $missing_sectionrefs[] = gt(""Cant' find the container page for container"")."": "".$iloc->mod."" - "".$iloc->src.' - '.gt('deleted'); } } } } assign_to_template(array( 'missing_sectionrefs'=>$missing_sectionrefs, )); }",True,PHP,expUnserialize,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function upload() { if (!AuthUser::hasPermission('file_manager_upload')) { Flash::set('error', __('You do not have sufficient permissions to upload a file.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/upload')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $mask = Plugin::getSetting('umask', 'file_manager'); umask(octdec($mask)); $data = $_POST['upload']; $path = str_replace('..', '', $data['path']); $overwrite = isset($data['overwrite']) ? true : false; $filename = preg_replace('/ /', '_', $_FILES['upload_file']['name']); $filename = preg_replace('/[^a-z0-9_\-\.]/i', '', $filename); $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) { Flash::set('error', __('Not allowed to upload files with extension :ext', $ext)); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_FILES)) { $file = $this->_upload_file($filename, FILES_DIR . '/' . $path . '/', $_FILES['upload_file']['tmp_name'], $overwrite); if ($file === false) Flash::set('error', __('File has not been uploaded!')); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6350,"$iloc = expUnserialize($container->internal); if ($db->selectObject('sectionref',""module='"".$iloc->mod.""' AND source='"".$iloc->src.""'"") == null) { if ($container->external != ""N;"") { $newSecRef = new stdClass(); $newSecRef->module = $iloc->mod; $newSecRef->source = $iloc->src; $newSecRef->internal = ''; $newSecRef->refcount = 1; $eloc = expUnserialize($container->external); $section = $db->selectObject('sectionref',""module='container' AND source='"".$eloc->src.""'""); if (!empty($section)) { $newSecRef->section = $section->id; $db->insertObject($newSecRef,""sectionref""); $missing_sectionrefs[] = gt(""Missing sectionref for container replaced"")."": "".$iloc->mod."" - "".$iloc->src."" - PageID } else { $db->delete('container','id=""'.$container->id.'""'); $missing_sectionrefs[] = gt(""Cant' find the container page for container"")."": "".$iloc->mod."" - "".$iloc->src.' - '.gt('deleted'); } } } } assign_to_template(array( 'missing_sectionrefs'=>$missing_sectionrefs, )); }",True,PHP,expUnserialize,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function upload() { if (!AuthUser::hasPermission('file_manager_upload')) { Flash::set('error', __('You do not have sufficient permissions to upload a file.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/upload')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $mask = Plugin::getSetting('umask', 'file_manager'); umask(octdec($mask)); $data = $_POST['upload']; $path = str_replace('..', '', $data['path']); $overwrite = isset($data['overwrite']) ? true : false; $filename = preg_replace('/ /', '_', $_FILES['upload_file']['name']); $filename = preg_replace('/[^a-z0-9_\-\.]/i', '', $filename); $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) { Flash::set('error', __('Not allowed to upload files with extension :ext', $ext)); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_FILES)) { $file = $this->_upload_file($filename, FILES_DIR . '/' . $path . '/', $_FILES['upload_file']['tmp_name'], $overwrite); if ($file === false) Flash::set('error', __('File has not been uploaded!')); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6351,"$iloc = expUnserialize($container->internal); if ($db->selectObject('sectionref',""module='"".$iloc->mod.""' AND source='"".$iloc->src.""'"") == null) { if ($container->external != ""N;"") { $newSecRef = new stdClass(); $newSecRef->module = $iloc->mod; $newSecRef->source = $iloc->src; $newSecRef->internal = ''; $newSecRef->refcount = 1; $eloc = expUnserialize($container->external); $section = $db->selectObject('sectionref',""module='container' AND source='"".$eloc->src.""'""); if (!empty($section)) { $newSecRef->section = $section->id; $db->insertObject($newSecRef,""sectionref""); $missing_sectionrefs[] = gt(""Missing sectionref for container replaced"")."": "".$iloc->mod."" - "".$iloc->src."" - PageID } else { $db->delete('container','id=""'.$container->id.'""'); $missing_sectionrefs[] = gt(""Cant' find the container page for container"")."": "".$iloc->mod."" - "".$iloc->src.' - '.gt('deleted'); } } } } assign_to_template(array( 'missing_sectionrefs'=>$missing_sectionrefs, )); }",True,PHP,expUnserialize,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function upload() { if (!AuthUser::hasPermission('file_manager_upload')) { Flash::set('error', __('You do not have sufficient permissions to upload a file.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/upload')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $mask = Plugin::getSetting('umask', 'file_manager'); umask(octdec($mask)); $data = $_POST['upload']; $path = str_replace('..', '', $data['path']); $overwrite = isset($data['overwrite']) ? true : false; $filename = preg_replace('/ /', '_', $_FILES['upload_file']['name']); $filename = preg_replace('/[^a-z0-9_\-\.]/i', '', $filename); $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) { Flash::set('error', __('Not allowed to upload files with extension :ext', $ext)); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_FILES)) { $file = $this->_upload_file($filename, FILES_DIR . '/' . $path . '/', $_FILES['upload_file']['tmp_name'], $overwrite); if ($file === false) Flash::set('error', __('File has not been uploaded!')); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6352,"$iloc = expUnserialize($container->internal); if ($db->selectObject('sectionref',""module='"".$iloc->mod.""' AND source='"".$iloc->src.""'"") == null) { if ($container->external != ""N;"") { $newSecRef = new stdClass(); $newSecRef->module = $iloc->mod; $newSecRef->source = $iloc->src; $newSecRef->internal = ''; $newSecRef->refcount = 1; $eloc = expUnserialize($container->external); $section = $db->selectObject('sectionref',""module='container' AND source='"".$eloc->src.""'""); if (!empty($section)) { $newSecRef->section = $section->id; $db->insertObject($newSecRef,""sectionref""); $missing_sectionrefs[] = gt(""Missing sectionref for container replaced"")."": "".$iloc->mod."" - "".$iloc->src."" - PageID } else { $db->delete('container','id=""'.$container->id.'""'); $missing_sectionrefs[] = gt(""Cant' find the container page for container"")."": "".$iloc->mod."" - "".$iloc->src.' - '.gt('deleted'); } } } } assign_to_template(array( 'missing_sectionrefs'=>$missing_sectionrefs, )); }",True,PHP,expUnserialize,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"public function upload() { if (!AuthUser::hasPermission('file_manager_upload')) { Flash::set('error', __('You do not have sufficient permissions to upload a file.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/upload')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $mask = Plugin::getSetting('umask', 'file_manager'); umask(octdec($mask)); $data = $_POST['upload']; $path = str_replace('..', '', $data['path']); $overwrite = isset($data['overwrite']) ? true : false; $filename = preg_replace('/ /', '_', $_FILES['upload_file']['name']); $filename = preg_replace('/[^a-z0-9_\-\.]/i', '', $filename); $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); if (in_array($ext, ['php', 'php3', 'php4', 'inc'])) { Flash::set('error', __('Not allowed to upload files with extension :ext', $ext)); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_FILES)) { $file = $this->_upload_file($filename, FILES_DIR . '/' . $path . '/', $_FILES['upload_file']['tmp_name'], $overwrite); if ($file === false) Flash::set('error', __('File has not been uploaded!')); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6353,"$iloc = expUnserialize($container->internal); if ($db->selectObject('sectionref',""module='"".$iloc->mod.""' AND source='"".$iloc->src.""'"") == null) { if ($container->external != ""N;"") { $newSecRef = new stdClass(); $newSecRef->module = $iloc->mod; $newSecRef->source = $iloc->src; $newSecRef->internal = ''; $newSecRef->refcount = 1; $eloc = expUnserialize($container->external); $section = $db->selectObject('sectionref',""module='container' AND source='"".$eloc->src.""'""); if (!empty($section)) { $newSecRef->section = $section->id; $db->insertObject($newSecRef,""sectionref""); $missing_sectionrefs[] = gt(""Missing sectionref for container replaced"")."": "".$iloc->mod."" - "".$iloc->src."" - PageID } else { $db->delete('container','id=""'.$container->id.'""'); $missing_sectionrefs[] = gt(""Cant' find the container page for container"")."": "".$iloc->mod."" - "".$iloc->src.' - '.gt('deleted'); } } } } assign_to_template(array( 'missing_sectionrefs'=>$missing_sectionrefs, )); }",True,PHP,expUnserialize,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"public function create_file() { if (!AuthUser::hasPermission('file_manager_mkfile')) { Flash::set('error', __('You do not have sufficient permissions to create a file.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/create_file')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $path = str_replace('..', '', $data['path']); $filename = str_replace('..', '', $data['name']); $file = FILES_DIR . DS . $path . DS . $filename; if (file_put_contents($file, '') !== false) { $mode = Plugin::getSetting('filemode', 'file_manager'); chmod($file, octdec($mode)); } else { Flash::set('error', __('File :name has not been created!', array(':name' => $filename))); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6354,"$iloc = expUnserialize($container->internal); if ($db->selectObject('sectionref',""module='"".$iloc->mod.""' AND source='"".$iloc->src.""'"") == null) { if ($container->external != ""N;"") { $newSecRef = new stdClass(); $newSecRef->module = $iloc->mod; $newSecRef->source = $iloc->src; $newSecRef->internal = ''; $newSecRef->refcount = 1; $eloc = expUnserialize($container->external); $section = $db->selectObject('sectionref',""module='container' AND source='"".$eloc->src.""'""); if (!empty($section)) { $newSecRef->section = $section->id; $db->insertObject($newSecRef,""sectionref""); $missing_sectionrefs[] = gt(""Missing sectionref for container replaced"")."": "".$iloc->mod."" - "".$iloc->src."" - PageID } else { $db->delete('container','id=""'.$container->id.'""'); $missing_sectionrefs[] = gt(""Cant' find the container page for container"")."": "".$iloc->mod."" - "".$iloc->src.' - '.gt('deleted'); } } } } assign_to_template(array( 'missing_sectionrefs'=>$missing_sectionrefs, )); }",True,PHP,expUnserialize,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function create_file() { if (!AuthUser::hasPermission('file_manager_mkfile')) { Flash::set('error', __('You do not have sufficient permissions to create a file.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/create_file')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $path = str_replace('..', '', $data['path']); $filename = str_replace('..', '', $data['name']); $file = FILES_DIR . DS . $path . DS . $filename; if (file_put_contents($file, '') !== false) { $mode = Plugin::getSetting('filemode', 'file_manager'); chmod($file, octdec($mode)); } else { Flash::set('error', __('File :name has not been created!', array(':name' => $filename))); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6355,"$count += $db->dropTable($basename); } flash('message', gt('Deleted').' '.$count.' '.gt('unused tables').'.'); expHistory::back(); }",True,PHP,dropTable,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function create_file() { if (!AuthUser::hasPermission('file_manager_mkfile')) { Flash::set('error', __('You do not have sufficient permissions to create a file.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/create_file')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $path = str_replace('..', '', $data['path']); $filename = str_replace('..', '', $data['name']); $file = FILES_DIR . DS . $path . DS . $filename; if (file_put_contents($file, '') !== false) { $mode = Plugin::getSetting('filemode', 'file_manager'); chmod($file, octdec($mode)); } else { Flash::set('error', __('File :name has not been created!', array(':name' => $filename))); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6356,"$count += $db->dropTable($basename); } flash('message', gt('Deleted').' '.$count.' '.gt('unused tables').'.'); expHistory::back(); }",True,PHP,dropTable,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function create_file() { if (!AuthUser::hasPermission('file_manager_mkfile')) { Flash::set('error', __('You do not have sufficient permissions to create a file.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/create_file')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $path = str_replace('..', '', $data['path']); $filename = str_replace('..', '', $data['name']); $file = FILES_DIR . DS . $path . DS . $filename; if (file_put_contents($file, '') !== false) { $mode = Plugin::getSetting('filemode', 'file_manager'); chmod($file, octdec($mode)); } else { Flash::set('error', __('File :name has not been created!', array(':name' => $filename))); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6357,"$count += $db->dropTable($basename); } flash('message', gt('Deleted').' '.$count.' '.gt('unused tables').'.'); expHistory::back(); }",True,PHP,dropTable,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function create_directory() { if (!AuthUser::hasPermission('file_manager_mkdir')) { Flash::set('error', __('You do not have sufficient permissions to create a directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/create_directory')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['directory']; $path = str_replace('..', '', $data['path']); $dirname = str_replace('..', '', $data['name']); $dir = FILES_DIR . ""/{$path}/{$dirname}""; if (mkdir($dir)) { $mode = Plugin::getSetting('dirmode', 'file_manager'); chmod($dir, octdec($mode)); } else { Flash::set('error', __('Directory :name has not been created!', array(':name' => $dirname))); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6358,"$count += $db->dropTable($basename); } flash('message', gt('Deleted').' '.$count.' '.gt('unused tables').'.'); expHistory::back(); }",True,PHP,dropTable,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function create_directory() { if (!AuthUser::hasPermission('file_manager_mkdir')) { Flash::set('error', __('You do not have sufficient permissions to create a directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/create_directory')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['directory']; $path = str_replace('..', '', $data['path']); $dirname = str_replace('..', '', $data['name']); $dir = FILES_DIR . ""/{$path}/{$dirname}""; if (mkdir($dir)) { $mode = Plugin::getSetting('dirmode', 'file_manager'); chmod($dir, octdec($mode)); } else { Flash::set('error', __('Directory :name has not been created!', array(':name' => $dirname))); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6359,"$count += $db->dropTable($basename); } flash('message', gt('Deleted').' '.$count.' '.gt('unused tables').'.'); expHistory::back(); }",True,PHP,dropTable,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"public function create_directory() { if (!AuthUser::hasPermission('file_manager_mkdir')) { Flash::set('error', __('You do not have sufficient permissions to create a directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/create_directory')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['directory']; $path = str_replace('..', '', $data['path']); $dirname = str_replace('..', '', $data['name']); $dir = FILES_DIR . ""/{$path}/{$dirname}""; if (mkdir($dir)) { $mode = Plugin::getSetting('dirmode', 'file_manager'); chmod($dir, octdec($mode)); } else { Flash::set('error', __('Directory :name has not been created!', array(':name' => $dirname))); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6360,"$count += $db->dropTable($basename); } flash('message', gt('Deleted').' '.$count.' '.gt('unused tables').'.'); expHistory::back(); }",True,PHP,dropTable,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"public function create_directory() { if (!AuthUser::hasPermission('file_manager_mkdir')) { Flash::set('error', __('You do not have sufficient permissions to create a directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/create_directory')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['directory']; $path = str_replace('..', '', $data['path']); $dirname = str_replace('..', '', $data['name']); $dir = FILES_DIR . ""/{$path}/{$dirname}""; if (mkdir($dir)) { $mode = Plugin::getSetting('dirmode', 'file_manager'); chmod($dir, octdec($mode)); } else { Flash::set('error', __('Directory :name has not been created!', array(':name' => $dirname))); } redirect(get_url('plugin/file_manager/browse/' . $path)); }" 6361,"$count += $db->dropTable($basename); } flash('message', gt('Deleted').' '.$count.' '.gt('unused tables').'.'); expHistory::back(); }",True,PHP,dropTable,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"protected function connect() { $this->state->init($this->getWorkgroup(), $this->getUser(), $this->getPassword()); }" 6362,"public function theme_switch() { if (!expUtil::isReallyWritable(BASE.'framework/conf/config.php')) { flash('error',gt('The file /framework/conf/config.php is NOT Writeable. You will be unable to change the theme.')); } expSettings::change('DISPLAY_THEME_REAL', $this->params['theme']); expSession::set('display_theme',$this->params['theme']); $sv = isset($this->params['sv'])?$this->params['sv']:''; if (strtolower($sv)=='default') { $sv = ''; } expSettings::change('THEME_STYLE_REAL',$sv); expSession::set('theme_style',$sv); expDatabase::install_dbtables(); $message = gt(""You have selected the"")."" '"".$this->params['theme'].""' "".gt(""theme""); if ($sv != '') { $message .= ' '.gt('with').' '.$this->params['sv'].' '.gt('style variation'); } flash('message',$message); expSession::set('force_less_compile', 1); expSession::clearAllUsersSessionCache(); expHistory::returnTo('manageable'); }",True,PHP,theme_switch,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function read($source) { $source = $this->escapePath($source); $source = str_replace('\'', '\'""\'""\'', $source); $workgroupArgument = ($this->server->getWorkgroup()) ? ' -W ' . escapeshellarg($this->server->getWorkgroup()) : ''; $command = sprintf('%s %s --authentication-file=/proc/self/fd/3 Server::CLIENT, $workgroupArgument, $this->server->getHost(), $this->name, $source ); $connection = new Connection($command); $connection->writeAuthentication($this->server->getUser(), $this->server->getPassword()); $fh = $connection->getFileOutputStream(); stream_context_set_option($fh, 'file', 'connection', $connection); return $fh; }" 6363,"public function theme_switch() { if (!expUtil::isReallyWritable(BASE.'framework/conf/config.php')) { flash('error',gt('The file /framework/conf/config.php is NOT Writeable. You will be unable to change the theme.')); } expSettings::change('DISPLAY_THEME_REAL', $this->params['theme']); expSession::set('display_theme',$this->params['theme']); $sv = isset($this->params['sv'])?$this->params['sv']:''; if (strtolower($sv)=='default') { $sv = ''; } expSettings::change('THEME_STYLE_REAL',$sv); expSession::set('theme_style',$sv); expDatabase::install_dbtables(); $message = gt(""You have selected the"")."" '"".$this->params['theme'].""' "".gt(""theme""); if ($sv != '') { $message .= ' '.gt('with').' '.$this->params['sv'].' '.gt('style variation'); } flash('message',$message); expSession::set('force_less_compile', 1); expSession::clearAllUsersSessionCache(); expHistory::returnTo('manageable'); }",True,PHP,theme_switch,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"protected function connect() { if ($this->connection and $this->connection->isValid()) { return; } $workgroupArgument = ($this->server->getWorkgroup()) ? ' -W ' . escapeshellarg($this->server->getWorkgroup()) : ''; $command = sprintf('%s %s --authentication-file=/proc/self/fd/3 Server::CLIENT, $workgroupArgument, $this->server->getHost(), $this->name ); $this->connection = new Connection($command); $this->connection->writeAuthentication($this->server->getUser(), $this->server->getPassword()); if (!$this->connection->isValid()) { throw new ConnectionException(); } }" 6364,"public function theme_switch() { if (!expUtil::isReallyWritable(BASE.'framework/conf/config.php')) { flash('error',gt('The file /framework/conf/config.php is NOT Writeable. You will be unable to change the theme.')); } expSettings::change('DISPLAY_THEME_REAL', $this->params['theme']); expSession::set('display_theme',$this->params['theme']); $sv = isset($this->params['sv'])?$this->params['sv']:''; if (strtolower($sv)=='default') { $sv = ''; } expSettings::change('THEME_STYLE_REAL',$sv); expSession::set('theme_style',$sv); expDatabase::install_dbtables(); $message = gt(""You have selected the"")."" '"".$this->params['theme'].""' "".gt(""theme""); if ($sv != '') { $message .= ' '.gt('with').' '.$this->params['sv'].' '.gt('style variation'); } flash('message',$message); expSession::set('force_less_compile', 1); expSession::clearAllUsersSessionCache(); expHistory::returnTo('manageable'); }",True,PHP,theme_switch,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"function article_save() { global $txp_user, $vars, $prefs; extract($prefs); $incoming = array_map('assert_string', psa($vars)); $oldArticle = safe_row('Status, url_title, Title, textile_body, textile_excerpt, '. 'unix_timestamp(LastMod) as sLastMod, LastModID, '. 'unix_timestamp(Posted) as sPosted, '. 'unix_timestamp(Expires) as sExpires', 'textpattern', 'ID = '.(int) $incoming['ID']);" 6365,"public function theme_switch() { if (!expUtil::isReallyWritable(BASE.'framework/conf/config.php')) { flash('error',gt('The file /framework/conf/config.php is NOT Writeable. You will be unable to change the theme.')); } expSettings::change('DISPLAY_THEME_REAL', $this->params['theme']); expSession::set('display_theme',$this->params['theme']); $sv = isset($this->params['sv'])?$this->params['sv']:''; if (strtolower($sv)=='default') { $sv = ''; } expSettings::change('THEME_STYLE_REAL',$sv); expSession::set('theme_style',$sv); expDatabase::install_dbtables(); $message = gt(""You have selected the"")."" '"".$this->params['theme'].""' "".gt(""theme""); if ($sv != '') { $message .= ' '.gt('with').' '.$this->params['sv'].' '.gt('style variation'); } flash('message',$message); expSession::set('force_less_compile', 1); expSession::clearAllUsersSessionCache(); expHistory::returnTo('manageable'); }",True,PHP,theme_switch,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"function new_pass_form() { pagetop(gTxt('tab_site_admin'), ''); echo form( hed(gTxt('change_password'), 2). inputLabel( 'new_pass', fInput('password', 'new_pass', '', 'txp-maskable', '', '', INPUT_REGULAR, '', 'new_pass'), 'new_password', '', array('class' => 'txp-form-field edit-admin-new-password') ). graf( checkbox('unmask', 1, false, 0, 'show_password'). n.tag(gTxt('show_password'), 'label', array('for' => 'show_password')), array('class' => 'edit-admin-show-password')). graf(fInput('submit', 'change_pass', gTxt('submit'), 'publish')). eInput('admin'). sInput('change_pass'), '', '', 'post', 'txp-edit', '', 'change_password'); }" 6366,"public function theme_switch() { if (!expUtil::isReallyWritable(BASE.'framework/conf/config.php')) { flash('error',gt('The file /framework/conf/config.php is NOT Writeable. You will be unable to change the theme.')); } expSettings::change('DISPLAY_THEME_REAL', $this->params['theme']); expSession::set('display_theme',$this->params['theme']); $sv = isset($this->params['sv'])?$this->params['sv']:''; if (strtolower($sv)=='default') { $sv = ''; } expSettings::change('THEME_STYLE_REAL',$sv); expSession::set('theme_style',$sv); expDatabase::install_dbtables(); $message = gt(""You have selected the"")."" '"".$this->params['theme'].""' "".gt(""theme""); if ($sv != '') { $message .= ' '.gt('with').' '.$this->params['sv'].' '.gt('style variation'); } flash('message',$message); expSession::set('force_less_compile', 1); expSession::clearAllUsersSessionCache(); expHistory::returnTo('manageable'); }",True,PHP,theme_switch,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"function change_pass() { global $txp_user; extract(psa(array('new_pass'))); if (empty($new_pass)) { author_list(array(gTxt('password_required'), E_ERROR)); return; } $rs = change_user_password($txp_user, $new_pass); if ($rs) { $message = gTxt('password_changed') . '.'; author_list($message); } }" 6367,"public function theme_switch() { if (!expUtil::isReallyWritable(BASE.'framework/conf/config.php')) { flash('error',gt('The file /framework/conf/config.php is NOT Writeable. You will be unable to change the theme.')); } expSettings::change('DISPLAY_THEME_REAL', $this->params['theme']); expSession::set('display_theme',$this->params['theme']); $sv = isset($this->params['sv'])?$this->params['sv']:''; if (strtolower($sv)=='default') { $sv = ''; } expSettings::change('THEME_STYLE_REAL',$sv); expSession::set('theme_style',$sv); expDatabase::install_dbtables(); $message = gt(""You have selected the"")."" '"".$this->params['theme'].""' "".gt(""theme""); if ($sv != '') { $message .= ' '.gt('with').' '.$this->params['sv'].' '.gt('style variation'); } flash('message',$message); expSession::set('force_less_compile', 1); expSession::clearAllUsersSessionCache(); expHistory::returnTo('manageable'); }",True,PHP,theme_switch,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"function send_reset_confirmation_request($name) { global $sitename; $rs = safe_row(""user_id, email, nonce, pass"", 'txp_users', ""name = '"".doSlash($name).""'""); if ($rs) { extract($rs); $uid = assert_int($user_id); $selector = Txp::get('\Textpattern\Password\Random')->generate(12); $expiry = strftime('%Y-%m-%d %H:%M:%S', time() + (60 * RESET_EXPIRY_MINUTES)); $token = bin2hex(pack('H*', substr(hash(HASHING_ALGORITHM, $nonce . $selector . $pass), 0, SALT_LENGTH))); $confirm = $token.$selector; safe_delete(""txp_token"", ""reference_id = $uid AND type = 'password_reset'""); safe_insert(""txp_token"", ""reference_id = $uid, type = 'password_reset', selector = '"".doSlash($selector).""', token = '"".doSlash($token).""', expires = '"".doSlash($expiry).""' ""); $message = gTxt('greeting').' '.$name.','. n.n.gTxt('password_reset_confirmation'). n.hu.'textpattern/index.php?confirm='.$confirm; if (txpMail($email, ""[$sitename] "".gTxt('password_reset_confirmation_request'), $message)) { return gTxt('password_reset_confirmation_request_sent'); } else { return array(gTxt('could_not_mail'), E_ERROR); } } else { return gTxt('password_reset_confirmation_request_sent'); } }" 6368,"public function theme_switch() { if (!expUtil::isReallyWritable(BASE.'framework/conf/config.php')) { flash('error',gt('The file /framework/conf/config.php is NOT Writeable. You will be unable to change the theme.')); } expSettings::change('DISPLAY_THEME_REAL', $this->params['theme']); expSession::set('display_theme',$this->params['theme']); $sv = isset($this->params['sv'])?$this->params['sv']:''; if (strtolower($sv)=='default') { $sv = ''; } expSettings::change('THEME_STYLE_REAL',$sv); expSession::set('theme_style',$sv); expDatabase::install_dbtables(); $message = gt(""You have selected the"")."" '"".$this->params['theme'].""' "".gt(""theme""); if ($sv != '') { $message .= ' '.gt('with').' '.$this->params['sv'].' '.gt('style variation'); } flash('message',$message); expSession::set('force_less_compile', 1); expSession::clearAllUsersSessionCache(); expHistory::returnTo('manageable'); }",True,PHP,theme_switch,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function showCredits() { ?>

    : Marco L., Rolf W., Tobias U., Lars K., Donna F., Kevin D., Ramos S., Thomas M., John C., Andreas G., Ben M., Myra R. I., Carlos U. R.-S., Oleg I., M. N., Daniel K., James L., Jochen K., Cyril P., Thomas K., Patrik K., Zach, Sebastian W., Peakkom, Patrik K., !

    you for using my plugin. It is the best commendation if my piece of code is really used!','wp-piwik'); ?>

    (bs3()) ? $sorted : json_encode($sorted), ""top""=>$top )); }",True,PHP,toolbar,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"$tableBody[] = array(htmlentities($row['label']), $row['nb_visits'], $row['bounce_rate']); if ($count == 10) break; } $this->table($tableHead, $tableBody, null); }" 6377,"public function toolbar() { $menu = array(); $dirs = array( BASE.'framework/modules/administration/menus', BASE.'themes/'.DISPLAY_THEME.'/modules/administration/menus' ); foreach ($dirs as $dir) { if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (substr($file,-4,4) == '.php' && is_readable($dir.'/'.$file) && is_file($dir.'/'.$file)) { $menu[substr($file,0,-4)] = include($dir.'/'.$file); if (empty($menu[substr($file,0,-4)])) unset($menu[substr($file,0,-4)]); } } } } ksort($menu); $sorted = array(); foreach($menu as $m) $sorted[] = $m; if (isset($_COOKIE['slingbar-top'])){ $top = $_COOKIE['slingbar-top']; } else { $top = SLINGBAR_TOP; } assign_to_template(array( 'menu'=>(bs3()) ? $sorted : json_encode($sorted), ""top""=>$top )); }",True,PHP,toolbar,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"function generate_key($size) { include_once(PHPWG_ROOT_PATH.'include/random_compat/random.php'); return substr( str_replace( array('+', '/'), '', base64_encode(random_bytes($size+10)) ), 0, $size ); }" 6378,"public function toolbar() { $menu = array(); $dirs = array( BASE.'framework/modules/administration/menus', BASE.'themes/'.DISPLAY_THEME.'/modules/administration/menus' ); foreach ($dirs as $dir) { if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (substr($file,-4,4) == '.php' && is_readable($dir.'/'.$file) && is_file($dir.'/'.$file)) { $menu[substr($file,0,-4)] = include($dir.'/'.$file); if (empty($menu[substr($file,0,-4)])) unset($menu[substr($file,0,-4)]); } } } } ksort($menu); $sorted = array(); foreach($menu as $m) $sorted[] = $m; if (isset($_COOKIE['slingbar-top'])){ $top = $_COOKIE['slingbar-top']; } else { $top = SLINGBAR_TOP; } assign_to_template(array( 'menu'=>(bs3()) ? $sorted : json_encode($sorted), ""top""=>$top )); }",True,PHP,toolbar,administrationController.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"function get_quick_search_results_no_cache($q, $options) { global $conf; $q = trim(stripslashes($q)); $search_results = array( 'items' => array(), 'qs' => array('q'=>$q), ); $q = trigger_change('qsearch_pre', $q); $scopes = array(); $scopes[] = new QSearchScope('tag', array('tags')); $scopes[] = new QSearchScope('photo', array('photos')); $scopes[] = new QSearchScope('file', array('filename')); $scopes[] = new QSearchScope('author', array(), true); $scopes[] = new QNumericRangeScope('width', array()); $scopes[] = new QNumericRangeScope('height', array()); $scopes[] = new QNumericRangeScope('ratio', array(), false, 0.001); $scopes[] = new QNumericRangeScope('size', array()); $scopes[] = new QNumericRangeScope('filesize', array()); $scopes[] = new QNumericRangeScope('hits', array('hit', 'visit', 'visits')); $scopes[] = new QNumericRangeScope('score', array('rating'), true); $scopes[] = new QNumericRangeScope('id', array()); $createdDateAliases = array('taken', 'shot'); $postedDateAliases = array('added'); if ($conf['calendar_datefield'] == 'date_creation') $createdDateAliases[] = 'date'; else $postedDateAliases[] = 'date'; $scopes[] = new QDateRangeScope('created', $createdDateAliases, true); $scopes[] = new QDateRangeScope('posted', $postedDateAliases); $scopes = trigger_change('qsearch_get_scopes', $scopes); $expression = new QExpression($q, $scopes); $inflector = null; $lang_code = substr(get_default_language(),0,2); @include_once(PHPWG_ROOT_PATH.'include/inflectors/'.$lang_code.'.php'); $class_name = 'Inflector_'.$lang_code; if (class_exists($class_name)) { $inflector = new $class_name; foreach( $expression->stokens as $token) { if (isset($token->scope) && !$token->scope->is_text) continue; if (strlen($token->term)>2 && ($token->modifier & (QST_QUOTED|QST_WILDCARD))==0 && strcspn($token->term, '\'0123456789') == strlen($token->term) ) { $token->variants = array_unique( array_diff( $inflector->get_variants($token->term), array($token->term) ) ); } } } trigger_notify('qsearch_expression_parsed', $expression); if (count($expression->stokens)==0) { return $search_results; } $qsr = new QResults; qsearch_get_tags($expression, $qsr); qsearch_get_images($expression, $qsr); trigger_notify('qsearch_before_eval', $expression, $qsr); $ids = qsearch_eval($expression, $qsr, $tmp, $search_results['qs']['unmatched_terms']); $debug[] = """"; } if ( $wgUser->isAllowed( 'protect' ) && $wgPiwikIgnoreSysops ) { return """"; } if ( empty( $wgPiwikIDSite ) || empty( $wgPiwikURL ) ) { return """"; } if ( $wgPiwikUsePageTitle ) { $wgPiwikPageTitle = $title->getPrefixedText(); $wgPiwikFinalActionName = $wgPiwikActionName; $wgPiwikFinalActionName .= $wgPiwikPageTitle; } else { $wgPiwikFinalActionName = $wgPiwikActionName; } if ($wgPiwikDisableCookies) { $disableCookiesStr = PHP_EOL . ' _paq.push([""disableCookies""]);'; } else $disableCookiesStr = null; if (!empty($wgPiwikCustomJS)) { if (is_array($wgPiwikCustomJS)) { $customJs = PHP_EOL; foreach ($wgPiwikCustomJS as $customJsLine) { $customJs .= $customJsLine; } } else $customJs = PHP_EOL . $wgPiwikCustomJS; } else $customJs = null; if ($wgPiwikTrackUsernames && $wgUser->isLoggedIn()) { $username = $wgUser->getName(); $customJs .= PHP_EOL . "" _paq.push(['setUserId','{$username}']);""; } if ($wgPiwikProtocol == 'auto') { if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { $wgPiwikProtocol = 'https'; } else { $wgPiwikProtocol = 'http'; } } $wgPiwikFinalActionName = Xml::encodeJsVar( $wgPiwikFinalActionName ); $jsPiwikURL = ''; $jsPiwikURLCommon = ''; if( is_null( $wgPiwikJSFileURL ) ) { $wgPiwikJSFileURL = 'piwik.js'; $jsPiwikURLCommon = '+' . Xml::encodeJsVar( $wgPiwikURL . '/' ); } else { $jsPiwikURL = '+' . Xml::encodeJsVar( $wgPiwikURL . '/' ); } $jsPiwikJSFileURL = Xml::encodeJsVar( $wgPiwikJSFileURL ); $script = <<
    Exit Page Contents
    EOFT; if (function_exists(wp_editor)) { wp_editor($oldtemp, ""xx""); } else { echo """"; } echo <<< EOFT
    • %n% will be replaced by the redirect delay
    • %link% will be replaced by the redirection URL

    • %count% will be replaced by a redirection count down (Pro! Feature)

    • %site+1% will be replaced by a Google +1 button for your site. (Pro! Feature)

      • ",True,PHP,exit_page_admin,exitpage.php,https://github.com/wp-plugins/exit-strategy,wp-plugins,angrybyte,2013-05-28 17:53:26+00:00,"Security improvements, preventing XSS, full path disclosure, and unprivileged manipulation. git-svn-id: https://plugins.svn.wordpress.org/exit-strategy/trunk@719477 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2013-10024,"function XMLRPCendRequest($requestid) { global $user; $requestid = processInputData($requestid, ARG_NUMERIC); $userRequests = getUserRequests('all', $user['id']); $found = 0; foreach($userRequests as $req) { if($req['id'] == $requestid) { $request = getRequestInfo($requestid); $found = 1; break; } } if(! $found) return array('status' => 'error', 'errorcode' => 1, 'errormsg' => 'unknown requestid'); deleteRequest($request); return array('status' => 'success'); }" 684,"function exit_page_admin() { if ($_POST['xx']) { update_option('exitpagecontents', $_POST['xx']); update_option('redirecttoparent', $_POST['redirectpar']); } $oldtemp = stripcslashes(get_option(""exitpagecontents"")); $chkd = 1; $chkd2 = get_option(""redirecttoparent""); if ($chkd) { $chkd = ""checked='checked'""; } else { $chkd = """"; } if ($chkd2) { $chkd2 = ""checked='checked'""; } else { $chkd2 = """"; } echo <<< EOFT

      Wordpress Exit Strategy

      Exit Page Options

      Exit Page Contents EOFT; if (function_exists(wp_editor)) { wp_editor($oldtemp, ""xx""); } else { echo """"; } echo <<< EOFT
      • %n% will be replaced by the redirect delay
      • %link% will be replaced by the redirection URL

      • %count% will be replaced by a redirection count down (Pro! Feature)

      • %site+1% will be replaced by a Google +1 button for your site. (Pro! Feature)

        • ",True,PHP,exit_page_admin,exitpage.php,https://github.com/wp-plugins/exit-strategy,wp-plugins,angrybyte,2013-05-28 17:53:26+00:00,"Security improvements, preventing XSS, full path disclosure, and unprivileged manipulation. git-svn-id: https://plugins.svn.wordpress.org/exit-strategy/trunk@719477 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2013-10025,"array_push($stack, $node); } } return array('status' => 'success', 'nodes' => $nodes); } else { return array('status' => 'error', 'errorcode' => 70, 'errormsg' => 'User cannot access node content'); } }" 685,"function start() { if (isset($_POST['restart'])) $this->restart(); $options = get_option('blogger_importer'); if (is_array($options)) foreach ($options as $key => $value) $this->$key = $value; if (isset($_REQUEST['blog'])) { $blog = is_array($_REQUEST['blog']) ? array_shift($keys = array_keys($_REQUEST['blog'])) : $_REQUEST['blog']; $blog = (int)$blog; $result = $this->import_blog($blog); if (is_wp_error($result)) echo $result->get_error_message(); } elseif (isset($_GET['token']) && isset($_GET['token_secret'])) $this->auth(); elseif (isset($this->token) && isset($this->token_secret)) $this->show_blogs(); else $this->greet(); $saved = $this->save_vars(); if ($saved && !isset($_GET['noheader'])) { $restart = __('Restart', 'blogger-importer'); $message = __('We have saved some information about your Blogger account in your WordPress database. Clearing this information will allow you to start over. Restarting will not affect any posts you have already imported. If you attempt to re-import a blog, duplicate posts and comments will be skipped.', 'blogger-importer'); $submit = esc_attr__('Clear account information', 'blogger-importer'); echo ""

        $restart

        $message

        ""; } }",True,PHP,start,blogger-importer.php,https://github.com/wp-plugins/blogger-importer,wp-plugins,dllh,2013-10-08 14:29:47+00:00,"Adding a nonce to prevent CSRF. git-svn-id: https://plugins.svn.wordpress.org/blogger-importer/trunk@784566 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2013-10027,"array_push($stack, $node); } } return array('status' => 'success', 'nodes' => $nodes); } else { return array('status' => 'error', 'errorcode' => 70, 'errormsg' => 'User cannot access node content'); } }" 687,"function restart() { global $wpdb; $options = get_option('blogger_importer'); delete_option('blogger_importer'); $wpdb->query(""DELETE FROM $wpdb->postmeta WHERE meta_key = 'blogger_author'""); wp_redirect('?import=blogger'); }",True,PHP,restart,blogger-importer.php,https://github.com/wp-plugins/blogger-importer,wp-plugins,dllh,2013-10-08 14:29:47+00:00,"Adding a nonce to prevent CSRF. git-svn-id: https://plugins.svn.wordpress.org/blogger-importer/trunk@784566 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2013-10027,"array_push($privileges, $p); } } return array('status' => 'success', 'privileges' => array_unique($privileges)); }" 689,"$news_reg_return.=__(""Thank you, your email have been deleted from our mailing-list"", 'eelv_lettreinfo'); if(!empty($sender) && !empty($unsuscribe_title) && !empty($unsuscribe)){ mail($email,$unsuscribe_title,$unsuscribe,'From:'.$sender); } } } else{ $news_reg_return.=__(""Your email does'nt appear in our mailing list. No unsuscribe needed"", 'eelv_lettreinfo'); } break; } } else{ $news_reg_return.= strip_tags($email).' : '.__('invalid address', 'eelv_lettreinfo'); } } }",True,PHP,__,lettreinfo.php,https://github.com/wp-plugins/eelv-newsletter,wp-plugins,bastho,2013-04-17 09:35:26+00:00,"XSS fix git-svn-id: https://plugins.svn.wordpress.org/eelv-newsletter/trunk@698982 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2013-10028,"array_push($privileges, $p); } } return array('status' => 'success', 'privileges' => array_unique($privileges)); }" 691,"function download_selected($dir) { $dir = get_abs_dir($dir); global $site_name; require_once(""_include/fun_archive.php""); $items = qxpage_selected_items(); switch (count($items)) { case 0: show_error($GLOBALS[""error_msg""][""miscselitems""]); case 1: if (is_file($items[0])) { download_item( $dir, $items[0] ); break; } default: zip_download( $dir, $items ); } }",True,PHP,download_selected,fun_down.php,https://github.com/realtimeprojects/quixplorer,realtimeprojects,Claudio Klingler,2013-11-03 18:21:54+01:00,"Bugfix: SECURITY FIX: download as zip may grant access to any files. This bugfix removes a vulnerability bug of quixplorer from which any file in your system (which is readable to the web process) may be downloaded from your system. - Refactored downloading and access right controlling. - Fixed download and path handling. Closes #21",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2013-1641,"array_push($images, array('id' => $imageid, 'name' => $image)); } return array('status' => 'success', 'images' => $images); }" 693,"function _download_header($filename, $filesize = 0) { $browser=id_browser(); header('Content-Type: '.(($browser=='IE' || $browser=='OPERA')? 'application/octetstream':'application/octet-stream'));",True,PHP,_download_header,fun_down.php,https://github.com/realtimeprojects/quixplorer,realtimeprojects,Claudio Klingler,2013-11-03 18:21:54+01:00,"Bugfix: SECURITY FIX: download as zip may grant access to any files. This bugfix removes a vulnerability bug of quixplorer from which any file in your system (which is readable to the web process) may be downloaded from your system. - Refactored downloading and access right controlling. - Fixed download and path handling. Closes #21",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2013-1641,"array_push($images, array('id' => $imageid, 'name' => $image)); } return array('status' => 'success', 'images' => $images); }" 696,"function download_item($dir, $item) { $item=basename($item); if (!permissions_grant($dir, $item, ""read"")) show_error($GLOBALS[""error_msg""][""accessfunc""]); if (!get_is_file($dir,$item)) { _debug(""error download""); show_error($item."": "".$GLOBALS[""error_msg""][""fileexist""]); } if (!get_show_item($dir, $item)) show_error($item."": "".$GLOBALS[""error_msg""][""accessfile""]); $abs_item = get_abs_item($dir,$item); _download($abs_item, $item); }",True,PHP,download_item,fun_down.php,https://github.com/realtimeprojects/quixplorer,realtimeprojects,Claudio Klingler,2013-11-03 18:21:54+01:00,"Bugfix: SECURITY FIX: download as zip may grant access to any files. This bugfix removes a vulnerability bug of quixplorer from which any file in your system (which is readable to the web process) may be downloaded from your system. - Refactored downloading and access right controlling. - Fixed download and path handling. Closes #21",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2013-1641,"array_push($stack, $node); } } return array('status' => 'success', 'nodes' => $nodes); } else { return array('status' => 'error', 'errorcode' => 70, 'errormsg' => 'User cannot access node content'); } }" 701,"function get_abs_item($dir, $item) { return get_abs_dir($dir).DIRECTORY_SEPARATOR.$item; }",True,PHP,get_abs_item,fun_extra.php,https://github.com/realtimeprojects/quixplorer,realtimeprojects,Claudio Klingler,2013-11-03 18:21:54+01:00,"Bugfix: SECURITY FIX: download as zip may grant access to any files. This bugfix removes a vulnerability bug of quixplorer from which any file in your system (which is readable to the web process) may be downloaded from your system. - Refactored downloading and access right controlling. - Fixed download and path handling. Closes #21",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2013-1641,"array_push($stack, $node); } } return array('status' => 'success', 'nodes' => $nodes); } else { return array('status' => 'error', 'errorcode' => 70, 'errormsg' => 'User cannot access node content'); } }" 703,"function get_is_file($dir, $item) { return @is_file(get_abs_item($dir,$item)); }",True,PHP,get_is_file,fun_extra.php,https://github.com/realtimeprojects/quixplorer,realtimeprojects,Claudio Klingler,2013-11-03 18:21:54+01:00,"Bugfix: SECURITY FIX: download as zip may grant access to any files. This bugfix removes a vulnerability bug of quixplorer from which any file in your system (which is readable to the web process) may be downloaded from your system. - Refactored downloading and access right controlling. - Fixed download and path handling. Closes #21",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2013-1641,"array_push($privileges, $p); } } return array('status' => 'success', 'privileges' => array_unique($privileges)); }" 704,"function get_show_item ($directory, $file) { if ( preg_match( ""/\.\./"", $directory ) ) return false; if ( isset($file) && preg_match( ""/\.\./"", $file ) ) return false; if ( $file == ""."" ) return false; if ( substr( $file, 0, 1) == ""."" && $GLOBALS[""show_hidden""] == false ) return false; if (matches_noaccess_pattern($file)) return false; if ( $GLOBALS[""show_hidden""] == false ) { $directory_parts = explode( ""/"", $directory ); foreach ($directory_parts as $directory_part ) { if ( substr ( $directory_part, 0, 1) == ""."" ) return false; } } return true; }",True,PHP,get_show_item,fun_extra.php,https://github.com/realtimeprojects/quixplorer,realtimeprojects,Claudio Klingler,2013-11-03 18:21:54+01:00,"Bugfix: SECURITY FIX: download as zip may grant access to any files. This bugfix removes a vulnerability bug of quixplorer from which any file in your system (which is readable to the web process) may be downloaded from your system. - Refactored downloading and access right controlling. - Fixed download and path handling. Closes #21",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2013-1641,"array_push($privileges, $p); } } return array('status' => 'success', 'privileges' => array_unique($privileges)); }" 705,"function path_f ($path) { global $home_dir; $abs_dir = $home_dir; switch ($path) { case '.': case '': return realpath($abs_dir); } return realpath(realpath($home_dir) . ""/$path""); }",True,PHP,path_f,qxpath.php,https://github.com/realtimeprojects/quixplorer,realtimeprojects,Claudio Klingler,2013-11-03 18:21:54+01:00,"Bugfix: SECURITY FIX: download as zip may grant access to any files. This bugfix removes a vulnerability bug of quixplorer from which any file in your system (which is readable to the web process) may be downloaded from your system. - Refactored downloading and access right controlling. - Fixed download and path handling. Closes #21",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2013-1641,"array_push($images, array('id' => $imageid, 'name' => $image)); } return array('status' => 'success', 'images' => $images); }" 709,"$item = array(); $item['id'] = $incident->id; $item['title'] = $incident->incident_title; $item['link'] = $site_url.'reports/view/'.$incident->id; $item['description'] = $incident->incident_description; $item['date'] = $incident->incident_date; $item['categories'] = $categories; if ( $incident->location_id != 0 AND $incident->location->longitude AND $incident->location->latitude ) { $item['point'] = array( $incident->location->latitude, $incident->location->longitude ); $items[] = $item; } } $cache->set($subdomain.'_feed_'.$limit.'_'.$page, $items, array('feed'), 3600); $feed_items = $items; } $feedpath = $feedtype == 'atom' ? 'feed/atom/' : 'feed/'; $view = new View('feed/'.$feedtype); $view->feed_title = htmlspecialchars(Kohana::config('settings.site_name')); $view->site_url = $site_url; $view->georss = 1; $view->feed_url = $site_url.$feedpath; $view->feed_date = gmdate(""D, d M Y H:i:s T"", time()); $view->feed_description = htmlspecialchars(Kohana::lang('ui_admin.incident_feed').' '.Kohana::config('settings.site_name')); $view->items = $feed_items; $view->render(TRUE); }",True,PHP,array,feed.php,https://github.com/rjmackay/Ushahidi_Web,rjmackay,Robbie Mackay,2013-04-09 15:14:51+12:00,"Better XSS protection * Add HTMLPurifier library (LGPL) * Add helper functions to html helper * Set default encoding header to UTF-8 * Make sure the doctype is the same everywhere (admin/members/frontend) * Remove use of strip_tags() and htmlspecialchars() * Replace vanilla htmlentities with html::escape() - make sure no one forgets the UTF-8 * Remove _csv_text() fn - no longer used and was using strip_tags()",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2013-2025,"array_push($images, array('id' => $imageid, 'name' => $image)); } return array('status' => 'success', 'images' => $images); }" 710,private function _csv_text($text) { $text = stripslashes(htmlspecialchars($text)); return $text; },True,PHP,_csv_text,reports.php,https://github.com/rjmackay/Ushahidi_Web,rjmackay,Robbie Mackay,2013-04-09 15:14:51+12:00,"Better XSS protection * Add HTMLPurifier library (LGPL) * Add helper functions to html helper * Set default encoding header to UTF-8 * Make sure the doctype is the same everywhere (admin/members/frontend) * Remove use of strip_tags() and htmlspecialchars() * Replace vanilla htmlentities with html::escape() - make sure no one forgets the UTF-8 * Remove _csv_text() fn - no longer used and was using strip_tags()",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2013-2025,"function XMLRPCremoveNode($nodeID) { require_once("".ht-inc/privileges.php""); global $user; if(! is_numeric($nodeID)) { return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified'); } if(! in_array(""nodeAdmin"", $user['privileges'])) { return array('status' => 'error', 'errorcode' => 70, 'errormsg' => 'User cannot administer nodes'); } if(! checkUserHasPriv(""nodeAdmin"", $user['id'], $nodeID)) { return array('status' => 'error', 'errorcode' => 57, 'errormsg' => 'User cannot edit this node'); } $nodes = recurseGetChildren($nodeID); array_push($nodes, $nodeID); $deleteNodes = implode(',', $nodes); $query = ""DELETE FROM privnode "" . ""WHERE id IN ($deleteNodes)""; doQuery($query, 345); return array('status' => 'success'); }" 716,"$incident_title = strip_tags(html_entity_decode(html_entity_decode($this->data->item_title, ENT_QUOTES)));",True,PHP,strip_tags,actions.php,https://github.com/rjmackay/Ushahidi_Web,rjmackay,Robbie Mackay,2013-04-09 15:14:51+12:00,"Better XSS protection * Add HTMLPurifier library (LGPL) * Add helper functions to html helper * Set default encoding header to UTF-8 * Make sure the doctype is the same everywhere (admin/members/frontend) * Remove use of strip_tags() and htmlspecialchars() * Replace vanilla htmlentities with html::escape() - make sure no one forgets the UTF-8 * Remove _csv_text() fn - no longer used and was using strip_tags()",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2013-2025,"function XMLRPCremoveNode($nodeID) { require_once("".ht-inc/privileges.php""); global $user; if(! is_numeric($nodeID)) { return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified'); } if(! in_array(""nodeAdmin"", $user['privileges'])) { return array('status' => 'error', 'errorcode' => 70, 'errormsg' => 'User cannot administer nodes'); } if(! checkUserHasPriv(""nodeAdmin"", $user['id'], $nodeID)) { return array('status' => 'error', 'errorcode' => 57, 'errormsg' => 'User cannot edit this node'); } $nodes = recurseGetChildren($nodeID); array_push($nodes, $nodeID); $deleteNodes = implode(',', $nodes); $query = ""DELETE FROM privnode "" . ""WHERE id IN ($deleteNodes)""; doQuery($query, 345); return array('status' => 'success'); }" 718,"public function get_messages($search_criteria=""UNSEEN"", $date_format=""Y-m-d H:i:s"") { global $htmlmsg,$plainmsg,$attachments; if($this->imap_stream == false) { return array(); } $new_msgs = imap_search($this->imap_stream, 'UNSEEN'); $max_imap_messages = Kohana::config('email.max_imap_messages'); if ($new_msgs == null) { return array(); } $msg_to_pull = sizeof($new_msgs); if($msg_to_pull > $max_imap_messages) { $msg_to_pull = $max_imap_messages; } $messages = array(); for ($msgidx = 0; $msgidx < $msg_to_pull; $msgidx++) { $msgno = $new_msgs[$msgidx]; $header = imap_headerinfo($this->imap_stream, $msgno); if( ! isset($header->message_id) OR ! isset($header->udate)) { continue; } if ($header->Unseen != 'U' AND $header->Recent != 'N') { continue; } $message_id = $header->message_id; $date = date($date_format, $header->udate); if (isset($header->from)) { $from = $header->from; }else{ $from = FALSE; } $fromname = """"; $fromaddress = """"; $subject = """"; $body = """"; $attachments = """"; if ($from != FALSE) { foreach ($from as $id => $object) { if (isset($object->personal)) { $fromname = $object->personal; } if (isset($object->mailbox) AND isset($object->host)) { $fromaddress = $object->mailbox.""@"".$object->host; } if ($fromname == """") { $fromname = $fromaddress; } } } if (isset($header->subject)) { $subject = $this->_mime_decode($header->subject); } $this->_getmsg($this->imap_stream, $msgno); if ($htmlmsg) { $html2text = new Html2Text($htmlmsg); $htmlmsg = $html2text->get_text(); } $body = ($plainmsg) ? $plainmsg : $htmlmsg; $attachments = $this->_extract_attachments($this->imap_stream, $msgno); if(mb_detect_encoding($body, 'auto', true) == '') { $body = iconv(""windows-1256"", ""UTF-8"", $body); } $detected_encoding = mb_detect_encoding($body, ""auto""); if($detected_encoding == 'ASCII') $detected_encoding = 'iso-8859-1'; $body = htmlentities($body,NULL,$detected_encoding); $subject = htmlentities(strip_tags($subject),NULL,'UTF-8'); array_push($messages, array('message_id' => $message_id, 'date' => $date, 'from' => $fromname, 'email' => $fromaddress, 'subject' => $subject, 'body' => $body, 'attachments' => $attachments)); imap_setflag_full($this->imap_stream, $msgno, ""\\Seen""); } return $messages; }",True,PHP,get_messages,Imap.php,https://github.com/rjmackay/Ushahidi_Web,rjmackay,Robbie Mackay,2013-04-09 15:14:51+12:00,"Better XSS protection * Add HTMLPurifier library (LGPL) * Add helper functions to html helper * Set default encoding header to UTF-8 * Make sure the doctype is the same everywhere (admin/members/frontend) * Remove use of strip_tags() and htmlspecialchars() * Replace vanilla htmlentities with html::escape() - make sure no one forgets the UTF-8 * Remove _csv_text() fn - no longer used and was using strip_tags()",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2013-2025,"function XMLRPCremoveNode($nodeID) { require_once("".ht-inc/privileges.php""); global $user; if(! is_numeric($nodeID)) { return array('status' => 'error', 'errorcode' => 78, 'errormsg' => 'Invalid nodeid specified'); } if(! in_array(""nodeAdmin"", $user['privileges'])) { return array('status' => 'error', 'errorcode' => 70, 'errormsg' => 'User cannot administer nodes'); } if(! checkUserHasPriv(""nodeAdmin"", $user['id'], $nodeID)) { return array('status' => 'error', 'errorcode' => 57, 'errormsg' => 'User cannot edit this node'); } $nodes = recurseGetChildren($nodeID); array_push($nodes, $nodeID); $deleteNodes = implode(',', $nodes); $query = ""DELETE FROM privnode "" . ""WHERE id IN ($deleteNodes)""; doQuery($query, 345); return array('status' => 'success'); }" 721,"public function embed($raw, $auto = FALSE, $echo = TRUE) { $this->set_url($raw); $output = FALSE; $code = str_replace($this->service['baseurl'], """", $this->url); switch($this->service_name) { case ""youtube"": $you_auto = ($auto) ? ""&autoplay=1"" : """"; $output = ''; break; case ""google"": $google_auto = ($auto) ? ""&autoPlay=true"" : """"; $output = "" "" . """"; break; case ""dotsub"": $output = """"; }",True,PHP,_cpmp_mt_sublevel_library,wp-media-cincopa.php,https://github.com/wp-plugins/video-playlist-and-gallery-plugin,wp-plugins,nicashmu,2015-08-31 11:22:50+00:00,"Security exploit fixed git-svn-id: https://plugins.svn.wordpress.org/video-playlist-and-gallery-plugin/trunk@1234565 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-10109,"function lp_ab_testing_prepare_screenshot($link) { $variation_id = lp_ab_testing_get_current_variation_id(); $link = $link.""?lp-variation-id="".$variation_id; return $link; }" 2530,"function _cpmp_mt_toplevel_page() { echo ""
        ""; }",True,PHP,_cpmp_mt_toplevel_page,wp-media-cincopa.php,https://github.com/wp-plugins/video-playlist-and-gallery-plugin,wp-plugins,nicashmu,2015-08-31 11:22:50+00:00,"Security exploit fixed git-svn-id: https://plugins.svn.wordpress.org/video-playlist-and-gallery-plugin/trunk@1234565 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-10109,"function lp_ab_testing_prepare_variation_callback() { $page_id = lp_url_to_postid( trim($_POST['current_url']) ); $variations = get_post_meta($page_id,'lp-ab-variations', true); $marker = get_post_meta($page_id,'lp-ab-variations-marker', true); if (!is_numeric($marker)) { $marker = 0; } if ($variations) { $variations = explode(',',$variations); $variation_id = $variations[$marker]; $marker++; if ($marker>=count($variations)) { $marker = 0; } update_post_meta($page_id, 'lp-ab-variations-marker', $marker); echo $variation_id; die(); } }" 2533,"function _cpmp_mt_sublevel_myaccount() { echo ""
        ""; }",True,PHP,_cpmp_mt_sublevel_myaccount,wp-media-cincopa.php,https://github.com/wp-plugins/video-playlist-and-gallery-plugin,wp-plugins,nicashmu,2015-08-31 11:22:50+00:00,"Security exploit fixed git-svn-id: https://plugins.svn.wordpress.org/video-playlist-and-gallery-plugin/trunk@1234565 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-10109,"function lp_ab_testing_alter_content_area_admin($content) { global $post; $variation_id = lp_ab_testing_get_current_variation_id(); if ($variation_id>0) { $content = get_post_meta($post->ID,'content-'.$variation_id, true); if ( !is_admin() ) { $content = wpautop($content); $content = do_shortcode($content); } } return $content; }" 2535,function _cpmp_plugin_ver() { return 'wp1.136'; },True,PHP,_cpmp_plugin_ver,wp-media-cincopa.php,https://github.com/wp-plugins/video-playlist-and-gallery-plugin,wp-plugins,nicashmu,2015-08-31 11:22:50+00:00,"Security exploit fixed git-svn-id: https://plugins.svn.wordpress.org/video-playlist-and-gallery-plugin/trunk@1234565 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-10109,"function lp_ab_testing_prepare_conversion_area($content,$post=null) { $current_variation_id = lp_ab_testing_get_current_variation_id(); if (isset($post)) { $post_id = $post->ID; } else if (isset($_REQUEST['post'])) { $post_id = $_REQUEST['post']; } else if (isset($_REQUEST['lp_id'])) { $post_id = $_REQUEST['lp_id']; } if ($current_variation_id>0) $content = get_post_meta($post_id,'landing-page-myeditor-'.$current_variation_id, true); return $content; }" 2538,function _cpmp_afc() { $cincopa_afc = get_site_option('CincopaAFC'); if ($cincopa_afc == '') return ''; return '&afc='.$cincopa_afc; },True,PHP,_cpmp_afc,wp-media-cincopa.php,https://github.com/wp-plugins/video-playlist-and-gallery-plugin,wp-plugins,nicashmu,2015-08-31 11:22:50+00:00,"Security exploit fixed git-svn-id: https://plugins.svn.wordpress.org/video-playlist-and-gallery-plugin/trunk@1234565 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-10109,"update_post_meta($postID, $key, $new); } } }" 2539,"function _cpmp_dashboard_content() { echo """"; }",True,PHP,_cpmp_dashboard_content,wp-media-cincopa.php,https://github.com/wp-plugins/video-playlist-and-gallery-plugin,wp-plugins,nicashmu,2015-08-31 11:22:50+00:00,"Security exploit fixed git-svn-id: https://plugins.svn.wordpress.org/video-playlist-and-gallery-plugin/trunk@1234565 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-10109,"function inbound_create_default_post_type(){ $lp_default_options = get_option( 'lp_settings_general' ); if ( isset( $lp_default_options[""default_landing_page""] ) ) { return $lp_default_options[""default_landing_page""]; } return inbound_install_example_lander(); }" 2541,"function _cpmp_mt_sublevel_monitor() { echo ""
        ""; }",True,PHP,_cpmp_mt_sublevel_monitor,wp-media-cincopa.php,https://github.com/wp-plugins/video-playlist-and-gallery-plugin,wp-plugins,nicashmu,2015-08-31 11:22:50+00:00,"Security exploit fixed git-svn-id: https://plugins.svn.wordpress.org/video-playlist-and-gallery-plugin/trunk@1234565 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-10109,"public function add_slug_meta_box() { if ( function_exists( 'add_meta_box' ) ) { $context = apply_filters(""qts_admin_meta_box_context"",""side""); $priority = apply_filters(""qts_admin_meta_box_priority"",""high""); add_meta_box( 'qts_sectionid', __('Slug', 'qts'), array(&$this, 'draw_meta_box'), 'post', $context, $priority); add_meta_box( 'qts_sectionid', __('Slug', 'qts'), array(&$this, 'draw_meta_box'), 'page', $context, $priority); foreach ( get_post_types( array('_builtin' => false ) ) as $ptype ) add_meta_box( 'qts_sectionid', __('Slug', 'qts'), array(&$this, 'draw_meta_box'), $ptype, $context, $priority ); } }" 2543,"function _cpmp_mt_add_pages() { add_options_page('Cincopa Options', 'Cincopa Options', 'edit_pages', 'cincopaoptions', '_cpmp_mt_options_page'); if(function_exists('add_menu_page')) { add_menu_page('Cincopa', 'Cincopa', 'edit_pages', __FILE__, '_cpmp_mt_toplevel_page'); add_submenu_page(__FILE__, '', '', 'edit_pages', __FILE__); add_submenu_page(__FILE__, 'Manage Galleries', 'Manage Galleries', 'edit_pages', 'sub-page', '_cpmp_mt_sublevel_monitor'); add_submenu_page(__FILE__, 'Media Library', 'Media Library', 'edit_pages', 'sub-page1', '_cpmp_mt_sublevel_library'); add_submenu_page(__FILE__, 'Create Gallery', 'Create Gallery', 'edit_pages', 'sub-page2', '_cpmp_mt_sublevel_create'); add_submenu_page(__FILE__, 'My Account', 'My Account', 'edit_pages', 'sub-page3', '_cpmp_mt_sublevel_myaccount'); add_submenu_page(__FILE__, 'Support Forum', 'Support Forum', 'edit_pages', 'sub-page4', '_cpmp_mt_sublevel_forum'); } }",True,PHP,_cpmp_mt_add_pages,wp-media-cincopa.php,https://github.com/wp-plugins/video-playlist-and-gallery-plugin,wp-plugins,nicashmu,2015-08-31 11:22:50+00:00,"Security exploit fixed git-svn-id: https://plugins.svn.wordpress.org/video-playlist-and-gallery-plugin/trunk@1234565 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-10109,"public static function user_row_actions( $actions, $user_object ) { $meta = get_user_meta( $user_object->ID, 'mark_user_as_spammer', true); $is_spammer = false; if ( $meta === '1' ) { $is_spammer = true; self::$selectors[] = $user_object->ID; } unset( $meta ); $url = add_query_arg( array( 'mark_user_as_spammer_action' => $is_spammer ? 'unban' : 'ban', 'user_id' => $user_object->ID ) ); $url = wp_nonce_url( $url, ( $is_spammer ? 'mark_user_as_spammer_unban_' : 'mark_user_as_spammer_ban_' ) . $user_object->ID, 'mark_user_as_spammer_nonce' ); $url = site_url( $url ); $url = esc_url( $url ); $actions['spammer'] = ''" 2546,"function _cpmp_mt_sublevel_create() { echo ""
        ""; }",True,PHP,_cpmp_mt_sublevel_create,wp-media-cincopa.php,https://github.com/wp-plugins/video-playlist-and-gallery-plugin,wp-plugins,nicashmu,2015-08-31 11:22:50+00:00,"Security exploit fixed git-svn-id: https://plugins.svn.wordpress.org/video-playlist-and-gallery-plugin/trunk@1234565 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-10109,"function fastly_action_links($links, $file) { static $this_plugin; if (!$this_plugin) { $this_plugin = plugin_basename(__FILE__); } if ($file == $this_plugin) { $settings_link = '        Settings'; array_unshift($links, $settings_link); } return $links; }" 2550,"function watu_exams() { global $wpdb; if( isset($_REQUEST['message']) && $_REQUEST['message'] == 'updated') print '

        ' . __('Test updated', 'watu') . '

        '; if(isset($_REQUEST['message']) && $_REQUEST['message'] == 'fail') print '

        ' . __('Error occured', 'watu') . '

        '; if( isset($_REQUEST['grade']) ) print '

        ' . $_REQUEST['grade']. '

        '; if(!empty($_GET['action']) and $_GET['action'] == 'delete') { $wpdb->get_results(""DELETE FROM "".WATU_EXAMS."" WHERE ID='$_REQUEST[quiz]'""); $wpdb->get_results(""DELETE FROM "".WATU_ANSWERS."" WHERE question_id IN (SELECT ID FROM "".WATU_QUESTIONS."" WHERE exam_id='$_REQUEST[quiz]')""); $wpdb->get_results(""DELETE FROM "".WATU_QUESTIONS."" WHERE exam_id='$_REQUEST[quiz]'""); print '

        ' . __('Test deleted', 'watu') . '

        '; } $exams = $wpdb->get_results(""SELECT Q.ID,Q.name,Q.added_on, (SELECT COUNT(ID) FROM "".WATU_QUESTIONS."" WHERE exam_id=Q.ID) AS question_count, (SELECT COUNT(ID) FROM "".WATU_TAKINGS."" WHERE exam_id=Q.ID) AS taken FROM `"".WATU_EXAMS.""` AS Q ""); $posts=$wpdb->get_results(""SELECT * FROM {$wpdb->prefix}posts WHERE post_content LIKE '%[WATU %]%' AND post_status='publish' AND post_title!='' ORDER BY post_date DESC""); foreach($exams as $cnt=>$exam) { foreach($posts as $post) { if(strstr($post->post_content,""[WATU "".$exam->ID.""]"")) { $exams[$cnt]->post=$post; break; } } } if(@file_exists(get_stylesheet_directory().'/watu/exams.html.php')) include get_stylesheet_directory().'/watu/exams.html.php'; else include(WATU_PATH . '/views/exams.html.php'); }",True,PHP,watu_exams,exam.php,https://github.com/wp-plugins/watu,wp-plugins,prasunsen,2015-11-20 17:33:01+00:00,"Fixed security exploit git-svn-id: https://plugins.svn.wordpress.org/watu/trunk@1290960 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10111,"array_push($stk, array('what' => SERVICES_JSON_IN_ARR, 'where' => $c, 'delim' => false)); } elseif (($chrs{$c} == ']') && ($top['what'] == SERVICES_JSON_IN_ARR)) {" 2553,"function watu_vc_scripts() { wp_enqueue_script('jquery'); wp_enqueue_style( 'watu-style', WATU_URL.'style.css', array(), '2.2.0' ); wp_enqueue_script( 'watu-script', WATU_URL.'script.js', array(), '2.3.2' ); $translation_array = array( 'missed_required_question' => __('You have missed to answer a required question', 'watu'), 'nothing_selected' => __('You did not select any answer. Are you sure you want to continue?', 'watu'), 'show_answer' => __('Show Answer', 'watu'), 'complete_text_captcha' => __('You need to answer the verification question', 'watu'), 'try_again' => __('Try again', 'watu'), 'email_required' => __('Valid email address is required.', 'watu'), ); wp_localize_script( 'watu-script', 'watu_i18n', $translation_array ); }",True,PHP,watu_vc_scripts,watu.php,https://github.com/wp-plugins/watu,wp-plugins,prasunsen,2015-11-20 17:33:01+00:00,"Fixed security exploit git-svn-id: https://plugins.svn.wordpress.org/watu/trunk@1290960 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-10111,"function reduce_string($str) { $str = preg_replace(array( '#^\s* '#^\s*/\*(.+)\*/ '#/\*(.+)\*/\s*$ ), '', $str); return trim($str); }" 2554,"update_option( $k, $v ); } } $user_id = get_current_user_id(); update_option( 'framework_woo_last_branding_editor', intval( $user_id ) ); $url = add_query_arg( 'page', $page ); $url = add_query_arg( 'updated', 'true', $url ); wp_safe_redirect( $url ); exit; } }",True,PHP,update_option,wooframework-branding.php,https://github.com/wp-plugins/wooframework-branding,wp-plugins,jeffikus,2015-04-22 13:41:26+00:00,"V1.0.2 - Security Fix for _query_arg vulnerability. git-svn-id: https://plugins.svn.wordpress.org/wooframework-branding/trunk@1142177 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2015-10112,"function Services_JSON_Error($message = 'unknown error', $code = null, $mode = null, $options = null, $userinfo = null) { parent::PEAR_Error($message, $code, $mode, $options, $userinfo); }" 2557,"update_option( $k, $v ); } } $user_id = get_current_user_id(); update_option( 'framework_woo_last_tweaks_editor', intval( $user_id ) ); $url = add_query_arg( 'page', $page ); $url = add_query_arg( 'updated', 'true', $url ); wp_safe_redirect( $url ); exit; } }",True,PHP,update_option,wooframework-tweaks.php,https://github.com/wp-plugins/wooframework-tweaks,wp-plugins,jeffikus,2015-04-22 13:42:16+00:00,"V1.0.2 - Security Fix for _query_arg vulnerability. git-svn-id: https://plugins.svn.wordpress.org/wooframework-tweaks/trunk@1142179 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2015-10113,"function name_value($name, $value) { $encoded_value = $this->encode($value); if(Services_JSON::isError($encoded_value)) { return $encoded_value; } return $this->encode(strval($name)) . ':' . $encoded_value; }" 2559,"public function enable_custom_post_sidebars () { if( ! is_admin() ) die; if( ! current_user_can( 'edit_posts' ) ) wp_die( __( 'You do not have sufficient permissions to access this page.', 'woosidebars' ) ); if( ! check_admin_referer( 'woosidebars-post-enable' ) ) wp_die( __( 'You have taken too long. Please go back and retry.', 'woosidebars' ) ); $post_id = isset( $_GET['post_id'] ) && (int)$_GET['post_id'] ? (int)$_GET['post_id'] : ''; if( ! $post_id ) die; $post = get_post( $post_id ); if( ! $post ) die; $meta = get_post_meta( $post->ID, '_enable_sidebar', true ); if ( $meta == 'yes' ) { update_post_meta($post->ID, '_enable_sidebar', 'no' ); } else { update_post_meta($post->ID, '_enable_sidebar', 'yes' ); } $sendback = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'ids' ), wp_get_referer() ); wp_safe_redirect( $sendback ); }",True,PHP,enable_custom_post_sidebars,class-woo-sidebars.php,https://github.com/wp-plugins/woosidebars,wp-plugins,jeffikus,2015-04-22 13:45:12+00:00,"V1.4.2 - Security Fix for _query_arg vulnerability. git-svn-id: https://plugins.svn.wordpress.org/woosidebars/trunk@1142184 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2015-10114,"function isError($data, $code = null) { if (class_exists('pear')) { return PEAR::isError($data, $code); } elseif (is_object($data) && (get_class($data) == 'services_json_error' || is_subclass_of($data, 'services_json_error'))) { return true; } return false; }" 2560,"public function process_request () { add_action( 'admin_notices', array( &$this, 'admin_notices' ) ); if ( isset( $_GET['action'] ) && in_array( $_GET['action'], array( 'convert', 'delete', 'toggle-sbm' ) ) && check_admin_referer( $this->token ) ) { $response = false; $status = 'false'; switch ( $_GET['action'] ) { case 'convert': $response = $this->convert_sidebars(); break; case 'delete': $response = $this->delete_sidebars(); break; case 'toggle-sbm': $response = $this->toggle_sidebar_manager_status(); break; default: break; } if ( $response == true ) { $status = 'true'; } wp_safe_redirect( add_query_arg( 'type', urlencode( $_GET['action'] ), add_query_arg( 'status', urlencode( $status ), add_query_arg( 'page', urlencode( $this->token ), admin_url( 'tools.php' ) ) ) ) ); exit; } }",True,PHP,process_request,class-woosidebars-sbm-converter.php,https://github.com/wp-plugins/woosidebars-sbm-converter,wp-plugins,jeffikus,2015-04-22 13:44:37+00:00,"V1.1.2 - Security Fix for _query_arg vulnerability. git-svn-id: https://plugins.svn.wordpress.org/woosidebars-sbm-converter/trunk@1142182 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2015-10115,"function utf82utf16($utf8) { if(function_exists('mb_convert_encoding')) { return mb_convert_encoding($utf8, 'UTF-16', 'UTF-8'); } switch(strlen($utf8)) { case 1: return $utf8; case 2: return chr(0x07 & (ord($utf8{0}) >> 2)) . chr((0xC0 & (ord($utf8{0}) << 6)) | (0x3F & ord($utf8{1}))); case 3: return chr((0xF0 & (ord($utf8{0}) << 4)) | (0x0F & (ord($utf8{1}) >> 2))) . chr((0xC0 & (ord($utf8{1}) << 6)) | (0x7F & ord($utf8{2}))); } return ''; }" 2564,"public function install_new_favicon() { header(""Content-type: application/json""); try { $url = $_REQUEST['json_result_url']; $result = $this->download_result_json( $url ); $response = new Favicon_By_RealFaviconGenerator_Api_Response( $result ); $zip_path = Favicon_By_RealFaviconGenerator_Common::get_tmp_dir(); if ( ! file_exists( $zip_path ) ) { mkdir( $zip_path, 0755, true ); } $response->downloadAndUnpack( $zip_path ); $this->store_pictures( $response ); $this->store_preview( $response->getPreviewPath() ); Favicon_By_RealFaviconGenerator_Common::remove_directory( $zip_path ); update_option( Favicon_By_RealFaviconGenerator_Common::OPTION_HTML_CODE, $response->getHtmlCode() ); $this->set_favicon_configured( true, $response->isFilesInRoot(), $response->getVersion() ); ?> { ""status"": ""success"", ""preview_url"": get_preview_url() ) ?>, ""favicon_in_root"": is_favicon_in_root() ) ?> } { ""status"": ""error"", ""message"": getMessage() ) ?> } use = $use; } 2566,"public function addPluginActionLinks($links) { if (self::isGfActive()) { $settings_link = sprintf('Settings', admin_url('admin.php?page=gf_settings&subview=DPS+PxPay')); array_unshift($links, $settings_link); } return $links; }",True,PHP,addPluginActionLinks,class.GFDpsPxPayAdmin.php,https://github.com/wp-plugins/gravity-forms-dps-pxpay,wp-plugins,webaware,2015-05-01 02:50:24+00:00,"gravity-forms-dps-pxpay 1.4.3: XSS, error handling, new hooks git-svn-id: https://plugins.svn.wordpress.org/gravity-forms-dps-pxpay/trunk@1150713 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-10117,"function utf162utf8($utf16) { if(function_exists('mb_convert_encoding')) { return mb_convert_encoding($utf16, 'UTF-8', 'UTF-16'); } $bytes = (ord($utf16{0}) << 8) | ord($utf16{1}); switch(true) { case ((0x7F & $bytes) == $bytes): return chr(0x7F & $bytes); case (0x07FF & $bytes) == $bytes: return chr(0xC0 | (($bytes >> 6) & 0x1F)) . chr(0x80 | ($bytes & 0x3F)); case (0xFFFF & $bytes) == $bytes: return chr(0xE0 | (($bytes >> 12) & 0x0F)) . chr(0x80 | (($bytes >> 6) & 0x3F)) . chr(0x80 | ($bytes & 0x3F)); } return ''; }" 2570,"public function metaboxList($post, $metabox) { $feedsURL = 'edit.php?post_type=' . GFDPSPXPAY_TYPE_FEED; echo ""Click to return to list.\n""; }",True,PHP,metaboxList,class.GFDpsPxPayFeedAdmin.php,https://github.com/wp-plugins/gravity-forms-dps-pxpay,wp-plugins,webaware,2015-05-01 02:50:24+00:00,"gravity-forms-dps-pxpay 1.4.3: XSS, error handling, new hooks git-svn-id: https://plugins.svn.wordpress.org/gravity-forms-dps-pxpay/trunk@1150713 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-10117,"function configure() { ob_start(); echo '

        Configure

        '; settings_fields('fastly-group'); $parts = parse_url( get_bloginfo('wpurl') ); $testUrl = 'http: if( !empty($parts['path']) ) { $testUrl .= $parts['path']; } echo '

        Fastly API Key

        Service Id

        Advanced Configuration

        Fastly API Hostname

        Fastly API Port

        Log purges to PHP errorlog

        " 2572,public function loadResponseXML($response) { $oldDisableEntityLoader = libxml_disable_entity_loader(TRUE); $oldUseInternalErrors = libxml_use_internal_errors(TRUE); try { $xml = simplexml_load_string($response); if ($xml === false) { $errmsg = ''; foreach (libxml_get_errors() as $error) { $errmsg .= $error->message; } throw new Exception($errmsg); } $this->isValid = ('1' === ((string) $xml['valid'])); $this->paymentURL = (string) $xml->URI; libxml_disable_entity_loader($oldDisableEntityLoader); libxml_use_internal_errors($oldUseInternalErrors); } catch (Exception $e) { libxml_disable_entity_loader($oldDisableEntityLoader); libxml_use_internal_errors($oldUseInternalErrors); throw new GFDpsPxPayException('Error parsing DPS PxPay generate response: ' . $e->getMessage()); } if (!$this->isValid) { throw new GFDpsPxPayException('Error from DPS PxPay generate response: ' . $this->paymentURL); } },True,PHP,loadResponseXML,class.GFDpsPxPayPayment.php,https://github.com/wp-plugins/gravity-forms-dps-pxpay,wp-plugins,webaware,2015-05-01 02:50:24+00:00,"gravity-forms-dps-pxpay 1.4.3: XSS, error handling, new hooks git-svn-id: https://plugins.svn.wordpress.org/gravity-forms-dps-pxpay/trunk@1150713 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-10117,"function adminPanel() { add_options_page('Configure Fastly', 'Fastly', 'manage_options', 'fastly-admin-panel', array(&$this, 'render')); }" 2574,"public function processDpsReturn() { $parts = parse_url($_SERVER['REQUEST_URI']); $path = $parts['path']; if (isset($parts['query'])) { parse_str($parts['query'], $args); } else { $args = array(); } if (strpos($path, self::PXPAY_RETURN) !== false && isset($args['result'])) { list($userID, $userKey) = $this->getDpsCredentials($this->options['useTest']); $resultReq = new GFDpsPxPayResult($userID, $userKey); $resultReq->result = wp_unslash($args['result']); try { self::log_debug('========= requesting transaction result'); $response = $resultReq->processResult(); do_action('gfdpspxpay_process_return'); if ($response->isValid) { global $wpdb; $sql = ""select lead_id from {$wpdb->prefix}rg_lead_meta where meta_key='gfdpspxpay_txn_id' and meta_value = %s""; $lead_id = $wpdb->get_var($wpdb->prepare($sql, $response->transactionNumber)); $lead = GFFormsModel::get_lead($lead_id); $form = GFFormsModel::get_form_meta($lead['form_id']); $feed = $this->getFeed($form['id']); if ($response->success) { $lead['payment_status'] = 'Approved'; $lead['payment_date'] = date('Y-m-d H:i:s'); $lead['payment_amount'] = $response->amount; $lead['transaction_id'] = $response->txnRef; $lead['transaction_type'] = 1; $lead['authcode'] = $response->authCode; if (!empty($response->currencySettlement)) { $lead['currency'] = $response->currencySettlement; } self::log_debug(sprintf('success, date = %s, id = %s, status = %s, amount = %s, authcode = %s', $lead['payment_date'], $lead['transaction_id'], $lead['payment_status'], $lead['payment_amount'], $response->authCode)); } else { $lead['payment_status'] = 'Failed'; $lead['transaction_id'] = $response->txnRef; $lead['transaction_type'] = 1; $lead['authcode'] = ''; self::log_debug(sprintf('failed; %s', $response->statusText)); } if (class_exists('GFAPI')) { GFAPI::update_entry($lead); } else { GFFormsModel::update_lead($lead); } $this->processDelayed($feed, $lead, $form); if ($lead['payment_status'] == 'Failed') { if ($feed->UrlFail) { wp_redirect($feed->UrlFail); exit; } } $query = ""form_id={$lead['form_id']}&lead_id={$lead['id']}""; $query .= ""&hash="" . wp_hash($query); wp_redirect(add_query_arg(array(self::PXPAY_RETURN => base64_encode($query)), $lead['source_url'])); exit; } } catch (GFDpsPxPayException $e) { echo nl2br(esc_html($e->getMessage())); self::log_error(__METHOD__ . ': ' . $e->getMessage()); exit; } } }",True,PHP,processDpsReturn,class.GFDpsPxPayPlugin.php,https://github.com/wp-plugins/gravity-forms-dps-pxpay,wp-plugins,webaware,2015-05-01 02:50:24+00:00,"gravity-forms-dps-pxpay 1.4.3: XSS, error handling, new hooks git-svn-id: https://plugins.svn.wordpress.org/gravity-forms-dps-pxpay/trunk@1150713 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-10117,"function validPage($p) { return in_array($p, array_keys($this->templates)); }" 2579,"$feed = $this->getFeed($form['id']); if ($feed) { $default_anchor = count(GFCommon::get_fields_by_type($form, array('page'))) > 0 ? 1 : 0; $default_anchor = apply_filters('gform_confirmation_anchor_'.$form['id'], apply_filters('gform_confirmation_anchor', $default_anchor)); $anchor = $default_anchor ? """" : ''; $cssClass = rgar($form, 'cssClass'); $error_msg = esc_html($this->errorMessage); ob_start(); include GFDPSPXPAY_PLUGIN_ROOT . 'views/error-payment-failure.php'; $confirmation = ob_get_clean(); } $this->errorMessage = false; } return $confirmation; }",True,PHP,getFeed,class.GFDpsPxPayPlugin.php,https://github.com/wp-plugins/gravity-forms-dps-pxpay,wp-plugins,webaware,2015-05-01 02:50:24+00:00,"gravity-forms-dps-pxpay 1.4.3: XSS, error handling, new hooks git-svn-id: https://plugins.svn.wordpress.org/gravity-forms-dps-pxpay/trunk@1150713 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-10117,"function initJS() { echo ''; }" 2580,"public function loadResponseXML($response) { $oldDisableEntityLoader = libxml_disable_entity_loader(TRUE); $oldUseInternalErrors = libxml_use_internal_errors(TRUE); try { $xml = simplexml_load_string($response); if ($xml === false) { $errmsg = ''; foreach (libxml_get_errors() as $error) { $errmsg .= $error->message; } throw new Exception($errmsg); } $this->isValid = ('1' === ((string) $xml['valid'])); $this->success = !!((int) $xml->Success); $this->amount = (float) $xml->AmountSettlement; $this->authCode = (string) $xml->AuthCode; $this->cardHoldersName = (string) $xml->CardHolderName; $this->cardName = (string) $xml->CardName; $this->cardNumber = (string) $xml->CardNumber; $this->txnRef = (string) $xml->DpsTxnRef; $this->statusText = (string) $xml->ResponseText; $this->recurringID = (string) $xml->DpsBillingId; $this->currencySettlement = (string) $xml->CurrencySettlement; $this->currencyInput = (string) $xml->CurrencyInput; $this->option1 = (string) $xml->TxnData1; $this->option2 = (string) $xml->TxnData2; $this->option3 = (string) $xml->TxnData3; $this->txnType = (string) $xml->TxnType; $this->invoiceReference = (string) $xml->MerchantReference; $this->clientIP = (string) $xml->ClientInfo; $this->transactionNumber = (string) $xml->TxnId; $this->emailAddress = (string) $xml->EmailAddress; $this->billingID = (string) $xml->BillingId; $this->txnMac = (string) $xml->TxnMac; $this->cardNumber2 = (string) $xml->CardNumber2; $this->cvc2ResultCode = (string) $xml->Cvc2ResultCode; $cardExpiry = (string) $xml->DateExpiry; $this->cardExpiryMonth = substr($cardExpiry, 0, 2); $this->cardExpiryYear = substr($cardExpiry, 2, 2); libxml_disable_entity_loader($oldDisableEntityLoader); libxml_use_internal_errors($oldUseInternalErrors); } catch (Exception $e) { libxml_disable_entity_loader($oldDisableEntityLoader); libxml_use_internal_errors($oldUseInternalErrors); throw new GFDpsPxPayException('Error parsing DPS PxPay result request: ' . $e->getMessage()); } if (!$this->isValid) { throw new GFDpsPxPayException('Error from DPS PxPay result: ' . $this->statusText); } }",True,PHP,loadResponseXML,class.GFDpsPxPayResult.php,https://github.com/wp-plugins/gravity-forms-dps-pxpay,wp-plugins,webaware,2015-05-01 02:50:24+00:00,"gravity-forms-dps-pxpay 1.4.3: XSS, error handling, new hooks git-svn-id: https://plugins.svn.wordpress.org/gravity-forms-dps-pxpay/trunk@1150713 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-10117,"function FastlyAdmin() { add_action('admin_menu', array(&$this, 'adminPanel')); add_action('admin_init', array(&$this, 'adminInit')); add_action('admin_enqueue_scripts', array($this, 'admin_enqueue_scripts')); add_action('wp_ajax_set_page', array(&$this, 'ajaxSetPage')); add_action('wp_ajax_sign_up', array(&$this, 'ajaxSignUp')); update_option('fastly_page', 'configure'); /* Point to CI API Server update_option('fastly_api_hostname', '184.106.66.217'); update_option('fastly_api_port', 5500); /* Point to Dev API Server update_option('fastly_api_hostname', '10.235.5.18'); update_option('fastly_api_port', 80); $this->api = new FastlyAPI( get_option('fastly_api_key'), get_option('fastly_api_hostname'), get_option('fastly_api_port') ); }" 2583,"function CopyProtect_options_page() { ?>

        WP Copy Protect v3.0.0

        |

        Settings saved

        '; } $wp_CopyProtect_nrc = get_option('CopyProtect_nrc'); $wp_CopyProtect_nts = get_option('CopyProtect_nts'); $wp_CopyProtect_credit = get_option('CopyProtect_credit'); $wp_CopyProtect_user_setting = get_option('CopyProtect_user_setting'); ?>
        Disable right mouse click: /> Do not disable right click.
        /> Disable right click and do no show any message.
        /> Disable right click and show message : "" size=""30""/>
        Disable text selection: /> Activate.
        Display protection information: /> Activate.
        User Setting: /> Exclude admin users.
        /> Exclude all logged-in users.
        /> Apply settings to all users.
        Save settings :

        Whats next ?

        Why dont you write a post about Problems, Questions, Suggestions ?

        Send me an e-mail via: Thank you

        Plug-in developed by

      Sign Up

      To create your free Fastly account enter your information, click the checkbox, and press the "Sign Up" button.

      Blog Name

      Your Name

      Email Address


      Blog Address

      Server Address

      Sign Up resource('loading.gif') . '"">

      '; }" 2585,"function CopyProtect_no_right_click($CopyProtect_click_message) { ?> encode($obj); } } 2588,"function CopyProtect_no_right_click_without_message() { ?> templates = array( 'welcome' => $this->welcome(), 'configure' => $this->configure(), ); $this->page = get_option('fastly_page'); if (!$this->validPage($this->page)) { $this->page = 'welcome'; update_option('fastly_page', 'welcome'); } }" 2589,"function CopyProtect_no_select() { ?> notice_key ) && apply_filters( 'vapp_display_rewrite_rules_notice', true ) ) : ?>

      View All Post\'s Pages is fully activated. To do so, go to Permalinks and click the Save Changes button at the bottom of the screen.', 'view_all_posts_pages' ), admin_url( 'options-permalink.php' ) ); ?>

      here to hide this message.', 'view_all_posts_pages' ), admin_url( add_query_arg( $this->notice_key, 1, 'index.php' ) ) ); ?>

      validPage($_REQUEST['page'])) { update_option('fastly_page', esc_sql($_REQUEST['page'])); die(1); } die(); }" 2592,"$set = $this->make_integer_from_request( $option_key ); if ( $set != $this->get( $option_key ) ) { $this->update( $option_key, $set ); } } if ( ( $set = $this->make_integer_from_request( 'tags_blog_pub_check' ) ) && $set != $this->get( 'tags_blog_pub_check' ) ) { $set = $aggregate_blog_public == 0 ? $set : 0; $this->update( 'tags_blog_pub_check', $set ); } if ( isset( $_POST['tags_blog_postmeta'] ) && '' != $_POST['tags_blog_postmeta'] ) { $meta_keys = explode( ""\n"", strip_tags( stripslashes( $_POST['tags_blog_postmeta'] ) ) ); $this->update( 'tags_blog_postmeta', array_map( 'trim', $meta_keys ) ); } else { $this->update( 'tags_blog_postmeta', '' ); } $blogs_to_import = $this->comma_delimited_to_array_from_request( 'blogs_to_import' ); $this->update( 'blogs_to_import', $blogs_to_import ); $this->update( true ); wp_redirect( add_query_arg( array( 'updated' => '1' ) ) ); exit; }",True,PHP,make_integer_from_request,WDS_Multisite_Aggregate_Options.php,https://github.com/wp-plugins/wds-multisite-aggregate,wp-plugins,jtsternberg,2015-04-20 18:07:04+00:00,"Update for xss vulnerability, https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage git-svn-id: https://plugins.svn.wordpress.org/wds-multisite-aggregate/trunk@1139353 b8457f37-d9ea-0310-8a92-e5e31aec5664",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-10120,"function render() { if (!current_user_can('manage_options')) { wp_die( __('You do not have sufficient permissions to access this page.') ); } echo '
      '; echo '

      resource('logo_white.gif') . '"">
      version: '. FASTLY_VERSION .'

      '; echo '
      ' . $this->templates[$this->page] . '
      '; echo '
      '; $this->initJS(); }" 2594,"function read_cache( $cache_id, $check = false ) { global $cms_db; if ( $cache_id && $this->use_cache ) { if ( !$this->cache_db ) $this->cache_db = new DB_cms; $return = false; $sql = ""SELECT val FROM "" . $cms_db['db_cache'] . "" WHERE name = '"" . $this->cache_name . ""' AND sid = '"" . $cache_id . ""'""; if ( !$this->cache_db->query( $sql ) ) return; $oldmode = $this->cache_db->get_fetch_mode(); $this->cache_db->set_fetch_mode( 'DB_FETCH_ASSOC' ); if( $this->cache_db->next_record() ) { if ( $check ) { $return = true; } else { $cache_pre = $this->cache_db->this_record(); $cache_val = $cache_pre['val']; $cache = unserialize( stripslashes( $cache_val ) ); if ( is_array( $cache ) ) { $this->cache = $cache; $return = true; } } } $this->cache_db->set_fetch_mode( $oldmode ); return $return; } else $this->cache_mode = ''; }",True,PHP,read_cache,local.php,https://github.com/sefrengo-cms/sefrengo-1.x,sefrengo-cms,Holger Stitz,2015-01-13 00:01:43+01:00,Escaped strings for session ids and name,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-1428,"function decode($str) { if (function_exists('json_decode')) { return json_decode($str, true); } else { $json = new Services_JSON(); return $json->decode($str); } }" 2596,"function ac_checkme($id, $name) { global $cms_db; $ret = true; $cquery = sprintf(""select count(*) from %s where sid='%s' and name='%s'"", $cms_db['sessions'], $id, $name); $squery = sprintf(""select sid from %s where sid = '%s' and name = '%s'"", $cms_db['sessions'], $id, addslashes($name)); $this->db->query($squery); if ( $this->db->affected_rows() == 0 && $this->db->query($cquery) && $this->db->next_record() && $this->db->f(0) == 0 ) { $ret = false; } return $ret; }",True,PHP,ac_checkme,local.php,https://github.com/sefrengo-cms/sefrengo-1.x,sefrengo-cms,Holger Stitz,2015-01-13 00:01:43+01:00,Escaped strings for session ids and name,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-1428,"function post($url, $do_post = true) { $headers = array(); if ($this->api_key) { $headers[] = ""Fastly-Key: "" . $this->api_key; } $ch = curl_init(); $url = get_option('fastly_api_hostname') . ""/purge/"" . preg_replace(""/^http(s?):\/\ if( (bool)get_option('fastly_log_purges') ) { error_log(""Purging using POST for "" . esc_url($url)); } $args = array( 'headers' => $headers, 'method' => (true === $do_post) ? 'POST' : 'PURGE', ); $response = wp_remote_request($url, $args); return ( is_wp_error( $response ) ) ? -1 : $response; }" 2599,"function write_cache() { global $cms_db, $cfg_cms; $action = 'insert'; if ( $this->cache_mode == 'DB_TEST_CACHE' ) { if ( count( $this->cache_test ) >= $this->cache_test_value ) { $this->cache = $this->cache_test; $this->cache_test = array(); } else $this->cache_id = 0; } if ( $this->cache_id && $this->use_cache ) { if ( !$this->cache_db ) $this->cache_db = new DB_cms; if ( $this->cache_db->read_cache( $this->cache_id, true ) ) $action = $force_overide_cache == true ? 'update': 'ignore'; $this->cache_mode = 'DB_WRITE_CACHE'; $now = date( ""YmdHis"", time() ); if( $this->cache_group == 'frontend' ) { $this->_figure_out_cachetime_for_frontend(); } switch ( $action ) { case 'insert': $sql = ""REPLACE INTO "" . $cms_db['db_cache'] . "" (sid, name, val, changed, releasetime, groups, item) VALUES ( '"" . $this->cache_id . ""', '"" . addslashes( $this->cache_name ) . ""', '"" . addslashes( serialize( $this->cache ) ) . ""', '"" . $now . ""', '"" . $this->cache_time . ""', '"" . addslashes( $this->cache_group ) . ""', '"" . addslashes( $this->cache_item ) . ""')""; $this->cache_db->query( $sql ); break; case 'update': $sql = ""UPDATE "" . $cms_db['db_cache'] . "" SET val = '"" . addslashes( serialize( $this->cache ) ) . ""', groups = '"" . addslashes( $this->cache_group ) . ""', item = '"" . addslashes( $this->cache_item ) . ""', changed = '"" . $now . ""', releasetime = '"" . $this->cache_time . ""' WHERE name = '"" . addslashes( $this->cache_name ) . ""' AND sid = '"" . $this->cache_id . ""'""; $this->cache_db->query( $sql ); break; } $this->cache = array(); $this->cache_id = 0; $this->cache_group = ''; $this->cache_item = ''; $this->cache_mode = ''; } else $this->cache_mode = ''; }",True,PHP,write_cache,local.php,https://github.com/sefrengo-cms/sefrengo-1.x,sefrengo-cms,Holger Stitz,2015-01-13 00:01:43+01:00,Escaped strings for session ids and name,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-1428,$this->post($uri); } } 2600,"function ac_sigleid($name, $id) { global $cms_db, $sess; $sess->gc( true ); $ret = true; if( $id >= 1 ) { $ret = false; $cquery = sprintf(""select count(*) from %s where user_id='%s' and name='%s'"", $cms_db['sessions'], $id, $name); $squery = sprintf(""select sid from %s where user_id='%s' and name='%s'"", $cms_db['sessions'], $id, addslashes($name)); $this->db->query($squery); if ( $this->db->affected_rows() == 0 && $this->db->query($cquery) && $this->db->next_record() && $this->db->f(0) == 0 ) { $ret = true; } } return $ret; }",True,PHP,ac_sigleid,local.php,https://github.com/sefrengo-cms/sefrengo-1.x,sefrengo-cms,Holger Stitz,2015-01-13 00:01:43+01:00,Escaped strings for session ids and name,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-1428,"function post($url, $do_post = true) { $headers = array(); if ($this->api_key) { $headers[] = ""Fastly-Key: "" . $this->api_key; } $ch = curl_init(); $url = get_option('fastly_api_hostname') . ""/purge/"" . preg_replace(""/^http(s?):\/\ if( (bool)get_option('fastly_log_purges') ) { error_log(""Purging using POST for "" . esc_url($url)); } $args = array( 'headers' => $headers, 'method' => (true === $do_post) ? 'POST' : 'PURGE', ); $response = wp_remote_request($url, $args); return ( is_wp_error( $response ) ) ? -1 : $response; }" 2603,"function ac_sigleme($str, $name, $id) { global $cms_db, $sess; $sess->gc( true ); if( $id >= 1 && $this->session_enabled ) { $this->db->query(sprintf(""delete from %s where name = '%s' and sid != '%s' and user_id = '%s'"", $cms_db[sessions], addslashes($name), $str, $id)); } }",True,PHP,ac_sigleme,local.php,https://github.com/sefrengo-cms/sefrengo-1.x,sefrengo-cms,Holger Stitz,2015-01-13 00:01:43+01:00,Escaped strings for session ids and name,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-1428,$this->post($uri); } } 2605,function setup() { $this -> catch_globals(); $this -> version['prior'] = '01'; $this -> version['minor'] = '06'; $this -> version['fix'] = '01'; $this -> version_text = $this -> version['prior']; $this -> version_text .= '.'; $this -> version_text .= $this -> version['minor']; $this -> version_text .= '.'; $this -> version_text .= $this -> version['fix']; if ($this -> globals['mode'] == 'update') { if ($this -> globals['action'] == 'enter_email') $this -> globals['action'] = 'screen_execute_update_and_finish'; } },True,PHP,setup,index.php,https://github.com/sefrengo-cms/sefrengo-1.x,sefrengo-cms,Holger Stitz,2015-01-25 19:36:29+01:00,Updated version number to v1.6.2,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-1428,"function FastlyAPI($api_key='', $host='https: $this->api_key = $api_key; $this->host = $host; $this->port = $port; $this->host_name = preg_replace('/^(ssl|https?):\/\ }" 2611,"public static function exist($cat) { $cat = Typo::int($cat); $sql = ""SELECT `id` FROM `cat` WHERE `id` = '{$cat}' AND `type` = 'post'""; $q = Db::result($sql); if (Db::$num_rows > 0) { return true; } else { return false; } }",True,PHP,exist,Categories.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2017-01-09 06:30:09+07:00,"Add Post Param at Hooks Filter Categories for Tags Change $url position to correct location at Comments.class.php Add Author Pages #60 Security Fix Issue Change Ajax URL Router format Change Ajax, Mods router scrapper",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2017-5345,"function purgeCategory($categoryId, $call=true) { $urls = array(); if (is_active_widget(false, false, 'categories')) { $this->purgeAll(); } else { $urls[] = get_category_link($categoryId); } return $call ? $this->purge($urls) : $urls; }" 2613,"public static function dropdown($vars) { if (is_array($vars)) { $name = $vars['name']; $where = 'WHERE '; if (isset($vars['parent'])) { $where .= "" `parent` = '"".$vars['parent'].""' ""; } else { $where .= '1 '; } if (isset($vars['type'])) { $where .= "" AND `type` = '"".$vars['type'].""' ""; } else { $where .= ''; } $order_by = 'ORDER BY '; if (isset($vars['order_by'])) { $order_by .= ' '.$vars['order_by'].' '; } else { $order_by .= ' `name` '; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; } else { $sort = ' ASC'; } } $cat = Db::result('SELECT * FROM `cat` '.$where.' '.$order_by.' '.$sort); $drop = ""'; return $drop; }",True,PHP,dropdown,Categories.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2017-01-09 06:30:09+07:00,"Add Post Param at Hooks Filter Categories for Tags Change $url position to correct location at Comments.class.php Add Author Pages #60 Security Fix Issue Change Ajax URL Router format Change Ajax, Mods router scrapper",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2017-5345,"function FastlyPurge() { add_action('edit_post', array(&$this, 'purgePost'), 99); add_action('edit_post', array(&$this, 'purgePostDependencies'), 99); add_action('transition_post_status', array(&$this,'purgePostStatus'),99, 3); add_action('deleted_post', array(&$this, 'purgePost'), 99); add_action('deleted_post', array(&$this, 'purgeCommon'), 99); add_action('comment_post', array(&$this, 'purgeComments'),99); add_action('edit_comment', array(&$this, 'purgeComments'),99); add_action('trashed_comment', array(&$this, 'purgeComments'),99); add_action('untrashed_comment', array(&$this, 'purgeComments'),99); add_action('deleted_comment', array(&$this, 'purgeComments'),99); add_action('switch_theme', array(&$this, 'purgeAll'), 99); add_action('update_option_sidebars_widgets', array(&$this, 'purgeAll'), 99); add_action('widgets.php', array(&$this, 'purgeAll'), 99); add_action(""update_option_theme_mods_"".get_option('stylesheet'), array(&$this, 'purgeAll'), 99); add_action(""deleted_link"",array(&$this, 'purgeLinks'), 99); add_action(""edit_link"",array(&$this, 'purgeLinks'), 99); add_action(""add_link"",array(&$this, 'purgeLinks'), 99); add_action(""edit_category"",array(&$this, 'purgeCategory'), 99); add_action(""edit_link_category"",array(&$this, 'purgeLinkCategory'), 99); add_action(""edit_post_tag"",array(&$this, 'purgeTagCategory'), 99); $this->api = new FastlyAPI( get_option('fastly_api_key'), get_option('fastly_api_hostname'), get_option('fastly_api_port') ); }" 2614,"public static function lists($vars) { if (is_array($vars)) { $where = 'WHERE '; if (isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' AND ""; } if (isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; } $where .= '1 '; $order_by = 'ORDER BY '; if (isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; } else { $order_by .= ' `name` '; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; } else { $sort = ' ASC'; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = '
      '; if (Db::$num_rows > 0) { foreach ($cat as $c) { if ($c->parent == null || $c->parent == '0') { if (isset($_GET['cat'])) { $catparent = self::getParent($_GET['cat']); $in = ($catparent[0]->parent === $c->id) ? 'in' : ''; $collapseHeading = ($catparent[0]->parent === $c->id) ? ""collapseListGroupHeading{$c->id}"" : ''; $href = ($catparent[0]->parent === $c->id) ? ""#collapse-{$c->id}"" : Url::cat($c->id); $data_toggle = ($catparent[0]->parent === $c->id) ? 'collapse' : ''; } else { $catparent = ''; $in = ''; $collapseHeading = ''; $href = ''; $data_toggle = ''; } $drop .= ""
      id}\"" aria-labelledby=\""collapseListGroupHeading{$c->id}\"">
        ""; foreach ($cat as $c2) { if ($c2->parent == $c->id) { $drop .= '
      • id).""\"">{$c2->name}
        • ""; } } $drop .= '
      '; } } } $drop .= '
      '; return $drop; }",True,PHP,lists,Categories.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2017-01-09 06:30:09+07:00,"Add Post Param at Hooks Filter Categories for Tags Change $url position to correct location at Comments.class.php Add Author Pages #60 Security Fix Issue Change Ajax URL Router format Change Ajax, Mods router scrapper",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2017-5345,"function purgeCommon($call=true) { $urls = array(get_bloginfo('wpurl').""/"", get_bloginfo('wpurl').""/feed"", get_bloginfo('wpurl').""/feed/atom""); return $call ? $this->purge($urls) : $urls; }" 2615,"public static function load() { $hooks = array( 'init' => array(), 'header_pre_action' => array(), 'site_title_filter' => array(), 'site_desc_filter' => array(), 'site_key_filter' => array(), 'header_load_meta' => array(), 'footer_load_lib' => array(), 'post_title_filter' => array(), 'post_meta_filter' => array(), 'post_content_filter' => array(), 'post_author_filter' => array(), 'post_date_filter' => array(), 'post_category_filter' => array(), 'post_submit_add_action' => array(), 'post_sqladd_action' => array(), 'post_submit_edit_action' => array(), 'post_sqledit_action' => array(), 'post_submit_title_filter' => array(), 'post_submit_content_filter' => array(), 'post_submit_category_filter' => array(), 'post_delete_action' => array(), 'post_sqldel_action' => array(), 'user_submit_add_action' => array(), 'user_sqladd_action' => array(), 'user_submit_edit_action' => array(), 'user_sqledit_action' => array(), 'user_delete_action' => array(), 'user_sqldel_action' => array(), 'user_reg_action' => array(), 'user_login_action' => array(), 'user_logout_action' => array(), 'user_activation_action' => array(), 'admin_page_notif_action' => array(), 'admin_page_top_action' => array(), 'admin_page_bottom_action' => array(), 'admin_page_dashboard_action' => array(), 'admin_page_dashboard_statslist_action' => array(), 'admin_footer_action' => array(), 'module_install_action' => array(), 'theme_install_action' => array(), 'mod_control' => array(), ); return $hooks; }",True,PHP,load,Hooks.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2017-01-09 06:30:09+07:00,"Add Post Param at Hooks Filter Categories for Tags Change $url position to correct location at Comments.class.php Add Author Pages #60 Security Fix Issue Change Ajax URL Router format Change Ajax, Mods router scrapper",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2017-5345,"function purgePostDependencies($postId, $call=true) { $urls = array(); $urls = array_merge($urls, $this->purgeCommon(false)); $urls = array_merge($urls, $this->purgeCategories($postId, false)); $urls = array_merge($urls, $this->purgeArchives($postId, false)); $urls = array_merge($urls, $this->purgeTags($postId, false)); return $call ? $this->purge($urls) : $urls; }" 2617,public static function modList() { $handle = dir(GX_MOD); while (false !== ($entry = $handle->read())) { if ($entry != '.' && $entry != '..') { $dir = GX_MOD.$entry; if (is_dir($dir) == true) { (file_exists($dir.'/index.php')) ? $mod[] = basename($dir) : ''; } } } $handle->close(); return $mod; },True,PHP,modList,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2017-01-09 06:30:09+07:00,"Add Post Param at Hooks Filter Categories for Tags Change $url position to correct location at Comments.class.php Add Author Pages #60 Security Fix Issue Change Ajax URL Router format Change Ajax, Mods router scrapper",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2017-5345,"function purgeArchives($postId, $call=true) { $urls = array( get_day_link(get_post_time('Y',false,$postId), get_post_time('m',true,$postId),get_post_time('d',true,$postId)), get_month_link(get_post_time('Y',false,$postId), get_post_time('m',true,$postId)), get_year_link(get_post_time('Y',false,$postId)), ); return $call ? $this->purge($urls) : $urls; }" 2622,"foreach ($post as $p) { if ($p->id != $id) { $title = (strlen($p->title) > 40) ? substr($p->title, 0, 38).'...' : $p->title; $img = self::getImage(Typo::Xclean($p->content)); if ($img != '') { $img = Url::thumb($img, 'square', 200); } else { $img = Url::thumb('assets/images/noimage.png', '', 200); } $related .= '
    • id).'""> '.$title.'

      • '; } else { $related .= ''; } }",True,PHP,foreach,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2017-01-09 06:30:09+07:00,"Add Post Param at Hooks Filter Categories for Tags Change $url position to correct location at Comments.class.php Add Author Pages #60 Security Fix Issue Change Ajax URL Router format Change Ajax, Mods router scrapper",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2017-5345,"function purgeLinkCategory($categoryId) { if (is_active_widget(false,false,'links')){ $this->purgeAll(); } }" 2623,"public static function related($id, $num, $cat, $type = 'list') { $id = Typo::int($id); if (self::existParam('tags', $id)) { $tag = self::getParam('tags', $id); $tag = explode(',', $tag); $where_tag = ''; foreach ($tag as $t) { $where_tag .= "" OR B.`value` LIKE '%%"".$t.""%%' ""; } } else { $where_tag = ''; } $post_type = self::type($id); $post = Db::result( sprintf( ""SELECT DISTINCT B.`post_id`, A.`id`, A.`date`, A.`title`, A.`content`, A.`author`, A.`cat`, A.`type` FROM `posts` AS A JOIN `posts_param` AS B ON A.`id` = B.`post_id` WHERE (A.`cat` = '%d' %s) AND A.`id` != '%d' AND A.`status` = '1' AND A.`type` = 'post' ORDER BY RAND() LIMIT %d, %d"", $cat, $where_tag, $id, 0, $num ) ); if (isset($post['error'])) { $related = 'No Related Post(s)'; } else { $related = ''; if ($type == 'list') { $related .= '
        '; foreach ($post as $p) { if ($p->id != $id) { $related .= '
      • id).""\"">$p->title
        • ""; } else { $related .= ''; } } $related .= '
      '; } elseif ($type == 'box') { $related .= '
        '; foreach ($post as $p) { if ($p->id != $id) { $title = (strlen($p->title) > 40) ? substr($p->title, 0, 38).'...' : $p->title; $img = self::getImage(Typo::Xclean($p->content)); if ($img != '') { $img = Url::thumb($img, 'square', 200); } else { $img = Url::thumb('assets/images/noimage.png', '', 200); } $related .= '
      • id).'""> '.$title.'

        • '; } else { $related .= ''; } } $related .= '
      '; } } return $related; }",True,PHP,related,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2017-01-09 06:30:09+07:00,"Add Post Param at Hooks Filter Categories for Tags Change $url position to correct location at Comments.class.php Add Author Pages #60 Security Fix Issue Change Ajax URL Router format Change Ajax, Mods router scrapper",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2017-5345,"$urls = array_merge($urls, $this->purgeTagCategory($tag->term_id, false)); }" 2626,"public static function isExist($user) { if (isset($_GET['act']) && $_GET['act'] == 'edit') { $id = Typo::int($_GET['id']); $where = ""AND `id` != '{$id}' ""; } else { $where = ''; } $user = sprintf('%s', Typo::cleanX($user)); $sql = sprintf(""SELECT `userid` FROM `user` WHERE `userid` = '%s' %s "", $user, $where); $usr = Db::result($sql); $n = Db::$num_rows; if ($n > 0) { return false; } else { return true; } }",True,PHP,isExist,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2017-01-09 06:30:09+07:00,"Add Post Param at Hooks Filter Categories for Tags Change $url position to correct location at Comments.class.php Add Author Pages #60 Security Fix Issue Change Ajax URL Router format Change Ajax, Mods router scrapper",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2017-5345,"$urls = array_merge($urls, $this->purgeCategory($cat->cat_ID, false)); }" 2630,"$file = sprintf('%s/%s.class.php', $path, $class_name); if(is_file($file)) { include_once $file; } } }",True,PHP,sprintf,autoload.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function purgePost($postId, $call=true) { $urls = array( get_permalink($postId) ); return $call ? $this->purge($urls) : $urls; }" 2634,}elseif($p->group == 3){ $grp = AUTHOR; }elseif($p->group == 4){,True,PHP,elseif,user.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,function purgeAll() { $this->api->purgeAll( get_option('fastly_service_id') ); } 2635,}elseif($p->group == 4){ $grp = GENERAL_MEMBER; },True,PHP,elseif,user.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,function purge($urls) { $this->api->purge($urls); } 2636,"}elseif($p->status == 1){ $status = ""id}&token="".TOKEN.""\"" class=\""label label-primary\"">Active""; }",True,PHP,elseif,user.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function purgeLinks() { if (is_active_widget(false, false, 'links')) { $this->purgeAll(); } }" 2641,"public static function type($id) { $id = sprintf('%d', $id); if(isset($id)){ $cat = Db::result(""SELECT `type` FROM `cat` WHERE `id` = '{$id}' LIMIT 1""); if(isset($cat['error'])){ return ''; }else{ return $cat[0]->type; } }else{ echo ""No ID Selected""; } }",True,PHP,type,Categories.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function purgeTagCategory($categoryId, $call=true) { $urls = array( get_tag_link($categoryId) ); return $call ? $this->purge($urls) : $urls; }" 2644,"public static function name($id) { $id = sprintf('%d', $id); if(isset($id)){ $cat = Db::result(""SELECT `name` FROM `cat` WHERE `id` = '{$id}' LIMIT 1""); if(isset($cat['error'])){ return ''; }else{ return $cat[0]->name; } }else{ echo ""No ID Selected""; } }",True,PHP,name,Categories.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$urls = array_merge($urls, $this->purgeTagCategory($tag->term_id, false)); }" 2649,"public static function dropdown($vars) { if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' ""; }else{ $where .= ""1 ""; } if(isset($vars['type'])) { $where .= "" AND `type` = '{$vars['type']}' ""; }else{ $where .= "" AND 1 ""; } $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = "" ASC""; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = """"; return $drop; }",True,PHP,dropdown,Categories.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$urls = array_merge($urls, $this->purgeCategory($cat->cat_ID, false)); }" 2650,"public static function lists($vars) { if(is_array($vars)){ $where = ""WHERE ""; if(isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' AND ""; } if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; } $where .= ""1 ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = "" ASC""; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = ""
      ""; if(Db::$num_rows > 0 ){ foreach ($cat as $c) { if($c->parent == null || $c->parent == '0' ){ if(isset($_GET['cat'])){ $catparent = self::getParent($_GET['cat']); $in = ($catparent[0]->parent === $c->id)? 'in': ''; $collapseHeading = ($catparent[0]->parent === $c->id)? ""collapseListGroupHeading{$c->id}"": ''; $href = ($catparent[0]->parent === $c->id)? ""#collapse-{$c->id}"": Url::cat($c->id); $data_toggle = ($catparent[0]->parent === $c->id)? ""collapse"": """"; }else{ $catparent = ''; $in = ''; $collapseHeading = """"; $href = """"; $data_toggle = """"; } $drop .= ""
      id}\"" aria-labelledby=\""collapseListGroupHeading{$c->id}\"">
        ""; foreach ($cat as $c2) { if($c2->parent == $c->id){ $drop .= ""
      • id).""\"">{$c2->name}
        • ""; } } $drop .= ""
      ""; } } } $drop .= ""
      ""; return $drop; }",True,PHP,lists,Categories.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function purgeComments($commentId, $call=true) { $comment = get_comment($commentId); $approved = $comment->comment_approved; $urls = array(); if ($approved == 1 || $approved == 'trash') { $postId = $comment->comment_post_ID; $urls[] = get_bloginfo('wpurl') . '/?comments_popup=' . $postId; } return $call ? $this->purge($urls) : $urls; }" 2651,public function __construct() { },True,PHP,__construct,Categories.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function purgePostStatus($new_status, $old_status, $post, $call=true) { $urls = array(); $urls = array_merge($urls, $this->purgePost($post->ID, false)); $urls = array_merge($urls, $this->purgePostDependencies($post->ID, false)); return $call ? $this->purge($urls) : $urls; }" 2652,"public static function delete($id){ $id = sprintf('%d', $id); $parent = self::getParent($id); $sql = array( 'table' => 'cat', 'where' => array( 'id' => $id ) ); $cat = Db::delete($sql); if($cat){ return true; }else{ return false; } $post = Db::result(""SELECT `id` FROM `posts` WHERE `cat` = '{$id}'""); $npost = Db::$num_rows; if($npost > 0){ $sql = ""UPDATE `posts` SET `cat` = '{$parent[0]->parent}' WHERE `cat` = '{$id}'""; Db::query($sql); } }",True,PHP,delete,Categories.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function validate($input) { $valid = array(); $valid['popup_content'] = wp_kses_post($input['popup_content']); $valid['popup_page'] = sanitize_text_field($input['popup_page']); $valid['popup_class'] = sanitize_text_field($input['popup_class']); $valid['popup_theme'] = sanitize_text_field($input['popup_theme']); $valid['start_date'] = sanitize_text_field($input['start_date']); $valid['end_date'] = sanitize_text_field($input['end_date']); $valid['popup_timezone'] = sanitize_text_field($input['popup_timezone']); if(isset($input['popup_permanent'])){ $valid['popup_permanent'] = sanitize_text_field($input['popup_permanent']); }else{ $valid['popup_permanent'] = '0'; } if (strlen($valid['popup_content']) == 0) { add_settings_error( 'popup_content', 'popup_content_texterror', 'Please enter a text to show on the pop up', 'error' ); $valid['popup_content'] = $this->data['popup_content']; } if (strlen($valid['popup_page']) == 0) { add_settings_error( 'popup_page', 'popup_page_texterror', 'Please choose a page to display the pop up to', 'error' ); $valid['popup_page'] = $this->data['popup_page']; } if (strlen($valid['popup_class']) == 0) { add_settings_error( 'popup_class', 'popup_class_texterror', 'Please choose a class to display the pop up to', 'error' ); $valid['popup_class'] = $this->data['popup_class']; } if (strlen($valid['popup_theme']) == 0) { add_settings_error( 'popup_theme', 'popup_theme_texterror', 'Please choose a theme to display the pop up to', 'error' ); $valid['popup_class'] = $this->data['popup_class']; } if (strlen($valid['start_date']) == 0) { add_settings_error( 'start_date', 'start_date_texterror', 'Please enter a beginning date', 'error' ); $valid['start_date'] = $this->data['start_date']; } if (strlen($valid['end_date']) == 0) { add_settings_error( 'end_date', 'end_date_texterror', 'Please enter a beginning date', 'error' ); $valid['end_date'] = $this->data['end_date']; } return $valid; }" 2653,"public static function getParent($id=''){ $sql = sprintf(""SELECT `parent` FROM `cat` WHERE `id` = '%d'"", $id); $cat = Db::result($sql); return $cat; }",True,PHP,getParent,Categories.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function trigger_plugin(){ global $post, $popup_theme; $options = get_option($this->options_slug); $tz = $options['popup_timezone']; date_default_timezone_set($tz); $page = $options['popup_page']; $today = date('Y-m-d', time()); $permanent = $options['popup_permanent']; $start_date = $options['start_date']; $end_date = $options['end_date']; $popup_theme = $options['popup_theme']; $diff_start = strtotime($today) - strtotime($start_date); $diff_end = strtotime($end_date) - strtotime($today); if ( in_array( 'woocommerce/woocommerce.php', apply_filters( 'active_plugins', get_option( 'active_plugins' ) ) ) && is_shop()){ $page_id = get_option( 'woocommerce_shop_page_id' ); }else{ $page_id = $post->ID; } if(($permanent == 1 || $diff_start >= 0 && $diff_end >= 0) && ($page == 'all' || $page_id == $page)){ return true; }else{ return false; } }" 2656,"}elseif($k == ""error""){ self::error($v); }elseif(!in_array($k, $arr) && $k != 'paging'){",True,PHP,elseif,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function enqueue_styles() { if($this->trigger_plugin() == true){ $pp_dir = $this->activated_woocommerce(); wp_enqueue_style( 'prettyPhoto_css', $pp_dir['style']); wp_enqueue_style( $this->plugin_slug . '-plugin-styles', plugins_url( 'assets/css/public.css', __FILE__ ), array('prettyPhoto_css'), self::VERSION ); } }" 2658,public function __construct () { },True,PHP,__construct,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function activated_woocommerce(){ $suffix = defined( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ? '' : '.min'; if ( in_array( 'woocommerce/woocommerce.php', apply_filters( 'active_plugins', get_option( 'active_plugins' ) ) ) ) { global $woocommerce; $pp_dir['base'] = $woocommerce->plugin_url() . '/assets/js/jquery.prettyPhoto.js'; $pp_dir['style'] = $woocommerce->plugin_url() . '/assets/css/prettyPhoto.css'; $pp_dir['ver'] = $woocommerce->version; }else{ $pp_dir['base'] = plugins_url( '/assets/js/jquery.prettyPhoto.js', __FILE__ ); $pp_dir['style'] = plugins_url( '/assets/css/prettyPhoto.css', __FILE__ ); $pp_dir['ver'] = ''; } return $pp_dir; }" 2659,"public static function incFront($vars, $param='') { $file = GX_PATH.'/inc/lib/Control/Frontend/'.$vars.'.control.php'; if ( file_exists($file) ) { include($file); }else{ self::error('404'); } }",True,PHP,incFront,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function enqueue_scripts() { if($this->trigger_plugin() == true){ global $woocommerce, $popup_theme; $pp_dir = $this->activated_woocommerce(); wp_enqueue_script( 'prettyPhoto', $pp_dir['base'] , array( 'jquery' ), $pp_dir['ver'] ); wp_enqueue_script( $this->plugin_slug . '-plugin-script', plugins_url( 'assets/js/public.js', __FILE__ ), array( 'prettyPhoto' ), self::VERSION, true ); $plugin_data = array( 'theme' => $popup_theme, ); wp_localize_script( $this->plugin_slug . '-plugin-script', 'plugin_options_vars', $plugin_data ); } }" 2660,"self::ajax($v); } else { if (in_array($k, $arr)) { self::incFront($k, $var); } else { self::error('404'); } } } }",True,PHP,ajax,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function resetOptions($widget_id) { $query = ""DELETE FROM "" . $this->dbtable . "" WHERE widget_id = %s""; $query = $this->wpdb->prepare($query, $widget_id); $this->wpdb->query($query); }" 2661,self::get($arr); } else { self::incFront('default'); } },True,PHP,get,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function hasOptions($widget_id) { $query = ""SELECT COUNT(1) AS total FROM "" . $this->dbtable . "" WHERE widget_id = %s AND maintype != %s""; $query = $this->wpdb->prepare($query, $widget_id, 'individual'); $count = $this->wpdb->get_var($query); if ( $count > 0 ) { return TRUE; } return FALSE; }" 2664,public static function incBack($vars) { $file = GX_PATH.'/inc/lib/Control/Backend/'.$vars.'.control.php'; if ( file_exists($file) ) { include($file); }else{ self::error('404'); } },True,PHP,incBack,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function deleteOption($widget_id, $maintype, $name = '') { $query = ""DELETE FROM "" . $this->dbtable . "" WHERE widget_id = %s AND maintype = %s""; if (! empty($name) ) { $query .= "" AND name = %s""; $query = $this->wpdb->prepare($query, $widget_id, $maintype, $name); } else { $query = $this->wpdb->prepare($query, $widget_id, $maintype); } $this->wpdb->query($query); }" 2668,"public static function ajax ($vars="""", $val='') { if( isset($vars) && $vars != """" ) { $file = GX_PATH.'/inc/lib/Control/Ajax/'.$vars.'-ajax.control.php'; if (file_exists($file)) { include($file); }else { self::error('404'); } } }",True,PHP,ajax,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getDWOpt($widget_id, $maintype) { if ( $maintype == 'home' ) { $maintype = 'page'; } $query = ""SELECT widget_id, maintype, name, value FROM "" . $this->dbtable . "" WHERE widget_id LIKE '"" . esc_sql($widget_id) . ""' AND maintype LIKE '"" . esc_sql($maintype) . ""%' ORDER BY maintype, name""; $results = new DWOpts($this->wpdb->get_results($query), $maintype); return $results; }" 2669,public static function install () { include(GX_PATH.'/inc/lib/Control/Install/default.control.php'); },True,PHP,install,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function dwList($whereami) { $this->dynwid_list = array(); if ( $whereami == 'home' ) { $whereami = 'page'; } $query = ""SELECT DISTINCT widget_id FROM "" . $this->dbtable . "" WHERE maintype LIKE '"" . esc_sql($whereami) . ""%'""; if ( count($this->overrule_maintype) > 0 ) { $query .= "" OR maintype IN ""; $q = array(); foreach ( $this->overrule_maintype as $omt ) { $q[ ] = ""'"" . $omt . ""'""; } $query .= ""("" . implode(', ', $q) . "")""; } $results = $this->wpdb->get_results($query); foreach ( $results as $myrow ) { $this->dynwid_list[ ] = $myrow->widget_id; } }" 2670,public static function handler($vars) { self::$vars(); },True,PHP,handler,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function freshdesk_sso_login_url($domain, $user_name, $email, $hash_key){ return $domain.""/login/sso?name="".urlencode($user_name).""&email="".urlencode($email).""×tamp="".time().""&hash="".urlencode($hash_key); }" 2671,"public static function error ($vars="""", $val='') { if( isset($vars) && $vars != """" ) { $file = GX_PATH.'/inc/lib/Control/Error/'.$vars.'.control.php'; if (file_exists($file)) { include($file); } }else{ include(GX_PATH.'/inc/lib/Control/Error/unknown.control.php'); } }",True,PHP,error,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function fd_login_redirect( $url, $request, $user ) { parse_str( $request, $params ); $fd_redirect_to = $params['fd_redirect_to']; if ( ! $fd_redirect_to ) { return $url; } $redirect_url = get_redirect_url( $fd_redirect_to ); if ( $_REQUEST['wp-submit'] == ""Log In"" && is_a( $user, 'WP_User' ) && $redirect_url ) { $freshdesk_options = get_option( 'freshdesk_options' ); $user_name = $user->data->display_name; $secret = $freshdesk_options['freshdesk_sso_key']; $data = $user_name.$user->data->user_email.time(); $hash_key = hash_hmac(""md5"", $data, $secret); $ssl_url = $redirect_url.""/login/sso?name="".urlencode($user->data->display_name).""&email="".urlencode($user->data->user_email).""×tamp="".time().""&hash="".urlencode($hash_key); sleep(1); header(""Location: "".$ssl_url); die(); } return $request; }" 2673,"public static function backend($vars="""") { if(!empty($_GET['page'])) { self::incBack($_GET['page']); }else{ self::incBack('default'); } }",True,PHP,backend,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function fd_login() { global $pagenow, $display_name , $user_email; if ( 'wp-login.php' == $pagenow ){ $freshdesk_options = get_option( 'freshdesk_options' ); $domain = get_redirect_url($_REQUEST['host_url']); error_log(""Domain : $domain ""); if( ! $domain ) { return; } if ( $_GET['action'] == 'freshdesk-login' ) { if( $freshdesk_options['freshdesk_enable_sso'] != 'checked' ){ return; } if ( is_user_logged_in() ) { $current_user = wp_get_current_user(); $secret = $freshdesk_options['freshdesk_sso_key']; $user_name= $current_user->data->display_name; $user_email = $current_user->user_email; $data = $user_name.$user_email.time(); $hash_key = hash_hmac( ""md5"", $data, $secret ); $url = freshdesk_sso_login_url( $domain, $user_name, $user_email ,$hash_key ); header( 'Location: '.$url ) ; die(); } else{ if (isset($domain)){ header( ""Location: "" .wp_login_url().""?redirect_to=fd_redirect_to="".$domain ); die(); } } } if ( $_GET['action'] == 'freshdesk-logout' ) { wp_logout(); header( 'Location: '.$domain ); die(); } } if ( 'edit-comments.php' == $pagenow || ( $_GET['page'] == 'freshdesk-menu-handle' ) ){ if ( current_user_can( 'manage_options' ) ) { wp_enqueue_script( 'fd_plugin_js',FD_PLUGIN_URL . 'js/freshdesk_plugin_js.js', array( 'jquery' ) ); wp_localize_script( 'fd_plugin_js', 'myAjax', array( 'ajaxurl' => admin_url( 'admin-ajax.php' ) ) ); } } wp_enqueue_style( 'fd_plugin_css',FD_PLUGIN_URL . 'css/freshdesk_plugin.css' ); $feedback_options=get_option( 'freshdesk_feedback_options' ); if ( $feedback_options['freshdesk_enable_feedback'] == ""checked"" ) { add_action( 'wp_footer', 'freshdesk_widget_code' ); } }" 2675,"}elseif ($k == 'lang') { self::incFront('default'); }elseif($k == ""error""){",True,PHP,elseif,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function maybe_process_dismiss_link () { if ( isset( $_GET['action'] ) && ( 'icons-for-features-dismiss' == $_GET['action'] ) && isset( $_GET['nonce'] ) && check_admin_referer( 'icons-for-features-dismiss', 'nonce' ) ) { update_option( 'icons_for_features_dismiss_activation_notice', true ); $redirect_url = remove_query_arg( 'action', remove_query_arg( 'nonce', $_SERVER['REQUEST_URI'] ) ); wp_safe_redirect( esc_url( $redirect_url ) ); exit; } }" 2679,"}elseif(!in_array($k, $arr) && $k != 'paging'){ }else{ self::incFront('default'); } } }else{",True,PHP,elseif,Control.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function simplr_views_users( $views ) { $class = (@$_GET['view_inactive'] == true) ? 'current':''; $views['view_inactive'] = ' 'true'))).'"" class=""'.$class.'"" >'. __('Inactive Users','simplr-reg') . ' ('.simplr_count_inactive().')'; return $views; }" 2683,"public static function TimeZone(){ $timezones = DateTimeZone::listAbbreviations(DateTimeZone::ALL); $cities = array(); foreach( $timezones as $key => $zones ) { foreach( $zones as $id => $zone ) { if ( preg_match( '/^(America|Antartica|Arctic|Asia|Atlantic|Europe|Indian|Pacific)\ && $zone['timezone_id']) { $cities[$zone['timezone_id']][] = $key; } } } foreach( $cities as $key => $value ) $cities[$key] = join( ', ', $value); $cities = array_unique( $cities ); ksort( $cities ); return $cities; }",True,PHP,TimeZone,Date.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function getGVizDataSourceUrl ($key, $query, $format) { $format = ($format) ? $format : 'json'; $base = trailingslashit(get_site_url()) . '?'; $qs = 'url='; $qs .= rawurlencode($key . '?tq=' . $this->sanitizeQuery($query) . ""&tqx=out:$format""); return $base . $qs; }" 2685,foreach( $zones as $id => $zone ) { if ( preg_match( '/^(America|Antartica|Arctic|Asia|Atlantic|Europe|Indian|Pacific)\ && $zone['timezone_id']) { $cities[$zone['timezone_id']][] = $key; } },True,PHP,foreach,Date.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function fetchData ($url, $opts) { $http_args = array(); if ($opts) { try { foreach (json_decode($opts) as $k => $v) { $http_args[$k] = $v; } } catch (Exception $e) { throw new Exception('[' . __('Error parsing HTTP options attribute:', 'inline-gdocs-viewer') . $e->getMessage() . ']'); } } $resp = (empty($http_args)) ? wp_remote_get($url) : wp_remote_request($url, $http_args); if (is_wp_error($resp)) { throw new Exception('[' . __('Error requesting data:', 'inline-gdocs-viewer') . ' ' . $resp->get_error_message() . ']'); } return $resp; }" 2689,"$opt .= """"; } return $opt; }",True,PHP,"""
      getMessage(); } return $config; }",True,PHP,makeConfig,Install.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function action_admin_notices_activation() { if ( ! get_option( $this->notice_key ) && apply_filters( 'vapp_display_rewrite_rules_notice', true ) ) : ?>

      View All Post\'s Pages is fully activated. To do so, go to Permalinks and click the Save Changes button at the bottom of the screen.', 'view_all_posts_pages' ), esc_url( admin_url( 'options-permalink.php' ) ) ); ?>

      here to hide this message.', 'view_all_posts_pages' ), esc_url( admin_url( add_query_arg( $this->notice_key, 1, 'index.php' ) ) ) ); ?>

      query($options); }",True,PHP,insertData,Install.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function read_cache( $cache_id, $check = false ) { global $cms_db; if ( $cache_id && $this->use_cache ) { if ( !$this->cache_db ) $this->cache_db = new DB_cms; $return = false; $sql = ""SELECT val FROM "" . $cms_db['db_cache'] . "" WHERE name = '"" . addslashes( $this->cache_name ) . ""' AND sid = '"" . addslashes( $cache_id ) . ""'""; if ( !$this->cache_db->query( $sql ) ) return; $oldmode = $this->cache_db->get_fetch_mode(); $this->cache_db->set_fetch_mode( 'DB_FETCH_ASSOC' ); if( $this->cache_db->next_record() ) { if ( $check ) { $return = true; } else { $cache_pre = $this->cache_db->this_record(); $cache_val = $cache_pre['val']; $cache = unserialize( stripslashes( $cache_val ) ); if ( is_array( $cache ) ) { $this->cache = $cache; $return = true; } } } $this->cache_db->set_fetch_mode( $oldmode ); return $return; } else $this->cache_mode = ''; }" 2750,function __construct () { },True,PHP,__construct,Install.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function ac_checkme($id, $name) { global $cms_db; $ret = true; $cquery = sprintf(""select count(*) from %s where sid='%s' and name='%s'"", $cms_db['sessions'], addslashes($id), addslashes($name)); $squery = sprintf(""select sid from %s where sid = '%s' and name = '%s'"", $cms_db['sessions'], addslashes($id), addslashes($name)); $this->db->query($squery); if ( $this->db->affected_rows() == 0 && $this->db->query($cquery) && $this->db->next_record() && $this->db->f(0) == 0 ) { $ret = false; } return $ret; }" 2751,$keys = array_keys($value); if ($keys[0] == $lang) { $lang = $multilang[$key][$lang]; return $lang; } } } },True,PHP,array_keys,Language.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function write_cache() { global $cms_db, $cfg_cms; $action = 'insert'; if ( $this->cache_mode == 'DB_TEST_CACHE' ) { if ( count( $this->cache_test ) >= $this->cache_test_value ) { $this->cache = $this->cache_test; $this->cache_test = array(); } else $this->cache_id = 0; } if ( $this->cache_id && $this->use_cache ) { if ( !$this->cache_db ) $this->cache_db = new DB_cms; if ( $this->cache_db->read_cache( $this->cache_id, true ) ) $action = $force_overide_cache == true ? 'update': 'ignore'; $this->cache_mode = 'DB_WRITE_CACHE'; $now = date( ""YmdHis"", time() ); if( $this->cache_group == 'frontend' ) { $this->_figure_out_cachetime_for_frontend(); } switch ( $action ) { case 'insert': $sql = ""REPLACE INTO "" . $cms_db['db_cache'] . "" (sid, name, val, changed, releasetime, groups, item) VALUES ( '"" . $this->cache_id . ""', '"" . addslashes( $this->cache_name ) . ""', '"" . addslashes( serialize( $this->cache ) ) . ""', '"" . $now . ""', '"" . $this->cache_time . ""', '"" . addslashes( $this->cache_group ) . ""', '"" . addslashes( $this->cache_item ) . ""')""; $this->cache_db->query( $sql ); break; case 'update': $sql = ""UPDATE "" . $cms_db['db_cache'] . "" SET val = '"" . addslashes( serialize( $this->cache ) ) . ""', groups = '"" . addslashes( $this->cache_group ) . ""', item = '"" . addslashes( $this->cache_item ) . ""', changed = '"" . $now . ""', releasetime = '"" . $this->cache_time . ""' WHERE name = '"" . addslashes( $this->cache_name ) . ""' AND sid = '"" . addslashes( $this->cache_id ) . ""'""; $this->cache_db->query( $sql ); break; } $this->cache = array(); $this->cache_id = 0; $this->cache_group = ''; $this->cache_item = ''; $this->cache_mode = ''; } else $this->cache_mode = ''; }" 2752,"public static function getDefaultLang() { $def = Options::v('multilang_default'); $lang = json_decode(Options::v('multilang_country'), true); $deflang = $lang[$def]; return $deflang; }",True,PHP,getDefaultLang,Language.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function ac_sigleid($name, $id) { global $cms_db, $sess; $sess->gc( true ); $ret = true; if( $id >= 1 ) { $ret = false; $cquery = sprintf(""select count(*) from %s where user_id='%s' and name='%s'"", $cms_db['sessions'], addslashes($id), addslashes($name)); $squery = sprintf(""select sid from %s where user_id='%s' and name='%s'"", $cms_db['sessions'], addslashes($id), addslashes($name)); $this->db->query($squery); if ( $this->db->affected_rows() == 0 && $this->db->query($cquery) && $this->db->next_record() && $this->db->f(0) == 0 ) { $ret = true; } } return $ret; }" 2753,public static function isActive () { switch (SMART_URL) { case true: if (Options::v('multilang_enable') === 'on') { $langs = Session::val('lang'); if($langs != '') { $lang = Session::val('lang'); }else{ $lang = ''; } }else{ $lang = ''; } break; default: if (Options::v('multilang_enable') === 'on') { $langs = Session::val('lang'); if($langs != '') { $lang = Session::val('lang'); }else{ $lang = isset($_GET['lang'])? $_GET['lang']: '' ; } }else{ $lang = ''; } break; } return $lang; },True,PHP,isActive,Language.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function ac_sigleme($str, $name, $id) { global $cms_db, $sess; $sess->gc( true ); if( $id >= 1 && $this->session_enabled ) { $this->db->query(sprintf(""delete from %s where name = '%s' and sid != '%s' and user_id = '%s'"", $cms_db[sessions], addslashes($name), addslashes($str), addslashes($id))); } }" 2756,"
      • ""; } $html .= ""
    ""; Hooks::attach('footer_load_lib', array('Language', 'flagLib')); } return $html; }",True,PHP,flag,Language.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,function setup() { $this -> catch_globals(); $this -> version['prior'] = '01'; $this -> version['minor'] = '06'; $this -> version['fix'] = '02'; $this -> version_text = $this -> version['prior']; $this -> version_text .= '.'; $this -> version_text .= $this -> version['minor']; $this -> version_text .= '.'; $this -> version_text .= $this -> version['fix']; if ($this -> globals['mode'] == 'update') { if ($this -> globals['action'] == 'enter_email') $this -> globals['action'] = 'screen_execute_update_and_finish'; } } 2762,public function __construct () { self::setActive(); },True,PHP,__construct,Language.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function exist($cat) { $cat = Typo::int($cat); $sql = ""SELECT `id` FROM `cat` WHERE `id` = '{$cat}'""; $q = Db::result($sql); if (Db::$num_rows > 0) { return true; } else { return false; } }" 2763,"$file = explode('.', $lang); if ($var == $file[0]) { $sel = 'SELECTED'; }else{ $sel = ''; } $opt .= """"; } return $opt; }",True,PHP,explode,Language.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function dropdown($vars) { if (is_array($vars)) { $name = $vars['name']; $where = 'WHERE '; if (isset($vars['parent'])) { $where .= "" `parent` = '"".$vars['parent'].""' ""; } else { $where .= ''; } if (isset($vars['type'])) { if ($vars['type'] == 'tag') { $where .= "" `type` = '{$vars['type']}' AND ""; } else { $where .= "" `type` = '{$vars['type']}' AND `type` != 'tag' AND ""; } } else { $where .= "" `type` != 'tag' AND ""; } $where .= '1 '; $order_by = 'ORDER BY '; if (isset($vars['order_by'])) { $order_by .= ' '.$vars['order_by'].' '; } else { $order_by .= ' `name` '; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; } else { $sort = ' ASC'; } } $cat = Db::result('SELECT * FROM `cat` '.$where.' '.$order_by.' '.$sort); $drop = ""'; return $drop; }" 2766,"public static function flagLib () { return """"; }",True,PHP,flagLib,Language.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function lists($vars) { if (is_array($vars)) { $where = 'WHERE '; if (isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' AND ""; } if (isset($vars['type'])) { if ($vars['type'] == 'tag') { $where .= "" `type` = '{$vars['type']}' AND ""; } else { $where .= "" `type` = '{$vars['type']}' AND `type` != 'tag' AND ""; } } else { $where .= "" `type` != 'tag' AND ""; } $where .= '1 '; $order_by = 'ORDER BY '; if (isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; } else { $order_by .= ' `name` '; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; } else { $sort = ' ASC'; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = '
    '; if (Db::$num_rows > 0) { foreach ($cat as $c) { if ($c->parent == null || $c->parent == '0') { if (isset($_GET['cat'])) { $catparent = self::getParent($_GET['cat']); $in = ($catparent[0]->parent === $c->id) ? 'in' : ''; $collapseHeading = ($catparent[0]->parent === $c->id) ? ""collapseListGroupHeading{$c->id}"" : ''; $href = ($catparent[0]->parent === $c->id) ? ""#collapse-{$c->id}"" : Url::cat($c->id); $data_toggle = ($catparent[0]->parent === $c->id) ? 'collapse' : ''; } else { $catparent = ''; $in = ''; $collapseHeading = ''; $href = ''; $data_toggle = ''; } $drop .= ""
    id}\"" aria-labelledby=\""collapseListGroupHeading{$c->id}\"">
      ""; foreach ($cat as $c2) { if ($c2->parent == $c->id) { $drop .= '
    • id).""\"">{$c2->name}
      • ""; } } $drop .= '
    '; } } } $drop .= '
    '; return $drop; }" 2767,"public static function getList () { $handle = dir(GX_PATH.'/inc/lang/'); while (false !== ($entry = $handle->read())) { if ($entry != ""."" && $entry != "".."" ) { $file = GX_PATH.'/inc/lang/'.$entry; $ext = pathinfo($file, PATHINFO_EXTENSION); if(is_file($file) == true && $ext == 'php'){ $lang[] = $entry; } } } $handle->close(); return $lang; }",True,PHP,getList,Language.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function load() { $hooks = array( 'init' => array(), 'header_pre_action' => array(), 'site_title_filter' => array(), 'site_desc_filter' => array(), 'site_key_filter' => array(), 'header_load_meta' => array(), 'footer_load_lib' => array(), 'post_title_filter' => array(), 'post_meta_filter' => array(), 'post_content_filter' => array(), 'post_author_filter' => array(), 'post_date_filter' => array(), 'post_category_filter' => array(), 'post_submit_add_action' => array(), 'post_sqladd_action' => array(), 'post_submit_edit_action' => array(), 'post_sqledit_action' => array(), 'post_submit_title_filter' => array(), 'post_submit_content_filter' => array(), 'post_submit_category_filter' => array(), 'post_delete_action' => array(), 'post_sqldel_action' => array(), 'post_param_form' => array(), 'page_param_form' => array(), 'user_submit_add_action' => array(), 'user_sqladd_action' => array(), 'user_submit_edit_action' => array(), 'user_sqledit_action' => array(), 'user_delete_action' => array(), 'user_sqldel_action' => array(), 'user_reg_action' => array(), 'user_login_action' => array(), 'user_logout_action' => array(), 'user_activation_action' => array(), 'admin_page_notif_action' => array(), 'admin_page_top_action' => array(), 'admin_page_bottom_action' => array(), 'admin_page_dashboard_action' => array(), 'admin_page_dashboard_statslist_action' => array(), 'admin_footer_action' => array(), 'module_install_action' => array(), 'theme_install_action' => array(), 'mod_control' => array(), ); return $hooks; }" 2771,public function __construct() { self::$smtphost = Options::v('smtphost'); self::$smtpuser = Options::v('smtpuser'); self::$smtppass = Options::v('smtppass'); self::$smtpport = Options::v('smtpport'); self::$siteemail = Options::v('siteemail'); self::$sitename = Options::v('sitename'); },True,PHP,__construct,Mail.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function modList() { $mod = array(); $handle = dir(GX_MOD); while (false !== ($entry = $handle->read())) { if ($entry != '.' && $entry != '..') { $dir = GX_MOD.$entry; if (is_dir($dir) == true) { (file_exists($dir.'/index.php')) ? $mod[] = basename($dir) : ''; } } } $handle->close(); return $mod; } 2772,"$mail = new PHPMailer(true); try { $mail->isSMTP(); $mail->SMTPDebug = 0; $mail->Debugoutput = 'html'; $mail->Host = self::$smtphost; $mail->Port = self::$smtpport; $mail->SMTPAuth = true; $mail->Username = self::$smtpuser; $mail->Password = self::$smtppass; $mail->setFrom(self::$siteemail, self::$sitename); $mail->addReplyTo(self::$siteemail, self::$sitename); $mail->addAddress($to, $to_name); $mail->Subject = $subject; if($msgtype == 'text'){ $mail->ContentType = 'text/plain'; $mail->IsHTML(false); $mail->Body = $message; }else{ $mail->msgHTML($message); } $mail->send(); } catch (phpmailerException $e) { return $e->errorMessage(); } catch (Exception $e) { return $e->getMessage(); } } }",True,PHP,PHPMailer,Mail.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"foreach ($post as $p) { if ($p->id != $id) { $title = (strlen($p->title) > 34) ? substr($p->title, 0, 34).'...' : $p->title; $img = self::getImage(Typo::Xclean($p->content)); if ($img != '') { $img = Url::thumb($img, 'square', 200); } else { $img = Url::thumb('assets/images/noimage.png', '', 200); } $related .= '
  • id).'""> '.$title.'
    • '; } else { $related .= ''; } }" 2773,public function __construct(){ },True,PHP,__construct,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function related($id, $num, $cat, $mode = 'list') { $id = Typo::int($id); if (self::existParam('tags', $id)) { $tag = self::getParam('tags', $id); $tag = explode(',', $tag); $where_tag = ''; foreach ($tag as $t) { $where_tag .= "" OR B.`value` LIKE '%%"".$t.""%%' ""; } } else { $where_tag = ''; } $post_type = self::type($id); $post = Db::result( sprintf( ""SELECT DISTINCT B.`post_id`, A.`id`, A.`date`, A.`title`, A.`content`, A.`author`, A.`cat`, A.`type` FROM `posts` AS A JOIN `posts_param` AS B ON A.`id` = B.`post_id` WHERE (A.`cat` = '%d' %s) AND A.`id` != '%d' AND A.`status` = '1' AND A.`type` = '%s' ORDER BY RAND() LIMIT %d, %d"", $cat, $where_tag, $id, $post_type, 0, $num ) ); if (isset($post['error'])) { $related = 'No Related Post(s)'; } else { $related = ''; if ($mode == 'list') { $related .= '
      '; foreach ($post as $p) { if ($p->id != $id) { $related .= '
    • id).""\"">$p->title
      • ""; } else { $related .= ''; } } $related .= '
    '; } elseif ($mode == 'box') { $related .= '
      '; foreach ($post as $p) { if ($p->id != $id) { $title = (strlen($p->title) > 34) ? substr($p->title, 0, 34).'...' : $p->title; $img = self::getImage(Typo::Xclean($p->content)); if ($img != '') { $img = Url::thumb($img, 'square', 200); } else { $img = Url::thumb('assets/images/noimage.png', '', 200); } $related .= '
    • id).'""> '.$title.'
      • '; } else { $related .= ''; } } $related .= '
    '; } } return $related; }" 2777,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }",True,PHP,getMenuAdmin,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function isExist($user, $except='') { if ($except != '') { $id = Typo::int($except); $where = ""AND `userid` != '{$id}' ""; } else { $where = ''; } $user = sprintf('%s', Typo::cleanX($user)); $sql = sprintf(""SELECT `userid` FROM `user` WHERE `userid` = '%s' %s "", $user, $where); $usr = Db::result($sql); $n = Db::$num_rows; if ($n > 0) { return true; } else { return false; } }" 2779,"public static function delete($id){ $sql = array( 'table' => 'menus', 'where' => array( 'id' => $id ) ); $menu = Db::delete($sql); }",True,PHP,delete,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$file = sprintf('%s/%s.class.php', $path, $class_name); if (is_file($file)) { include_once $file; } } }" 2780,"$sql = array( 'table' => 'menus', 'id' => Typo::int($k), 'key' => $v ); Db::update($sql); }",True,PHP,array,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($p->group == 2) { $grp = EDITOR; } elseif ($p->group == 3) { 2782,"public static function isHadParent($parent='', $menuid = ''){ if(isset($menuid)){ $where = "" AND `menuid` = '{$menuid}'""; }else{ $where = ''; } if(isset($parent) && $parent != ''){ $parent = "" `parent` = '{$parent}'""; }else{ $parent = '1'; } $sql = sprintf(""SELECT * FROM `menus` WHERE %s %s"", $parent, $where); $menu = Db::result($sql); return $menu; }",True,PHP,isHadParent,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"} elseif ($p->status == 1) { $status = ""id}&token="".TOKEN.'"" class=""label label-primary"">Active'; }" 2784,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d'"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }",True,PHP,getId,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($p->group == 1) { $grp = SUPERVISOR; } elseif ($p->group == 2) { 2787,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == '0'){ $parent = self::isHadParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::isHadParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown-submenu\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::isHadParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown-submenu\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::isHadParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown-submenu\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }",True,PHP,getMenu,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($p->group == 3) { $grp = AUTHOR; } elseif ($p->group == 4) { 2789,"public static function insert($vars){ if(is_array($vars)){ $sql = array( 'table' => 'menus', 'key' => $vars ); $menu = Db::insert($sql); } }",True,PHP,insert,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($p->group == 4) { $grp = GENERAL_MEMBER; } 2792,"public static function getMenuRaw($menuid){ $sql = sprintf(""SELECT * FROM `menus` WHERE `menuid` = '%s' ORDER BY `order` ASC"", $menuid); $menus = Db::result($sql); $n = Db::$num_rows; return $menus; }",True,PHP,getMenuRaw,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($p->group == 2) { $grp = EDITOR; } elseif ($p->group == 3) { 2793,"public static function update($vars){ if(is_array($vars)){ $sql = array( 'table' => 'menus', 'id' => $vars['id'], 'key' => $vars['key'] ); $menu = Db::update($sql); } }",True,PHP,update,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"} elseif ($p->status == 1) { $status = ""id}&token="".TOKEN.'"" class=""label label-primary"">Active'; }" 2794,public static function getParent($id){ $q = self::getId($id); return $q[0]->parent; },True,PHP,getParent,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($p->group == 1) { $grp = SUPERVISOR; } elseif ($p->group == 2) { 2795,"public static function modList(){ $handle = dir(GX_MOD); while (false !== ($entry = $handle->read())) { if ($entry != ""."" && $entry != "".."" ) { $dir = GX_MOD.$entry; if(is_dir($dir) == true){ $mod[] = basename($dir); } } } $handle->close(); return $mod; }",True,PHP,modList,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($p->group == 3) { $grp = AUTHOR; } elseif ($p->group == 4) { 2797,"public static function activate($mod){ $json = Options::v('modules'); $mods = json_decode($json, true); if (!is_array($mods) || $mods == """") { $mods = array(); } if (!in_array($mod, $mods)) { $mods = array_merge($mods, array($mod)); } $mods = json_encode($mods); $mods = Options::update('modules', $mods); if($mods){ new Options(); return true; }else{ return false; } }",True,PHP,activate,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($p->group == 4) { $grp = GENERAL_MEMBER; } 2800,"public static function loader() { $data = """"; if (isset($_GET['page']) && $_GET['page'] == ""modules"") { if (isset($_GET['act'])) { if ($_GET['act'] == ACTIVATE) { if(!Token::isExist($_GET['token'])){ $alertDanger[] = TOKEN_NOT_EXIST; } if(!isset($alertDanger)){ self::activate($_GET['modules']); $GLOBALS['alertSuccess'] = MODULES_ACTIVATED; }else{ $GLOBALS['alertDanger'] = $alertDanger; } }elseif($_GET['act'] == DEACTIVATE){ if(!Token::isExist($_GET['token'])){ $alertDanger[] = TOKEN_NOT_EXIST; } if(!isset($alertDanger)){ self::deactivate($_GET['modules']); $GLOBALS['alertSuccess'] = MODULES_DEACTIVATED; }else{ $GLOBALS['alertDanger'] = $alertDanger; } }elseif ($_GET['act'] == 'remove') { if(!Token::isExist($_GET['token'])){ $alertDanger[] = TOKEN_NOT_EXIST; } if (Mod::isActive($_GET['modules'])) { $alertDanger[] = ""Module is Active. Please deactivate first.""; } if(!isset($alertDanger)){ self::deactivate($_GET['modules']); Files::delTree(GX_MOD.""/"".$_GET['modules']); $GLOBALS['alertSuccess'] = MODULES_DELETED; }else{ $GLOBALS['alertDanger'] = $alertDanger; } } } } $json = Options::v('modules'); $mods = json_decode($json, true); if (!is_array($mods) || $mods == """") { $mods = array(); } foreach ($mods as $m) { if (self::exist($m)) { self::load($m); } } return $data; }",True,PHP,loader,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($p->group == 2) { $grp = EDITOR; } elseif ($p->group == 3) { 2801,"public static function deactivate($mod){ $mods = Options::v('modules'); $mods = json_decode($mods, true); if (!is_array($mods) || $mods == """") { $mods = array(); } $arr = """"; for ($i=0;$istatus == 1) { $status = ""id}&token="".TOKEN.'"" class=""label label-primary"">Active'; }" 2802,public static function mod($var) { self::load($var); },True,PHP,mod,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($p->group == 1) { $grp = SUPERVISOR; } elseif ($p->group == 2) { 2807,"public static function load($mod) { $file = GX_MOD.""/"".$mod.""/index.php""; if(file_exists($file)){ include ($file); } }",True,PHP,load,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($p->group == 3) { $grp = AUTHOR; } elseif ($p->group == 4) { 2808,"public static function ModMenu(){ $json = Options::v('modules'); $mod = json_decode($json, true); if(is_array($mod)){ $list = ''; asort($mod); foreach ($mod as $m) { if(self::exist($m)){ $data = self::data($m); if(isset($_GET['mod']) && $_GET['mod'] == $m){ $class = 'class=""active""'; }else{ $class = """"; } $list .= ""
  • "".$data['icon']."" "".$data['name'].""
    • ""; } } }else{ $list = """"; } return $list; }",True,PHP,ModMenu,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($p->group == 4) { $grp = GENERAL_MEMBER; } 2809,"public static function data($vars){ $file = GX_MOD.'/'.$vars.'/index.php'; $handle = fopen($file, 'r'); $data = fread($handle, filesize($file)); fclose($handle); preg_match('/\* Name: (.*)\n\*/U', $data, $matches); $d['name'] = $matches[1]; preg_match('/\* Desc: (.*)\n\*/U', $data, $matches); $d['desc'] = $matches[1]; preg_match('/\* Version: (.*)\n\*/U', $data, $matches); $d['version'] = $matches[1]; preg_match('/\* Build: (.*)\n\*/U', $data, $matches); $d['build'] = $matches[1]; preg_match('/\* Developer: (.*)\n\*/U', $data, $matches); $d['developer'] = $matches[1]; preg_match('/\* URI: (.*)\n\*/U', $data, $matches); $d['url'] = $matches[1]; preg_match('/\* License: (.*)\n\*/U', $data, $matches); $d['license'] = $matches[1]; preg_match('/\* Icon: (.*)\n\*/U', $data, $matches); $d['icon'] = $matches[1]; return $d; }",True,PHP,data,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function type($id) { $id = sprintf('%d', $id); if (isset($id)) { $cat = Db::result(""SELECT `type` FROM `cat` WHERE `id` = '{$id}' LIMIT 1""); if (isset($cat['error'])) { return ''; } else { return $cat[0]->type; } } else { echo 'No ID Selected'; } }" 2811,public static function options($var) { $file = GX_MOD.$var.'/options.php'; if(file_exists($file)){ include ($file); } },True,PHP,options,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function name($id) { $id = sprintf('%d', $id); if (isset($id)) { $cat = Db::result(""SELECT `name` FROM `cat` WHERE `id` = '{$id}' LIMIT 1""); if (isset($cat['error'])) { return ''; } else { return $cat[0]->name; } } else { echo 'No ID Selected'; } }" 2814,"public static function inc($vars, $data, $dir){ $file = $dir.""/"".$vars."".php""; if (file_exists($file)) { include($file); } }",True,PHP,inc,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function dropdown($vars) { if (is_array($vars)) { $name = $vars['name']; $where = 'WHERE '; if (isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' ""; } else { $where .= '1 '; } if (isset($vars['type'])) { $where .= "" AND `type` = '{$vars['type']}' ""; } else { $where .= ' AND 1 '; } $order_by = 'ORDER BY '; if (isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; } else { $order_by .= ' `name` '; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; } else { $sort = ' ASC'; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = ""'; return $drop; }" 2815,"public static function exist($mod) { $file = GX_MOD.""/"".$mod.""/options.php""; if(file_exists($file)){ return true; }else{ return false; } }",True,PHP,exist,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function lists($vars) { if (is_array($vars)) { $where = 'WHERE '; if (isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' AND ""; } if (isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; } $where .= '1 '; $order_by = 'ORDER BY '; if (isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; } else { $order_by .= ' `name` '; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; } else { $sort = ' ASC'; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = '
    '; if (Db::$num_rows > 0) { foreach ($cat as $c) { if ($c->parent == null || $c->parent == '0') { if (isset($_GET['cat'])) { $catparent = self::getParent($_GET['cat']); $in = ($catparent[0]->parent === $c->id) ? 'in' : ''; $collapseHeading = ($catparent[0]->parent === $c->id) ? ""collapseListGroupHeading{$c->id}"" : ''; $href = ($catparent[0]->parent === $c->id) ? ""#collapse-{$c->id}"" : Url::cat($c->id); $data_toggle = ($catparent[0]->parent === $c->id) ? 'collapse' : ''; } else { $catparent = ''; $in = ''; $collapseHeading = ''; $href = ''; $data_toggle = ''; } $drop .= ""
    id}\"" aria-labelledby=\""collapseListGroupHeading{$c->id}\"">
      ""; foreach ($cat as $c2) { if ($c2->parent == $c->id) { $drop .= '
    • id).""\"">{$c2->name}
      • ""; } } $drop .= '
    '; } } } $drop .= '
    '; return $drop; }" 2821,"public static function url($mod) { $url = Site::$url.""/inc/mod/"".$mod; return $url; }",True,PHP,url,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function delete($id) { $id = sprintf('%d', $id); $parent = self::getParent($id); $sql = array( 'table' => 'cat', 'where' => array( 'id' => $id, ), ); $cat = Db::delete($sql); if ($cat) { return true; } else { return false; } $post = Db::result(""SELECT `id` FROM `posts` WHERE `cat` = '{$id}'""); $npost = Db::$num_rows; if ($npost > 0) { $sql = ""UPDATE `posts` SET `cat` = '{$parent[0]->parent}' WHERE `cat` = '{$id}'""; Db::query($sql); } }" 2823,"public static function isActive($mod){ $json = Options::v('modules'); $mods = json_decode($json, true); if (!is_array($mods) || $mods == """") { $mods = array(); } if(in_array($mod, $mods)){ return true; }else{ return false; } }",True,PHP,isActive,Mod.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function getParent($id = '') { $id = sprintf('%d', $id); $sql = sprintf(""SELECT `parent` FROM `cat` WHERE `id` = '%d'"", $id); $cat = Db::result($sql); return $cat; }" 2825,public function __construct() { self::$_data = self::load(); },True,PHP,__construct,Options.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"} elseif ($k == 'error') { self::error($v); } elseif (!in_array($k, $arr) && $k != 'paging') {" 2831,"$post = Db::query(""UPDATE `options` SET `value`='{$v}' WHERE `name` = '{$k}' LIMIT 1""); } }else{ $post = Db::query(""UPDATE `options` SET `value`='{$val}' WHERE `name` = '{$key}' LIMIT 1""); } return $post; }",True,PHP,query,Options.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($k == 'lang') { self::incFront('default'); } elseif ($k == 'error') { 2832,"$ins = array( 'table' => 'options', 'key' => array( 'name' => $name, 'value' => $value ) ); $opt = Db::insert($ins); } }else{",True,PHP,array,Options.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"} elseif (!in_array($k, $arr) && $k != 'paging') { } else { self::incFront('default'); } } } else {" 2833,"public static function get($vars) { $op = Db::result(""SELECT `value` FROM `options` WHERE `name` = '{$vars}' LIMIT 1""); if(Db::$num_rows > 0){ return $op[0]->value; }else{ return false; } }",True,PHP,get,Options.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { } 2835,public static function v($vars) { $opt = self::$_data; foreach ($opt as $k => $v) { if ($v->name == $vars) { return $v->value; } } },True,PHP,v,Options.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function incFront($vars, $param = '') { $file = GX_PATH.'/inc/lib/Control/Frontend/'.$vars.'.control.php'; if (file_exists($file)) { include $file; } else { self::error('404'); } }" 2837,"public static function load() { $op = Db::result(""SELECT * FROM `options` ORDER BY `id` ASC""); if(Db::$num_rows > 0){ return $op; }else{ return false; } }",True,PHP,load,Options.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"self::ajax($v); } else { if (in_array($k, $arr)) { self::incFront($k, $var); } else { self::error('404'); } } } }" 2839,"$p = $vars['paging']-(ceil($maxpage/2)-1); $limit = $curr+ceil($maxpage/2)-1; }else{ $p = $vars['paging']-(ceil($maxpage/2)-1); $limit = $curr + floor($maxpage/2); } for ($i=$p ; $i <= $limit ; $i++ ) { if($smart == true){ $url = $vars['url'].""/paging/"".$i; }else{ $url = $vars['url'].""&paging="".$i; } if($vars['paging'] == $i){ $sel = ""class=\""active\"""";}else{$sel='';} $r .= ""
  • $i
    • ""; } $r .= """"; }elseif(isset($vars['type']) && $vars['type'] == 'pager'){",True,PHP,-,Paging.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function ajax($vars = '', $val = '') { if (isset($vars) && $vars != '') { $file = GX_PATH.'/inc/lib/Control/Ajax/'.$vars.'-ajax.control.php'; if (file_exists($file)) { include $file; } else { self::error('404'); } } }" 2840,public function __construct() { },True,PHP,__construct,Paging.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,self::get($arr); } else { self::incFront('default'); } } 2842,"}elseif($vars['paging'] < $limit || $vars['paging'] = $limit ){ $prev = ($vars['paging'])-1; if($smart == true){ $url = $vars['url'].""/paging/"".$prev; }else{ $url = $vars['url'].""&paging="".$prev; } $r .= ""
  • Previous
    • ""; }",True,PHP,elseif,Paging.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function incBack($vars) { $file = GX_PATH.'/inc/lib/Control/Backend/'.$vars.'.control.php'; if (file_exists($file)) { include $file; } else { self::error('404'); } } 2844,self::rpc($p); } } },True,PHP,rpc,Pinger.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"self::ajax($v); } else { if (in_array($k, $arr)) { self::incFront($k, $var); } else { self::error('404'); } } } }" 2848,"public static function rpc ($url) { new Pinger(); $url = 'http: $client = new IXR_Client( $url ); $client->timeout = 3; $client->useragent .= ' -- PingTool/1.0.0'; $client->debug = false; if( $client->query( 'weblogUpdates.extendedPing', self::$myBlogName, self::$myBlogUrl, self::$myBlogUpdateUrl, self::$myBlogRSSFeedUrl ) ) { return $client->getResponse(); } if( $client->query( 'weblogUpdates.ping', self::$myBlogName, self::$myBlogUrl ) ) { return $client->getResponse(); } return false; }",True,PHP,rpc,Pinger.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function ajax($vars = '', $val = '') { if (isset($vars) && $vars != '') { $file = GX_PATH.'/inc/lib/Control/Ajax/'.$vars.'-ajax.control.php'; if (file_exists($file)) { include $file; } else { self::error('404'); } } }" 2850,public function __construct () { self::$myBlogName = Options::v('sitename'); self::$myBlogUrl = Options::v('siteurl'); self::$myBlogUpdateUrl = Options::v('siteurl'); self::$myBlogRSSFeedUrl = Url::rss(); },True,PHP,__construct,Pinger.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function install() { include GX_PATH.'/inc/lib/Control/Install/default.control.php'; } 2852,"public static function delete($id) { $id = Typo::int($id); try { $vars1 = array( 'table' => 'posts', 'where' => array( 'id' => $id ) ); $d = Db::delete($vars1); $vars2 = array( 'table' => 'posts_param', 'where' => array( 'post_id' => $id ) ); $d = Db::delete($vars2); Hooks::run('post_sqldel_action', $id); return true; } catch (Exception $e) { return $e->getMessage(); } }",True,PHP,delete,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function handler($vars) { self::$vars(); } 2853,"public static function insert($vars) { if(is_array($vars)) { $slug = Typo::slugify($vars['title']); $vars = array_merge($vars, array('slug' => $slug)); $ins = array( 'table' => 'posts', 'key' => $vars ); $post = Db::insert($ins); self::$last_id = Db::$last_id; Hooks::run('post_sqladd_action', $vars, self::$last_id); $pinger = Options::v('pinger'); if ($pinger != """") { Pinger::run($pinger); } } return $post; }",True,PHP,insert,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function error($vars = '', $val = '') { if (isset($vars) && $vars != '') { $file = GX_PATH.'/inc/lib/Control/Error/'.$vars.'.control.php'; if (file_exists($file)) { include $file; } } else { include GX_PATH.'/inc/lib/Control/Error/unknown.control.php'; } }" 2860,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE `status` = '1' AND ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }",True,PHP,dropdown,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function backend($vars = '') { if (!empty($_GET['page'])) { self::incBack($_GET['page']); } else { self::incBack('default'); } } 2861,"public static function recent($vars) { $catW = isset($vars['cat'])? "" AND `cat` = '"".$vars['cat']:""""; $type = isset($vars['type'])? $vars['type']: ""post""; $num = isset($vars['num'])? $vars['num']: ""10""; $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' $catW AND `status` = '1' ORDER BY `date` DESC LIMIT {$num}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = self::prepare($posts); } return $posts; }",True,PHP,recent,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"} elseif ($k == 'error') { self::error($v); } elseif (!in_array($k, $arr) && $k != 'paging') {" 2862,"public static function publish($id) { $id = Typo::int($id); $ins = array( 'table' => 'posts', 'id' => $id, 'key' => array( 'status' => '1' ) ); $post = Db::update($ins); return $post; }",True,PHP,publish,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($k == 'lang') { self::incFront('default'); } elseif ($k == 'error') { 2865,public function __construct() { },True,PHP,__construct,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"} elseif (!in_array($k, $arr) && $k != 'paging') { } else { self::incFront('default'); } } } else {" 2866,"public static function format ($post, $id) { $post = Typo::Xclean($post); $more = explode('[[--readmore--]]', $post); if (count($more) > 1) { $post = explode('[[--readmore--]]', $post); $post = $post[0]."" "".READ_MORE.""""; }else{ $post = $post; } $post = Hooks::filter('post_content_filter', $post); return $post; }",True,PHP,format,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"} elseif ($k == 'error') { self::error($v); } elseif (!in_array($k, $arr) && $k != 'paging') {" 2871,"public static function existParam($param, $post_id) { $sql = ""SELECT * FROM `posts_param` WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' LIMIT 1""; $q = Db::result($sql); if (Db::$num_rows > 0) { return true; }else{ return false; } }",True,PHP,existParam,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif ($k == 'lang') { self::incFront('default'); } elseif ($k == 'error') { 2872,"$posts_arr = json_decode(json_encode($posts), FALSE); $post_arr[] = $posts_arr; $post = $post_arr; } }else{ $post = $post; } }else{",True,PHP,json_decode,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"} elseif (!in_array($k, $arr) && $k != 'paging') { } else { self::incFront('default'); } } } else {" 2876,"public static function editParam($param, $value, $post_id) { $sql = ""UPDATE `posts_param` SET `value` = '{$value}' WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' ""; $q = Db::query($sql); if ($q) { return true; }else{ return false; } }",True,PHP,editParam,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function access($attr, $path, $data, $volume) { return strpos(basename($path), '.') === 0 ? !($attr == 'read' || $attr == 'write') : null; }" 2877,"public static function delParam($param, $post_id) { $sql = ""DELETE FROM `posts_param` WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' LIMIT 1""; $q = Db::query($sql); if ($q) { return true; }else{ return false; } }",True,PHP,delParam,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,foreach ($zones as $id => $zone) { if (preg_match('/^(America|Antartica|Arctic|Asia|Atlantic|Europe|Indian|Pacific)\ && $zone['timezone_id']) { $cities[$zone['timezone_id']][] = $key; } } 2881,"public static function content($vars) { $post = Typo::Xclean($vars); preg_match_all(""[[\-\-readmore\-\-]]"", $post, $more); if (is_array($more[0])) { $post = str_replace('[[--readmore--]]', '', $post); }else{ $post = $post; } $post = Hooks::filter('post_content_filter', $post); return $post; }",True,PHP,content,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$opt .= ""'; } return $opt; }" 2883,"public static function getParam($param, $post_id) { $sql = ""SELECT * FROM `posts_param` WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' LIMIT 1""; $q = Db::result($sql); if (Db::$num_rows > 0) { return $q[0]->value; }else{ return ''; } }",True,PHP,getParam,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function format($date, $format = '') { $timezone = self::$timezone; $time = strtotime($date); (empty($format)) ? $format = 'j F Y H:i A T' : $format = $format; $date = new DateTime($date); $date->setTimezone(new DateTimeZone(self::$timezone)); $newdate = $date->format($format); return $newdate; }" 2885,"$content = ($vars['excerpt'])? substr( strip_tags( Typo::Xclean($p->content) ), 0, $excerptMax): """"; echo ""

  • id).""\"">{$p->title}

    "".$content.""

    • ""; }",True,PHP,substr,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function local($date, $format = '') { setlocale(LC_TIME, Options::v('country_id')); (empty($format)) ? $format = '% $date = new DateTime($date); $date->setTimezone(new DateTimeZone(self::$timezone)); $newdate = $date->format('Y/m/j H:i:s'); $newdate = strftime($format, strtotime($newdate)); return $newdate.' '.$date->format('T'); }" 2887,"public static function unpublish($id) { $id = Typo::int($id); $ins = array( 'table' => 'posts', 'id' => $id, 'key' => array( 'status' => '0' ) ); $post = Db::update($ins); return $post; }",True,PHP,unpublish,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,$q->close(); } self::$num_rows = $n; return $r; } 2888,"public static function title($id){ $sql = sprintf(""SELECT `title` FROM `posts` WHERE `id` = '%d'"", $id); try { $r = Db::result($sql); if(isset($r['error'])){ $title['error'] = $r['error']; }else{ $title = $r[0]->title; } } catch (Exception $e) { $title = $e->getMessage(); } return $title; }",True,PHP,title,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function __construct() { global $vars; if (DB_DRIVER == 'mysql') { mysql_connect(DB_HOST, DB_USER, DB_PASS); mysql_select_db(DB_NAME); } elseif (DB_DRIVER == 'mysqli') { try { self::$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); if (self::$mysqli->connect_error) { Control::error('db', self::$mysqli->connect_error); exit; } else { return true; } } catch (exception $e) { Control::error('db', $e->getMessage()); } } }" 2889,"public static function addParam($param, $value, $post_id) { $sql = array( 'table' => 'posts_param', 'key' => array( 'post_id' => $post_id, 'param' => $param, 'value' => $value ) ); $q = Db::insert($sql); if ($q) { return true; }else{ return false; } }",True,PHP,addParam,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$q = self::$mysqli->query($vars); if ($q === false) { Control::error('db', 'Query failed: '.self::$mysqli->error.""
    \n""); } } return $q; }" 2892,"public static function extract ($var, $m) { foreach ($var as $k2 => $v2) { if ($k2 != '0') { $va[] = [$k2 => $m[$v2]]; }elseif($k2 == ''){ $va = ['default']; }else{ $va = array($k2) ; } } return $va; }",True,PHP,extract,Router.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,$q = self::query($sql); } return true; } 2893,"public static function getURI () { $uri = $_SERVER['REQUEST_URI']; $uri = explode('?', $uri); if (count($uri) > 0) { unset($uri[1]); } if (self::inFolder()) { $uri = self::stripFolder($uri[0]); }else{ $uri2 = explode('/', $uri[0]); unset($uri2[0]); $uri = implode('/', $uri2); } $uri = (Options::v('permalink_use_index_php') == ""on"")? str_replace(""/index.php"", """", $uri): $uri; return '/' . trim($uri, '/'); }",True,PHP,getURI,Router.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function connect( $dbhost = DB_HOST, $dbuser = DB_USER, $dbpass = DB_PASS, $dbname = DB_NAME ) { self::$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname); if (self::$mysqli->connect_error) { return false; } else { return true; } }" 2895,}elseif($k2 == ''){ $va = ['default']; }else{,True,PHP,elseif,Router.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,$vars = self::$mysqli->escape_string($vars); } else { $vars = $vars; } return $vars; } 2898,"public static function getFolder() { $uri = explode('/', Site::$url); if(count($uri) > 3) { unset($uri[0]); unset($uri[1]); unset($uri[2]); $uri = array_values($uri); $uris = """"; for($i=0; $iquery($vars); if ($q === false) { Control::error('db', 'Query failed: '.self::$mysqli->error.""
    \n""); } } return $q; }" 2900,"public static function stripFolder($req_uri) { $uri = Site::$url; $folder = self::getFolder(); $uri2 = str_replace($folder, """", $req_uri); return $uri2; }",True,PHP,stripFolder,Router.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,$q = self::query($sql); } return true; } 2902,public static function scrap($param) { if ($param != '') { foreach ($param as $k => $v) { if (is_array($v)) { foreach ($v as $k2 => $v2) { $data[$k2] = $v2; } }else{ $data = ''; } } } else { $data = ''; } return $data; },True,PHP,scrap,Router.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$val = self::escape($val); $set .= ""'{$val}',""; $k .= ""`{$key}`,""; } $set = substr($set, 0, -1); $k = substr($k, 0, -1); $sql = sprintf('INSERT INTO `%s` (%s) VALUES (%s) ', $vars['table'], $k, $set); } else { $sql = $vars; } if (DB_DRIVER == 'mysql') { mysql_query('SET CHARACTER SET utf8'); $q = mysql_query($sql) or die(mysql_error()); self::$last_id = mysql_insert_id(); } elseif (DB_DRIVER == 'mysqli') { try { if (!self::query($sql)) { return false; } else { self::$last_id = self::$mysqli->insert_id; return true; } } catch (exception $e) { echo $e->getMessage(); } } }" 2904,"public static function inFolder() { $uri = explode('/', Site::$url); if(count($uri) > 3) { return true; }else{ return false; } }",True,PHP,inFolder,Router.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function elfinderLib() { $url = Url::ajax('elfinder'); $html = ' ""; return $html; }" 2905,public function __construct() { self::map(); },True,PHP,__construct,Router.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function admin() { User::secure(); System::gZip(); if (User::access(2)) { Control::handler('backend'); } else { Theme::admin('header'); Control::error('noaccess'); Theme::admin('footer'); } System::Zipped(); } 2909,"public static function run () { $m = self::match(); if (is_array($m)) { $val = self::extract($m[0], $m[1]); if (isset($val) && $val != null ) { return $val; }else{ $val = ['error']; return $val; } }else{ $val = ['error']; return $val; } }",True,PHP,run,Router.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { if (System::existConf()) { new System(); } else { $this->install(); } } 2911,"$regx = str_replace('/','\/', $k); if ( preg_match('/^'.$regx.'$/Usi', $uri, $m) ) { $result = [$v,$m]; return $result; } } }",True,PHP,str_replace,Router.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function index() { System::gZip(); Control::handler('frontend'); System::Zipped(); } 2913,"public static function add($var) { $route = self::$_route; self::$_route = array_merge($route, $var); return self::$_route; }",True,PHP,add,Router.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function install() { Session::start(); System::gZip(); Theme::install('header'); Control::handler('install'); Theme::install('footer'); System::Zipped(); } 2915,function __construct () { },True,PHP,__construct,Rss.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { self::$hooks = self::load(); } 2916,public function __construct () { },True,PHP,__construct,Session.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function filter() { $hooks = self::$hooks; $num_args = func_num_args(); $args = func_get_args(); $hook_name = array_shift($args); if (!isset($hooks[$hook_name])) { return; } if (is_array($hooks[$hook_name])) { foreach ($hooks[$hook_name] as $func) { if ($func != '') { $args = $func((array) $args); } else { $args = $args; } } $args = $args; } else { $args = $args; } $args = is_array($args) ? $args[0] : $args; return $args; } 2917,public static function get_session($vars) { },True,PHP,get_session,Session.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function load() { $hooks = array( 'init' => array(), 'header_pre_action' => array(), 'site_title_filter' => array(), 'site_desc_filter' => array(), 'site_key_filter' => array(), 'header_load_meta' => array(), 'footer_load_lib' => array(), 'post_title_filter' => array(), 'post_meta_filter' => array(), 'post_content_filter' => array(), 'post_author_filter' => array(), 'post_date_filter' => array(), 'post_category_filter' => array(), 'post_submit_add_action' => array(), 'post_sqladd_action' => array(), 'post_submit_edit_action' => array(), 'post_sqledit_action' => array(), 'post_submit_title_filter' => array(), 'post_submit_content_filter' => array(), 'post_submit_category_filter' => array(), 'post_delete_action' => array(), 'post_sqldel_action' => array(), 'user_submit_add_action' => array(), 'user_sqladd_action' => array(), 'user_submit_edit_action' => array(), 'user_sqledit_action' => array(), 'user_delete_action' => array(), 'user_sqldel_action' => array(), 'user_reg_action' => array(), 'user_login_action' => array(), 'user_logout_action' => array(), 'user_activation_action' => array(), 'admin_page_notif_action' => array(), 'admin_page_top_action' => array(), 'admin_page_bottom_action' => array(), 'admin_page_dashboard_action' => array(), 'admin_page_dashboard_statslist_action' => array(), 'module_install_action' => array(), 'theme_install_action' => array(), 'mod_control' => array(), ); return $hooks; }" 2922,"private static function sesKey() { $ip = $_SERVER['REMOTE_ADDR']; $browser = $_SERVER['HTTP_USER_AGENT']; $dt = date(""Y-m-d H""); $key = md5($ip.$browser.$dt); return $key; }",True,PHP,sesKey,Session.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function attach($hooks_name, $func) { $hooks = self::$hooks; $hooks[$hooks_name][] = $func; self::$hooks = $hooks; return self::$hooks; }" 2924,public static function remove($var) { unset($_SESSION['gxsess']['val'][$var]); },True,PHP,remove,Session.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function run() { $hooks = self::$hooks; $num_args = func_num_args(); $args = func_get_args(); $hook_name = array_shift($args); if (!isset($hooks[$hook_name])) { return; } if (is_array($hooks[$hook_name])) { $val = ''; foreach ($hooks[$hook_name] as $func) { if ($func != '') { $val .= $func((array) $args); } else { $val .= $args; } } return $val; } } 2926,public static function val ($vars) { $val = $_SESSION['gxsess']['val']; foreach ($val as $k => $v) { switch ($k) { case $vars: return $v; break; default: break; } } },True,PHP,val,Session.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function getKey($var) { return self::$hooks[$var]; } 2927,public static function destroy () { session_destroy(); unset($_SESSION['gxsess']); },True,PHP,destroy,Session.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function add() { } 2928,"public static function start() { session_name('GeniXCMS'); session_start(); if (!isset($_SESSION['gxsess']) || $_SESSION['gxsess'] == """" ) { $_SESSION['gxsess'] = array ( 'key' => self::sesKey(), 'time' => date(""Y-m-d H:i:s""), 'val' => array() ); } $GLOBALS['start_time'] = microtime(TRUE); }",True,PHP,start,Session.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { } 2932,public static function set($vars) { self::set_session($vars); },True,PHP,set,Session.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function resize($src, $dst, $width, $height, $crop = 0) { if (!list($w, $h) = getimagesize($src)) { return 'Unsupported picture type!'; } $type = strtolower(substr(strrchr($src, '.'), 1)); if ($type == 'jpeg') { $type = 'jpg'; } switch ($type) { case 'bmp': $img = imagecreatefromwbmp($src); break; case 'gif': $img = imagecreatefromgif($src); break; case 'jpg': $img = imagecreatefromjpeg($src); break; case 'png': $img = imagecreatefrompng($src); break; default: return 'Unsupported picture type!'; } if ($crop) { if ($w < $width or $h < $height) { return 'Picture is too small!'; } $ratio = max($width / $w, $height / $h); $h = $height / $ratio; $x = ($w - $width / $ratio) / 2; $w = $width / $ratio; } else { if ($w < $width and $h < $height) { return 'Picture is too small!'; } $ratio = min($width / $w, $height / $h); $width = $w * $ratio; $height = $h * $ratio; $x = 0; } $new = imagecreatetruecolor($width, $height); if ($type == 'gif' or $type == 'png') { imagecolortransparent($new, imagecolorallocatealpha($new, 0, 0, 0, 127)); imagealphablending($new, false); imagesavealpha($new, true); } imagecopyresampled($new, $img, 0, 0, $x, 0, $width, $height, $w, $h); switch ($type) { case 'bmp': imagewbmp($new, $dst); break; case 'gif': imagegif($new, $dst); break; case 'jpg': imagejpeg($new, $dst); break; case 'png': imagepng($new, $dst); break; } return true; }" 2933,"public static function set_session($vars) { if (is_array($vars)) { if(is_array($_SESSION['gxsess']['val'])){ $arr = array_merge($_SESSION['gxsess']['val'], $vars); $_SESSION['gxsess']['val'] = $arr; }else{ $_SESSION['gxsess']['val'] = $vars; } } }",True,PHP,set_session,Session.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function makeConfig($file) { $config = ""getMessage(); } return $config; }" 2938,"$logo = """"; }else{ $logo = """"; } return $logo; }",True,PHP,v,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function insertData() { require_once GX_PATH.'/inc/config/config.php'; $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', '{$url}/favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-sign-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpport', '25'), (null, 'timezone', 'Asia/Jakarta'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.12.0'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nfeedburner.google.com/fb/a/pingSubmit?bloglink=http%3A%2F%2F{{domain}}'), (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', ''), (null, 'tokens', ''), (null, 'modules', ''), (null, 'themes', 'default'), (null, 'system_lang', 'english'), (null, 'charset', 'utf-8'), (null, 'google_captcha_sitekey', ''), (null, 'google_captcha_secret', ''), (null, 'google_captcha_lang', 'en'), (null, 'google_captcha_enable', 'off'), (null, 'multilang_enable', 'off'), (null, 'multilang_default', ''), (null, 'multilang_country', ''), (null, 'system_check', '{}'), (null, 'permalink_use_index_php', 'off'), (null, 'pinger_enable', 'on') ""; $db->query($options); }" 2940,"public static function footer(){ global $data; $foot =""""; $bs = Options::v('use_bootstrap'); if($bs == 'on'){ $foot .= "" \n""; } $jquery = Options::v('use_jquery'); $jquery_v = Options::v('jquery_v'); if($jquery == 'on'){ $foot .= "" ""; } $fa = Options::v('use_fontawesome'); if($fa == 'on'){ $foot .= "" ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" ""; $foot .= $GLOBALS['validator_js']; } echo $foot; echo Hooks::run('footer_load_lib', $data); }",True,PHP,footer,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { } 2942,"public static function generated(){ $end_time = microtime(TRUE); $time_taken = $end_time - $GLOBALS['start_time']; $time_taken = round($time_taken,5); echo '
    Page generated in '.$time_taken.' seconds.
    '; }",True,PHP,generated,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,$keys = array_keys($value); if ($keys[0] == $lang) { $lang = $multilang[$key][$lang]; return $lang; } } } } 2943,"public function __construct() { global $GLOBALS, $data; self::$editors =& $GLOBALS; self::$data =& $data; self::$url = Options::v('siteurl'); self::$domain = Options::v('sitedomain'); self::$name = Options::v('sitename'); self::$key = Options::v('sitekeywords'); self::$desc = Options::v('sitedesc'); self::$email = Options::v('siteemail'); self::$slogan = Options::v('siteslogan'); }",True,PHP,__construct,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function getDefaultLang() { $def = Options::v('multilang_default'); $lang = json_decode(Options::v('multilang_country'), true); $deflang = $lang[$def]; return $deflang; }" 2944,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".self::$desc),0,150); }else{ $desc = substr(self::$desc,0,150); } $desc = Hooks::filter('site_desc_filter', $desc); return $desc; }",True,PHP,desc,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function isActive() { switch (SMART_URL) { case true: if (Options::v('multilang_enable') === 'on') { $langs = Session::val('lang'); if ($langs != '') { $lang = Session::val('lang'); } else { $lang = ''; } } else { $lang = ''; } break; default: if (Options::v('multilang_enable') === 'on') { $langs = Session::val('lang'); if ($langs != '') { $lang = Session::val('lang'); } else { $lang = isset($_GET['lang']) ? $_GET['lang'] : ''; } } else { $lang = ''; } break; } return $lang; } 2948,public function __construct() { },True,PHP,__construct,Sitemap.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"
    • ""; } $html .= ''; Hooks::attach('footer_load_lib', array('Language', 'flagLib')); } return $html; }" 2949,"public static function addViews($id) { $botlist = self::botlist(); $nom = 0; foreach($botlist as $bot) { if(preg_match(""/{$bot}/"", $_SERVER['HTTP_USER_AGENT'])) { $nom = 1+$nom; }else{ $nom = 0; } } if ($nom == 0) { $sql = ""UPDATE `posts` SET `views` = `views`+1 WHERE `id` = '{$id}' LIMIT 1""; $q = Db::query($sql); } }",True,PHP,addViews,Stats.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { self::setActive(); } 2951,"public static function totalCat($vars) { $posts = Db::result(""SELECT `id` FROM `cat` WHERE `type` = '{$vars}'""); $npost = Db::$num_rows; return $npost; }",True,PHP,totalCat,Stats.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$file = explode('.', $lang); if ($var == $file[0]) { $sel = 'SELECTED'; } else { $sel = ''; } $opt .= """"; } return $opt; }" 2952,"public static function botlist() { $botlist = array( ""Teoma"", ""alexa"", ""froogle"", ""inktomi"", ""looksmart"", ""URL_Spider_SQL"", ""Firefly"", ""NationalDirectory"", ""Ask Jeeves"", ""TECNOSEEK"", ""InfoSeek"", ""WebFindBot"", ""girafabot"", ""crawler"", ""www.galaxy.com"", ""Googlebot"", ""Scooter"", ""Slurp"", ""appie"", ""FAST"", ""WebBug"", ""Spade"", ""ZyBorg"", ""rabaz"", ""Twitterbot"", ""MJ12bot"", ""AhrefsBot"", ""bingbot"", ""YandexBot"", ""spbot"" ); return $botlist; }",True,PHP,botlist,Stats.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function flagLib() { return ''; }" 2955,"public static function totalUser() { $posts = Db::result(""SELECT `id` FROM `user` WHERE `group` > '0' ""); $npost = Db::$num_rows; return $npost; }",True,PHP,totalUser,Stats.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function getList() { $handle = dir(GX_PATH.'/inc/lang/'); while (false !== ($entry = $handle->read())) { if ($entry != '.' && $entry != '..') { $file = GX_PATH.'/inc/lang/'.$entry; $ext = pathinfo($file, PATHINFO_EXTENSION); if (is_file($file) == true && $ext == 'php') { $lang[] = $entry; } } } $handle->close(); return $lang; }" 2957,public function __construct() { },True,PHP,__construct,Stats.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { self::$smtphost = Options::v('smtphost'); self::$smtpuser = Options::v('smtpuser'); self::$smtppass = Options::v('smtppass'); self::$smtpport = Options::v('smtpport'); self::$siteemail = Options::v('siteemail'); self::$sitename = Options::v('sitename'); } 2960,"public static function totalPost($vars) { $posts = Db::result(""SELECT `id` FROM `posts` WHERE `type` = '{$vars}'""); $npost = Db::$num_rows; return $npost; }",True,PHP,totalPost,Stats.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$mail = new PHPMailer(true); try { $mail->isSMTP(); $mail->SMTPDebug = 0; $mail->Debugoutput = 'html'; $mail->Host = self::$smtphost; $mail->Port = self::$smtpport; $mail->SMTPAuth = true; $mail->Username = self::$smtpuser; $mail->Password = self::$smtppass; $mail->setFrom(self::$siteemail, self::$sitename); $mail->addReplyTo(self::$siteemail, self::$sitename); $mail->addAddress($to, $to_name); $mail->Subject = $subject; if ($msgtype == 'text') { $mail->ContentType = 'text/plain'; $mail->IsHTML(false); $mail->Body = $message; } else { $mail->msgHTML($message); } $mail->send(); } catch (phpmailerException $e) { return $e->errorMessage(); } catch (Exception $e) { return $e->getMessage(); } } }" 2962,"public function __construct () { Session::start(); self::config('config'); new Db(); new Hooks(); Hooks::run('init'); new Options(); self::lang(Options::v('system_lang')); new Language(); new Site(); new Router(); Vendor::autoload(); Token::create(); Mod::loader(); Theme::loader(); Hooks::attach('admin_page_notif_action', array('System', 'alert')); }",True,PHP,__construct,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { } 2965,"public static function versionCheck() { $v = trim(self::latestVersion()); if ($v > self::$version) { Hooks::attach(""admin_page_notif_action"", array('System', 'versionReport')); } }",True,PHP,versionCheck,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function getMenuAdmin($menuid, $class = '') { $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if ($n > 0) { $menu = ""
    '; } else { $menu = ''; } return $menu; }" 2967,"public static function v () { return self::$version."" "".self::$v_release; }",True,PHP,v,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function delete($id) { $sql = array( 'table' => 'menus', 'where' => array( 'id' => $id, ), ); $menu = Db::delete($sql); }" 2968,"public static function getLatestVersion ($now) { $v = file_get_contents(""https: $arr = array( 'version' => trim($v), 'last_check' => $now ); $arr = json_encode($arr); Options::update('system_check', $arr); return $v; }",True,PHP,getLatestVersion,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$sql = array( 'table' => 'menus', 'id' => Typo::int($k), 'key' => $v, ); Db::update($sql); }" 2970,public static function config($var) { $file = GX_PATH.'/inc/config/'.$var.'.php'; if (file_exists($file)) { include($file); } },True,PHP,config,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function isHadParent($parent = '', $menuid = '') { if (isset($menuid)) { $where = "" AND `menuid` = '{$menuid}'""; } else { $where = ''; } if (isset($parent) && $parent != '') { $parent = "" `parent` = '{$parent}'""; } else { $parent = '1'; } $sql = sprintf('SELECT * FROM `menus` WHERE %s %s', $parent, $where); $menu = Db::result($sql); return $menu; }" 2975,public static function admin () { },True,PHP,admin,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function getId($id = '') { if (isset($id)) { $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d'"", $id); $menus = Db::result($sql); $n = Db::$num_rows; } else { $menus = ''; } return $menus; }" 2977,"public static function versionReport() { $v = self::latestVersion(); $html = ""
    Warning: Your CMS version is different with our latest version ($v). Please upgrade your system.
    ""; return $html; }",True,PHP,versionReport,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function getMenu($menuid, $class = '', $bsnav = false) { $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if ($n > 0) { $menu = ""
      ""; foreach ($menus as $m) { if ($m->parent == '0') { $parent = self::isHadParent($m->id, $menuid); $n = Db::$num_rows; if ($n > 0 && $bsnav) { $class = 'class=""dropdown""'; $aclass = 'dropdown-toggle"" data-toggle=""dropdown'; } else { $class = ''; $aclass = ''; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.''; $parent = $m->id; if ($n > 0) { $class = 'dropdown-menu'; $menu .= ""
        ""; foreach ($menus as $m2) { if ($m2->parent == $m->id) { $parent = self::isHadParent($m2->id, $menuid); $n = Db::$num_rows; if ($n > 0 && $bsnav) { $class = 'class=""dropdown-submenu""'; $aclass = 'dropdown-toggle"" data-toggle=""dropdown'; } else { $class = ''; $aclass = ''; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.''; if ($n > 0) { $class = 'dropdown-menu'; $menu .= ""
          ""; foreach ($menus as $m3) { if ($m3->parent == $m2->id) { $parent = self::isHadParent($m3->id, $menuid); $n = Db::$num_rows; if ($n > 0 && $bsnav) { $class = 'class=""dropdown-submenu""'; $aclass = 'dropdown-toggle"" data-toggle=""dropdown'; } else { $class = ''; $aclass = ''; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.''; if ($n > 0) { $class = 'dropdown-menu'; $menu .= ""
            ""; foreach ($menus as $m4) { if ($m4->parent == $m3->id) { $parent = self::isHadParent($m4->id, $menuid); $n = Db::$num_rows; if ($n > 0 && $bsnav) { $class = 'class=""dropdown-submenu""'; $aclass = 'dropdown-toggle"" data-toggle=""dropdown'; } else { $class = ''; $aclass = ''; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.''; $menu .= '
            • '; } } $menu .= '
          '; } $menu .= '
          • '; } } $menu .= '
        '; } $menu .= '
        • '; } } $menu .= '
      '; } $menu .= '
      • '; } } $menu .= '
    '; } else { $menu = ''; } return $menu; }" 2978,public static function lib($var) { $file = GX_LIB.$var.'.class.php'; if (file_exists($file)) { include($file); } },True,PHP,lib,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function insert($vars) { if (is_array($vars)) { $sql = array( 'table' => 'menus', 'key' => $vars, ); $menu = Db::insert($sql); } }" 2981,"public static function latestVersion () { $check = json_decode(Options::v('system_check'), true); $now = strtotime(date(""Y-m-d H:i:s"")); if (isset($check['last_check']) ) { $limit = $now - $check['last_check']; if ($limit < 86400) { $v = $check['version']; }else{ $v = self::getLatestVersion($now); } }else{ $v = self::getLatestVersion($now); } return $v; }",True,PHP,latestVersion,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function getMenuRaw($menuid) { $sql = sprintf(""SELECT * FROM `menus` WHERE `menuid` = '%s' ORDER BY `order` ASC"", $menuid); $menus = Db::result($sql); $n = Db::$num_rows; return $menus; }" 2982,public static function existConf () { if(file_exists(GX_PATH.'/inc/config/config.php')){ return true; }else{ return false; } },True,PHP,existConf,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function update($vars) { if (is_array($vars)) { $sql = array( 'table' => 'menus', 'id' => $vars['id'], 'key' => $vars['key'], ); $menu = Db::update($sql); } }" 2983,"public static function inc ($vars, $data = """") { $file = GX_PATH.'/gxadmin/inc/'.$vars.'.php'; if (file_exists($file)) { include($file); } }",True,PHP,inc,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function getParent($id) { $q = self::getId($id); return $q[0]->parent; } 2984,"public static function alert($data) { global $data; if (isset($data['alertSuccess'])) { echo ""
    ""; foreach ($data['alertSuccess'] as $alert) { echo ""$alert\n""; } echo ""
    ""; } if (isset($data['alertDanger'])) { echo ""
    ""; foreach ($data['alertDanger'] as $alert) { echo ""$alert\n""; } echo ""
    ""; } if (isset($data['alertInfo'])) { echo ""
    ""; foreach ($data['alertInfo'] as $alert) { echo ""$alert\n""; } echo ""
    ""; } if (isset($data['alertWarning'])) { echo ""
    ""; foreach ($data['alertWarning'] as $alert) { echo ""$alert\n""; } echo ""
    ""; } if (isset($data['alertDefault'])) { echo ""
    ""; foreach ($data['alertDefault'] as $alert) { echo ""$alert\n""; } echo ""
    ""; } }",True,PHP,alert,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function modList() { $handle = dir(GX_MOD); while (false !== ($entry = $handle->read())) { if ($entry != '.' && $entry != '..') { $dir = GX_MOD.$entry; if (is_dir($dir) == true) { $mod[] = basename($dir); } } } $handle->close(); return $mod; } 2985,"public static function Zipped () { global $HTTP_ACCEPT_ENCODING; if( headers_sent() ){ $encoding = false; }elseif( strpos($HTTP_ACCEPT_ENCODING, 'x-gzip') !== false ){ $encoding = 'x-gzip'; }elseif( strpos($HTTP_ACCEPT_ENCODING,'gzip') !== false ){ $encoding = 'gzip'; }else{ $encoding = false; } if( $encoding ){ $contents = ob_get_contents(); ob_end_clean(); header('Content-Encoding: '.$encoding); print(""\x1f\x8b\x08\x00\x00\x00\x00\x00""); $size = strlen($contents); $contents = gzcompress($contents, 9); $contents = substr($contents, 0, $size); print($contents); exit(); }else{ ob_end_flush(); exit(); } }",True,PHP,Zipped,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function activate($mod) { $json = Options::v('modules'); $mods = json_decode($json, true); if (!is_array($mods) || $mods == '') { $mods = array(); } if (!in_array($mod, $mods)) { $mods = array_merge($mods, array($mod)); } $mods = json_encode($mods); $mods = Options::update('modules', $mods); if ($mods) { new Options(); return true; } else { return false; } }" 2986,public static function gZip () { ob_start(); ob_implicit_flush(0); },True,PHP,gZip,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function loader() { $data = ''; if (User::access(0)) { if (isset($_GET['page']) && $_GET['page'] == 'modules') { if (isset($_GET['act'])) { if ($_GET['act'] == ACTIVATE) { if (!Token::isExist($_GET['token'])) { $alertDanger[] = TOKEN_NOT_EXIST; } if (!isset($alertDanger)) { self::activate($_GET['modules']); $GLOBALS['alertSuccess'] = MODULES_ACTIVATED; } else { $GLOBALS['alertDanger'] = $alertDanger; } } elseif ($_GET['act'] == DEACTIVATE) { if (!Token::isExist($_GET['token'])) { $alertDanger[] = TOKEN_NOT_EXIST; } if (!isset($alertDanger)) { self::deactivate($_GET['modules']); $GLOBALS['alertSuccess'] = MODULES_DEACTIVATED; } else { $GLOBALS['alertDanger'] = $alertDanger; } } elseif ($_GET['act'] == 'remove') { if (!Token::isExist($_GET['token'])) { $alertDanger[] = TOKEN_NOT_EXIST; } if (self::isActive($_GET['modules'])) { $alertDanger[] = 'Module is Active. Please deactivate first.'; } if (!isset($alertDanger)) { self::deactivate($_GET['modules']); Files::delTree(GX_MOD.'/'.$_GET['modules']); $GLOBALS['alertSuccess'] = MODULES_DELETED; } else { $GLOBALS['alertDanger'] = $alertDanger; } } } } } $json = Options::v('modules'); $mods = json_decode($json, true); if (!is_array($mods) || $mods == '') { $mods = array(); } foreach ($mods as $m) { if (self::exist($m)) { self::load($m); } } return $data; }" 2990,public static function lang($vars) { $file = GX_PATH.'/inc/lang/'.$vars.'.lang.php'; if (file_exists($file)) { include($file); } },True,PHP,lang,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function deactivate($mod) { $mods = Options::v('modules'); $mods = json_decode($mods, true); if (!is_array($mods) || $mods == '') { $mods = array(); } $arr = ''; for ($i = 0; $i < count($mods); ++$i) { if ($mods[$i] == $mod) { } else { $arr[] = $mods[$i]; } } $mods = json_encode($arr); $mods = Options::update('modules', $mods); if ($mods) { new Options(); return true; } else { return false; } }" 2992,public static function dropdown($vars) { return Categories::dropdown($vars); },True,PHP,dropdown,Tags.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function mod($var) { self::load($var); } 2996,public static function delete($id){ return Categories::delete($id); },True,PHP,delete,Tags.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function load($mod) { $file = GX_MOD.'/'.$mod.'/index.php'; if (file_exists($file)) { include $file; } } 2997,public static function type($id) { return Categories::type($id); },True,PHP,type,Tags.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function data($vars) { $file = GX_MOD.'/'.$vars.'/index.php'; $handle = fopen($file, 'r'); $data = fread($handle, filesize($file)); fclose($handle); preg_match('/\* Name: (.*)\s\*/Us', $data, $matches); $d['name'] = $matches[1]; preg_match('/\* Desc: (.*)\s\*/Us', $data, $matches); $d['desc'] = $matches[1]; preg_match('/\* Version: (.*)\s\*/Us', $data, $matches); $d['version'] = $matches[1]; preg_match('/\* Build: (.*)\s\*/Us', $data, $matches); $d['build'] = $matches[1]; preg_match('/\* Developer: (.*)\s\*/Us', $data, $matches); $d['developer'] = $matches[1]; preg_match('/\* URI: (.*)\s\*/Us', $data, $matches); $d['url'] = $matches[1]; preg_match('/\* License: (.*)\s\*/Us', $data, $matches); $d['license'] = $matches[1]; preg_match('/\* Icon: (.*)\s\*/Us', $data, $matches); $d['icon'] = $matches[1]; return $d; }" 2998,"public static function add($tags) { $tag = explode("","", $tags); foreach ($tag as $t) { if (self::exist($t)) { return false; }else{ $slug = Typo::slugify(Typo::cleanX($t)); $cat = Typo::cleanX($t); $tag = Db::insert( sprintf(""INSERT INTO `cat` VALUES (null, '%s', '%s', '%d', '', 'tag' )"", $cat, $slug, 0 ) ); return true; } } }",True,PHP,add,Tags.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function options($var) { $file = GX_MOD.$var.'/options.php'; if (file_exists($file)) { include $file; } } 3000,"public static function exist($tag) { $sql = ""SELECT `name` FROM `cat` WHERE `name` = '{$tag}'""; $q = Db::result($sql); if (Db::$num_rows > 0) { return true; }else{ return false; } }",True,PHP,exist,Tags.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function inc($vars, $data, $dir) { $file = $dir.'/'.$vars.'.php'; if (file_exists($file)) { include $file; } }" 3001,public static function name($id) { return Categories::name($id); },True,PHP,name,Tags.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function exist($mod) { $file = GX_MOD.'/'.$mod.'/options.php'; if (file_exists($file)) { return true; } else { return false; } } 3004,public static function getParent($id=''){ return Categories::getParent($id); },True,PHP,getParent,Tags.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { self::loader(); } 3007,public function __construct() { },True,PHP,__construct,Tags.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function url($mod) { $url = Site::$url.'/inc/mod/'.$mod; return $url; } 3008,public static function lists($vars) { return Categories::lists($vars); },True,PHP,lists,Tags.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function isActive($mod) { $json = Options::v('modules'); $mods = json_decode($json, true); if (!is_array($mods) || $mods == '') { $mods = array(); } if (in_array($mod, $mods)) { return true; } else { return false; } }" 3010,"public static function loader(){ $theme = Options::v('themes'); define('THEME', $theme); self::incFunc($theme); }",True,PHP,loader,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { self::$_data = self::load(); } 3011,public function __construct() { global $GLOBALS; },True,PHP,__construct,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$post = Db::query(""UPDATE `options` SET `value`='{$v}' WHERE `name` = '{$k}' LIMIT 1""); } } else { $post = Db::query(""UPDATE `options` SET `value`='{$val}' WHERE `name` = '{$key}' LIMIT 1""); } return $post; }" 3012,"public static function thmList(){ $handle = dir(GX_THEME); while (false !== ($entry = $handle->read())) { if ($entry != ""."" && $entry != "".."" ) { $dir = GX_THEME.$entry; if(is_dir($dir) == true){ $thm[] = basename($dir); } } } $handle->close(); return $thm; }",True,PHP,thmList,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$ins = array( 'table' => 'options', 'key' => array( 'name' => $name, 'value' => $value, ), ); $opt = Db::insert($ins); } } else {" 3015,public static function functionExist($var) { if (file_exists(GX_THEME.$var.'/function.php')) { return true; }else{ return false; } },True,PHP,functionExist,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function get($vars) { $op = Db::result(""SELECT `value` FROM `options` WHERE `name` = '{$vars}' LIMIT 1""); if (Db::$num_rows > 0) { return $op[0]->value; } else { return false; } }" 3017,"public static function footer($vars=""""){ global $GLOBALS; if (isset($vars)) { $GLOBALS['data'] = $vars; self::theme('footer', $vars); }else{ self::theme('footer'); } }",True,PHP,footer,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function v($vars) { $opt = self::$_data; foreach ($opt as $k => $v) { if ($v->name == $vars) { return $v->value; } } } 3018,"public static function thmMenu(){ $thm = Options::v('themes'); $list = ''; $data = self::data($thm); if(isset($_GET['page']) && $_GET['page'] == 'themes' && isset($_GET['view']) && $_GET['view'] == 'options'){ $class = 'class=""active""'; }else{ $class = """"; } if (self::optionsExist($thm)) { $active = (isset($_GET['page']) && $_GET['page'] == 'themes' && isset($_GET['view']) && $_GET['view'] == 'options')?""class=\""active\"""":""""; $list .= ""
  • "".$data['icon']."" "".$data['name'].""
    • ""; }else{ $list = ''; } return $list; }",True,PHP,thmMenu,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function load() { $op = Db::result('SELECT * FROM `options` ORDER BY `id` ASC'); if (Db::$num_rows > 0) { return $op; } else { return false; } } 3020,public static function incFunc($var) { if (self::functionExist($var)) { include(GX_THEME.$var.'/function.php'); } },True,PHP,incFunc,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$p = $vars['paging'] - (ceil($maxpage / 2) - 1); $limit = $curr + ceil($maxpage / 2) - 1; } else { $p = $vars['paging'] - (ceil($maxpage / 2) - 1); $limit = $curr + floor($maxpage / 2); } for ($i = $p; $i <= $limit ; ++$i) { if ($smart == true) { $url = $vars['url'].'/paging/'.$i; } else { $url = $vars['url'].'&paging='.$i; } if ($vars['paging'] == $i) { $sel = 'class=""active""'; } else { $sel = ''; } $r .= ""
  • $i
    • ""; } $r .= ''; } elseif (isset($vars['type']) && $vars['type'] == 'pager') {" 3023,public static function exist ($vars) { if(file_exists(GX_THEME.THEME.'/'.$vars.'.php')) { return true; }else{ return false; } },True,PHP,exist,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { } 3024,"public static function validator($vars =""""){ $GLOBALS['validator'] = true; $GLOBALS['validator_js'] = $vars; }",True,PHP,validator,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"} elseif ($vars['paging'] < $limit || $vars['paging'] = $limit) { $prev = ($vars['paging']) - 1; if ($smart == true) { $url = $vars['url'].'/paging/'.$prev; } else { $url = $vars['url'].'&paging='.$prev; } $r .= ""
  • Previous
    • ""; }" 3026,"public static function admin($var, $data='') { if (isset($data)) { $GLOBALS['data'] = $data; } include(GX_PATH.'/gxadmin/themes/'.$var.'.php'); }",True,PHP,admin,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,self::rpc($p); } } } 3030,public static function install ($var) { include(GX_PATH.'/gxadmin/themes/install/'.$var.'.php'); },True,PHP,install,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function rpc($url) { new self(); $url = 'http: $client = new IXR\Client\Client($url, false, 80, 3); if ($client->query('weblogUpdates.extendedPing', self::$myBlogName, self::$myBlogUrl, self::$myBlogUpdateUrl, self::$myBlogRSSFeedUrl)) { return $client->getResponse(); } if ($client->query('weblogUpdates.ping', self::$myBlogName, self::$myBlogUrl)) { return $client->getResponse(); } return false; }" 3031,"public static function activate($thm) { if (Options::update('themes', $thm)) { new Options(); return true; }else{ return false; } }",True,PHP,activate,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,self::rpc($p); } } } 3035,public static function optionsExist($var) { if (file_exists(GX_THEME.$var.'/options.php')) { return true; }else{ return false; } },True,PHP,optionsExist,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function rpc($url) { new self(); $url = 'http: $client = new IXR\Client\Client($url, false, 80, 3); if ($client->query('weblogUpdates.extendedPing', self::$myBlogName, self::$myBlogUrl, self::$myBlogUpdateUrl, self::$myBlogRSSFeedUrl)) { return $client->getResponse(); } if ($client->query('weblogUpdates.ping', self::$myBlogName, self::$myBlogUrl)) { return $client->getResponse(); } return false; }" 3037,public static function isActive($thm){ if(Options::v('themes') === $thm){ return true; }else{ return false; } },True,PHP,isActive,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { self::$myBlogName = Options::v('sitename'); self::$myBlogUrl = Options::v('siteurl'); self::$myBlogUpdateUrl = Options::v('siteurl'); self::$myBlogRSSFeedUrl = Url::rss(); } 3039,"public static function header($vars=""""){ header(""Cache-Control: must-revalidate,max-age=300,s-maxage=900""); $offset = 60 * 60 * 24 * 3; $ExpStr = ""Expires: "" . gmdate(""D, d M Y H:i:s"", time() + $offset) . "" GMT""; header($ExpStr); header(""Content-Type: text/html; charset=utf-8""); if (isset($vars)) { $GLOBALS['data'] = $vars; self::theme('header', $vars); }else{ self::theme('header'); } }",True,PHP,header,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function delete($id) { $id = Typo::int($id); try { $vars1 = array( 'table' => 'posts', 'where' => array( 'id' => $id, ), ); $d = Db::delete($vars1); $vars2 = array( 'table' => 'posts_param', 'where' => array( 'post_id' => $id, ), ); $d = Db::delete($vars2); Hooks::run('post_sqldel_action', $id); return true; } catch (Exception $e) { return $e->getMessage(); } }" 3041,"public static function theme($var, $data='') { if (isset($data)) { $GLOBALS['data'] = $data; } if (self::exist($var)) { include(GX_THEME.THEME.'/'.$var.'.php'); }else{ Control::error('unknown','Theme file is missing.'); } }",True,PHP,theme,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function insert($vars) { if (is_array($vars)) { $slug = Typo::slugify($vars['title']); $vars = array_merge($vars, array('slug' => $slug)); $ins = array( 'table' => 'posts', 'key' => $vars, ); $post = Db::insert($ins); self::$last_id = Db::$last_id; Hooks::run('post_sqladd_action', $vars, self::$last_id); if (Pinger::is_on()) { $pinger = Options::v('pinger'); Pinger::run($pinger); } } return $post; }" 3042,public static function editor($mode = 'light'){ $editor = Options::v('use_editor'); if($editor == 'on'){ $GLOBALS['editor'] = true; }else{ $GLOBALS['editor'] = false; } if ($mode == 'light') { $GLOBALS['editor_mode'] = 'light'; }else{ $GLOBALS['editor_mode'] = 'full'; } },True,PHP,editor,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function dropdown($vars) { if (is_array($vars)) { $name = $vars['name']; $where = ""WHERE `status` = '1' AND ""; if (isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; } else { $where .= ' '; } $where .= "" `status` = '1' ""; $order_by = 'ORDER BY '; if (isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; } else { $order_by .= ' `name` '; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; } else { $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = ""'; return $drop; }" 3043,"public static function data($vars){ $file = GX_THEME.'/'.$vars.'/themeinfo.php'; $handle = fopen($file, 'r'); $data = fread($handle, filesize($file)); fclose($handle); preg_match('/\* Name: (.*)\n\*/U', $data, $matches); $d['name'] = $matches[1]; preg_match('/\* Desc: (.*)\n\*/U', $data, $matches); $d['desc'] = $matches[1]; preg_match('/\* Version: (.*)\n\*/U', $data, $matches); $d['version'] = $matches[1]; preg_match('/\* Build: (.*)\n\*/U', $data, $matches); $d['build'] = $matches[1]; preg_match('/\* Developer: (.*)\n\*/U', $data, $matches); $d['developer'] = $matches[1]; preg_match('/\* URI: (.*)\n\*/U', $data, $matches); $d['url'] = $matches[1]; preg_match('/\* License: (.*)\n\*/U', $data, $matches); $d['license'] = $matches[1]; preg_match('/\* Icon: (.*)\n\*/U', $data, $matches); $d['icon'] = $matches[1]; return $d; }",True,PHP,data,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function recent($vars) { $catW = isset($vars['cat']) ? "" AND `cat` = '"".$vars['cat'].""'"" : ''; $type = isset($vars['type']) ? $vars['type'] : 'post'; $num = isset($vars['num']) ? $vars['num'] : '10'; $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' {$catW} AND `status` = '1' ORDER BY `date` DESC LIMIT {$num}""; $posts = Db::result($sql); if (isset($posts['error'])) { $posts['error'] = 'No Posts found.'; } else { $posts = self::prepare($posts); } return $posts; }" 3045,public static function options($var) { if (self::optionsExist($var)) { include(GX_THEME.$var.'/options.php'); } },True,PHP,options,Theme.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function publish($id) { $id = Typo::int($id); $ins = array( 'table' => 'posts', 'id' => $id, 'key' => array( 'status' => '1', ), ); $post = Db::update($ins); return $post; }" 3050,"public function getSimilar($id){ $url = ""http: $similar = $this->curl($url); return $similar; }",True,PHP,getSimilar,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { } 3052,"public function getPLaying(){ $url = ""http: $now_playing = $this->curl($url); return $now_playing; }",True,PHP,getPLaying,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function format($post, $id) { $post = Typo::Xclean($post); $more = explode('[[--readmore--]]', $post); if (count($more) > 1) { $post = explode('[[--readmore--]]', $post); $post = $post[0].' '.READ_MORE.''; } else { $post = $post; } $post = Hooks::filter('post_content_filter', $post); return $post; }" 3055,"public function getCast($id){ $url = ""http: $cast = $this->curl($url); return $cast; }",True,PHP,getCast,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function existParam($param, $post_id) { $sql = ""SELECT * FROM `posts_param` WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' LIMIT 1""; $q = Db::result($sql); if (Db::$num_rows > 0) { return true; } else { return false; } }" 3056,"public function search($q, $page=''){ $q = str_replace(' ', '+', trim($q)); if(isset($page) && $page !=''){ $page = ""&page="".$page; }else{ $page = """"; } $url = ""http: $search = $this->curl($url); return $search; }",True,PHP,search,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$posts_arr = json_decode(json_encode($posts), false); $post_arr[] = $posts_arr; $post = $post_arr; } } else { $post = $post; } } else {" 3058,"public function getUpcoming(){ $url = ""http: $upcoming = $this->curl($url); return $upcoming; }",True,PHP,getUpcoming,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function editParam($param, $value, $post_id) { $sql = ""UPDATE `posts_param` SET `value` = '{$value}' WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' ""; $q = Db::query($sql); if ($q) { return true; } else { return false; } }" 3061,"public function getMovie($id){ $url = ""http: $movie = $this->curl($url); return $movie; }",True,PHP,getMovie,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function delParam($param, $post_id) { $sql = ""DELETE FROM `posts_param` WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' LIMIT 1""; $q = Db::query($sql); if ($q) { return true; } else { return false; } }" 3064,"function getConfig($apikey){ $url = ""http: $config = $this->curl($url); return $config; }",True,PHP,getConfig,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function update($vars) { if (is_array($vars)) { $id = Typo::int($_GET['id']); $ins = array( 'table' => 'posts', 'id' => $id, 'key' => $vars, ); $post = Db::update($ins); Hooks::run('post_sqladd_action', $vars, $id); if (Pinger::is_on()) { $pinger = Options::v('pinger'); Pinger::run($pinger); } } return $post; }" 3065,"public function getMovieData($id){ $getMovie = $this->getMovie($id); $getCast = $this->getCast($id); $getImage = $this->getImage($id); $data = array_merge($getMovie, $getCast); $data = array_merge($data, $getImage); return $data; }",True,PHP,getMovieData,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function content($vars) { $post = Typo::Xclean($vars); preg_match_all(""[[\-\-readmore\-\-]]"", $post, $more); if (is_array($more[0])) { $post = str_replace('[[--readmore--]]', '', $post); } else { $post = $post; } $post = Hooks::filter('post_content_filter', $post); return $post; }" 3067,"public function getLatest(){ $url = ""http: $latest = $this->curl($url); return $latest; }",True,PHP,getLatest,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function getParam($param, $post_id) { $sql = ""SELECT * FROM `posts_param` WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' LIMIT 1""; $q = Db::result($sql); if (Db::$num_rows > 0) { return $q[0]->value; } else { return ''; } }" 3069,"public function getImage($id){ $url = ""http: $cast = $this->curl($url); return $cast; }",True,PHP,getImage,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$content = ($vars['excerpt'] === true) ? substr( strip_tags( Typo::Xclean($p->content) ), 0, $excerptMax ) : ''; echo '
  • '; echo (isset($vars['title']) && $vars['title'] === true) ? '

    id).""\"">{$p->title}

    "" : ''; echo (isset($vars['date']) && $vars['date'] === true) ? 'posted on : '.Date::local($p->date).' ' : ''; echo (isset($vars['author']) && $vars['author'] === true) ? 'by : '.$p->author.'' : ''; echo (isset($vars['excerpt']) && $vars['excerpt'] === true) ? '

    '.$content.'

    ' : ''; echo '
    • '; }" 3071,"private function curl($url){ $ca = curl_init(); curl_setopt($ca, CURLOPT_URL, $url); curl_setopt($ca, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ca, CURLOPT_HEADER, FALSE); curl_setopt($ca, CURLOPT_HTTPHEADER, array(""Accept: application/json"")); $response = curl_exec($ca); curl_close($ca); $result = json_decode($response, true); return $result; }",True,PHP,curl,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function unpublish($id) { $id = Typo::int($id); $ins = array( 'table' => 'posts', 'id' => $id, 'key' => array( 'status' => '0', ), ); $post = Db::update($ins); return $post; }" 3072,function __construct($apikey){ $this->apikey = $apikey; $this->config = $this->getConfig($apikey); },True,PHP,__construct,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function title($id) { $sql = sprintf(""SELECT `title` FROM `posts` WHERE `id` = '%d'"", $id); try { $r = Db::result($sql); if (isset($r['error'])) { $title['error'] = $r['error']; } else { $title = $r[0]->title; } } catch (Exception $e) { $title = $e->getMessage(); } return $title; }" 3073,"public function getTopRated(){ $url = ""http: $top_rated = $this->curl($url); return $top_rated; }",True,PHP,getTopRated,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function addParam($param, $value, $post_id) { $sql = array( 'table' => 'posts_param', 'key' => array( 'post_id' => $post_id, 'param' => $param, 'value' => $value, ), ); $q = Db::insert($sql); if ($q) { return true; } else { return false; } }" 3076,"public function getPopular(){ $url = ""http: $popular = $this->curl($url); return $popular; }",True,PHP,getPopular,Tmdb.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function getURI() { $uri = $_SERVER['REQUEST_URI']; $uri = explode('?', $uri); if (count($uri) > 0) { unset($uri[1]); } if (self::inFolder()) { $uri = self::stripFolder($uri[0]); } else { $uri2 = explode('/', $uri[0]); unset($uri2[0]); $uri = implode('/', $uri2); } $uri = (Options::v('permalink_use_index_php') == 'on') ? str_replace('/index.php', '', $uri) : $uri; return '/'.trim($uri, '/'); }" 3078,public function __construct () { },True,PHP,__construct,Token.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,} elseif (is_int($k2)) { $va[] = [$v2]; } else { $va = array($v2); } } 3082,"public static function isExist($token){ $json = Options::v('tokens'); $tokens = json_decode($json, true); if(!is_array($tokens) || $tokens == """"){ $tokens = array(); } if(array_key_exists($token, $tokens)){ $call = true; }else{ $call = false; } return $call; }",True,PHP,isExist,Token.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function getFolder() { $uri = explode('/', Site::$url); if (count($uri) > 3) { unset($uri[0]); unset($uri[1]); unset($uri[2]); $uri = array_values($uri); $uris = ''; for ($i = 0; $i < count($uri); ++$i) { $uris .= '/'.$uri[$i]; } return $uris; } else { return '/'; } }" 3083,public static function ridOld($tokens) { $time = time(); foreach ($tokens as $token => $value) { if ($time - $value['time'] > 3600) { unset($tokens[$token]); } } return $tokens; },True,PHP,ridOld,Token.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function stripFolder($req_uri) { $uri = Site::$url; $folder = self::getFolder(); $uri2 = str_replace($folder, '', $req_uri); return $uri2; }" 3084,"public static function remove($token){ $json = Options::v('tokens'); $tokens = json_decode($json, true); unset($tokens[$token]); $tokens = json_encode($tokens); if(Options::update('tokens',$tokens)){ return true; }else{ return false; } }",True,PHP,remove,Token.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function scrap($param) { if ($param != '') { foreach ($param as $k => $v) { if (is_array($v)) { foreach ($v as $k2 => $v2) { $data[$k2] = $v2; } } else { $data = [$v]; } } } else { $data = ''; } return $data; } 3085,"public static function json() { $token = Options::v('tokens'); $token = json_decode($token, true); $newtoken = array( TOKEN => array( 'time' => TOKEN_TIME, 'ip' => TOKEN_IP, 'url' => TOKEN_URL ) ); if(is_array($token)){ $newtoken = array_merge($token, $newtoken); } $newtoken = self::ridOld($newtoken); $newtoken = json_encode($newtoken); return $newtoken; }",True,PHP,json,Token.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function inFolder() { $uri = explode('/', Site::$url); if (count($uri) > 3) { return true; } else { return false; } }" 3088,"public static function create() { $length = ""80""; $token = """"; $codeAlphabet = ""ABCDEFGHIJKLMNOPQRSTUVWXYZ""; $codeAlphabet.= ""abcdefghijklmnopqrstuvwxyz""; $codeAlphabet.= ""0123456789""; for($i=0;$i<$length;$i++){ $token .= $codeAlphabet[Typo::crypto_rand_secure(0,strlen($codeAlphabet))]; } $url = $_SERVER['REQUEST_URI']; $url = htmlspecialchars($url, ENT_QUOTES, 'UTF-8'); $ip = $_SERVER['REMOTE_ADDR']; $time = time(); define('TOKEN', $token); define('TOKEN_URL', $url); define('TOKEN_IP', $ip); define('TOKEN_TIME', $time); $json = self::json(); Options::update('tokens',$json); return $token; }",True,PHP,create,Token.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { self::map(); } 3091,public function __construct () { },True,PHP,__construct,Typo.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function run() { $m = self::match(); if (is_array($m)) { $val = self::extract($m[0], $m[1]); if (isset($val) && $val != null) { return $val; } else { $val['error'] = ''; return $val; } } else { $val['error'] = ''; return $val; } }" 3093,public static function Xclean($vars) { $var = htmlspecialchars_decode($vars); return $var; },True,PHP,Xclean,Typo.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$regx = str_replace('/', '\/', $k); if (preg_match('/^'.$regx.'$/Usi', $uri, $m)) { $result = [$v, $m]; return $result; } } }" 3094,"public static function cleanX ($c) { $val = self::strip_tags_content($c, ' '; } $fa = Options::v('use_fontawesome'); if ($fa == 'on') { $foot .= "" apaaja ""; } if (isset($GLOBALS['validator']) && $GLOBALS['validator'] == true) { $foot .= ' '; $foot .= $GLOBALS['validator_js']; } echo $foot; echo Hooks::run('footer_load_lib', $data); }" 3124,"public static function regdate($id){ $usr = Db::result( sprintf(""SELECT * FROM `user` WHERE `id` = '%d' OR `userid` = '%s' LIMIT 1"", Typo::int($id), Typo::cleanX($id) ) ); return $usr[0]->join_date; }",True,PHP,regdate,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function generated() { $end_time = microtime(true); $time_taken = $end_time - $GLOBALS['start_time']; $time_taken = round($time_taken, 5); echo '
    Page generated in '.$time_taken.' seconds.
    '; }" 3128,"public static function group($id){ $usr = Db::result( sprintf(""SELECT * FROM `user` WHERE `id` = '%d' OR `userid` = '%s' LIMIT 1"", Typo::int($id), Typo::cleanX($id) ) ); return $usr[0]->group; }",True,PHP,group,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function __construct() { global $GLOBALS, $data; self::$editors = &$GLOBALS; self::$data = &$data; self::$url = Options::v('siteurl'); self::$domain = Options::v('sitedomain'); self::$name = Options::v('sitename'); self::$key = Options::v('sitekeywords'); self::$desc = Options::v('sitedesc'); self::$email = Options::v('siteemail'); self::$slogan = Options::v('siteslogan'); }" 3131,"public static function generatePass(){ $vars = microtime().Site::$name.rand(); $hash = sha1($vars.SECURITY_KEY); $pass = substr($hash, 5, 8); return $pass; }",True,PHP,generatePass,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function desc($vars) { if (!empty($vars)) { $desc = substr(strip_tags(htmlspecialchars_decode($vars).'. '.self::$desc), 0, 150); } else { $desc = substr(self::$desc, 0, 150); } $desc = Hooks::filter('site_desc_filter', $desc); return $desc; }" 3136,public static function is_loggedin () { $username = Session::val('username'); if(isset($username)) { $v = true; }else{ $v = false; } return $v; },True,PHP,is_loggedin,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { } 3139,"public static function avatar($id){ $usr = Db::result( sprintf(""SELECT * FROM `user_detail` WHERE `id` = '%d' OR `userid` = '%s' LIMIT 1"", Typo::int($id), Typo::cleanX($id) ) ); return $usr[0]->avatar; }",True,PHP,avatar,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function addViews($id) { $botlist = self::botlist(); $nom = 0; foreach ($botlist as $bot) { if (preg_match(""/{$bot}/"", $_SERVER['HTTP_USER_AGENT'])) { $nom = 1 + $nom; } else { $nom = 0; } } if ($nom == 0) { $sql = ""UPDATE `posts` SET `views` = `views`+1 WHERE `id` = '{$id}' LIMIT 1""; $q = Db::query($sql); } }" 3140,"public static function userid($id){ $usr = Db::result( sprintf(""SELECT * FROM `user` WHERE `id` = '%d' LIMIT 1"", Typo::int($id) ) ); return $usr[0]->userid; }",True,PHP,userid,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function totalCat($vars) { $posts = Db::result(""SELECT `id` FROM `cat` WHERE `type` = '{$vars}'""); $npost = Db::$num_rows; return $npost; }" 3141,"public static function activate($id){ $act = Db::query( sprintf(""UPDATE `user` SET `status` = '1' WHERE `id` = '%d'"", Typo::int($id) ) ); if($act){ return true; }else{ return false; } }",True,PHP,activate,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function botlist() { $botlist = array( 'Teoma', 'alexa', 'froogle', 'inktomi', 'looksmart', 'URL_Spider_SQL', 'Firefly', 'NationalDirectory', 'Ask Jeeves', 'TECNOSEEK', 'InfoSeek', 'WebFindBot', 'girafabot', 'crawler', 'www.galaxy.com', 'Googlebot', 'Scooter', 'Slurp', 'appie', 'FAST', 'WebBug', 'Spade', 'ZyBorg', 'rabaz', 'Twitterbot', 'MJ12bot', 'AhrefsBot', 'bingbot', 'YandexBot', 'spbot', ); return $botlist; }" 3142,public function __construct () { },True,PHP,__construct,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function totalUser() { $posts = Db::result(""SELECT `id` FROM `user` WHERE `group` > '0' ""); $npost = Db::$num_rows; return $npost; }" 3143,public static function secure() { if (!isset($_SESSION['gxsess']['val']['loggedin']) && !isset($_SESSION['gxsess']['val']['username']) ) { header('location: login.php'); } else { return true; } },True,PHP,secure,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { } 3144,"public static function deactivate($id){ $act = Db::query( sprintf(""UPDATE `user` SET `status` = '0' WHERE `id` = '%d'"", Typo::int($id) ) ); if($act){ return true; }else{ return false; } }",True,PHP,deactivate,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function totalPost($vars) { $posts = Db::result(""SELECT `id` FROM `posts` WHERE `type` = '{$vars}'""); $npost = Db::$num_rows; return $npost; }" 3146,"public static function is_same($p1, $p2){ if($p1 == $p2){ return true; }else{ return false; } }",True,PHP,is_same,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function __construct() { self::config('config'); new Db(); new Hooks(); new Options(); new Token(); new Date(); new Site(); Session::start(); self::lang(Options::v('system_lang')); new Language(); new Router(); new Vendor(); new Mod(); Theme::loader(); Hooks::run('init'); Hooks::attach('admin_page_notif_action', array('System', 'alert')); }" 3148,"public static function create($vars) { if(is_array($vars)){ $u = $vars['user']; $sql = array( 'table' => 'user', 'key' => $u, ); $db = Db::insert($sql); if(!isset($vars['detail']) || $vars['detail'] == ''){ Db::insert(""INSERT INTO `user_detail` (`userid`) VALUES ('{$vars['user']['userid']}')""); }else{ $u = $vars['detail']; $sql = array( 'table' => 'user_detail', 'key' => $u, ); Db::insert($sql); } Hooks::run('user_sqladd_action', $vars); } return $db; }",True,PHP,create,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function versionCheck() { $v = trim(self::latestVersion()); $v = str_replace('.', '', $v); $selfv = str_replace('.', '', self::$version); if ($v > $selfv) { Hooks::attach('admin_page_notif_action', array('System', 'versionReport')); } }" 3149,public static function access ($grp='4') { if ( isset($_SESSION['gxsess']['val']['group']) ) { if($_SESSION['gxsess']['val']['group'] <= $grp) { return true; }else{ return false; } } },True,PHP,access,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function v() { return self::$version.' '.self::$v_release; } 3150,"public static function delete($id){ $vars = array( 'table' => 'user', 'where' => array( 'id' => $id ) ); Db::delete($vars); $vars = array( 'table' => 'user_detail', 'where' => array( 'id' => $id ) ); Db::delete($vars); Hooks::run('user_sqldel_action', $vars); }",True,PHP,delete,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function getLatestVersion($now) { $v = file_get_contents('https: $arr = array( 'version' => trim($v), 'last_check' => $now, ); $arr = json_encode($arr); Options::update('system_check', $arr); return $v; }" 3152,"public static function randpass($vars){ if(is_array($vars)){ $hash = sha1($vars['passwd'].SECURITY_KEY.$vars['userid']); }else{ $hash = sha1($vars.SECURITY_KEY); } $hash = substr($hash, 5, 16); $pass = md5($hash); return $pass; }",True,PHP,randpass,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function config($var) { $file = GX_PATH.'/inc/config/'.$var.'.php'; if (file_exists($file)) { include $file; } } 3154,"public static function update($vars) { if(is_array($vars)){ $u = $vars['user']; $sql = array( 'table' => 'user', 'id' => $vars['id'], 'key' => $u, ); Db::update($sql); if(isset($vars['detail']) && $vars['detail'] != ''){ $u = $vars['detail']; $sql = array( 'table' => 'user_detail', 'id' => $vars['id'], 'key' => $u, ); Db::update($sql); } Hooks::run('user_sqledit_action', $vars); } }",True,PHP,update,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function admin() { } 3159,"public static function is_email($vars){ if(isset($_GET['act']) && $_GET['act'] == 'edit'){ $id = Typo::int($_GET['id']); $where = ""AND `id` != '{$id}' ""; }else{ $where = ''; } $vars = sprintf('%s', Typo::cleanX($vars)); $sql = sprintf(""SELECT * FROM `user` WHERE `email` = '%s' %s"", $vars, $where ); $e = Db::result($sql); if(Db::$num_rows > 0){ return false; }else{ return true; } }",True,PHP,is_email,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function versionReport() { $v = self::latestVersion(); $html = ""
    Warning: Your CMS version is different with our latest version ($v). Please upgrade your system.
    ""; return $html; }" 3160,"public static function is_exist($user) { if(isset($_GET['act']) && $_GET['act'] == 'edit'){ $id = Typo::int($_GET['id']); $where = ""AND `id` != '{$id}' ""; }else{ $where = ''; } $user = sprintf('%s', Typo::cleanX($user)); $sql = sprintf(""SELECT `userid` FROM `user` WHERE `userid` = '%s' %s "", $user, $where); $usr = Db::result($sql); $n = Db::$num_rows; if($n > 0 ){ return false; }else{ return true; } }",True,PHP,is_exist,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function lib($var) { $file = GX_LIB.$var.'.class.php'; if (file_exists($file)) { include $file; } } 3161,"public static function id($userid){ $usr = Db::result( sprintf(""SELECT * FROM `user` WHERE `userid` = '%s' LIMIT 1"", Typo::cleanX($userid) ) ); return $usr[0]->id; }",True,PHP,id,User.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function latestVersion() { $check = json_decode(Options::v('system_check'), true); $now = strtotime(date('Y-m-d H:i:s')); if (isset($check['last_check'])) { $limit = $now - $check['last_check']; if ($limit < 86400) { $v = $check['version']; } else { $v = self::getLatestVersion($now); } } else { $v = self::getLatestVersion($now); } return $v; }" 3163,public static function url() { return Site::$url.'/inc/lib/Vendor'; },True,PHP,url,Vendor.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function existConf() { if (file_exists(GX_PATH.'/inc/config/config.php')) { return true; } else { return false; } } 3166,"public static function loadonce($var){ require_once(GX_LIB.""Vendor/"".$var); }",True,PHP,loadonce,Vendor.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function inc($vars, $data = '') { $file = GX_PATH.'/gxadmin/inc/'.$vars.'.php'; if (file_exists($file)) { include $file; } }" 3168,"public static function autoload() { include (GX_LIB.""Vendor/autoload.php""); }",True,PHP,autoload,Vendor.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function alert() { global $data; if (isset($data['alertSuccess'])) { echo '
      '; foreach ($data['alertSuccess'] as $alert) { echo ""
    • $alert
      • \n""; } echo '
    '; } if (isset($data['alertDanger'])) { echo '
      '; foreach ($data['alertDanger'] as $alert) { echo ""
    • $alert
      • ""; } echo '
    '; } if (isset($data['alertInfo'])) { echo '
      '; foreach ($data['alertInfo'] as $alert) { echo ""$alert\n""; } echo '
    '; } if (isset($data['alertWarning'])) { echo '
      '; foreach ($data['alertWarning'] as $alert) { echo ""$alert\n""; } echo '
    '; } if (isset($data['alertDefault'])) { echo '
      '; foreach ($data['alertDefault'] as $alert) { echo ""$alert\n""; } echo '
    '; } }" 3169,"public static function path($var) { return GX_LIB.'Vendor/'.$var.""/""; }",True,PHP,path,Vendor.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function Zipped() { global $HTTP_ACCEPT_ENCODING; if (headers_sent()) { $encoding = false; } elseif (strpos($HTTP_ACCEPT_ENCODING, 'x-gzip') !== false) { $encoding = 'x-gzip'; } elseif (strpos($HTTP_ACCEPT_ENCODING, 'gzip') !== false) { $encoding = 'gzip'; } else { $encoding = false; } if ($encoding) { $contents = ob_get_contents(); ob_end_clean(); header('Content-Encoding: '.$encoding); echo ""\x1f\x8b\x08\x00\x00\x00\x00\x00""; $size = strlen($contents); $contents = gzcompress($contents, 9); $contents = substr($contents, 0, $size); echo $contents; exit(); } else { ob_end_flush(); exit(); } }" 3172,composerRequire57fe33d7077d32d85bc5d5df10c056df($file); } return $loader; },True,PHP,composerRequire57fe33d7077d32d85bc5d5df10c056df,autoload_real.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function gZip() { ob_start(); ob_implicit_flush(0); } 3174,"public function testDoesNotTouchClosureListeners() { $this->getServer()->flush(); $this->getServer()->enqueue(array( ""HTTP/1.1 200 OK\r\n"" . ""Date: Mon, 12 Nov 2012 03:06:37 GMT\r\n"" . ""Cache-Control: private, s-maxage=0, max-age=0, must-revalidate\r\n"" . ""Last-Modified: Mon, 12 Nov 2012 02:53:38 GMT\r\n"" . ""Content-Length: 2\r\n\r\nhi"", ""HTTP/1.0 304 Not Modified\r\n"" . ""Date: Mon, 12 Nov 2012 03:06:38 GMT\r\n"" . ""Content-Type: text/html; charset=UTF-8\r\n"" . ""Last-Modified: Mon, 12 Nov 2012 02:53:38 GMT\r\n"" . ""Age: 6302\r\n\r\n"", ""HTTP/1.0 304 Not Modified\r\n"" . ""Date: Mon, 12 Nov 2012 03:06:38 GMT\r\n"" . ""Content-Type: text/html; charset=UTF-8\r\n"" . ""Last-Modified: Mon, 12 Nov 2012 02:53:38 GMT\r\n"" . ""Age: 6302\r\n\r\n"", )); $client = new Client($this->getServer()->getUrl()); $client->addSubscriber(new CachePlugin()); $client->getEventDispatcher()->addListener('command.after_send', function(){}); $this->assertEquals(200, $client->get()->send()->getStatusCode()); $this->assertEquals(200, $client->get()->send()->getStatusCode()); $this->assertEquals(200, $client->get()->send()->getStatusCode()); }",True,PHP,testDoesNotTouchClosureListeners,DefaultRevalidationTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function lang($vars) { $file = GX_PATH.'/inc/lang/'.$vars.'.lang.php'; if (file_exists($file)) { include $file; } } 3177,"private function transfer(RequestInterface $request, array $options) { if (isset($options['save_to'])) { $options['sink'] = $options['save_to']; unset($options['save_to']); } if (isset($options['exceptions'])) { $options['http_errors'] = $options['exceptions']; unset($options['exceptions']); } $request = $this->applyOptions($request, $options); $handler = $options['handler']; try { return Promise\promise_for($handler($request, $options)); } catch (\Exception $e) { return Promise\rejection_for($e); } }",True,PHP,transfer,Client.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function dropdown($vars) { return Categories::dropdown($vars); } 3179,"private function applyOptions(RequestInterface $request, array &$options) { $modify = []; if (isset($options['form_params'])) { if (isset($options['multipart'])) { throw new \InvalidArgumentException('You cannot use ' . 'form_params and multipart at the same time. Use the ' . 'form_params option if you want to send application/' . 'x-www-form-urlencoded requests, and the multipart ' . 'option to send multipart/form-data requests.'); } $options['body'] = http_build_query($options['form_params'], null, '&'); unset($options['form_params']); $options['_conditional']['Content-Type'] = 'application/x-www-form-urlencoded'; } if (isset($options['multipart'])) { $elements = $options['multipart']; unset($options['multipart']); $options['body'] = new Psr7\MultipartStream($elements); } if (!empty($options['decode_content']) && $options['decode_content'] !== true ) { $modify['set_headers']['Accept-Encoding'] = $options['decode_content']; } if (isset($options['headers'])) { if (isset($modify['set_headers'])) { $modify['set_headers'] = $options['headers'] + $modify['set_headers']; } else { $modify['set_headers'] = $options['headers']; } unset($options['headers']); } if (isset($options['body'])) { if (is_array($options['body'])) { $this->invalidBody(); } $modify['body'] = Psr7\stream_for($options['body']); unset($options['body']); } if (!empty($options['auth'])) { $value = $options['auth']; $type = is_array($value) ? (isset($value[2]) ? strtolower($value[2]) : 'basic') : $value; $config['auth'] = $value; switch (strtolower($type)) { case 'basic': $modify['set_headers']['Authorization'] = 'Basic ' . base64_encode(""$value[0]:$value[1]""); break; case 'digest': $options['curl'][CURLOPT_HTTPAUTH] = CURLAUTH_DIGEST; $options['curl'][CURLOPT_USERPWD] = ""$value[0]:$value[1]""; break; } } if (isset($options['query'])) { $value = $options['query']; if (is_array($value)) { $value = http_build_query($value, null, '&', PHP_QUERY_RFC3986); } if (!is_string($value)) { throw new \InvalidArgumentException('query must be a string or array'); } $modify['query'] = $value; unset($options['query']); } if (isset($options['json'])) { $modify['body'] = Psr7\stream_for(json_encode($options['json'])); $options['_conditional']['Content-Type'] = 'application/json'; unset($options['json']); } $request = Psr7\modify_request($request, $modify); if ($request->getBody() instanceof Psr7\MultipartStream) { $options['_conditional']['Content-Type'] = 'multipart/form-data; boundary=' . $request->getBody()->getBoundary(); } if (isset($options['_conditional'])) { $modify = []; foreach ($options['_conditional'] as $k => $v) { if (!$request->hasHeader($k)) { $modify['set_headers'][$k] = $v; } } $request = Psr7\modify_request($request, $modify); unset($options['_conditional']); } return $request; }",True,PHP,applyOptions,Client.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function delete($id) { return Categories::delete($id); } 3181,"public function request($method, $uri = null, array $options = []) { $options[RequestOptions::SYNCHRONOUS] = true; return $this->requestAsync($method, $uri, $options)->wait(); }",True,PHP,request,Client.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function type($id) { return Categories::type($id); } 3182,"public function sendAsync(RequestInterface $request, array $options = []) { $options = $this->prepareDefaults($options); return $this->transfer( $request->withUri($this->buildUri($request->getUri(), $options)), $options ); }",True,PHP,sendAsync,Client.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function add($tags) { $tag = explode(',', $tags); for ($i = 0; $i < count($tag); ++$i) { $tag_i = Typo::cleanX($tag[$i]); $exist = self::exist($tag_i); if (!$exist) { if ($tag_i != '') { $slug = Typo::slugify($tag_i); $cat = $tag_i; Db::insert( sprintf( ""INSERT INTO `cat` VALUES (null, '%s', '%s', '%d', '', 'tag' )"", $cat, $slug, 0 ) ); } } } }" 3184,"private function buildUri($uri, array $config) { if (!isset($config['base_uri'])) { return $uri instanceof UriInterface ? $uri : new Psr7\Uri($uri); } return Psr7\Uri::resolve(Psr7\uri_for($config['base_uri']), $uri); }",True,PHP,buildUri,Client.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function exist($tag) { $tag = Typo::cleanX($tag); $sql = ""SELECT `name` FROM `cat` WHERE `name` = '{$tag}' AND `type` = 'tag'""; $q = Db::result($sql); if (Db::$num_rows > 0) { return true; } else { return false; } }" 3185,"private function configureDefaults(array $config) { $defaults = [ 'allow_redirects' => RedirectMiddleware::$defaultSettings, 'http_errors' => true, 'decode_content' => true, 'verify' => true, 'cookies' => false ]; if ($proxy = getenv('HTTP_PROXY')) { $defaults['proxy']['http'] = $proxy; } if ($proxy = getenv('HTTPS_PROXY')) { $defaults['proxy']['https'] = $proxy; } if ($noProxy = getenv('NO_PROXY')) { $cleanedNoProxy = str_replace(' ', '', $noProxy); $defaults['proxy']['no'] = explode(',', $cleanedNoProxy); } $this->config = $config + $defaults; if (!empty($config['cookies']) && $config['cookies'] === true) { $this->config['cookies'] = new CookieJar(); } if (!isset($this->config['headers'])) { $this->config['headers'] = ['User-Agent' => default_user_agent()]; } else { foreach (array_keys($this->config['headers']) as $name) { if (strtolower($name) === 'user-agent') { return; } } $this->config['headers']['User-Agent'] = default_user_agent(); } }",True,PHP,configureDefaults,Client.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function name($id) { return Categories::name($id); } 3186,"public function requestAsync($method, $uri = null, array $options = []) { $options = $this->prepareDefaults($options); $headers = isset($options['headers']) ? $options['headers'] : []; $body = isset($options['body']) ? $options['body'] : null; $version = isset($options['version']) ? $options['version'] : '1.1'; $uri = $this->buildUri($uri, $options); if (is_array($body)) { $this->invalidBody(); } $request = new Psr7\Request($method, $uri, $headers, $body, $version); unset($options['headers'], $options['body'], $options['version']); return $this->transfer($request, $options); }",True,PHP,requestAsync,Client.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function getParent($id = '') { return Categories::getParent($id); } 3189,"public function withCookieHeader(RequestInterface $request) { $values = []; $uri = $request->getUri(); $scheme = $uri->getScheme(); $host = $uri->getHost(); $path = $uri->getPath() ?: '/'; foreach ($this->cookies as $cookie) { if ($cookie->matchesPath($path) && $cookie->matchesDomain($host) && !$cookie->isExpired() && (!$cookie->getSecure() || $scheme == 'https') ) { $values[] = $cookie->getName() . '=' . self::getCookieValue($cookie->getValue()); } } return $values ? $request->withHeader('Cookie', implode('; ', $values)) : $request; }",True,PHP,withCookieHeader,CookieJar.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { } 3190,"public static function getCookieValue($value) { if (substr($value, 0, 1) !== '""' && substr($value, -1, 1) !== '""' && strpbrk($value, ';,=') ) { $value = '""' . $value . '""'; } return $value; }",True,PHP,getCookieValue,CookieJar.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function lists($vars) { return Categories::lists($vars); } 3193,"public function save($filename) { $json = []; foreach ($this as $cookie) { if (CookieJar::shouldPersist($cookie, $this->storeSessionCookies)) { $json[] = $cookie->toArray(); } } if (false === file_put_contents($filename, json_encode($json))) { throw new \RuntimeException(""Unable to save file {$filename}""); } }",True,PHP,save,FileCookieJar.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function loader() { $theme = Options::v('themes'); define('THEME', $theme); self::incFunc($theme); }" 3196,"public function matchesPath($requestPath) { $cookiePath = $this->getPath(); if ($cookiePath == '/' || $cookiePath == $requestPath) { return true; } if (0 !== strpos($requestPath, $cookiePath)) { return false; } if (substr($cookiePath, -1, 1) == '/') { return true; } return substr($requestPath, strlen($cookiePath), 1) == '/'; }",True,PHP,matchesPath,SetCookie.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { global $GLOBALS; } 3197,"public function __toString() { $str = $this->data['Name'] . '=' . $this->data['Value'] . '; '; foreach ($this->data as $k => $v) { if ($k != 'Name' && $k != 'Value' && $v !== null && $v !== false) { if ($k == 'Expires') { $str .= 'Expires=' . gmdate('D, d M Y H:i:s \G\M\T', $v) . '; '; } else { $str .= ($v === true ? $k : ""{$k}={$v}"") . '; '; } } } return rtrim($str, '; '); }",True,PHP,__toString,SetCookie.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function thmList() { $handle = dir(GX_THEME); while (false !== ($entry = $handle->read())) { if ($entry != '.' && $entry != '..') { $dir = GX_THEME.$entry; if (is_dir($dir) == true) { $thm[] = basename($dir); } } } $handle->close(); return $thm; } 3199,"public static function create( RequestInterface $request, ResponseInterface $response = null, \Exception $previous = null, array $ctx = [] ) { if (!$response) { return new self( 'Error completing request', $request, null, $previous, $ctx ); } $level = floor($response->getStatusCode() / 100); if ($level == '4') { $label = 'Client error'; $className = __NAMESPACE__ . '\\ClientException'; } elseif ($level == '5') { $label = 'Server error'; $className = __NAMESPACE__ . '\\ServerException'; } else { $label = 'Unsuccessful request'; $className = __CLASS__; } $message = sprintf( '%s: `%s` resulted in a `%s` response', $label, $request->getMethod() . ' ' . $request->getUri(), $response->getStatusCode() . ' ' . $response->getReasonPhrase() ); $summary = static::getResponseBodySummary($response); if ($summary !== null) { $message .= "":\n{$summary}\n""; } return new $className($message, $request, $response, $previous, $ctx); }",True,PHP,create,RequestException.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function functionExist($var) { if (file_exists(GX_THEME.$var.'/function.php')) { return true; } else { return false; } } 3200,"private function getDefaultConf(EasyHandle $easy) { $conf = [ '_headers' => $easy->request->getHeaders(), CURLOPT_CUSTOMREQUEST => $easy->request->getMethod(), CURLOPT_URL => (string) $easy->request->getUri(), CURLOPT_RETURNTRANSFER => false, CURLOPT_HEADER => false, CURLOPT_CONNECTTIMEOUT => 150, ]; if (defined('CURLOPT_PROTOCOLS')) { $conf[CURLOPT_PROTOCOLS] = CURLPROTO_HTTP | CURLPROTO_HTTPS; } $version = $easy->request->getProtocolVersion(); if ($version == 1.1) { $conf[CURLOPT_HTTP_VERSION] = CURL_HTTP_VERSION_1_1; } elseif ($version == 2.0) { $conf[CURLOPT_HTTP_VERSION] = CURL_HTTP_VERSION_2_0; } else { $conf[CURLOPT_HTTP_VERSION] = CURL_HTTP_VERSION_1_0; } return $conf; }",True,PHP,getDefaultConf,CurlFactory.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function footer($vars = '') { global $GLOBALS; if (isset($vars)) { $GLOBALS['data'] = $vars; self::theme('footer', $vars); } else { self::theme('footer'); } }" 3202,"private function timeToNext() { $currentTime = microtime(true); $nextTime = PHP_INT_MAX; foreach ($this->delays as $time) { if ($time < $nextTime) { $nextTime = $time; } } return max(0, $currentTime - $nextTime); }",True,PHP,timeToNext,CurlMultiHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function thmMenu() { $thm = Options::v('themes'); $list = ''; if (User::access(0)) { $data = self::data($thm); if (isset($_GET['page']) && $_GET['page'] == 'themes' && isset($_GET['view']) && $_GET['view'] == 'options') { $class = 'class=""active""'; } else { $class = ''; } if (self::optionsExist($thm)) { $active = (isset($_GET['page']) && $_GET['page'] == 'themes' && isset($_GET['view']) && $_GET['view'] == 'options') ? 'class=""active""' : ''; $list .= ""
  • "".$data['icon'].' '.$data['name'].'
    • '; } else { $list = ''; } } return $list; }" 3211,"private function createResponse( RequestInterface $request, array $options, $stream, $startTime ) { $hdrs = $this->lastHeaders; $this->lastHeaders = []; $parts = explode(' ', array_shift($hdrs), 3); $ver = explode('/', $parts[0])[1]; $status = $parts[1]; $reason = isset($parts[2]) ? $parts[2] : null; $headers = \GuzzleHttp\headers_from_lines($hdrs); list ($stream, $headers) = $this->checkDecode($options, $headers, $stream); $stream = Psr7\stream_for($stream); $sink = $this->createSink($stream, $options); $response = new Psr7\Response($status, $headers, $sink, $ver, $reason); if (isset($options['on_headers'])) { try { $options['on_headers']($response); } catch (\Exception $e) { $msg = 'An error was encountered during the on_headers event'; $ex = new RequestException($msg, $request, $response, $e); return new RejectedPromise($ex); } } if ($sink !== $stream) { $this->drain($stream, $sink); } $this->invokeStats($options, $request, $startTime, $response, null); return new FulfilledPromise($response); }",True,PHP,createResponse,StreamHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function incFunc($var) { if (self::functionExist($var)) { include GX_THEME.$var.'/function.php'; } } 3212,"private function createSink(StreamInterface $stream, array $options) { if (!empty($options['stream'])) { return $stream; } $sink = isset($options['sink']) ? $options['sink'] : fopen('php: return is_string($sink) ? new Psr7\Stream(Psr7\try_fopen($sink, 'r+')) : Psr7\stream_for($sink); }",True,PHP,createSink,StreamHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function exist($vars) { if (file_exists(GX_THEME.THEME.'/'.$vars.'.php')) { return true; } else { return false; } } 3213,"private function drain(StreamInterface $source, StreamInterface $sink) { Psr7\copy_to_stream($source, $sink); $sink->seek(0); $source->close(); return $sink; }",True,PHP,drain,StreamHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function validator($vars = '') { $GLOBALS['validator'] = true; $GLOBALS['validator_js'] = $vars; } 3214,"private function checkDecode(array $options, array $headers, $stream) { if (!empty($options['decode_content'])) { $normalizedKeys = \GuzzleHttp\normalize_header_keys($headers); if (isset($normalizedKeys['content-encoding'])) { $encoding = $headers[$normalizedKeys['content-encoding']]; if ($encoding[0] == 'gzip' || $encoding[0] == 'deflate') { $stream = new Psr7\InflateStream( Psr7\stream_for($stream) ); unset($headers[$normalizedKeys['content-encoding']]); if (isset($normalizedKeys['content-length'])) { $length = (int) $stream->getSize(); if ($length == 0) { unset($headers[$normalizedKeys['content-length']]); } else { $headers[$normalizedKeys['content-length']] = [$length]; } } } } } return [$stream, $headers]; }",True,PHP,checkDecode,StreamHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function admin($var, $data = '') { if (isset($data)) { $GLOBALS['data'] = $data; } include GX_PATH.'/gxadmin/themes/'.$var.'.php'; }" 3215,"$resource = fopen($request->getUri(), 'r', null, $context); $this->lastHeaders = $http_response_header; return $resource; } );",True,PHP,fopen,StreamHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function install($var) { include GX_PATH.'/gxadmin/themes/install/'.$var.'.php'; } 3216,"private function add_timeout(RequestInterface $request, &$options, $value, &$params) { $options['http']['timeout'] = $value; }",True,PHP,add_timeout,StreamHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function activate($thm) { if (Options::update('themes', $thm)) { new Options(); return true; } else { return false; } }" 3217,"$expanded = implode($joiner, $kvp); if ($isAssoc) { $actuallyUseQuery = false; } } else { if ($isAssoc) { foreach ($kvp as $k => &$v) { $v = $k . ',' . $v; } } $expanded = implode(',', $kvp); } } else { if ($value['modifier'] == ':') { $variable = substr($variable, 0, $value['position']); } $expanded = rawurlencode($variable); if ($parsed['operator'] == '+' || $parsed['operator'] == '#') { $expanded = $this->decodeReserved($expanded); } } if ($actuallyUseQuery) { if (!$expanded && $joiner != '&') { $expanded = $value['value']; } else { $expanded = $value['value'] . '=' . $expanded; } } $replacements[] = $expanded; } $ret = implode($joiner, $replacements); if ($ret && $prefix) { return $prefix . $ret; } return $ret; }",True,PHP,implode,UriTemplate.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function optionsExist($var) { if (file_exists(GX_THEME.$var.'/options.php')) { return true; } else { return false; } } 3227,function exception_for($reason) { return $reason instanceof \Exception ? $reason : new RejectionException($reason); },True,PHP,exception_for,functions.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function isActive($thm) { if (Options::v('themes') === $thm) { return true; } else { return false; } } 3231,public function getHeaders() { return $this->headerLines; },True,PHP,getHeaders,MessageTrait.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function header($vars = '') { header('Cache-Control: must-revalidate,max-age=300,s-maxage=900'); $offset = 60 * 60 * 24 * 3; $ExpStr = 'Expires: '.gmdate('D, d M Y H:i:s', time() + $offset).' GMT'; header($ExpStr); header('Content-Type: text/html; charset=utf-8'); if (isset($vars)) { $GLOBALS['data'] = $vars; self::theme('header', $vars); } else { self::theme('header'); } }" 3233,$v = trim($v); } } foreach (array_keys($new->headerLines) as $key) { if (strtolower($key) === $name) { unset($new->headerLines[$key]); } } $new->headerLines[$header] = $new->headers[$name]; return $new; },True,PHP,trim,MessageTrait.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function theme($var, $data = '') { if (isset($data)) { $GLOBALS['data'] = $data; } if (self::exist($var)) { include GX_THEME.THEME.'/'.$var.'.php'; } else { Control::error('unknown', 'Theme file is missing.'); } }" 3235,public function hasHeader($header) { return isset($this->headers[strtolower($header)]); },True,PHP,hasHeader,MessageTrait.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function editor($mode = 'light') { $editor = Options::v('use_editor'); if ($editor == 'on') { $GLOBALS['editor'] = true; } else { $GLOBALS['editor'] = false; } if ($mode == 'light') { $GLOBALS['editor_mode'] = 'light'; } else { $GLOBALS['editor_mode'] = 'full'; } } 3236,public function withoutHeader($header) { if (!$this->hasHeader($header)) { return $this; } $new = clone $this; $name = strtolower($header); unset($new->headers[$name]); foreach (array_keys($new->headerLines) as $key) { if (strtolower($key) === $name) { unset($new->headerLines[$key]); } } return $new; },True,PHP,withoutHeader,MessageTrait.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function data($vars) { $file = GX_THEME.'/'.$vars.'/themeinfo.php'; $handle = fopen($file, 'r'); $data = fread($handle, filesize($file)); fclose($handle); preg_match('/\* Name: (.*)\s\*/Us', $data, $matches); $d['name'] = $matches[1]; preg_match('/\* Desc: (.*)\s\*/Us', $data, $matches); $d['desc'] = $matches[1]; preg_match('/\* Version: (.*)\s\*/Us', $data, $matches); $d['version'] = $matches[1]; preg_match('/\* Build: (.*)\s\*/Us', $data, $matches); $d['build'] = $matches[1]; preg_match('/\* Developer: (.*)\s\*/Us', $data, $matches); $d['developer'] = $matches[1]; preg_match('/\* URI: (.*)\s\*/Us', $data, $matches); $d['url'] = $matches[1]; preg_match('/\* License: (.*)\s\*/Us', $data, $matches); $d['license'] = $matches[1]; preg_match('/\* Icon: (.*)\s\*/Us', $data, $matches); $d['icon'] = $matches[1]; return $d; }" 3240,"public function withAddedHeader($header, $value) { if (!$this->hasHeader($header)) { return $this->withHeader($header, $value); } $new = clone $this; $new->headers[strtolower($header)][] = $value; $new->headerLines[$header][] = $value; return $new; }",True,PHP,withAddedHeader,MessageTrait.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function options($var) { if (self::optionsExist($var)) { include GX_THEME.$var.'/options.php'; } } 3241,public function getHeader($header) { $name = strtolower($header); return isset($this->headers[$name]) ? $this->headers[$name] : []; },True,PHP,getHeader,MessageTrait.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getSimilar($id) { $url = ""http: $similar = $this->curl($url); return $similar; }" 3242,"public function withHeader($header, $value) { $newInstance = $this->withParentHeader($header, $value); return $newInstance; }",True,PHP,withHeader,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getPLaying() { $url = ""http: $now_playing = $this->curl($url); return $now_playing; }" 3246,$this->headers = ['host' => [$host]] + $this->headers;,True,PHP,headers,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getCast($id) { $url = ""http: $cast = $this->curl($url); return $cast; }" 3247,private function updateHostFromUri($host) { if ($port = $this->uri->getPort()) { $host .= ':' . $port; } $this->headerLines = ['Host' => [$host]] + $this->headerLines; $this->headers = ['host' => [$host]] + $this->headers; },True,PHP,updateHostFromUri,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function search($q, $page='') { $q = str_replace(' ', '+', trim($q)); if (isset($page) && $page !='') { $page = ""&page="".$page; } else { $page = """"; } $url = ""http: $search = $this->curl($url); return $search; }" 3248,$this->headerLines = ['Host' => [$host]] + $this->headerLines;,True,PHP,headerLines,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getUpcoming() { $url = ""http: $upcoming = $this->curl($url); return $upcoming; }" 3251,throw new \InvalidArgumentException( 'URI must be a string or Psr\Http\Message\UriInterface' ); } $this->method = strtoupper($method); $this->uri = $uri; $this->setHeaders($headers); $this->protocol = $protocolVersion; $host = $uri->getHost(); if ($host && !$this->hasHeader('Host')) { $this->updateHostFromUri($host); } if ($body) { $this->stream = stream_for($body); } },True,PHP,InvalidArgumentException,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getMovie($id) { $url = ""http: $movie = $this->curl($url); return $movie; }" 3252,public function getRequestTarget() { if ($this->requestTarget !== null) { return $this->requestTarget; } $target = $this->uri->getPath(); if ($target == null) { $target = '/'; } if ($this->uri->getQuery()) { $target .= '?' . $this->uri->getQuery(); } return $target; },True,PHP,getRequestTarget,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function getConfig($apikey) { $url = ""http: $config = $this->curl($url); return $config; }" 3253,"public function withUri(UriInterface $uri, $preserveHost = false) { if ($uri === $this->uri) { return $this; } $new = clone $this; $new->uri = $uri; if (!$preserveHost) { if ($host = $uri->getHost()) { $new->updateHostFromUri($host); } } return $new; }",True,PHP,withUri,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getMovieData($id) { $getMovie = $this->getMovie($id); $getCast = $this->getCast($id); $getImage = $this->getImage($id); $data = array_merge($getMovie, $getCast); $data = array_merge($data, $getImage); return $data; }" 3254,"public function withStatus($code, $reasonPhrase = '') { $new = clone $this; $new->statusCode = (int) $code; if (!$reasonPhrase && isset(self::$phrases[$new->statusCode])) { $reasonPhrase = self::$phrases[$new->statusCode]; } $new->reasonPhrase = $reasonPhrase; return $new; }",True,PHP,withStatus,Response.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getLatest() { $url = ""http: $latest = $this->curl($url); return $latest; }" 3255,"public function __construct( $status = 200, array $headers = [], $body = null, $version = '1.1', $reason = null ) { $this->statusCode = (int) $status; if ($body !== null) { $this->stream = stream_for($body); } $this->setHeaders($headers); if (!$reason && isset(self::$phrases[$this->statusCode])) { $this->reasonPhrase = self::$phrases[$status]; } else { $this->reasonPhrase = (string) $reason; } $this->protocol = $version; }",True,PHP,__construct,Response.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getImage($id) { $url = ""http: $cast = $this->curl($url); return $cast; }" 3295,"public function __toString() { return self::createUriString( $this->scheme, $this->getAuthority(), $this->getPath(), $this->query, $this->fragment ); }",True,PHP,__toString,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function curl($url) { $ca = curl_init(); curl_setopt($ca, CURLOPT_URL, $url); curl_setopt($ca, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ca, CURLOPT_HEADER, FALSE); curl_setopt($ca, CURLOPT_HTTPHEADER, array(""Accept: application/json"")); $response = curl_exec($ca); curl_close($ca); $result = json_decode($response, true); return $result; }" 3296,"private function filterQueryAndFragment($str) { return preg_replace_callback( '/(?:[^' . self::$charUnreserved . self::$charSubDelims . '%:@\/\?]+|%(?![A-Fa-f0-9]{2}))/', [$this, 'rawurlencodeMatchZero'], $str ); }",True,PHP,filterQueryAndFragment,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,function __construct($apikey) { $this->apikey = $apikey; $this->config = $this->getConfig($apikey); } 3297,"public function withUserInfo($user, $password = null) { $info = $user; if ($password) { $info .= ':' . $password; } if ($this->userInfo === $info) { return $this; } $new = clone $this; $new->userInfo = $info; return $new; }",True,PHP,withUserInfo,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getTopRated() { $url = ""http: $top_rated = $this->curl($url); return $top_rated; }" 3298,"private function filterPath($path) { return preg_replace_callback( '/(?:[^' . self::$charUnreserved . self::$charSubDelims . ':@\/%]+|%(?![A-Fa-f0-9]{2}))/', [$this, 'rawurlencodeMatchZero'], $path ); }",True,PHP,filterPath,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getPopular() { $url = ""http: $popular = $this->curl($url); return $popular; }" 3299,"public function __construct($uri = '') { if ($uri != null) { $parts = parse_url($uri); if ($parts === false) { throw new \InvalidArgumentException(""Unable to parse URI: $uri""); } $this->applyParts($parts); } }",True,PHP,__construct,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { self::create(); } 3300,"public static function withQueryValue(UriInterface $uri, $key, $value) { $current = $uri->getQuery(); $key = strtr($key, self::$replaceQuery); if (!$current) { $result = []; } else { $result = []; foreach (explode('&', $current) as $part) { if (explode('=', $part)[0] !== $key) { $result[] = $part; }; } } if ($value !== null) { $result[] = $key . '=' . strtr($value, self::$replaceQuery); } else { $result[] = $key; } return $uri->withQuery(implode('&', $result)); }",True,PHP,withQueryValue,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function isExist($token) { $json = Options::get('tokens'); $tokens = json_decode($json, true); if (!is_array($tokens) || $tokens == '') { $tokens = array(); } if (array_key_exists($token, $tokens)) { $call = true; } else { $call = false; } return $call; }" 3301,"public static function resolve(UriInterface $base, $rel) { if ($rel === null || $rel === '') { return $base; } if (!($rel instanceof UriInterface)) { $rel = new self($rel); } if ($rel->getScheme()) { return $rel->withPath(static::removeDotSegments($rel->getPath())); } $relParts = [ 'scheme' => $rel->getScheme(), 'authority' => $rel->getAuthority(), 'path' => $rel->getPath(), 'query' => $rel->getQuery(), 'fragment' => $rel->getFragment() ]; $parts = [ 'scheme' => $base->getScheme(), 'authority' => $base->getAuthority(), 'path' => $base->getPath(), 'query' => $base->getQuery(), 'fragment' => $base->getFragment() ]; if (!empty($relParts['authority'])) { $parts['authority'] = $relParts['authority']; $parts['path'] = self::removeDotSegments($relParts['path']); $parts['query'] = $relParts['query']; $parts['fragment'] = $relParts['fragment']; } elseif (!empty($relParts['path'])) { if (substr($relParts['path'], 0, 1) == '/') { $parts['path'] = self::removeDotSegments($relParts['path']); $parts['query'] = $relParts['query']; $parts['fragment'] = $relParts['fragment']; } else { if (!empty($parts['authority']) && empty($parts['path'])) { $mergedPath = '/'; } else { $mergedPath = substr($parts['path'], 0, strrpos($parts['path'], '/') + 1); } $parts['path'] = self::removeDotSegments($mergedPath . $relParts['path']); $parts['query'] = $relParts['query']; $parts['fragment'] = $relParts['fragment']; } } elseif (!empty($relParts['query'])) { $parts['query'] = $relParts['query']; } elseif ($relParts['fragment'] != null) { $parts['fragment'] = $relParts['fragment']; } return new self(static::createUriString( $parts['scheme'], $parts['authority'], $parts['path'], $parts['query'], $parts['fragment'] )); }",True,PHP,resolve,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function ridOld($tokens) { $time = time(); foreach ($tokens as $token => $value) { if ($time - $value['time'] > 3600) { unset($tokens[$token]); } } return $tokens; } 3303,"private static function createUriString($scheme, $authority, $path, $query, $fragment) { $uri = ''; if (!empty($scheme)) { $uri .= $scheme . ':'; } $hierPart = ''; if (!empty($authority)) { if (!empty($scheme)) { $hierPart .= '//'; } $hierPart .= $authority; } if ($path != null) { if ($hierPart && substr($path, 0, 1) !== '/') { $hierPart .= '/'; } $hierPart .= $path; } $uri .= $hierPart; if ($query != null) { $uri .= '?' . $query; } if ($fragment != null) { $uri .= '#' . $fragment; } return $uri; }",True,PHP,createUriString,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function remove($token) { $json = Options::get('tokens'); $tokens = json_decode($json, true); unset($tokens[$token]); $tokens = json_encode($tokens); if (Options::update('tokens', $tokens)) { return true; } else { return false; } }" 3308,"public function withQuery($query) { if (!is_string($query) && !method_exists($query, '__toString')) { throw new \InvalidArgumentException( 'Query string must be a string' ); } $query = (string) $query; if (substr($query, 0, 1) === '?') { $query = substr($query, 1); } $query = $this->filterQueryAndFragment($query); if ($this->query === $query) { return $this; } $new = clone $this; $new->query = $query; return $new; }",True,PHP,withQuery,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function json() { $token = Options::v('tokens'); $token = json_decode($token, true); $newtoken = array( TOKEN => array( 'time' => TOKEN_TIME, 'ip' => TOKEN_IP, 'url' => TOKEN_URL, ), ); if (is_array($token)) { $newtoken = array_merge($token, $newtoken); } $newtoken = self::ridOld($newtoken); $newtoken = json_encode($newtoken); return $newtoken; }" 3311,"public function withPort($port) { $port = $this->filterPort($this->scheme, $this->host, $port); if ($this->port === $port) { return $this; } $new = clone $this; $new->port = $port; return $new; }",True,PHP,withPort,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function create() { $length = '80'; $token = ''; $codeAlphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $codeAlphabet .= 'abcdefghijklmnopqrstuvwxyz'; $codeAlphabet .= '0123456789'; for ($i = 0; $i < $length; ++$i) { $token .= $codeAlphabet[Typo::crypto_rand_secure(0, strlen($codeAlphabet))]; } $url = $_SERVER['REQUEST_URI']; $url = htmlspecialchars($url, ENT_QUOTES, 'UTF-8'); $ip = $_SERVER['REMOTE_ADDR']; $time = time(); define('TOKEN', $token); define('TOKEN_URL', $url); define('TOKEN_IP', $ip); define('TOKEN_TIME', $time); $json = self::json(); Options::update('tokens', $json); return $token; }" 3313,"private function filterScheme($scheme) { $scheme = strtolower($scheme); $scheme = rtrim($scheme, ':/'); return $scheme; }",True,PHP,filterScheme,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function __construct() { } 3314,public function getPath() { return $this->path == null ? '' : $this->path; },True,PHP,getPath,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function Xclean($vars) { $var = htmlspecialchars_decode($vars, ENT_QUOTES | ENT_HTML5); return $var; }" 3316,"public function withFragment($fragment) { if (substr($fragment, 0, 1) === '#') { $fragment = substr($fragment, 1); } $fragment = $this->filterQueryAndFragment($fragment); if ($this->fragment === $fragment) { return $this; } $new = clone $this; $new->fragment = $fragment; return $new; }",True,PHP,withFragment,Uri.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function cleanX($c) { $val = self::strip_tags_content($c, 'Close this window'; header('Content-Type: text/html; charset=utf-8'); header('Content-Length: '.strlen($out)); header('Cache-Control: private'); header('Pragma: no-cache'); echo $out; } else { $url = $this->callbackWindowURL; $url .= ((strpos($url, '?') === false)? '?' : '&') . '&node=' . rawurlencode($node) . (($json !== '{}')? ('&json=' . rawurlencode($json)) : '') . ($bind? ('&bind=' . rawurlencode($bind)) : '')",True,PHP,callback,elFinder.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private static function createUriString($scheme, $authority, $path, $query, $fragment) { $uri = ''; if ($scheme != '') { $uri .= $scheme . ':'; } if ($authority != '') { $uri .= '//' . $authority; } if ($path != '') { if ($path[0] !== '/') { if ($authority != '') { $path = '/' . $path; } } elseif (isset($path[1]) && $path[1] === '/') { if ($authority == '') { $path = '/' . ltrim($path, '/'); } } $uri .= $path; } if ($query != '') { $uri .= '?' . $query; } if ($fragment != '') { $uri .= '#' . $fragment; } return $uri; }" 3625,"protected function mkdir($args) { $target = $args['target']; $name = $args['name']; if (($volume = $this->volume($target)) == false) { return array('error' => $this->error(self::ERROR_MKDIR, $name, self::ERROR_TRGDIR_NOT_FOUND, '#'.$target)); } return ($dir = $volume->mkdir($target, $name)) == false ? array('error' => $this->error(self::ERROR_MKDIR, $name, $volume->error())) : array('added' => array($dir)); }",True,PHP,mkdir,elFinder.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function withPort($port) { $port = $this->filterPort($port); if ($this->port === $port) { return $this; } $new = clone $this; $new->port = $port; return $new; } 3626,"header($h); } } else { header($header); } } if (isset($data['pointer'])) { $toEnd = true; $fp = $data['pointer']; if (elFinder::isSeekableStream($fp) && (array_search('Accept-Ranges: none', headers_list()) === false)) { header('Accept-Ranges: bytes'); $psize = null; if (!empty($_SERVER['HTTP_RANGE'])) { $size = $data['info']['size']; $start = 0; $end = $size - 1; if (preg_match('/bytes=(\d*)-(\d*)(,?)/i', $_SERVER['HTTP_RANGE'], $matches)) { if (empty($matches[3])) { if (empty($matches[1]) && $matches[1] !== '0') { $start = $size - $matches[2]; } else { $start = intval($matches[1]); if (!empty($matches[2])) { $end = intval($matches[2]); if ($end >= $size) { $end = $size - 1; } $toEnd = ($end == ($size - 1)); } } $psize = $end - $start + 1; header('HTTP/1.1 206 Partial Content'); header('Content-Length: ' . $psize); header('Content-Range: bytes ' . $start . '-' . $end . '/' . $size); fseek($fp, $start); } } } if (is_null($psize)){ rewind($fp); } } else { header('Accept-Ranges: none'); if (isset($data['info']) && ! $data['info']['size']) { if (function_exists('header_remove')) { header_remove('Content-Length'); } else { header('Content-Length:'); } } } $this->elFinder->getSession()->close(); ignore_user_abort(false); if ($toEnd) { fpassthru($fp); } else { $out = fopen('php: stream_copy_to_stream($fp, $out, $psize); fclose($out); } if (!empty($data['volume'])) { $data['volume']->close($data['pointer'], $data['info']['hash']); } exit(); } else { if (!empty($data['raw']) && !empty($data['error'])) { echo $data['error']; } else { echo json_encode($data); } flush(); exit(0); } }",True,PHP,header,elFinderConnector.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,private function filterScheme($scheme) { if (!is_string($scheme)) { throw new \InvalidArgumentException('Scheme must be a string'); } return strtolower($scheme); } 3636,public function remove($key) { $session =& $this->getSessionRef($key); unset($session); return $this; },True,PHP,remove,elFinderSession.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function getPath() { return $this->path; } 3637,public function start() { @session_start(); $this->started = session_id()? true : false; return $this; },True,PHP,start,elFinderSession.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private static function isNonStandardPort($scheme, $port) { return !isset(self::$schemes[$scheme]) || $port !== self::$schemes[$scheme]; }" 3641,protected function decodeData($data) { if ($this->base64encode) { if (is_string($data)) { if (($data = base64_decode($data)) !== false) { $data = @unserialize($data); } else { $data = null; } } else { $data = null; } } return $data; },True,PHP,decodeData,elFinderSession.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,private function applyParts(array $parts) { $this->scheme = isset($parts['scheme']) ? $this->filterScheme($parts['scheme']) : ''; $this->userInfo = isset($parts['user']) ? $parts['user'] : ''; $this->host = isset($parts['host']) ? $this->filterHost($parts['host']) : ''; $this->port = isset($parts['port']) ? $this->filterPort($parts['port']) : null; $this->path = isset($parts['path']) ? $this->filterPath($parts['path']) : ''; $this->query = isset($parts['query']) ? $this->filterQueryAndFragment($parts['query']) : ''; $this->fragment = isset($parts['fragment']) ? $this->filterQueryAndFragment($parts['fragment']) : ''; if (isset($parts['pass'])) { $this->userInfo .= ':' . $parts['pass']; } } 3644,"protected function getFullPath($path, $base) { $separator = $this->separator; $systemroot = $this->systemRoot; $sepquoted = preg_quote($separator, '#'); $normreg = '#('.$sepquoted.')[^'.$sepquoted.']+'.$sepquoted.'\.\.'.$sepquoted.'#'; while(preg_match($normreg, $path)) { $path = preg_replace($normreg, '$1', $path); } if ($path === '' || $path === '.' . $separator) return $base; if ($path[0] === $separator || strpos($path, $systemroot) === 0) { return $path; } $preg_separator = '#' . $sepquoted . '#'; if (substr($path, 0, 2) === '.' . $separator || $path[0] !== '.' || substr($path, 0, 3) !== '..' . $separator) { $arrn = preg_split($preg_separator, $path, -1, PREG_SPLIT_NO_EMPTY); if ($arrn[0] !== '.') { array_unshift($arrn, '.'); } $arrn[0] = $base; return join($separator, $arrn); } if (substr($path, 0, 3) === '../') { $arrn = preg_split($preg_separator, $path, -1, PREG_SPLIT_NO_EMPTY); $arrp = preg_split($preg_separator, $base, -1, PREG_SPLIT_NO_EMPTY); while (! empty($arrn) && $arrn[0] === '..') { array_shift($arrn); array_pop($arrp); } $path = ! empty($arrp) ? $systemroot . join($separator, array_merge($arrp, $arrn)) : (! empty($arrn) ? $systemroot . join($separator, $arrn) : $systemroot); } return $path; }",True,PHP,getFullPath,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function getAuthority() { if ($this->host == '') { return ''; } $authority = $this->host; if ($this->userInfo != '') { $authority = $this->userInfo . '@' . $authority; } if ($this->port !== null) { $authority .= ':' . $this->port; } return $authority; } 3648,return @unlink($dir); } return false; },True,PHP,unlink,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function withScheme($scheme) { $scheme = $this->filterScheme($scheme); if ($this->scheme === $scheme) { return $this; } $new = clone $this; $new->scheme = $scheme; $new->port = $new->filterPort($new->port); return $new; } 3649,"protected function stat($path) { if ($path === false || is_null($path)) { return false; } $is_root = ($path == $this->root); if ($is_root) { $rootKey = md5($path); if (!isset($this->sessionCache['rootstat'])) { $this->sessionCache['rootstat'] = array(); } if (! $this->isMyReload()) { if (isset($this->sessionCache['rootstat'][$rootKey])) { if ($ret = $this->sessionCache['rootstat'][$rootKey]) { return $ret; } } } } $ret = isset($this->cache[$path]) ? $this->cache[$path] : $this->updateCache($path, $this->convEncOut($this->_stat($this->convEncIn($path)))); if ($is_root) { $this->sessionCache['rootstat'][$rootKey] = $ret; $this->session->set($this->id, $this->sessionCache); } return $ret; }",True,PHP,stat,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function filterPort($port) { if ($port === null) { return null; } $port = (int) $port; if (1 > $port || 0xffff < $port) { throw new \InvalidArgumentException( sprintf('Invalid port: %d. Must be between 1 and 65535', $port) ); } return self::isNonStandardPort($this->scheme, $port) ? $port : null; }" 3650,protected function getRootStatExtra() { $stat = array(); if ($this->rootName) { $stat['name'] = $this->rootName; } if (! empty($this->options['icon'])) { $stat['icon'] = $this->options['icon']; } if (! empty($this->options['rootCssClass'])) { $stat['csscls'] = $this->options['rootCssClass']; } if (! empty($this->tmbURL)) { $stat['tmbUrl'] = $this->tmbURL; } $stat['uiCmdMap'] = (isset($this->options['uiCmdMap']) && is_array($this->options['uiCmdMap']))? $this->options['uiCmdMap'] : array(); $stat['disabled'] = $this->disabled; if (isset($this->options['netkey'])) { $stat['netkey'] = $this->options['netkey']; } return $stat; },True,PHP,getRootStatExtra,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function readline(StreamInterface $stream, $maxLength = null) { $buffer = ''; $size = 0; while (!$stream->eof()) { if (null == ($byte = $stream->read(1))) { return $buffer; } $buffer .= $byte; if ($byte === ""\n"" || ++$size === $maxLength - 1) { break; } } return $buffer; }" 3651,"public function duplicate($hash, $suffix='copy') { if ($this->commandDisabled('duplicate')) { return $this->setError(elFinder::ERROR_COPY, '#'.$hash, elFinder::ERROR_PERM_DENIED); } if (($file = $this->file($hash)) == false) { return $this->setError(elFinder::ERROR_COPY, elFinder::ERROR_FILE_NOT_FOUND); } $path = $this->decode($hash); $dir = $this->dirnameCE($path); $name = $this->uniqueName($dir, $file['name'], ' '.$suffix.' '); if (!$this->allowCreate($dir, $name, ($file['mime'] === 'directory'))) { return $this->setError(elFinder::ERROR_PERM_DENIED); } return ($path = $this->copy($path, $dir, $name)) == false ? false : $this->stat($path); }",True,PHP,duplicate,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function parse_request($message) { $data = _parse_message($message); $matches = []; if (!preg_match('/^[\S]+\s+([a-zA-Z]+:\/\/|\/).*/', $data['start-line'], $matches)) { throw new \InvalidArgumentException('Invalid request string'); } $parts = explode(' ', $data['start-line'], 3); $version = isset($parts[2]) ? explode('/', $parts[2])[1] : '1.1'; $request = new Request( $parts[0], $matches[1] === '/' ? _parse_request_uri($parts[1], $data['headers']) : $parts[1], $data['headers'], $data['body'], $version ); return $matches[1] === '/' ? $request : $request->withRequestTarget($parts[1]); }" 3652,"$stat = $this->stat($p); if (!$stat) { continue; } if (!empty($stat['hidden']) || !$this->mimeAccepted($stat['mime'], $mimes)) { continue; } $name = $stat['name']; if ((!$mimes || $stat['mime'] !== 'directory') && $this->stripos($name, $q) !== false) { $stat['path'] = $this->path($stat['hash']); if ($this->URL && !isset($stat['url'])) { $path = str_replace($this->separator, '/', substr($p, strlen($this->root) + 1)); if ($this->encoding) { $path = str_replace('%2F', '/', rawurlencode($this->convEncIn($path, true))); } $stat['url'] = $this->URL . $path; } $result[] = $stat; } if ($stat['mime'] == 'directory' && $stat['read'] && !isset($stat['alias'])) { $result = array_merge($result, $this->doSearch($p, $q, $mimes)); } } return $result; }",True,PHP,stat,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testConvertsResponsesToStrings() { $response = new Psr7\Response(200, [ 'Baz' => 'bar', 'Qux' => 'ipsum' ], 'hello', '1.0', 'FOO'); $this->assertEquals( ""HTTP/1.0 200 FOO\r\nBaz: bar\r\nQux: ipsum\r\n\r\nhello"", Psr7\str($response) ); }" 3658,"protected function imagickImage($img, $filename, $destformat, $jpgQuality = null ){ if (!$jpgQuality) { $jpgQuality = $this->options['jpgQuality']; } try { if ($destformat) { if ($destformat === 'gif') { $img->setImageFormat('gif'); } else if ($destformat === 'png') { $img->setImageFormat('png'); } else if ($destformat === 'jpg') { $img->setImageFormat('jpeg'); } } if (strtoupper($img->getImageFormat()) === 'JPEG') { $img->setImageCompression(imagick::COMPRESSION_JPEG); $img->setImageCompressionQuality($jpgQuality); try { $orientation = $img->getImageOrientation(); } catch (ImagickException $e) { $orientation = 0; } $img->stripImage(); if ($orientation) { $img->setImageOrientation($orientation); } } $result = $img->writeImage($filename); } catch (Exception $e) { $result = false; } return $result; if ($destformat == 'jpg' || ($destformat == null && $mime == 'image/jpeg')) { return imagejpeg($image, $filename, $jpgQuality); } if ($destformat == 'gif' || ($destformat == null && $mime == 'image/gif')) { return imagegif($image, $filename, 7); } return imagepng($image, $filename, 7); }",True,PHP,imagickImage,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testReturnsAsIsWhenNoChanges() { $r1 = new Psr7\Request('GET', 'http: $r2 = Psr7\modify_request($r1, []); $this->assertTrue($r2 instanceof Psr7\Request); $r1 = new Psr7\ServerRequest('GET', 'http: $r2 = Psr7\modify_request($r1, []); $this->assertTrue($r2 instanceof \Psr\Http\Message\ServerRequestInterface); }" 3659,"protected function gdImageBackground($image, $bgcolor){ if( $bgcolor == 'transparent' ){ imagesavealpha($image,true); $bgcolor1 = imagecolorallocatealpha($image, 255, 255, 255, 127); }else{ list($r, $g, $b) = sscanf($bgcolor, ""#%02x%02x%02x""); $bgcolor1 = imagecolorallocate($image, $r, $g, $b); } imagefill($image, 0, 0, $bgcolor1); }",True,PHP,gdImageBackground,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testConvertsRequestsToStrings() { $request = new Psr7\Request('PUT', 'http: 'Baz' => 'bar', 'Qux' => 'ipsum' ], 'hello', '1.0'); $this->assertEquals( ""PUT /hi?123 HTTP/1.0\r\nHost: foo.com\r\nBaz: bar\r\nQux: ipsum\r\n\r\nhello"", Psr7\str($request) ); }" 3660,"public function rename($hash, $name) { if ($this->commandDisabled('rename')) { return $this->setError(elFinder::ERROR_PERM_DENIED); } if (!$this->nameAccepted($name)) { return $this->setError(elFinder::ERROR_INVALID_NAME, $name); } $mimeByName = elFinderVolumeDriver::mimetypeInternalDetect($name); if ($mimeByName && $mimeByName !== 'unknown' && !$this->allowPutMime($mimeByName)) { return $this->setError(elFinder::ERROR_INVALID_NAME, $name); } if (!($file = $this->file($hash))) { return $this->setError(elFinder::ERROR_FILE_NOT_FOUND); } if ($name == $file['name']) { return $file; } if (!empty($file['locked'])) { return $this->setError(elFinder::ERROR_LOCKED, $file['name']); } $path = $this->decode($hash); $dir = $this->dirnameCE($path); $stat = $this->stat($this->joinPathCE($dir, $name)); if ($stat) { return $this->setError(elFinder::ERROR_EXISTS, $name); } if (!$this->allowCreate($dir, $name, ($file['mime'] === 'directory'))) { return $this->setError(elFinder::ERROR_PERM_DENIED); } $this->rmTmb($file); if ($path = $this->convEncOut($this->_move($this->convEncIn($path), $this->convEncIn($dir), $this->convEncIn($name)))) { $this->clearcache(); return $this->stat($path); } return false; }",True,PHP,rename,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testAggregatesHeaders() { $r = new Request('GET', '', [ 'ZOO' => 'zoobar', 'zoo' => ['foobar', 'zoobar'] ]); $this->assertEquals(['ZOO' => ['zoobar', 'foobar', 'zoobar']], $r->getHeaders()); $this->assertEquals('zoobar, foobar, zoobar', $r->getHeaderLine('zoo')); }" 3661,"protected function imgRotate($path, $degree, $bgcolor = '#ffffff', $destformat = null, $jpgQuality = null) { if (($s = @getimagesize($path)) == false || $degree % 360 === 0) { return false; } $result = false; if ($degree % 90 === 0 && in_array($s[2], array(IMAGETYPE_JPEG, IMAGETYPE_JPEG2000))) { $count = ($degree / 90) % 4; $exiftran = array( 1 => '-9', 2 => '-1', 3 => '-2' ); $jpegtran = array( 1 => '90', 2 => '180', 3 => '270' ); $quotedPath = escapeshellarg($path); $cmds = array( 'exiftran -i '.$exiftran[$count].' '.$path, 'jpegtran -rotate '.$jpegtran[$count].' -copy all -outfile '.$quotedPath.' '.$quotedPath ); foreach($cmds as $cmd) { if ($this->procExec($cmd) === 0) { $result = true; break; } } if ($result) { return $path; } } if (!$jpgQuality) { $jpgQuality = $this->options['jpgQuality']; } switch ($this->imgLib) { case 'imagick': try { $img = new imagick($path); } catch (Exception $e) { return false; } if ($img->getNumberImages() > 1) { $img = $img->coalesceImages(); do { $img->rotateImage(new ImagickPixel($bgcolor), $degree); } while ($img->nextImage()); $img = $img->optimizeImageLayers(); $result = $img->writeImages($path, true); } else { $img->rotateImage(new ImagickPixel($bgcolor), $degree); $result = $this->imagickImage($img, $path, $destformat, $jpgQuality); } $img->clear(); return $result ? $path : false; break; case 'gd': $img = $this->gdImageCreate($path,$s['mime']); $degree = 360 - $degree; list($r, $g, $b) = sscanf($bgcolor, ""#%02x%02x%02x""); $bgcolor = imagecolorallocate($img, $r, $g, $b); $tmp = imageRotate($img, $degree, (int)$bgcolor); $result = $this->gdImage($tmp, $path, $destformat, $s['mime'], $jpgQuality); imageDestroy($img); imageDestroy($tmp); return $result ? $path : false; break; } return false; }",True,PHP,imgRotate,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testValidateRequestUri() { new Request('GET', '/ }" 3663,"protected function encode($path) { if ($path !== '') { $p = $this->relpathCE($path); if ($p === '') { $p = DIRECTORY_SEPARATOR; } $hash = $this->crypt($p); $hash = strtr(base64_encode($hash), '+/=', '-_.'); $hash = rtrim($hash, '.'); return $this->id.$hash; } }",True,PHP,encode,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testSameInstanceWhenSameBody() { $r = new Response(); $b = $r->getBody(); $this->assertSame($r, $r->withBody($b)); }" 3666,"protected function gdImageCreate($path,$mime){ switch($mime){ case 'image/jpeg': return @imagecreatefromjpeg($path); case 'image/png': return @imagecreatefrompng($path); case 'image/gif': return @imagecreatefromgif($path); case 'image/x-ms-bmp': if (!function_exists('imagecreatefrombmp')) { include_once dirname(__FILE__).'/libs/GdBmp.php'; } return @imagecreatefrombmp($path); case 'image/xbm': return @imagecreatefromxbm($path); case 'image/xpm': return @imagecreatefromxpm($path); } return false; }",True,PHP,gdImageCreate,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testSameInstanceWhenSameProtocol() { $r = new Response(); $this->assertSame($r, $r->withProtocolVersion('1.1')); }" 3668,"public function options($hash) { $create = $createext = array(); if (isset($this->archivers['create']) && is_array($this->archivers['create'])) { foreach($this->archivers['create'] as $m => $v) { $create[] = $m; $createext[$m] = $v['ext']; } } return array( 'path' => $this->path($hash), 'url' => $this->URL, 'tmbUrl' => $this->tmbURL, 'disabled' => $this->disabled, 'separator' => $this->separator, 'copyOverwrite' => intval($this->options['copyOverwrite']), 'uploadOverwrite' => intval($this->options['uploadOverwrite']), 'uploadMaxSize' => intval($this->uploadMaxSize), 'dispInlineRegex' => $this->options['dispInlineRegex'], 'jpgQuality' => intval($this->options['jpgQuality']), 'archivers' => array( 'create' => $create, 'extract' => isset($this->archivers['extract']) && is_array($this->archivers['extract']) ? array_keys($this->archivers['extract']) : array(), 'createext' => $createext ), 'uiCmdMap' => (isset($this->options['uiCmdMap']) && is_array($this->options['uiCmdMap']))? $this->options['uiCmdMap'] : array(), 'syncChkAsTs' => intval($this->options['syncChkAsTs']), 'syncMinMs' => intval($this->options['syncMinMs']) ); }",True,PHP,options,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testResource() { $stream = Psr7\stream_for('foo'); $handle = StreamWrapper::getResource($stream); $this->assertSame('foo', fread($handle, 3)); $this->assertSame(3, ftell($handle)); $this->assertSame(3, fwrite($handle, 'bar')); $this->assertSame(0, fseek($handle, 0)); $this->assertSame('foobar', fread($handle, 6)); $this->assertSame('', fread($handle, 1)); $this->assertTrue(feof($handle)); $stBlksize = defined('PHP_WINDOWS_VERSION_BUILD') ? -1 : 0; if (!defined('HHVM_VERSION')) { $this->assertEquals([ 'dev' => 0, 'ino' => 0, 'mode' => 33206, 'nlink' => 0, 'uid' => 0, 'gid' => 0, 'rdev' => 0, 'size' => 6, 'atime' => 0, 'mtime' => 0, 'ctime' => 0, 'blksize' => $stBlksize, 'blocks' => $stBlksize, 0 => 0, 1 => 0, 2 => 33206, 3 => 0, 4 => 0, 5 => 0, 6 => 0, 7 => 6, 8 => 0, 9 => 0, 10 => 0, 11 => $stBlksize, 12 => $stBlksize, ], fstat($handle)); } $this->assertTrue(fclose($handle)); $this->assertSame('foobar', (string) $stream); }" 3669,"$_ret[$_k] = $this->convEnc($_v, $from, $to, '', false, $unknown = '_'); } $var = $_ret; } else { $_var = false; if (is_string($var)) { $_var = $var; if (false !== ($_var = @iconv($from, $to.'//TRANSLIT', $_var))) { $_var = str_replace('?', $unknown, $_var); } } if ($_var !== false) { $var = $_var; } } if ($restoreLocale) { setlocale(LC_ALL, elFinder::$locale); } } return $var; }",True,PHP,convEnc,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getResolveTestCases() { return [ [self::RFC3986_BASE, 'g:h', 'g:h'], [self::RFC3986_BASE, 'g', 'http: [self::RFC3986_BASE, './g', 'http: [self::RFC3986_BASE, 'g/', 'http: [self::RFC3986_BASE, '/g', 'http: [self::RFC3986_BASE, '//g', 'http: [self::RFC3986_BASE, '?y', 'http: [self::RFC3986_BASE, 'g?y', 'http: [self::RFC3986_BASE, '#s', 'http: [self::RFC3986_BASE, 'g [self::RFC3986_BASE, 'g?y [self::RFC3986_BASE, ';x', 'http: [self::RFC3986_BASE, 'g;x', 'http: [self::RFC3986_BASE, 'g;x?y [self::RFC3986_BASE, '', self::RFC3986_BASE], [self::RFC3986_BASE, '.', 'http: [self::RFC3986_BASE, './', 'http: [self::RFC3986_BASE, '..', 'http: [self::RFC3986_BASE, '../', 'http: [self::RFC3986_BASE, '../g', 'http: [self::RFC3986_BASE, '../..', 'http: [self::RFC3986_BASE, '../../', 'http: [self::RFC3986_BASE, '../../g', 'http: [self::RFC3986_BASE, '../../../g', 'http: [self::RFC3986_BASE, '../../../../g', 'http: [self::RFC3986_BASE, '/./g', 'http: [self::RFC3986_BASE, '/../g', 'http: [self::RFC3986_BASE, 'g.', 'http: [self::RFC3986_BASE, '.g', 'http: [self::RFC3986_BASE, 'g..', 'http: [self::RFC3986_BASE, '..g', 'http: [self::RFC3986_BASE, './../g', 'http: [self::RFC3986_BASE, 'foo [self::RFC3986_BASE, './g/.', 'http: [self::RFC3986_BASE, 'g/./h', 'http: [self::RFC3986_BASE, 'g/../h', 'http: [self::RFC3986_BASE, 'g;x=1/./y', 'http: [self::RFC3986_BASE, 'g;x=1/../y', 'http: [self::RFC3986_BASE, 'g?y/./x', 'http: [self::RFC3986_BASE, 'g?y/../x', 'http: [self::RFC3986_BASE, 'g [self::RFC3986_BASE, 'g [self::RFC3986_BASE, 'g [self::RFC3986_BASE, '?y ['http: ['http: ['http: ['http: ['urn:no-slash', 'e', 'urn:e'], [self::RFC3986_BASE, '//0', 'http: [self::RFC3986_BASE, '0', 'http: [self::RFC3986_BASE, '?0', 'http: [self::RFC3986_BASE, '#0', 'http: ]; }" 3674,"protected function createTmb($path, $stat) { if (!$stat || !$this->canCreateTmb($path, $stat)) { return false; } $name = $this->tmbname($stat); $tmb = $this->tmbPath.DIRECTORY_SEPARATOR.$name; if (($src = $this->fopenCE($path, 'rb')) == false) { return false; } if (($trg = fopen($tmb, 'wb')) == false) { $this->fcloseCE($src, $path); return false; } while (!feof($src)) { fwrite($trg, fread($src, 8192)); } $this->fcloseCE($src, $path); fclose($trg); $result = false; $tmbSize = $this->tmbSize; if ($this->imgLib === 'imagick') { try { $imagickTest = new imagick($tmb); $imagickTest->clear(); $imagickTest = true; } catch (Exception $e) { $imagickTest = false; } } if (($this->imgLib === 'imagick' && ! $imagickTest) || ($s = @getimagesize($tmb)) === false) { if ($this->imgLib === 'imagick') { try { $imagick = new imagick(); $imagick->setBackgroundColor(new ImagickPixel($this->options['tmbBgColor'])); $imagick->readImage($this->getExtentionByMime($stat['mime'], ':') . $tmb); $imagick->setImageFormat('png'); $imagick->writeImage($tmb); $imagick->clear(); if (($s = @getimagesize($tmb)) !== false) { $result = true; } } catch (Exception $e) {} } if (! $result) { unlink($tmb); return false; } $result = false; } if ($s[0] <= $tmbSize && $s[1] <= $tmbSize) { $result = $this->imgSquareFit($tmb, $tmbSize, $tmbSize, 'center', 'middle', $this->options['tmbBgColor'], 'png' ); } else { if ($this->options['tmbCrop']) { $result = $tmb; if (!(($s[0] > $tmbSize && $s[1] <= $tmbSize) || ($s[0] <= $tmbSize && $s[1] > $tmbSize) ) || ($s[0] > $tmbSize && $s[1] > $tmbSize)) { $result = $this->imgResize($tmb, $tmbSize, $tmbSize, true, false, 'png'); } if ($result && ($s = @getimagesize($tmb)) != false) { $x = $s[0] > $tmbSize ? intval(($s[0] - $tmbSize)/2) : 0; $y = $s[1] > $tmbSize ? intval(($s[1] - $tmbSize)/2) : 0; $result = $this->imgCrop($result, $tmbSize, $tmbSize, $x, $y, 'png'); } else { $result = false; } } else { $result = $this->imgResize($tmb, $tmbSize, $tmbSize, true, true, 'png'); } if ($result) { $result = $this->imgSquareFit($result, $tmbSize, $tmbSize, 'center', 'middle', $this->options['tmbBgColor'], 'png' ); } } if (!$result) { unlink($tmb); return false; } return $name; }",True,PHP,createTmb,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function testPortMustBeValid() { (new Uri())->withPort(100000); } 3675,"protected function copyFrom($volume, $src, $destination, $name) { if (($source = $volume->file($src)) == false) { return $this->setError(elFinder::ERROR_COPY, '#'.$src, $volume->error()); } $errpath = $volume->path($source['hash']); if (!$this->nameAccepted($source['name'])) { return $this->setError(elFinder::ERROR_COPY, $errpath, elFinder::ERROR_INVALID_NAME); } if (!$source['read']) { return $this->setError(elFinder::ERROR_COPY, $errpath, elFinder::ERROR_PERM_DENIED); } if ($source['mime'] == 'directory') { $test = $this->stat($this->joinPathCE($destination, $name)); $this->clearcache(); if (($test && $test['mime'] != 'directory') || (! $test = $this->mkdir($this->encode($destination), $name))) { return $this->setError(elFinder::ERROR_COPY, $errpath); } $path = $this->joinPathCE($destination, $name); $path = $this->decode($test['hash']); foreach ($volume->scandir($src) as $entr) { if (!$this->copyFrom($volume, $entr['hash'], $path, $entr['name'])) { $this->remove($path, true); return $this->setError($this->error, elFinder::ERROR_COPY, $errpath); } } } else { if (($dim = $volume->dimensions($src))) { $s = explode('x', $dim); $source['width'] = $s[0]; $source['height'] = $s[1]; } if (($fp = $volume->open($src)) == false || ($path = $this->saveCE($fp, $destination, $name, $source)) == false) { $fp && $volume->close($fp, $src); return $this->setError(elFinder::ERROR_COPY, $errpath); } $volume->close($fp, $src); $stat = $this->stat($path); $mimeByName = elFinderVolumeDriver::mimetypeInternalDetect($stat['name']); if ($stat['mime'] === $mimeByName) { $mimeByName = ''; } if (!$this->allowPutMime($stat['mime']) || ($mimeByName && $mimeByName !== 'unknown' && !$this->allowPutMime($mimeByName))) { $this->remove($path, true); return $this->setError(elFinder::ERROR_UPLOAD_FILE_MIME, $errpath); } } return $path; }",True,PHP,copyFrom,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testAddAndRemoveQueryValues() { $uri = new Uri(); $uri = Uri::withQueryValue($uri, 'a', 'b'); $uri = Uri::withQueryValue($uri, 'c', 'd'); $uri = Uri::withQueryValue($uri, 'e', null); $this->assertSame('a=b&c=d&e', $uri->getQuery()); $uri = Uri::withoutQueryValue($uri, 'c'); $this->assertSame('a=b&e', $uri->getQuery()); $uri = Uri::withoutQueryValue($uri, 'e'); $this->assertSame('a=b', $uri->getQuery()); $uri = Uri::withoutQueryValue($uri, 'a'); $this->assertSame('', $uri->getQuery()); }" 3680,"public function tmb($hash) { $path = $this->decode($hash); $stat = $this->stat($path); if (isset($stat['tmb'])) { return $stat['tmb'] == ""1"" ? $this->createTmb($path, $stat) : $stat['tmb']; } return false; }",True,PHP,tmb,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testAllowsForRelativeUri() { $uri = (new Uri)->withPath('foo'); $this->assertSame('foo', $uri->getPath()); $this->assertSame('foo', (string) $uri); }" 3682,"protected function imgCrop($path, $width, $height, $x, $y, $destformat = null, $jpgQuality = null) { if (($s = @getimagesize($path)) == false) { return false; } $result = false; if (!$jpgQuality) { $jpgQuality = $this->options['jpgQuality']; } switch ($this->imgLib) { case 'imagick': try { $img = new imagick($path); } catch (Exception $e) { return false; } $ani = ($img->getNumberImages() > 1); if ($ani && is_null($destformat)) { $img = $img->coalesceImages(); do { $img->setImagePage($s[0], $s[1], 0, 0); $img->cropImage($width, $height, $x, $y); $img->setImagePage($width, $height, 0, 0); } while ($img->nextImage()); $img = $img->optimizeImageLayers(); $result = $img->writeImages($path, true); } else { if ($ani) { $img->setFirstIterator(); } $img->setImagePage($s[0], $s[1], 0, 0); $img->cropImage($width, $height, $x, $y); $img->setImagePage($width, $height, 0, 0); $result = $this->imagickImage($img, $path, $destformat, $jpgQuality); } $img->clear(); return $result ? $path : false; break; case 'gd': $img = $this->gdImageCreate($path,$s['mime']); if ($img && false != ($tmp = imagecreatetruecolor($width, $height))) { $this->gdImageBackground($tmp,$this->options['tmbBgColor']); $size_w = $width; $size_h = $height; if ($s[0] < $width || $s[1] < $height) { $size_w = $s[0]; $size_h = $s[1]; } if (!imagecopy($tmp, $img, 0, 0, $x, $y, $size_w, $size_h)) { return false; } $result = $this->gdImage($tmp, $path, $destformat, $s['mime'], $jpgQuality); imagedestroy($img); imagedestroy($tmp); return $result ? $path : false; } break; } return false; }",True,PHP,imgCrop,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testResolvesUris($base, $rel, $expected) { $uri = new Uri($base); $actual = Uri::resolve($uri, $rel); $this->assertSame($expected, (string) $actual); }" 3687,"protected function decode($hash) { if (strpos($hash, $this->id) === 0) { $h = substr($hash, strlen($this->id)); $h = base64_decode(strtr($h, '-_.', '+/=')); $path = $this->uncrypt($h); return $this->abspathCE($path); } }",True,PHP,decode,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testAddsSlashForRelativeUriStringWithHost() { $uri = (new Uri)->withPath('foo')->withHost('example.com'); $this->assertSame('foo', $uri->getPath()); $this->assertSame('//example.com/foo', (string) $uri); }" 3688,"protected function getItemsInHand($hashes, $dir = null) { static $totalSize = 0; if (is_null($dir)) { $totalSize = 0; if (! $tmpDir = $this->getTempPath()) { return false; } $dir = tempnam($tmpDir, 'elf'); if (!unlink($dir) || !mkdir($dir, 0700, true)) { return false; } register_shutdown_function(array($this, 'rmdirRecursive'), $dir); } $res = true; $files = array(); foreach ($hashes as $hash) { if (($file = $this->file($hash)) == false) { continue; } if (!$file['read']) { continue; } $name = $file['name']; if (isset($files[$name])) { $name = preg_replace('/^(.*?)(\..*)?$/', '$1_'.$files[$name]++.'$2', $name); } else { $files[$name] = 1; } $target = $dir.DIRECTORY_SEPARATOR.$name; if ($file['mime'] === 'directory') { $chashes = array(); $_files = $this->scandir($hash); foreach($_files as $_file) { if ($file['read']) { $chashes[] = $_file['hash']; } } if ($chashes) { mkdir($target, 0700, true); $res = $this->getItemsInHand($chashes, $target); } if (!$res) { break; } !empty($file['ts']) && @touch($target, $file['ts']); } else { $path = $this->decode($hash); if ($fp = $this->fopenCE($path)) { if ($tfp = fopen($target, 'wb')) { $totalSize += stream_copy_to_stream($fp, $tfp); fclose($tfp); } !empty($file['ts']) && @touch($target, $file['ts']); $this->fcloseCE($fp, $path); } if ($this->options['maxArcFilesSize'] > 0 && $this->options['maxArcFilesSize'] < $totalSize) { $res = $this->setError(elFinder::ERROR_ARC_MAXSIZE); } } } return $res? $dir : false; }",True,PHP,getItemsInHand,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testCanTransformAndRetrievePartsIndividually() { $uri = (new Uri()) ->withScheme('https') ->withUserInfo('user', 'pass') ->withHost('example.com') ->withPort(8080) ->withPath('/path/123') ->withQuery('q=abc') ->withFragment('test'); $this->assertSame('https', $uri->getScheme()); $this->assertSame('user:pass@example.com:8080', $uri->getAuthority()); $this->assertSame('user:pass', $uri->getUserInfo()); $this->assertSame('example.com', $uri->getHost()); $this->assertSame(8080, $uri->getPort()); $this->assertSame('/path/123', $uri->getPath()); $this->assertSame('q=abc', $uri->getQuery()); $this->assertSame('test', $uri->getFragment()); $this->assertSame('https: }" 3690,"protected function configure() { $this->ARGS = $_SERVER['REQUEST_METHOD'] === 'POST'? $_POST : $_GET; $path = $this->options['tmbPath']; if ($path) { if (!file_exists($path)) { if (@mkdir($path)) { chmod($path, $this->options['tmbPathMode']); } else { $path = ''; } } if (is_dir($path) && is_readable($path)) { $this->tmbPath = $path; $this->tmbPathWritable = is_writable($path); } } $type = preg_match('/^(imagick|gd|auto)$/i', $this->options['imgLib']) ? strtolower($this->options['imgLib']) : 'auto'; if (($type == 'imagick' || $type == 'auto') && extension_loaded('imagick')) { $this->imgLib = 'imagick'; } else { $this->imgLib = function_exists('gd_info') ? 'gd' : ''; } if (empty($this->archivers['create'])) { $this->disabled[] ='archive'; } if (empty($this->archivers['extract'])) { $this->disabled[] ='extract'; } $_arc = $this->getArchivers(); if (empty($_arc['create'])) { $this->disabled[] ='zipdl'; } if (empty($this->options['statOwner'])) { $this->disabled[] ='chmod'; } if (!is_array($this->options['mimeMap'])) { $this->options['mimeMap'] = array(); } }",True,PHP,configure,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function getSupportedBrands() { return $this->supported_cards; } 3692,"protected function copy($src, $dst, $name) { $srcStat = $this->stat($src); $this->clearcache(); if (!empty($srcStat['thash'])) { $target = $this->decode($srcStat['thash']); if (!$this->inpathCE($target, $this->root)) { return $this->setError(elFinder::ERROR_COPY, $this->path($srcStat['hash']), elFinder::ERROR_MKOUTLINK); } $stat = $this->stat($target); $this->clearcache(); return $stat && $this->symlinkCE($target, $dst, $name) ? $this->joinPathCE($dst, $name) : $this->setError(elFinder::ERROR_COPY, $this->path($srcStat['hash'])); } if ($srcStat['mime'] == 'directory') { $test = $this->stat($this->joinPathCE($dst, $name)); $this->clearcache(); if (($test && $test['mime'] != 'directory') || (! $test = $this->mkdir($this->encode($dst), $name))) { return $this->setError(elFinder::ERROR_COPY, $this->path($srcStat['hash'])); } $dst = $this->decode($test['hash']); foreach ($this->getScandir($src) as $stat) { if (empty($stat['hidden'])) { $name = $stat['name']; $_src = $this->decode($stat['hash']); if (! $this->copy($_src, $dst, $name)) { $this->remove($dst, true); return $this->setError($this->error, elFinder::ERROR_COPY, $this->_path($src)); } } } $this->clearcache(); return $dst; } if ($res = $this->convEncOut($this->_copy($this->convEncIn($src), $this->convEncIn($dst), $this->convEncIn($name)))) { return is_string($res)? $res : $this->joinPathCE($dst, $name); } return $this->setError(elFinder::ERROR_COPY, $this->path($srcStat['hash'])); }",True,PHP,copy,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getAmount() { $amount = $this->getParameter('amount'); if ($amount !== null) { if ($this->getCurrencyDecimalPlaces() > 0) { if (is_int($amount) || (is_string($amount) && false === strpos((string) $amount, '.'))) { throw new InvalidRequestException( 'Please specify amount as a string or float, ' . 'with decimal places (e.g. \'10.00\' to represent $10.00).' ); }; } $amount = $this->toFloat($amount); if (!$this->negativeAmountAllowed && $amount < 0) { throw new InvalidRequestException('A negative amount is not allowed.'); } if (!$this->zeroAmountAllowed && $amount === 0.0) { throw new InvalidRequestException('A zero amount is not allowed.'); } $decimal_count = strlen(substr(strrchr(sprintf('%.8g', $amount), '.'), 1)); if ($decimal_count > $this->getCurrencyDecimalPlaces()) { throw new InvalidRequestException('Amount precision is too high for currency.'); } return $this->formatCurrency($amount); } }" 3696,"protected function imgSquareFit($path, $width, $height, $align = 'center', $valign = 'middle', $bgcolor = '#0000ff', $destformat = null, $jpgQuality = null) { if (($s = @getimagesize($path)) == false) { return false; } $result = false; $y = ceil(abs($height - $s[1]) / 2); $x = ceil(abs($width - $s[0]) / 2); if (!$jpgQuality) { $jpgQuality = $this->options['jpgQuality']; } switch ($this->imgLib) { case 'imagick': try { $img = new imagick($path); } catch (Exception $e) { return false; } $ani = ($img->getNumberImages() > 1); if ($ani && is_null($destformat)) { $img1 = new Imagick(); $img1->setFormat('gif'); $img = $img->coalesceImages(); do { $gif = new Imagick(); $gif->newImage($width, $height, new ImagickPixel($bgcolor)); $gif->setImageColorspace($img->getImageColorspace()); $gif->setImageFormat('gif'); $gif->compositeImage( $img, imagick::COMPOSITE_OVER, $x, $y ); $gif->setImageDelay($img->getImageDelay()); $gif->setImageIterations($img->getImageIterations()); $img1->addImage($gif); $gif->clear(); } while ($img->nextImage()); $img1 = $img1->optimizeImageLayers(); $result = $img1->writeImages($path, true); } else { if ($ani) { $img->setFirstIterator(); } $img1 = new Imagick(); $img1->newImage($width, $height, new ImagickPixel($bgcolor)); $img1->setImageColorspace($img->getImageColorspace()); $img1->compositeImage( $img, imagick::COMPOSITE_OVER, $x, $y ); $result = $this->imagickImage($img, $path, $destformat, $jpgQuality); } $img1->clear(); $img->clear(); return $result ? $path : false; break; case 'gd': $img = $this->gdImageCreate($path,$s['mime']); if ($img && false != ($tmp = imagecreatetruecolor($width, $height))) { $this->gdImageBackground($tmp,$bgcolor); if (!imagecopy($tmp, $img, $x, $y, 0, 0, $s[0], $s[1])) { return false; } $result = $this->gdImage($tmp, $path, $destformat, $s['mime'], $jpgQuality); imagedestroy($img); imagedestroy($tmp); return $result ? $path : false; } break; } return false; }",True,PHP,imgSquareFit,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function sendData($data) { $httpRequest = $this->httpClient->post($this->getEndpoint(), null, http_build_query($data)); $httpRequest->getCurlOptions()->set(CURLOPT_SSLVERSION, 6); $httpResponse = $httpRequest->send(); return $this->createResponse($httpResponse->getBody()); }" 3700,protected static function localScandir($dir) { $files = array(); if ($dh = opendir($dir)) { while (false !== ($file = readdir($dh))) { if ($file !== '.' && $file !== '..') { $files[] = $file; } } closedir($dh); } else { $this->setError('Can not open local directory.'); } return $files; },True,PHP,localScandir,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testTransactionSearch() { $transactionSearch = $this->gateway->transactionSearch(array( 'startDate' => '2015-01-01', 'endDate' => '2015-12-31', )); $this->assertInstanceOf('\Omnipay\PayPal\Message\ExpressTransactionSearchRequest', $transactionSearch); $this->assertInstanceOf('\DateTime', $transactionSearch->getStartDate()); $this->assertInstanceOf('\DateTime', $transactionSearch->getEndDate()); }" 3702,"protected function gdImage($image, $filename, $destformat, $mime, $jpgQuality = null ){ if (!$jpgQuality) { $jpgQuality = $this->options['jpgQuality']; } if ($destformat == 'jpg' || ($destformat == null && $mime == 'image/jpeg')) { return imagejpeg($image, $filename, $jpgQuality); } if ($destformat == 'gif' || ($destformat == null && $mime == 'image/gif')) { return imagegif($image, $filename, 7); } return imagepng($image, $filename, 7); }",True,PHP,gdImage,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testCompletePurchaseHttpOptions() { $this->setMockHttpResponse('ExpressPurchaseSuccess.txt'); $this->getHttpRequest()->query->replace(array( 'token' => 'GET_TOKEN', 'PayerID' => 'GET_PAYERID', )); $response = $this->gateway->completePurchase(array( 'amount' => '10.00', 'currency' => 'BYR', ))->send(); $httpRequests = $this->getMockedRequests(); $httpRequest = $httpRequests[0]; parse_str((string)$httpRequest->getBody(), $postData); $this->assertSame('GET_TOKEN', $postData['TOKEN']); $this->assertSame('GET_PAYERID', $postData['PAYERID']); }" 3706,"public function getImageSize($path, $mime = '') { $size = false; if ($mime === '' || strtolower(substr($mime, 0, 5)) === 'image') { if ($work = $this->getWorkFile($path)) { if ($size = @getimagesize($work)) { $size['dimensions'] = $size[0].'x'.$size[1]; } } is_file($work) && @unlink($work); } return $size; }",True,PHP,getImageSize,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testCompletePurchaseCustomOptions() { $this->setMockHttpResponse('ExpressPurchaseSuccess.txt'); $this->getHttpRequest()->query->replace(array( 'token' => 'GET_TOKEN', 'PayerID' => 'GET_PAYERID', )); $response = $this->gateway->completePurchase(array( 'amount' => '10.00', 'currency' => 'BYR', 'token' => 'CUSTOM_TOKEN', 'payerid' => 'CUSTOM_PAYERID', ))->send(); $httpRequests = $this->getMockedRequests(); $httpRequest = $httpRequests[0]; parse_str((string)$httpRequest->getBody(), $postData); $this->assertSame('CUSTOM_TOKEN', $postData['TOKEN']); $this->assertSame('CUSTOM_PAYERID', $postData['PAYERID']); }" 3710,"public function uniqueName($dir, $name, $suffix = ' copy', $checkNum = true, $start = 1) { $ext = ''; if (preg_match('/\.((tar\.(gz|bz|bz2|z|lzo))|cpio\.gz|ps\.gz|xcf\.(gz|bz2)|[a-z0-9]{1,4})$/i', $name, $m)) { $ext = '.'.$m[1]; $name = substr($name, 0, strlen($name)-strlen($m[0])); } if ($checkNum && preg_match('/('.preg_quote($suffix, '/').')(\d*)$/i', $name, $m)) { $i = (int)$m[2]; $name = substr($name, 0, strlen($name)-strlen($m[2])); } else { $i = $start; $name .= $suffix; } $max = $i+100000; while ($i <= $max) { $n = $name.($i > 0 ? $i : '').$ext; if (!$this->stat($this->joinPathCE($dir, $n))) { $this->clearcache(); return $n; } $i++; }",True,PHP,uniqueName,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function setUp() { $client = $this->getHttpClient(); $request = $this->getHttpRequest(); $this->request = new RestCreateSubscriptionRequest($client, $request); $this->request->initialize(array( 'name' => 'Test Subscription', 'description' => 'Test Billing Subscription', 'startDate' => new \DateTime('now', new \DateTimeZone('UTC')), 'planId' => 'ABC-123', 'payerDetails' => array( 'payment_method' => 'paypal', ), )); }" 3711,"protected function canCreateTmb($path, $stat, $checkTmbPath = true) { return (!$checkTmbPath || $this->tmbPathWritable) && (!$this->tmbPath || strpos($path, $this->tmbPath) === false) && $this->imgLib && strpos($stat['mime'], 'image') === 0 && ($this->imgLib == 'gd' ? in_array($stat['mime'], array('image/jpeg', 'image/png', 'image/gif', 'image/x-ms-bmp')) : true); }",True,PHP,canCreateTmb,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"function tln_sanitize( $body, $tag_list, $rm_tags_with_content, $self_closing_tags, $force_tag_closing, $rm_attnames, $bad_attvals, $add_attr_to_tag, $trans_image_path, $block_external_images ) { $rm_tags = array_shift($tag_list); @array_walk($tag_list, 'tln_casenormalize'); @array_walk($rm_tags_with_content, 'tln_casenormalize'); @array_walk($self_closing_tags, 'tln_casenormalize'); $curpos = 0; $open_tags = array(); $trusted = ""\n""; $skip_content = false; $body = preg_replace('/&(\{.*?\};)/si', '&\\1', $body); while (($curtag = tln_getnxtag($body, $curpos)) != false) { list($tagname, $attary, $tagtype, $lt, $gt) = $curtag; $free_content = substr($body, $curpos, $lt-$curpos); if ($tagname == ""style"" && $tagtype == 1) { list($free_content, $curpos) = tln_fixstyle($body, $gt+1, $trans_image_path, $block_external_images); if ($free_content != FALSE) { if ( !empty($attary) ) { $attary = tln_fixatts($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag, $trans_image_path, $block_external_images ); } $trusted .= tln_tagprint($tagname, $attary, $tagtype); $trusted .= $free_content; $trusted .= tln_tagprint($tagname, false, 2); } continue; } if ($skip_content == false) { $trusted .= $free_content; } if ($tagname != false) { if ($tagtype == 2) { if ($skip_content == $tagname) { $tagname = false; $skip_content = false; } else { if ($skip_content == false) { if ($tagname == ""body"") { $tagname = ""div""; } if (isset($open_tags{$tagname}) && $open_tags{$tagname} > 0 ) { $open_tags{$tagname}--; } else { $tagname = false; } } } } else { if ($skip_content == false) { if ($tagtype == 1 && in_array($tagname, $self_closing_tags) ) { $tagtype = 3; } if ($tagtype == 1 && in_array($tagname, $rm_tags_with_content) ) { $skip_content = $tagname; } else { if (($rm_tags == false && in_array($tagname, $tag_list)) || ($rm_tags == true && !in_array($tagname, $tag_list)) ) { $tagname = false; } else { if ($tagname == ""body"") { $tagname = ""div""; $attary = tln_body2div($attary, $trans_image_path); } if ($tagtype == 1) { if (isset($open_tags{$tagname})) { $open_tags{$tagname}++; } else { $open_tags{$tagname} = 1; } } if (is_array($attary) && sizeof($attary) > 0) { $attary = tln_fixatts( $tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag, $trans_image_path, $block_external_images ); } } } } } if ($tagname != false && $skip_content == false) { $trusted .= tln_tagprint($tagname, $attary, $tagtype); } } $curpos = $gt + 1; } $trusted .= substr($body, $curpos, strlen($body) - $curpos); if ($force_tag_closing == true) { foreach ($open_tags as $tagname => $opentimes) { while ($opentimes > 0) { $trusted .= ''; $opentimes--; } } $trusted .= ""\n""; } $trusted .= ""\n""; return $trusted; }" 3712,"protected function getTempFile($path = '') { static $cache = array(); static $rmfunc; $key = ''; if ($path !== '') { $key = $this->id . '#' . $path; if (isset($cache[$key])) { return $cache[$key]; } } if ($tmpdir = $this->getTempPath()) { if (!$rmfunc) { $rmfunc = create_function('$f', 'is_file($f) && @unlink($f);'); } $name = tempnam($tmpdir, 'ELF'); if ($key) { $cache[$key] = $name; } register_shutdown_function($rmfunc, $name); return $name; } return false; }",True,PHP,getTempFile,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$attvalue = str_replace($quotchar, """", $attvalue); switch ($attname) { case 'background': $styledef .= ""background-image: url('$trans_image_path'); ""; break; case 'bgcolor': $has_bgc_stl = true; $styledef .= ""background-color: $attvalue; ""; break; case 'text': $has_txt_stl = true; $styledef .= ""color: $attvalue; ""; break; } } if ($has_bgc_stl && !$has_txt_stl) { $styledef .= ""color: $text; ""; } if (strlen($styledef) > 0) { $divattary{""style""} = ""\""$styledef\""""; } } return $divattary; }" 3713,"protected function imgResize($path, $width, $height, $keepProportions = false, $resizeByBiggerSide = true, $destformat = null, $jpgQuality = null) { if (($s = @getimagesize($path)) == false) { return false; } $result = false; list($size_w, $size_h) = array($width, $height); if (!$jpgQuality) { $jpgQuality = $this->options['jpgQuality']; } if ($keepProportions == true) { list($orig_w, $orig_h) = array($s[0], $s[1]); if ($resizeByBiggerSide) { if ($orig_w > $orig_h) { $size_h = round($orig_h * $width / $orig_w); $size_w = $width; } else { $size_w = round($orig_w * $height / $orig_h); $size_h = $height; } } else { if ($orig_w > $orig_h) { $size_w = round($orig_w * $height / $orig_h); $size_h = $height; } else { $size_h = round($orig_h * $width / $orig_w); $size_w = $width; } } } switch ($this->imgLib) { case 'imagick': try { $img = new imagick($path); } catch (Exception $e) { return false; } $filter = ($destformat === 'png' )? Imagick::FILTER_BOX : Imagick::FILTER_LANCZOS; $ani = ($img->getNumberImages() > 1); if ($ani && is_null($destformat)) { $img = $img->coalesceImages(); do { $img->resizeImage($size_w, $size_h, $filter, 1); } while ($img->nextImage()); $img = $img->optimizeImageLayers(); $result = $img->writeImages($path, true); } else { if ($ani) { $img->setFirstIterator(); } $img->resizeImage($size_w, $size_h, $filter, 1); $result = $this->imagickImage($img, $path, $destformat, $jpgQuality); } $img->clear(); return $result ? $path : false; break; case 'gd': $img = $this->gdImageCreate($path,$s['mime']); if ($img && false != ($tmp = imagecreatetruecolor($size_w, $size_h))) { $this->gdImageBackground($tmp,$this->options['tmbBgColor']); if (!imagecopyresampled($tmp, $img, 0, 0, 0, 0, $size_w, $size_h, $s[0], $s[1])) { return false; } $result = $this->gdImage($tmp, $path, $destformat, $s['mime'], $jpgQuality); imagedestroy($img); imagedestroy($tmp); return $result ? $path : false; } break; } return false; }",True,PHP,imgResize,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function getTempDir($volumeTempPath = null) { $testDirs = array(); if ($this->uploadTempPath) { $testDirs[] = rtrim(realpath($this->uploadTempPath), DIRECTORY_SEPARATOR); } if ($volumeTempPath) { $testDirs[] = rtrim(realpath($volumeTempPath), DIRECTORY_SEPARATOR); } if (function_exists('sys_get_temp_dir')) { $testDirs[] = sys_get_temp_dir(); } $tempDir = ''; foreach($testDirs as $testDir) { if (!$testDir || !is_dir($testDir)) continue; if (is_writable($testDir)) { $tempDir = $testDir; $gc = time() - 3600; foreach(glob($tempDir . DIRECTORY_SEPARATOR .'ELF*') as $cf) { if (filemtime($cf) < $gc) { unlink($cf); } } break; } } return $tempDir; }" 3716,"public function resize($hash, $width, $height, $x, $y, $mode = 'resize', $bg = '', $degree = 0, $jpgQuality = null) { if ($this->commandDisabled('resize')) { return $this->setError(elFinder::ERROR_PERM_DENIED); } if (($file = $this->file($hash)) == false) { return $this->setError(elFinder::ERROR_FILE_NOT_FOUND); } if (!$file['write'] || !$file['read']) { return $this->setError(elFinder::ERROR_PERM_DENIED); } $path = $this->decode($hash); $work_path = $this->getWorkFile($this->encoding? $this->convEncIn($path, true) : $path); if (!$work_path || !is_writable($work_path)) { if ($work_path && $path !== $work_path && is_file($work_path)) { @unlink($work_path); } return $this->setError(elFinder::ERROR_PERM_DENIED); } if ($this->imgLib != 'imagick') { if (elFinder::isAnimationGif($work_path)) { return $this->setError(elFinder::ERROR_UNSUPPORT_TYPE); } } switch($mode) { case 'propresize': $result = $this->imgResize($work_path, $width, $height, true, true, null, $jpgQuality); break; case 'crop': $result = $this->imgCrop($work_path, $width, $height, $x, $y, null, $jpgQuality); break; case 'fitsquare': $result = $this->imgSquareFit($work_path, $width, $height, 'center', 'middle', ($bg ? $bg : $this->options['tmbBgColor']), null, $jpgQuality); break; case 'rotate': $result = $this->imgRotate($work_path, $degree, ($bg ? $bg : $this->options['tmbBgColor']), null, $jpgQuality); break; default: $result = $this->imgResize($work_path, $width, $height, false, true, null, $jpgQuality); break; } $ret = false; if ($result) { $stat = $this->stat($path); clearstatcache(); $fstat = stat($work_path); $stat['size'] = $fstat['size']; $stat['ts'] = $fstat['mtime']; if ($imgsize = @getimagesize($work_path)) { $stat['width'] = $imgsize[0]; $stat['height'] = $imgsize[1]; $stat['mime'] = $imgsize['mime']; } if ($path !== $work_path) { if ($fp = @fopen($work_path, 'rb')) { $ret = $this->saveCE($fp, $this->dirnameCE($path), $this->basenameCE($path), $stat); @fclose($fp); } } else { $ret = true; } if ($ret) { $this->rmTmb($file); $this->clearcache(); $ret = $this->stat($path); $ret['width'] = $stat['width']; $ret['height'] = $stat['height']; } } if ($path !== $work_path) { is_file($work_path) && @unlink($work_path); } return $ret; }",True,PHP,resize,elFinderVolumeDriver.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,protected function filter($files) { $exists = array(); foreach ($files as $i => $file) { if (isset($exists[$file['hash']]) || !empty($file['hidden']) || !$this->default->mimeAccepted($file['mime'])) { unset($files[$i]); } $exists[$file['hash']] = true; } return array_values($files); } 3718,"protected function _filePutContents($path, $content) { $res = false; if ($local = $this->getTempFile($path)) { if (@file_put_contents($local, $content, LOCK_EX) !== false && ($fp = @fopen($local, 'rb'))) { clearstatcache(); $res = $this->_save($fp, $path, '', array()); @fclose($fp); } file_exists($local) && @unlink($local); } return $res; }",True,PHP,_filePutContents,elFinderVolumeDropbox.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$tmpfname = $tempDir . DIRECTORY_SEPARATOR . 'ELF_FATCH_' . md5($url.microtime(true)); $_name = ''; if (substr($url, 0, 5) === 'data:') { list($data, $args['name'][$i]) = $this->parse_data_scheme($url, $extTable); } else { $fp = fopen($tmpfname, 'wb'); $data = $this->get_remote_contents($url, 30, 5, 'Mozilla/5.0', $fp); $_POST['overwrite'] = false; $_name = preg_replace('~^.*?([^/ if ($data && ($headers = get_headers($url, true)) && !empty($headers['Content-Disposition'])) { if (preg_match('/filename\*?=(?:([a-zA-Z0-9_-]+?)\'\')?""?([a-z0-9_.~%-]+)""?/i', $headers['Content-Disposition'], $m)) { $_name = rawurldecode($m[2]); if ($m[1] && strtoupper($m[1]) !== 'UTF-8' && function_exists('mb_convert_encoding')) { $_name = mb_convert_encoding($_name, 'UTF-8', $m[1]); } } } } if ($data) { if (isset($args['name'][$i])) { $_name = $args['name'][$i]; } if ($_name) { $_ext = ''; if (preg_match('/(\.[a-z0-9]{1,7})$/', $_name, $_match)) { $_ext = $_match[1]; } if ((is_resource($data) && fclose($data)) || file_put_contents($tmpfname, $data)) { $GLOBALS['elFinderTempFiles'][$tmpfname] = true; $_name = preg_replace($ngReg, '_', $_name); list($_a, $_b) = array_pad(explode('.', $_name, 2), 2, ''); if ($_b === '') { if ($_ext) { rename($tmpfname, $tmpfname . $_ext); $tmpfname = $tmpfname . $_ext; } $_b = $this->detectFileExtension($tmpfname); $_name = $_a.$_b; } else { $_b = '.'.$_b; } if (isset($names[$_name])) { $_name = $_a.'_'.$names[$_name]++.$_b; } else { $names[$_name] = 1; } $files['tmp_name'][$i] = $tmpfname; $files['name'][$i] = $_name; $files['error'][$i] = 0; } else { unlink($tmpfname); } } } } } if (empty($files)) { return array_merge(array('error' => $this->error(self::ERROR_UPLOAD, self::ERROR_UPLOAD_NO_FILES)), $header); } }" 3719,$this->archiveSize += filesize($p); } } } else {,True,PHP,filesize,elFinderVolumeDropbox.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function get_remote_contents( &$url, $timeout = 30, $redirect_max = 5, $ua = 'Mozilla/5.0', $fp = null ) { $method = (function_exists('curl_exec') && !ini_get('safe_mode') && !ini_get('open_basedir'))? 'curl_get_contents' : 'fsock_get_contents'; return $this->$method( $url, $timeout, $redirect_max, $ua, $fp ); }" 3720,"protected function _unpack($path, $arc) { die('Not yet implemented. (_unpack)'); return false; }",True,PHP,_unpack,elFinderVolumeDropbox.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$doRegist = (strpos($cmd, '*') !== false); if (! $doRegist) { $_getcmd = create_function('$cmd', 'list($ret) = explode(\'.\', $cmd);return trim($ret);'); $doRegist = ($_reqCmd && in_array($_reqCmd, array_map($_getcmd, explode(' ', $cmd)))); } if ($doRegist) { if (! is_array($handlers)) { $handlers = array($handlers); } else { if (count($handlers) === 2 && is_object($handlers[0])) { $handlers = array($handlers); } } foreach($handlers as $handler) { if ($handler) { if (is_string($handler) && strpos($handler, '.')) { list($_domain, $_name, $_method) = array_pad(explode('.', $handler), 3, ''); if (strcasecmp($_domain, 'plugin') === 0) { if ($plugin = $this->getPluginInstance($_name, isset($opts['plugin'][$_name])? $opts['plugin'][$_name] : array()) and method_exists($plugin, $_method)) { $this->bind($cmd, array($plugin, $_method)); } } } else { $this->bind($cmd, $handler); } } } } } }" 3721,"private function getHttpResponseHeader($url) { if (function_exists('curl_exec')) { $c = curl_init(); curl_setopt( $c, CURLOPT_RETURNTRANSFER, true ); curl_setopt( $c, CURLOPT_CUSTOMREQUEST, 'HEAD' ); curl_setopt( $c, CURLOPT_HEADER, 1 ); curl_setopt( $c, CURLOPT_NOBODY, true ); curl_setopt( $c, CURLOPT_URL, $url ); $res = curl_exec( $c ); } else { require_once 'HTTP/Request2.php'; try { $request2 = new HTTP_Request2(); $request2->setConfig(array( 'ssl_verify_peer' => false, 'ssl_verify_host' => false )); $request2->setUrl($url); $request2->setMethod(HTTP_Request2::METHOD_HEAD); $result = $request2->send(); $res = array(); $res[] = 'HTTP/'.$result->getVersion().' '.$result->getStatus().' '.$result->getReasonPhrase(); foreach($result->getHeader() as $key => $val) { $res[] = $key . ': ' . $val; } $res = join(""\r\n"", $res); } catch( HTTP_Request2_Exception $e ){ $res = ''; } catch (Exception $e){ $res = ''; } } return $res; }",True,PHP,getHttpResponseHeader,elFinderVolumeDropbox.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function removeNetVolume($key, $volume) { $netVolumes = $this->getNetVolumes(); $res = true; if (is_object($volume) && method_exists($volume, 'netunmount')) { $res = $volume->netunmount($netVolumes, $key); } if ($res) { if (is_string($key) && isset($netVolumes[$key])) { unset($netVolumes[$key]); $this->saveNetVolumes($netVolumes); return true; } } return false; }" 3723,"protected function _archive($dir, $files, $name, $arc) { die('Not yet implemented. (_archive)'); return false; }",True,PHP,_archive,elFinderVolumeDropbox.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$mime = mime_content_type($path); } elseif ($type === 'getimagesize') { if ($img = getimagesize($path)) { $mime = $img['mime']; } } if ($mime) { $mime = explode(';', $mime); $mime = trim($mime[0]); if (in_array($mime, array('application/x-empty', 'inode/x-empty'))) { $mime = 'text/plain'; } elseif ($mime == 'application/x-zip') { $mime = 'application/zip'; } } $ext = $mime? $volume->getExtentionByMime($mime) : ''; return $ext? ('.' . $ext) : ''; }" 3725,"protected function _fopen($path, $mode='rb') { if (($mode == 'rb' || $mode == 'r')) { try { $res = $this->dropbox->media($path); $url = parse_url($res['url']); $fp = stream_socket_client('ssl: fputs($fp, ""GET {$url['path']} HTTP/1.0\r\n""); fputs($fp, ""Host: {$url['host']}\r\n""); fputs($fp, ""\r\n""); while(trim(fgets($fp)) !== ''){}; return $fp; } catch (Dropbox_Exception $e) { return false; } } if ($this->tmp) { $contents = $this->_getContents($path); if ($contents === false) { return false; } if ($local = $this->getTempFile($path)) { if (file_put_contents($local, $contents, LOCK_EX) !== false) { return @fopen($local, $mode); } } } return false; }",True,PHP,_fopen,elFinderVolumeDropbox.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function fsock_get_contents( &$url, $timeout, $redirect_max, $ua, $outfp ) { $connect_timeout = 3; $connect_try = 3; $method = 'GET'; $readsize = 4096; $ssl = ''; $getSize = null; $headers = ''; $arr = parse_url($url); if (!$arr) { return false; } if ($arr['scheme'] === 'https') { $ssl = 'ssl: } $arr['query'] = isset($arr['query']) ? '?'.$arr['query'] : ''; $arr['port'] = isset($arr['port']) ? $arr['port'] : ($ssl? 443 : 80); $url_base = $arr['scheme'].': $url_path = isset($arr['path']) ? $arr['path'] : '/'; $uri = $url_path.$arr['query']; $query = $method.' '.$uri."" HTTP/1.0\r\n""; $query .= ""Host: "".$arr['host'].""\r\n""; $query .= ""Accept: */*\r\n""; $query .= ""Connection: close\r\n""; if (!empty($ua)) $query .= ""User-Agent: "".$ua.""\r\n""; if (!is_null($getSize)) $query .= 'Range: bytes=0-' . ($getSize - 1) . ""\r\n"";" 3726,"protected function init() { if (!class_exists('PDO', false)) { return $this->setError('PHP PDO class is require.'); } if (!$this->options['consumerKey'] || !$this->options['consumerSecret'] || !$this->options['accessToken'] || !$this->options['accessTokenSecret']) { return $this->setError('Required options undefined.'); } if (empty($this->options['metaCachePath']) && defined('ELFINDER_DROPBOX_META_CACHE_PATH')) { $this->options['metaCachePath'] = ELFINDER_DROPBOX_META_CACHE_PATH; } $this->netMountKey = md5(join('-', array('dropbox', $this->options['path']))); if (! $this->oauth) { if (defined('ELFINDER_DROPBOX_USE_CURL_PUT')) { $this->oauth = new Dropbox_OAuth_Curl($this->options['consumerKey'], $this->options['consumerSecret']); } else { if (class_exists('OAuth', false)) { $this->oauth = new Dropbox_OAuth_PHP($this->options['consumerKey'], $this->options['consumerSecret']); } else { if (! class_exists('HTTP_OAuth_Consumer', false)) { include 'HTTP/OAuth/Consumer.php'; } if (class_exists('HTTP_OAuth_Consumer', false)) { $this->oauth = new Dropbox_OAuth_PEAR($this->options['consumerKey'], $this->options['consumerSecret']); } } } } if (! $this->oauth) { return $this->setError('OAuth extension not loaded.'); } $this->root = $this->options['path'] = $this->_normpath($this->options['path']); if (empty($this->options['alias'])) { $this->options['alias'] = ($this->options['path'] === '/')? 'Dropbox.com' : 'Dropbox'.$this->options['path']; } $this->rootName = $this->options['alias']; try { $this->oauth->setToken($this->options['accessToken'], $this->options['accessTokenSecret']); $this->dropbox = new Dropbox_API($this->oauth, $this->options['root']); } catch (Dropbox_Exception $e) { $this->session->remove('DropboxTokens'); return $this->setError('Dropbox error: '.$e->getMessage()); } if (empty($this->options['dropboxUid'])) { try { $res = $this->dropbox->getAccountInfo(); $this->options['dropboxUid'] = $res['uid']; } catch (Dropbox_Exception $e) { $this->session->remove('DropboxTokens'); return $this->setError('Dropbox error: '.$e->getMessage()); } } $this->dropboxUid = $this->options['dropboxUid']; $this->tmbPrefix = 'dropbox'.base_convert($this->dropboxUid, 10, 32); if (!empty($this->options['tmpPath'])) { if ((is_dir($this->options['tmpPath']) || @mkdir($this->options['tmpPath'])) && is_writable($this->options['tmpPath'])) { $this->tmp = $this->options['tmpPath']; } } if (!$this->tmp && is_writable($this->options['tmbPath'])) { $this->tmp = $this->options['tmbPath']; } if (!$this->tmp && ($tmp = elFinder::getStaticVar('commonTempPath'))) { $this->tmp = $tmp; } if (!empty($this->options['metaCachePath'])) { if ((is_dir($this->options['metaCachePath']) || @mkdir($this->options['metaCachePath'])) && is_writable($this->options['metaCachePath'])) { $this->metaCache = $this->options['metaCachePath']; } } if (!$this->metaCache && $this->tmp) { $this->metaCache = $this->tmp; } if (!$this->metaCache) { return $this->setError('Cache dirctory (metaCachePath or tmp) is require.'); } if (! $this->options['PDO_DSN']) { $this->options['PDO_DSN'] = 'sqlite:'.$this->metaCache.DIRECTORY_SEPARATOR.'.elFinder_dropbox_db_'.md5($this->dropboxUid.$this->options['consumerSecret']); } $this->DB_TableName = $this->options['PDO_DBName']; try { $this->DB = new PDO($this->options['PDO_DSN'], $this->options['PDO_User'], $this->options['PDO_Pass'], $this->options['PDO_Options']); if (! $this->checkDB()) { return $this->setError('Can not make DB table'); } } catch (PDOException $e) { return $this->setError('PDO connection failed: '.$e->getMessage()); } $res = $this->deltaCheck($this->isMyReload()); if ($res !== true) { if (is_string($res)) { return $this->setError($res); } else { return $this->setError('Could not check API ""delta""'); } } if (is_null($this->options['syncChkAsTs'])) { $this->options['syncChkAsTs'] = true; } if ($this->options['syncChkAsTs']) { $this->options['tsPlSleep'] = max(5, $this->options['tsPlSleep']); } else { $this->options['lsPlSleep'] = max(10, $this->options['lsPlSleep']); } return true; }",True,PHP,init,elFinderVolumeDropbox.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public static function sessionWrite() { if (session_id()) { session_write_close(); } } 3728,"public function __construct() { @ include_once 'Dropbox/autoload.php'; $this->dropbox_phpFound = in_array('Dropbox_autoload', spl_autoload_functions()); $opts = array( 'consumerKey' => '', 'consumerSecret' => '', 'accessToken' => '', 'accessTokenSecret' => '', 'dropboxUid' => '', 'root' => 'dropbox', 'path' => '/', 'separator' => '/', 'PDO_DSN' => '', 'PDO_User' => '', 'PDO_Pass' => '', 'PDO_Options' => array(), 'PDO_DBName' => 'dropbox', 'treeDeep' => 0, 'tmbPath' => '', 'tmbURL' => '', 'tmpPath' => '', 'getTmbSize' => 'large', 'metaCachePath' => '', 'metaCacheTime' => '600', 'acceptedName' => '#^[^/\\?*:|""<>]*[^./\\?*:|""<>]$ 'rootCssClass' => 'elfinder-navbar-root-dropbox' ); $this->options = array_merge($this->options, $opts); $this->options['mimeDetect'] = 'internal'; }",True,PHP,__construct,elFinderVolumeDropbox.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function sessionDataDecode(&$var, $checkIs = null) { if (self::$base64encodeSessionData) { $data = unserialize(base64_decode($var)); } else { $data = $var; } $chk = true; if ($checkIs) { switch ($checkIs) { case 'array': $chk = is_array($data); break; case 'string': $chk = is_string($data); break; case 'object': $chk = is_object($data); break; case 'int': $chk = is_int($data); break; } } if (!$chk) { unset($var); return false; } return $data; }" 3730,"protected function _dimensions($path, $mime) { if (strpos($mime, 'image') !== 0) return ''; $cache = $this->getDBdat($path); if (isset($cache['width']) && isset($cache['height'])) { return $cache['width'].'x'.$cache['height']; } $ret = ''; if ($work = $this->getWorkFile($path)) { if ($size = @getimagesize($work)) { $cache['width'] = $size[0]; $cache['height'] = $size[1]; $this->updateDBdat($path, $cache); $ret = $size[0].'x'.$size[1]; } } is_file($work) && @unlink($work); return $ret; }",True,PHP,_dimensions,elFinderVolumeDropbox.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function info($args) { $files = array(); $sleep = 0; $compare = null; if ($args['compare'] && count($args['targets']) === 1) { $compare = intval($args['compare']); $hash = $args['targets'][0]; if ($volume = $this->volume($hash)) { $standby = (int)$volume->getOption('plStandby'); $_compare = false; if (($syncCheckFunc = $volume->getOption('syncCheckFunc')) && is_callable($syncCheckFunc)) { $_compare = call_user_func_array($syncCheckFunc, array($volume->realpath($hash), $standby, $compare, $volume, $this)); } if ($_compare !== false) { $compare = $_compare; } else { $sleep = max(1, (int)$volume->getOption('tsPlSleep')); $limit = max(1, $standby / $sleep) + 1; do { elFinder::extendTimeLimit(30 + $sleep); $volume->clearstatcache(); if (($info = $volume->file($hash)) != false) { if ($info['ts'] != $compare) { $compare = $info['ts']; break; } } else { $compare = 0; break; } if (--$limit) { sleep($sleep); } } while($limit); } } } else { foreach ($args['targets'] as $hash) { if (($volume = $this->volume($hash)) != false && ($info = $volume->file($hash)) != false) { $info['path'] = $volume->path($hash); $files[] = $info; } } } $result = array('files' => $files); if (!is_null($compare)) { $result['compare'] = strval($compare); } return $result; }" 3731,"protected function _fclose($fp, $path='') { @fclose($fp); if ($path) { @unlink($this->getTempFile($path)); } }",True,PHP,_fclose,elFinderVolumeDropbox.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function isAnimationGif ($path) { list($width, $height, $type, $attr) = getimagesize($path); switch ($type) { case IMAGETYPE_GIF: break; default: return false; } $imgcnt = 0; $fp = fopen($path, 'rb'); fread($fp, 4); $c = fread($fp,1); if (ord($c) != 0x39) { return false; } while (!feof($fp)) { do { $c = fread($fp, 1); } while(ord($c) != 0x21 && !feof($fp)); if (feof($fp)) { break; } $c2 = fread($fp,2); if (bin2hex($c2) == ""f904"") { $imgcnt++; } if (feof($fp)) { break; } } if ($imgcnt > 1) { return true; } else { return false; } }" 3735,"protected function configure() { parent::configure(); if (!empty($this->options['tmpPath'])) { if ((is_dir($this->options['tmpPath']) || @mkdir($this->options['tmpPath'], 0755, true)) && is_writable($this->options['tmpPath'])) { $this->tmp = $this->options['tmpPath']; } } if (!$this->tmp && ($tmp = elFinder::getStaticVar('commonTempPath'))) { $this->tmp = $tmp; } if (!$this->tmp && $this->tmbPath) { $this->tmp = $this->tmbPath; } if (!$this->tmp) { $this->disabled[] = 'mkfile'; $this->disabled[] = 'paste'; $this->disabled[] = 'duplicate'; $this->disabled[] = 'upload'; $this->disabled[] = 'edit'; $this->disabled[] = 'archive'; $this->disabled[] = 'extract'; } }",True,PHP,configure,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function curl_get_contents( &$url, $timeout, $redirect_max, $ua, $outfp ) { $ch = curl_init(); curl_setopt( $ch, CURLOPT_URL, $url ); curl_setopt( $ch, CURLOPT_HEADER, false ); if ($outfp) { curl_setopt( $ch, CURLOPT_FILE, $outfp ); } else { curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true ); curl_setopt( $ch, CURLOPT_BINARYTRANSFER, true ); } curl_setopt( $ch, CURLOPT_LOW_SPEED_LIMIT, 1 ); curl_setopt( $ch, CURLOPT_LOW_SPEED_TIME, $timeout ); curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt( $ch, CURLOPT_MAXREDIRS, $redirect_max); curl_setopt( $ch, CURLOPT_USERAGENT, $ua); $result = curl_exec( $ch ); $url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL); curl_close( $ch ); return $outfp? $outfp : $result; }" 3736,public function umount() { $this->connect && @ftp_close($this->connect); },True,PHP,umount,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function callback($args) { $checkReg = '/[^a-zA-Z0-9;._-]/'; $node = (isset($args['node']) && !preg_match($checkReg, $args['node']))? $args['node'] : ''; $json = (isset($args['json']) && json_decode($args['json']))? $args['json'] : '{}'; $bind = (isset($args['bind']) && !preg_match($checkReg, $args['bind']))? $args['bind'] : ''; $done = (!empty($args['done'])); while( ob_get_level() ) { if (! ob_end_clean()) { break; } } if ($done || ! $this->callbackWindowURL) { $script = ''; if ($node) { $script .= ' var w = window.opener || window.parent || window; try { var elf = w.document.getElementById(\''.$node.'\').elfinder; if (elf) { var data = '.$json.'; if (data.error) { elf.error(data.error); } else { data.warning && elf.error(data.warning); data.removed && data.removed.length && elf.remove(data); data.added && data.added.length && elf.add(data); data.changed && data.changed.length && elf.change(data);'; if ($bind) { $script .= ' elf.trigger(\''.$bind.'\', data);'; } $script .= ' data.sync && elf.sync(); } } } catch(e) { w.postMessage && w.postMessage(JSON.stringify({bind:\''.$bind.'\',data:'.$json.'}), \'*\'); }'; } $script .= 'window.close();'; $out = 'Close this window'; header('Content-Type: text/html; charset=utf-8'); header('Content-Length: '.strlen($out)); header('Cache-Control: private'); header('Pragma: no-cache'); echo $out; } else { $url = $this->callbackWindowURL; $url .= ((strpos($url, '?') === false)? '?' : '&') . '&node=' . rawurlencode($node) . (($json !== '{}')? ('&json=' . rawurlencode($json)) : '') . ($bind? ('&bind=' . rawurlencode($bind)) : '')" 3737,"protected function _archive($dir, $files, $name, $arc) { $cwd = getcwd(); $tmpDir = $this->tempDir(); if (!$tmpDir) { return false; } if (!$this->ftp_download_files($dir, $files, $tmpDir)) { $this->rmdirRecursive($tmpDir); return false; } $remoteArchiveFile = false; if ($path = $this->makeArchive($tmpDir, $files, $name, $arc)) { $remoteArchiveFile = $this->_joinPath($dir, $name); if (!ftp_put($this->connect, $remoteArchiveFile, $path, FTP_BINARY)) { $remoteArchiveFile = false; } } if(!$this->rmdirRecursive($tmpDir)) { return false; } return $remoteArchiveFile; }",True,PHP,_archive,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"header($h); } } else { header($header); } } if (isset($data['pointer'])) { $toEnd = true; $fp = $data['pointer']; if (elFinder::isSeekableStream($fp) && (array_search('Accept-Ranges: none', headers_list()) === false)) { header('Accept-Ranges: bytes'); $psize = null; if (!empty($_SERVER['HTTP_RANGE'])) { $size = $data['info']['size']; $start = 0; $end = $size - 1; if (preg_match('/bytes=(\d*)-(\d*)(,?)/i', $_SERVER['HTTP_RANGE'], $matches)) { if (empty($matches[3])) { if (empty($matches[1]) && $matches[1] !== '0') { $start = $size - $matches[2]; } else { $start = intval($matches[1]); if (!empty($matches[2])) { $end = intval($matches[2]); if ($end >= $size) { $end = $size - 1; } $toEnd = ($end == ($size - 1)); } } $psize = $end - $start + 1; header('HTTP/1.1 206 Partial Content'); header('Content-Length: ' . $psize); header('Content-Range: bytes ' . $start . '-' . $end . '/' . $size); fseek($fp, $start); } } } if (is_null($psize)) { elFinder::rewind($fp); } } else { header('Accept-Ranges: none'); if (isset($data['info']) && ! $data['info']['size']) { if (function_exists('header_remove')) { header_remove('Content-Length'); } else { header('Content-Length:'); } } } $this->elFinder->getSession()->close(); ignore_user_abort(false); if ($toEnd) { fpassthru($fp); } else { $out = fopen('php: stream_copy_to_stream($fp, $out, $psize); fclose($out); } if (!empty($data['volume'])) { $data['volume']->close($data['pointer'], $data['info']['hash']); } exit(); } else { if (!empty($data['raw']) && !empty($data['error'])) { echo $data['error']; } else { if (isset($data['debug']) && isset($data['debug']['phpErrors'])) { $data['debug']['phpErrors'] = array_merge($data['debug']['phpErrors'], elFinder::$phpErrors); } echo json_encode($data); } flush(); exit(0); } }" 3738,"private static function listFilesInDirectory($dir, $omitSymlinks, $prefix = '') { if (!is_dir($dir)) { return false; } $excludes = array(""."",""..""); $result = array(); $files = self::localScandir($dir); if(!$files) { return array(); } foreach($files as $file) { if(!in_array($file, $excludes)) { $path = $dir.DIRECTORY_SEPARATOR.$file; if(is_link($path)) { if($omitSymlinks) { continue; } else { $result[] = $prefix.$file; } } else if(is_dir($path)) { $result[] = $prefix.$file.DIRECTORY_SEPARATOR; $subs = elFinderVolumeFTP::listFilesInDirectory($path, $omitSymlinks, $prefix.$file.DIRECTORY_SEPARATOR); if($subs) { $result = array_merge($result, $subs); } } else { $result[] = $prefix.$file; } } } return $result; }",True,PHP,listFilesInDirectory,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function remove($key) { $closed = false; if (! $this->started) { $closed = true; $this->start(); } list($cat, $name) = array_pad(explode('.', $key, 2), 2, null); if (is_null($name)) { if (! isset($this->keys[$cat])) { $name = $cat; $cat = 'default'; } } if (isset($this->keys[$cat])) { $cat = $this->keys[$cat]; } else { $name = $cat . '.' . $name; $cat = $this->keys['default']; } if (is_null($name)) { unset($_SESSION[$cat]); } else { if (isset($_SESSION[$cat]) && is_array($_SESSION[$cat])) { unset($_SESSION[$cat][$name]); } } if ($closed) { $this->close(); } return $this; }" 3739,protected function _dirname($path) { return dirname($path); },True,PHP,_dirname,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function start() { if (version_compare(PHP_VERSION, '5.4.0', '>=')) { if (session_status() !== PHP_SESSION_ACTIVE) { session_start(); } } else { set_error_handler(array($this, 'session_start_error'), E_NOTICE); session_start(); restore_error_handler(); } $this->started = session_id()? true : false; return $this; }" 3740,"protected function _copy($source, $targetDir, $name) { $res = false; if ($this->tmp) { $local = $this->getTempFile(); $target = $this->_joinPath($targetDir, $name); if (ftp_get($this->connect, $local, $source, FTP_BINARY) && ftp_put($this->connect, $target, $local, $this->ftpMode($target))) { $res = $target; } @unlink($local); } return $res; }",True,PHP,_copy,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,protected function decodeData($data) { if ($this->base64encode) { if (is_string($data)) { if (($data = base64_decode($data)) !== false) { $data = unserialize($data); } else { $data = null; } } else { $data = null; } } return $data; } 3741,"protected function _mkfile($path, $name) { if ($this->tmp) { $path = $this->_joinPath($path, $name); $local = $this->getTempFile(); $res = touch($local) && ftp_put($this->connect, $path, $local, FTP_ASCII); @unlink($local); return $res ? $path : false; } return false; }",True,PHP,_mkfile,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function getFullPath($path, $base) { $separator = $this->separator; $systemroot = $this->systemRoot; if ($base[0] === $separator && strpos($base, 0, strlen($systemroot)) !== $systemroot) { $base = $systemroot . substr($base, 1); } if ($path === '' || $path === '.' . $separator) return $base; $sepquoted = preg_quote($separator, '#'); if (substr($path, 0, 3) === '..' . $separator) { $path = $base . $separator . $path; } $normreg = '#('.$sepquoted.')[^'.$sepquoted.']+'.$sepquoted.'\.\.'.$sepquoted.'#'; while(preg_match($normreg, $path)) { $path = preg_replace($normreg, '$1', $path, 1); } if ($path[0] === $separator || strpos($path, $systemroot) === 0) { return $path; } $preg_separator = '#' . $sepquoted . '#'; if (substr($path, 0, 2) === '.' . $separator || $path[0] !== '.') { $arrn = preg_split($preg_separator, $path, -1, PREG_SPLIT_NO_EMPTY); if ($arrn[0] !== '.') { array_unshift($arrn, '.'); } $arrn[0] = $base; return join($separator, $arrn); } return $path; }" 3742,"public function netmountPrepare($options) { if (!empty($_REQUEST['encoding']) && @iconv('UTF-8', $_REQUEST['encoding'], '') !== false) { $options['encoding'] = $_REQUEST['encoding']; if (!empty($_REQUEST['locale']) && @setlocale(LC_ALL, $_REQUEST['locale'])) { setlocale(LC_ALL, elFinder::$locale); $options['locale'] = $_REQUEST['locale']; } } $options['statOwner'] = true; $options['allowChmodReadOnly'] = true; return $options; }",True,PHP,netmountPrepare,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,return unlink($dir); } return false; } 3746,"protected function _filePutContents($path, $content) { $res = false; if ($this->tmp) { $local = $this->getTempFile(); if (@file_put_contents($local, $content, LOCK_EX) !== false && ($fp = @fopen($local, 'rb'))) { clearstatcache(); $res = ftp_fput($this->connect, $path, $fp, $this->ftpMode($path)); @fclose($fp); } file_exists($local) && @unlink($local); } return $res; }",True,PHP,_filePutContents,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$stat = $this->stat($p); if (!$stat) { continue; } if (!empty($stat['hidden']) || !$this->mimeAccepted($stat['mime'], $mimes)) { continue; } $name = $stat['name']; if ($this->doSearchCurrentQuery['excludes']) { foreach($this->doSearchCurrentQuery['excludes'] as $exclude) { if ($this->stripos($name, $exclude) !== false) { continue 2; } } } if ((!$mimes || $stat['mime'] !== 'directory') && $this->stripos($name, $q) !== false) { $stat['path'] = $this->path($stat['hash']); if ($this->URL && !isset($stat['url'])) { $path = str_replace($this->separator, '/', substr($p, strlen($this->root) + 1)); if ($this->encoding) { $path = str_replace('%2F', '/', rawurlencode($this->convEncIn($path, true))); } $stat['url'] = $this->URL . $path; } $result[] = $stat; } if ($stat['mime'] == 'directory' && $stat['read'] && !isset($stat['alias'])) { if (! $this->options['searchExDirReg'] || ! preg_match($this->options['searchExDirReg'], $p)) { $result = array_merge($result, $this->doSearch($p, $q, $mimes)); } } } return $result; }" 3748,protected function _basename($path) { return basename($path); },True,PHP,_basename,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,protected function stat($path) { if ($path === false || is_null($path)) { return false; } $is_root = ($path == $this->root); if ($is_root) { $rootKey = md5($path.(isset($this->options['alias'])? $this->options['alias'] : '')); if (!isset($this->sessionCache['rootstat'])) { $this->sessionCache['rootstat'] = array(); } if (! $this->isMyReload()) { if (isset($this->sessionCache['rootstat'][$rootKey])) { if ($ret = $this->sessionCache['rootstat'][$rootKey]) { return $ret; } } } } 3753,"protected function connect() { if (!($this->connect = @ftp_connect($this->options['host'], $this->options['port'], $this->options['timeout']))) { return $this->setError('Unable to connect to FTP server '.$this->options['host']); } if (!@ftp_login($this->connect, $this->options['user'], $this->options['pass'])) { $this->umount(); return $this->setError('Unable to login into '.$this->options['host']); } if ($this->encoding) { @ftp_exec($this->connect, 'OPTS UTF8 OFF'); } else { @ftp_exec($this->connect, 'OPTS UTF8 ON' ); } @ftp_exec($this->connect, 'epsv4 off' ); $pasv = ($this->options['mode'] == 'passive'); if (! ftp_pasv($this->connect, $pasv)) { if ($pasv) { $this->options['mode'] = 'active'; } } if (! @ftp_chdir($this->connect, $this->root) || $this->root != @ftp_pwd($this->connect)) { $this->umount(); return $this->setError('Unable to open root folder.'); } $features = ftp_raw($this->connect, 'FEAT'); if (!is_array($features)) { $this->umount(); return $this->setError('Server does not support command FEAT.'); } foreach ($features as $feat) { if (strpos(trim($feat), 'MLST') === 0) { $this->MLSTsupprt = true; break; } } return true; }",True,PHP,connect,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,protected function getRootStatExtra() { $stat = array(); if ($this->rootName) { $stat['name'] = $this->rootName; } $stat['options'] = $this->options(null); return $stat; } 3754,"protected function _fclose($fp, $path='') { @fclose($fp); if ($path) { @unlink($this->getTempFile($path)); } }",True,PHP,_fclose,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function duplicate($hash, $suffix='copy') { if ($this->commandDisabled('duplicate')) { return $this->setError(elFinder::ERROR_COPY, '#'.$hash, elFinder::ERROR_PERM_DENIED); } if (($file = $this->file($hash)) == false) { return $this->setError(elFinder::ERROR_COPY, elFinder::ERROR_FILE_NOT_FOUND); } $path = $this->decode($hash); $dir = $this->dirnameCE($path); $name = $this->uniqueName($dir, $file['name'], sprintf($this->options['duplicateSuffix'], $suffix)); if (!$this->allowCreate($dir, $name, ($file['mime'] === 'directory'))) { return $this->setError(elFinder::ERROR_PERM_DENIED); } return ($path = $this->copy($path, $dir, $name)) == false ? false : $this->stat($path); }" 3759,"protected function _fopen($path, $mode='rb') { if ($this->options['mode'] == 'passive' && ini_get('allow_url_fopen')) { $url = 'ftp: if (strtolower($mode[0]) === 'w') { $context = stream_context_create(array('ftp' => array('overwrite' => true))); $fp = @fopen($url, $mode, false, $context); } else { $fp = @fopen($url, $mode); } if ($fp) { return $fp; } } if ($this->tmp) { $local = $this->getTempFile($path); $fp = @fopen($local, 'wb'); if (ftp_fget($this->connect, $fp, $path, FTP_BINARY)) { fclose($fp); $fp = fopen($local, $mode); return $fp; } @fclose($fp); is_file($local) && @unlink($local); } return false; }",True,PHP,_fopen,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$stat = $this->stat($p); if (!$stat) { continue; } if (!empty($stat['hidden']) || !$this->mimeAccepted($stat['mime'], $mimes)) { continue; } $name = $stat['name']; if ($this->doSearchCurrentQuery['excludes']) { foreach($this->doSearchCurrentQuery['excludes'] as $exclude) { if ($this->stripos($name, $exclude) !== false) { continue 2; } } } if ((!$mimes || $stat['mime'] !== 'directory') && $this->stripos($name, $q) !== false) { $stat['path'] = $this->path($stat['hash']); if ($this->URL && !isset($stat['url'])) { $path = str_replace($this->separator, '/', substr($p, strlen($this->root) + 1)); if ($this->encoding) { $path = str_replace('%2F', '/', rawurlencode($this->convEncIn($path, true))); } $stat['url'] = $this->URL . $path; } $result[] = $stat; } if ($stat['mime'] == 'directory' && $stat['read'] && !isset($stat['alias'])) { if (! $this->options['searchExDirReg'] || ! preg_match($this->options['searchExDirReg'], $p)) { $result = array_merge($result, $this->doSearch($p, $q, $mimes)); } } } return $result; }" 3760,"private function deleteDir($dirPath) { if (!is_dir($dirPath)) { $success = unlink($dirPath); } else { $success = true; foreach (array_reverse(elFinderVolumeFTP::listFilesInDirectory($dirPath, false)) as $path) { $path = $dirPath . DIRECTORY_SEPARATOR . $path; if(is_link($path)) { unlink($path); } else if (is_dir($path)) { $success = rmdir($path); } else { $success = unlink($path); } if (!$success) { break; } } if($success) { $success = rmdir($dirPath); } } if(!$success) { $this->setError(elFinder::ERROR_RM, $dirPath); return false; } return $success; }",True,PHP,deleteDir,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,protected function stat($path) { if ($path === false || is_null($path)) { return false; } $is_root = ($path == $this->root); if ($is_root) { $rootKey = md5($path.(isset($this->options['alias'])? $this->options['alias'] : '')); if (!isset($this->sessionCache['rootstat'])) { $this->sessionCache['rootstat'] = array(); } if (! $this->isMyReload()) { if (isset($this->sessionCache['rootstat'][$rootKey])) { if ($ret = $this->sessionCache['rootstat'][$rootKey]) { return $ret; } } } } 3761,"protected function _mkdir($path, $name) { $path = $this->_joinPath($path, $name); if (ftp_mkdir($this->connect, $path) === false) { return false; } $this->options['dirMode'] && @ftp_chmod($this->connect, $this->options['dirMode'], $path); return $path; }",True,PHP,_mkdir,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function imagickImage($img, $filename, $destformat, $jpgQuality = null ) { if (!$jpgQuality) { $jpgQuality = $this->options['jpgQuality']; } try { if ($destformat) { if ($destformat === 'gif') { $img->setImageFormat('gif'); } else if ($destformat === 'png') { $img->setImageFormat('png'); } else if ($destformat === 'jpg') { $img->setImageFormat('jpeg'); } } if (strtoupper($img->getImageFormat()) === 'JPEG') { $img->setImageCompression(imagick::COMPRESSION_JPEG); $img->setImageCompressionQuality($jpgQuality); try { $orientation = $img->getImageOrientation(); } catch (ImagickException $e) { $orientation = 0; } $img->stripImage(); if ($orientation) { $img->setImageOrientation($orientation); } } $result = $img->writeImage($filename); } catch (Exception $e) { $result = false; } return $result; }" 3764,"protected function _chmod($path, $mode) { $modeOct = is_string($mode) ? octdec($mode) : octdec(sprintf(""%04o"",$mode)); return @ftp_chmod($this->connect, $modeOct, $path); }",True,PHP,_chmod,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function gdImageBackground($image, $bgcolor) { if ($bgcolor === 'transparent') { imagealphablending($image, false); imagesavealpha($image, true); } else { list($r, $g, $b) = sscanf($bgcolor, ""#%02x%02x%02x""); $bgcolor1 = imagecolorallocate($image, $r, $g, $b); imagefill($image, 0, 0, $bgcolor1); } }" 3767,"protected function parseRaw($raw, $base, $nameOnly = false) { $info = preg_split(""/\s+/"", $raw, 9); $stat = array(); if (!isset($this->ftpOsUnix)) { $this->ftpOsUnix = !preg_match('/\d/', substr($info[0], 0, 1)); } if (!$this->ftpOsUnix) { $info = $this->normalizeRawWindows($raw); } if (count($info) < 9 || $info[8] == '.' || $info[8] == '..') { return false; } $name = $info[8]; if (preg_match('|(.+)\-\>(.+)|', $name, $m)) { $name = trim($m[1]); if ($this->cacheDirTarget && $this->_joinPath($base, $name) !== $this->cacheDirTarget) { return array(); } if (!$nameOnly) { $target = trim($m[2]); if (substr($target, 0, 1) !== $this->separator) { $target = $this->getFullPath($target, $base); } $target = $this->_normpath($target); $stat['name'] = $name; $stat['target'] = $target; return $stat; } } if ($nameOnly) { return array('name' => $name); } if (is_numeric($info[5]) && !$info[6] && !$info[7]) { $stat['ts'] = $info[5]; } else { $stat['ts'] = strtotime($info[5].' '.$info[6].' '.$info[7]); if (empty($stat['ts'])) { $stat['ts'] = strtotime($info[6].' '.$info[5].' '.$info[7]); } } $stat['owner'] = ''; if ($this->options['statOwner']) { $stat['owner'] = $info[2]; $stat['group'] = $info[3]; $stat['perm'] = substr($info[0], 1); $stat['isowner'] = $stat['owner']? ($stat['owner'] == $this->options['user']) : $this->options['owner']; } $perm = $this->parsePermissions($info[0], $stat['owner']); $stat['name'] = $name; $stat['mime'] = substr(strtolower($info[0]), 0, 1) == 'd' ? 'directory' : $this->mimetype($stat['name']); $stat['size'] = $stat['mime'] == 'directory' ? 0 : $info[4]; $stat['read'] = $perm['read']; $stat['write'] = $perm['write']; return $stat; }",True,PHP,parseRaw,elFinderVolumeFTP.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function rename($hash, $name) { if ($this->commandDisabled('rename')) { return $this->setError(elFinder::ERROR_PERM_DENIED); } if (!$this->nameAccepted($name)) { return $this->setError(elFinder::ERROR_INVALID_NAME, $name); } $mimeByName = elFinderVolumeDriver::mimetypeInternalDetect($name); if ($mimeByName && $mimeByName !== 'unknown' && !$this->allowPutMime($mimeByName)) { return $this->setError(elFinder::ERROR_UPLOAD_FILE_MIME, $name); } if (!($file = $this->file($hash))) { return $this->setError(elFinder::ERROR_FILE_NOT_FOUND); } if ($name == $file['name']) { return $file; } if (!empty($file['locked'])) { return $this->setError(elFinder::ERROR_LOCKED, $file['name']); } $path = $this->decode($hash); $dir = $this->dirnameCE($path); $stat = $this->stat($this->joinPathCE($dir, $name)); if ($stat) { return $this->setError(elFinder::ERROR_EXISTS, $name); } if (!$this->allowCreate($dir, $name, ($file['mime'] === 'directory'))) { return $this->setError(elFinder::ERROR_PERM_DENIED); } $this->rmTmb($file); if ($path = $this->convEncOut($this->_move($this->convEncIn($path), $this->convEncIn($dir), $this->convEncIn($name)))) { $this->clearcache(); return $this->stat($path); } return false; }" 3769,"protected function _symlink($source, $targetDir, $name) { return @symlink($source, $this->_joinPath($targetDir, $name)); }",True,PHP,_symlink,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function imgRotate($path, $degree, $bgcolor = '#ffffff', $destformat = null, $jpgQuality = null) { if (($s = getimagesize($path)) == false || $degree % 360 === 0) { return false; } $result = false; if ($degree % 90 === 0 && in_array($s[2], array(IMAGETYPE_JPEG, IMAGETYPE_JPEG2000))) { $count = ($degree / 90) % 4; $exiftran = array( 1 => '-9', 2 => '-1', 3 => '-2' ); $jpegtran = array( 1 => '90', 2 => '180', 3 => '270' ); $quotedPath = escapeshellarg($path); $cmds = array( 'exiftran -i '.$exiftran[$count].' '.$path, 'jpegtran -rotate '.$jpegtran[$count].' -copy all -outfile '.$quotedPath.' '.$quotedPath ); foreach($cmds as $cmd) { if ($this->procExec($cmd) === 0) { $result = true; break; } } if ($result) { return $path; } } if (!$jpgQuality) { $jpgQuality = $this->options['jpgQuality']; } elFinder::extendTimeLimit(300); switch ($this->imgLib) { case 'imagick': try { $img = new imagick($path); } catch (Exception $e) { return false; } if ($s[2] === IMAGETYPE_GIF || $s[2] === IMAGETYPE_PNG) { $bgcolor = 'rgba(255, 255, 255, 0.0)'; } if ($img->getNumberImages() > 1) { $img = $img->coalesceImages(); do { $img->rotateImage(new ImagickPixel($bgcolor), $degree); } while ($img->nextImage()); $img = $img->optimizeImageLayers(); $result = $img->writeImages($path, true); } else { $img->rotateImage(new ImagickPixel($bgcolor), $degree); $result = $this->imagickImage($img, $path, $destformat, $jpgQuality); } $img->clear(); return $result ? $path : false; break; case 'convert': extract($this->imageMagickConvertPrepare($path, $destformat, $jpgQuality, $s)); if ($s[2] === IMAGETYPE_GIF || $s[2] === IMAGETYPE_PNG) { $bgcolor = 'rgba(255, 255, 255, 0.0)'; } $cmd = sprintf('convert %s%s%s -background ""%s"" -rotate %d%s %s', $quotedPath, $coalesce, $jpgQuality, $bgcolor, $degree, $deconstruct, $quotedDstPath); $result = false; if ($this->procExec($cmd) === 0) { $result = true; } return $result ? $path : false; break; case 'gd': $img = $this->gdImageCreate($path,$s['mime']); $degree = 360 - $degree; $bgNum = -1; $bgIdx = false; if ($s[2] === IMAGETYPE_GIF) { $bgIdx = imagecolortransparent($img); if ($bgIdx !== -1) { $c = imagecolorsforindex($img, $bgIdx); $w = imagesx($img); $h = imagesy($img); $newImg = imagecreatetruecolor($w, $h); imagepalettecopy($newImg, $img); $bgNum = imagecolorallocate($newImg, $c['red'], $c['green'], $c['blue']); imagefill($newImg, 0, 0, $bgNum); imagecolortransparent($newImg, $bgNum); imagecopy($newImg, $img, 0, 0, 0, 0, $w, $h); imagedestroy($img); $img = $newImg; $newImg = null; } } else if ($s[2] === IMAGETYPE_PNG) { $bgNum = imagecolorallocatealpha($img, 255, 255, 255, 127); } if ($bgNum === -1) { list($r, $g, $b) = sscanf($bgcolor, ""#%02x%02x%02x""); $bgNum = imagecolorallocate($img, $r, $g, $b); } $tmp = imageRotate($img, $degree, $bgNum); if ($bgIdx !== -1) { imagecolortransparent($tmp, $bgNum); } $result = $this->gdImage($tmp, $path, $destformat, $s['mime'], $jpgQuality); imageDestroy($img); imageDestroy($tmp); return $result ? $path : false; break; } return false; }" 3772,"protected function _move($source, $targetDir, $name) { $target = $this->_joinPath($targetDir, $name); $ret = @rename($source, $target) ? $target : false; $ret && clearstatcache(); return $ret; }",True,PHP,_move,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function encode($path) { if ($path !== '') { $p = $this->relpathCE($path); if ($p === '') { $p = $this->separator; } $hash = $this->crypt($p); $hash = strtr(base64_encode($hash), '+/=', '-_.'); $hash = rtrim($hash, '.'); return $this->id.$hash; } }" 3777,"protected function _chmod($path, $mode) { $modeOct = is_string($mode) ? octdec($mode) : octdec(sprintf(""%04o"",$mode)); $ret = @chmod($path, $modeOct); $ret && clearstatcache(); return $ret; }",True,PHP,_chmod,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function gdImageCreate($path,$mime) { switch($mime) { case 'image/jpeg': return imagecreatefromjpeg($path); case 'image/png': return imagecreatefrompng($path); case 'image/gif': return imagecreatefromgif ($path); case 'image/x-ms-bmp': if (!function_exists('imagecreatefrombmp')) { include_once dirname(__FILE__).'/libs/GdBmp.php'; } return imagecreatefrombmp($path); case 'image/xbm': return imagecreatefromxbm($path); case 'image/xpm': return imagecreatefromxpm($path); } return false; }" 3778,"protected function _filePutContents($path, $content) { if (@file_put_contents($path, $content, LOCK_EX) !== false) { clearstatcache(); return true; } return false; }",True,PHP,_filePutContents,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function options($hash) { $create = $createext = array(); if (isset($this->archivers['create']) && is_array($this->archivers['create'])) { foreach($this->archivers['create'] as $m => $v) { $create[] = $m; $createext[$m] = $v['ext']; } } $opts = array( 'path' => $hash? $this->path($hash) : '', 'url' => $this->URL, 'tmbUrl' => (! $this->imgLib && $this->options['tmbFbSelf'])? 'self' : $this->tmbURL, 'disabled' => $this->disabled, 'separator' => $this->separator, 'copyOverwrite' => intval($this->options['copyOverwrite']), 'uploadOverwrite' => intval($this->options['uploadOverwrite']), 'uploadMaxSize' => intval($this->uploadMaxSize), 'uploadMaxConn' => intval($this->options['uploadMaxConn']), 'uploadMime' => array( 'firstOrder' => isset($this->uploadOrder[0])? $this->uploadOrder[0] : 'deny', 'allow' => $this->uploadAllow, 'deny' => $this->uploadDeny ), 'dispInlineRegex' => $this->options['dispInlineRegex'], 'jpgQuality' => intval($this->options['jpgQuality']), 'archivers' => array( 'create' => $create, 'extract' => isset($this->archivers['extract']) && is_array($this->archivers['extract']) ? array_keys($this->archivers['extract']) : array(), 'createext' => $createext ), 'uiCmdMap' => (isset($this->options['uiCmdMap']) && is_array($this->options['uiCmdMap']))? array_values($this->options['uiCmdMap']) : array(), 'syncChkAsTs' => intval($this->options['syncChkAsTs']), 'syncMinMs' => intval($this->options['syncMinMs']), 'i18nFolderName' => intval($this->options['i18nFolderName']) ); if ($hash === null) { if (! empty($this->options['icon'])) { $opts['icon'] = $this->options['icon']; } if (! empty($this->options['rootCssClass'])) { $opts['csscls'] = $this->options['rootCssClass']; } if (isset($this->options['netkey'])) { $opts['netkey'] = $this->options['netkey']; } } return $opts; }" 3779,protected function _rmdir($path) { $ret = @rmdir($path); $ret && clearstatcache(); return $ret; },True,PHP,_rmdir,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$_ret[$_k] = $this->convEnc($_v, $from, $to, '', false, $unknown = '_'); } $var = $_ret; } else { $_var = false; if (is_string($var)) { $_var = $var; if (false !== ($_var = iconv($from, $to.'//TRANSLIT', $_var))) { $_var = str_replace('?', $unknown, $_var); } } if ($_var !== false) { $var = $_var; } } if ($restoreLocale) { setlocale(LC_ALL, elFinder::$locale); } } return $var; }" 3781,"protected function _copy($source, $targetDir, $name) { $ret = copy($source, $this->_joinPath($targetDir, $name)); $ret && clearstatcache(); return $ret; }",True,PHP,_copy,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function createTmb($path, $stat) { if (!$stat || !$this->canCreateTmb($path, $stat)) { return false; } $name = $this->tmbname($stat); $tmb = $this->tmbPath.DIRECTORY_SEPARATOR.$name; $maxlength = -1; $imgConverter = null; $mime = strtolower($stat['mime']); list($type) = explode('/', $mime); if (isset($this->imgConverter[$mime])) { $imgConverter = $this->imgConverter[$mime]['func']; if (! empty($this->imgConverter[$mime]['maxlen'])) { $maxlength = intval($this->imgConverter[$mime]['maxlen']); } } else if (isset($this->imgConverter[$type])) { $imgConverter = $this->imgConverter[$type]['func']; if (! empty($this->imgConverter[$type]['maxlen'])) { $maxlength = intval($this->imgConverter[$type]['maxlen']); } } if ($imgConverter && ! is_callable($imgConverter)) { return false; } if (($src = $this->fopenCE($path, 'rb')) == false) { return false; } if (($trg = fopen($tmb, 'wb')) == false) { $this->fcloseCE($src, $path); return false; } stream_copy_to_stream($src, $trg, $maxlength); $this->fcloseCE($src, $path); fclose($trg); if ($imgConverter) { if (! call_user_func_array($imgConverter, array($tmb, $stat, $this))) { file_exists($tmb) && unlink($tmb); return false; } } $result = false; $tmbSize = $this->tmbSize; if ($this->imgLib === 'imagick') { try { $imagickTest = new imagick($tmb); $imagickTest->clear(); $imagickTest = true; } catch (Exception $e) { $imagickTest = false; } } if (($this->imgLib === 'imagick' && ! $imagickTest) || ($s = getimagesize($tmb)) === false) { if ($this->imgLib === 'imagick') { $bgcolor = $this->options['tmbBgColor']; if ($bgcolor === 'transparent') { $bgcolor = 'rgba(255, 255, 255, 0.0)'; } try { $imagick = new imagick(); $imagick->setBackgroundColor(new ImagickPixel($bgcolor)); $imagick->readImage($this->getExtentionByMime($stat['mime'], ':') . $tmb); $imagick->setImageFormat('png'); $imagick->writeImage($tmb); $imagick->clear(); if (($s = getimagesize($tmb)) !== false) { $result = true; } } catch (Exception $e) {} } if (! $result) { file_exists($tmb) && unlink($tmb); return false; } $result = false; } if ($s[0] <= $tmbSize && $s[1] <= $tmbSize) { $result = $this->imgSquareFit($tmb, $tmbSize, $tmbSize, 'center', 'middle', $this->options['tmbBgColor'], 'png' ); } else { if ($this->options['tmbCrop']) { $result = $tmb; if (!(($s[0] > $tmbSize && $s[1] <= $tmbSize) || ($s[0] <= $tmbSize && $s[1] > $tmbSize) ) || ($s[0] > $tmbSize && $s[1] > $tmbSize)) { $result = $this->imgResize($tmb, $tmbSize, $tmbSize, true, false, 'png'); } if ($result && ($s = getimagesize($tmb)) != false) { $x = $s[0] > $tmbSize ? intval(($s[0] - $tmbSize)/2) : 0; $y = $s[1] > $tmbSize ? intval(($s[1] - $tmbSize)/2) : 0; $result = $this->imgCrop($result, $tmbSize, $tmbSize, $x, $y, 'png'); } else { $result = false; } } else { $result = $this->imgResize($tmb, $tmbSize, $tmbSize, true, true, 'png'); } if ($result) { if ($s = getimagesize($tmb)) { if ($s[0] !== $tmbSize || $s[1] !== $tmbSize) { $result = $this->imgSquareFit($result, $tmbSize, $tmbSize, 'center', 'middle', $this->options['tmbBgColor'], 'png' ); } } } } if (!$result) { unlink($tmb); return false; } return $name; }" 3782,"protected function _extract($path, $arc) { if ($this->quarantine) { $dir = $this->quarantine.DIRECTORY_SEPARATOR.md5(basename($path).mt_rand()); $archive = $dir.DIRECTORY_SEPARATOR.basename($path); if (!@mkdir($dir)) { return false; } register_shutdown_function(array($this, 'rmdirRecursive'), realpath($dir)); chmod($dir, 0777); if (!copy($path, $archive)) { return false; } $this->unpackArchive($archive, $arc); $ls = self::localScandir($dir); if (empty($ls)) { return false; } $this->archiveSize = 0; $symlinks = $this->_findSymlinks($dir); if ($symlinks) { $this->delTree($dir); return $this->setError(array_merge($this->error, array(elFinder::ERROR_ARC_SYMLINKS))); } if ($this->options['maxArcFilesSize'] > 0 && $this->options['maxArcFilesSize'] < $this->archiveSize) { $this->delTree($dir); return $this->setError(elFinder::ERROR_ARC_MAXSIZE); } $extractTo = $this->extractToNewdir; $name = ''; $src = $dir.DIRECTORY_SEPARATOR.$ls[0]; if (($extractTo === 'auto' || !$extractTo) && count($ls) === 1 && is_file($src)) { $name = $ls[0]; } else if ($extractTo === 'auto' || $extractTo) { $src = $dir; $name = basename($path); if (preg_match('/\.((tar\.(gz|bz|bz2|z|lzo))|cpio\.gz|ps\.gz|xcf\.(gz|bz2)|[a-z0-9]{1,4})$/i', $name, $m)) { $name = substr($name, 0, strlen($name)-strlen($m[0])); } $test = dirname($path).DIRECTORY_SEPARATOR.$name; if (file_exists($test) || is_link($test)) { $name = $this->uniqueName(dirname($path), $name, '-', false); } } if ($name !== '') { $result = dirname($path).DIRECTORY_SEPARATOR.$name; if (! @rename($src, $result)) { $this->delTree($dir); return false; } } else { $dstDir = dirname($path); $res = false; $result = array(); foreach($ls as $name) { $target = $dstDir.DIRECTORY_SEPARATOR.$name; if (is_dir($target)) { $this->delTree($target); } if (@rename($dir.DIRECTORY_SEPARATOR.$name, $target)) { $result[] = $target; } } if (!$result) { $this->delTree($dir); return false; } } is_dir($dir) && $this->delTree($dir); return (is_array($result) || file_exists($result)) ? $result : false; } }",True,PHP,_extract,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function copyFrom($volume, $src, $destination, $name) { elFinder::extendTimeLimit(); if (($source = $volume->file($src)) == false) { return $this->setError(elFinder::ERROR_COPY, '#'.$src, $volume->error()); } $errpath = $volume->path($source['hash']); if (!$this->nameAccepted($source['name'])) { return $this->setError(elFinder::ERROR_COPY, $errpath, elFinder::ERROR_INVALID_NAME); } if (!$source['read']) { return $this->setError(elFinder::ERROR_COPY, $errpath, elFinder::ERROR_PERM_DENIED); } if ($source['mime'] == 'directory') { $test = $this->stat($this->joinPathCE($destination, $name)); $this->clearcache(); if (($test && $test['mime'] != 'directory') || (! $test && ! $test = $this->mkdir($this->encode($destination), $name))) { return $this->setError(elFinder::ERROR_COPY, $errpath); } $path = $this->joinPathCE($destination, $name); $path = $this->decode($test['hash']); foreach ($volume->scandir($src) as $entr) { if (!$this->copyFrom($volume, $entr['hash'], $path, $entr['name'])) { $this->remove($path, true); return $this->setError($this->error, elFinder::ERROR_COPY, $errpath); } } $this->added[] = $test; } else { if (($dim = $volume->dimensions($src))) { $s = explode('x', $dim); $source['width'] = $s[0]; $source['height'] = $s[1]; } if (($fp = $volume->open($src)) == false || ($path = $this->saveCE($fp, $destination, $name, $source)) == false) { $fp && $volume->close($fp, $src); return $this->setError(elFinder::ERROR_COPY, $errpath); } $volume->close($fp, $src); $stat = $this->stat($path); $mimeByName = elFinderVolumeDriver::mimetypeInternalDetect($stat['name']); if ($stat['mime'] === $mimeByName) { $mimeByName = ''; } if (!$this->allowPutMime($stat['mime']) || ($mimeByName && $mimeByName !== 'unknown' && !$this->allowPutMime($mimeByName))) { $this->remove($path, true); return $this->setError(elFinder::ERROR_UPLOAD_FILE_MIME, $errpath); } $this->added[] = $stat; } return $path; }" 3783,"protected function _save($fp, $dir, $name, $stat) { $path = $this->_joinPath($dir, $name); $meta = stream_get_meta_data($fp); $uri = isset($meta['uri'])? $meta['uri'] : ''; if ($uri && ! preg_match('#^[a-zA-Z0-9]+: @fclose($fp); $isCmdPaste = ($this->ARGS['cmd'] === 'paste'); $isCmdCopy = ($isCmdPaste && empty($this->ARGS['cut'])); if (($isCmdCopy || !@rename($uri, $path)) && !@copy($uri, $path)) { return false; } $isCmdPaste && !$isCmdCopy && touch($uri); } else { if (@file_put_contents($path, $fp, LOCK_EX) === false) { return false; } } @chmod($path, $this->options['fileMode']); clearstatcache(); return $path; }",True,PHP,_save,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function tmb($hash) { $path = $this->decode($hash); $stat = $this->stat($path); if (isset($stat['tmb'])) { $res = $stat['tmb'] == ""1"" ? $this->createTmb($path, $stat) : $stat['tmb']; if (! $res) { list($type) = explode('/', $stat['mime']); $fallback = $this->options['resourcePath'] . DIRECTORY_SEPARATOR . strtolower($type) . '.png'; if (is_file($fallback)) { $res = $this->tmbname($stat); if (! copy($fallback, $this->tmbPath . DIRECTORY_SEPARATOR . $res)) { $res = false; } } } return $res; } return false; }" 3784,"public function localFileSystemSearchIteratorFilter($file, $key, $iterator) { if ($iterator->hasChildren()) { return (bool)$this->attr($key, 'read', null, true); } return ($this->stripos($file->getFilename(), $this->doSearchCurrentQuery) === false)? false : true; }",True,PHP,localFileSystemSearchIteratorFilter,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function imgCrop($path, $width, $height, $x, $y, $destformat = null, $jpgQuality = null) { if (($s = getimagesize($path)) == false) { return false; } $result = false; if (!$jpgQuality) { $jpgQuality = $this->options['jpgQuality']; } elFinder::extendTimeLimit(300); switch ($this->imgLib) { case 'imagick': try { $img = new imagick($path); } catch (Exception $e) { return false; } $ani = ($img->getNumberImages() > 1); if ($ani && is_null($destformat)) { $img = $img->coalesceImages(); do { $img->setImagePage($s[0], $s[1], 0, 0); $img->cropImage($width, $height, $x, $y); $img->setImagePage($width, $height, 0, 0); } while ($img->nextImage()); $img = $img->optimizeImageLayers(); $result = $img->writeImages($path, true); } else { if ($ani) { $img->setFirstIterator(); } $img->setImagePage($s[0], $s[1], 0, 0); $img->cropImage($width, $height, $x, $y); $img->setImagePage($width, $height, 0, 0); $result = $this->imagickImage($img, $path, $destformat, $jpgQuality); } $img->clear(); return $result ? $path : false; break; case 'convert': extract($this->imageMagickConvertPrepare($path, $destformat, $jpgQuality, $s)); $cmd = sprintf('convert %s%s%s -crop %dx%d+%d+%d%s %s', $quotedPath, $coalesce, $jpgQuality, $width, $height, $x, $y, $deconstruct, $quotedDstPath); $result = false; if ($this->procExec($cmd) === 0) { $result = true; } return $result ? $path : false; break; case 'gd': $img = $this->gdImageCreate($path,$s['mime']); if ($img && false != ($tmp = imagecreatetruecolor($width, $height))) { $bgNum = false; if ($s[2] === IMAGETYPE_GIF && (! $destformat || $destformat === 'gif')) { $bgIdx = imagecolortransparent($img); if ($bgIdx !== -1) { $c = imagecolorsforindex($img, $bgIdx); $bgNum = imagecolorallocate($tmp, $c['red'], $c['green'], $c['blue']); imagefill($tmp, 0, 0, $bgNum); imagecolortransparent($tmp, $bgNum); } } if ($bgNum === false) { $this->gdImageBackground($tmp, 'transparent'); } $size_w = $width; $size_h = $height; if ($s[0] < $width || $s[1] < $height) { $size_w = $s[0]; $size_h = $s[1]; } if (!imagecopy($tmp, $img, 0, 0, $x, $y, $size_w, $size_h)) { return false; } $result = $this->gdImage($tmp, $path, $destformat, $s['mime'], $jpgQuality); imagedestroy($img); imagedestroy($tmp); return $result ? $path : false; } break; } return false; }" 3788,"protected function readlink($path) { if (!($target = @readlink($path))) { return null; } if (strpos($target, $this->systemRoot) !== 0) { $target = $this->_joinPath(dirname($path), $target); } if (!file_exists($target)) { return false; } return $target; }",True,PHP,readlink,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function decode($hash) { if (strpos($hash, $this->id) === 0) { $h = substr($hash, strlen($this->id)); $h = base64_decode(strtr($h, '-_.', '+/=')); $path = $this->uncrypt($h); return $this->abspathCE($path); } }" 3790,"protected function _fclose($fp, $path='') { return @fclose($fp); }",True,PHP,_fclose,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function getItemsInHand($hashes, $dir = null) { static $totalSize = 0; if (is_null($dir)) { $totalSize = 0; if (! $tmpDir = $this->getTempPath()) { return false; } $dir = tempnam($tmpDir, 'elf'); if (!unlink($dir) || !mkdir($dir, 0700, true)) { return false; } register_shutdown_function(array($this, 'rmdirRecursive'), $dir); } $res = true; $files = array(); foreach ($hashes as $hash) { if (($file = $this->file($hash)) == false) { continue; } if (!$file['read']) { continue; } $name = $file['name']; if (isset($files[$name])) { $name = preg_replace('/^(.*?)(\..*)?$/', '$1_'.$files[$name]++.'$2', $name); } else { $files[$name] = 1; } $target = $dir.DIRECTORY_SEPARATOR.$name; if ($file['mime'] === 'directory') { $chashes = array(); $_files = $this->scandir($hash); foreach($_files as $_file) { if ($file['read']) { $chashes[] = $_file['hash']; } } if (($res = mkdir($target, 0700, true)) && $chashes) { $res = $this->getItemsInHand($chashes, $target); } if (!$res) { break; } !empty($file['ts']) && touch($target, $file['ts']); } else { $path = $this->decode($hash); if ($fp = $this->fopenCE($path)) { if ($tfp = fopen($target, 'wb')) { $totalSize += stream_copy_to_stream($fp, $tfp); fclose($tfp); } !empty($file['ts']) && touch($target, $file['ts']); $this->fcloseCE($fp, $path); } if ($this->options['maxArcFilesSize'] > 0 && $this->options['maxArcFilesSize'] < $totalSize) { $res = $this->setError(elFinder::ERROR_ARC_MAXSIZE); } } } return $res? $dir : false; }" 3791,"public function localFileSystemInotify($path, $standby, $compare) { if (isset($this->sessionCache['localFileSystemInotify_disable'])) { return false; } $path = realpath($path); $mtime = filemtime($path); if ($mtime != $compare) { return $mtime; } $inotifywait = defined('ELFINER_INOTIFYWAIT_PATH')? ELFINER_INOTIFYWAIT_PATH : 'inotifywait'; $path = escapeshellarg($path); $standby = max(1, intval($standby)); $cmd = $inotifywait.' '.$path.' -t '.$standby.' -e moved_to,moved_from,move,close_write,delete,delete_self'; $this->procExec($cmd , $o, $r); if ($r === 0) { clearstatcache(); $mtime = @filemtime($path); return $mtime? $mtime : time(); } else if ($r === 2) { return $compare; } $this->sessionCache['localFileSystemInotify_disable'] = true; $this->session->set($this->id, $this->sessionCache, true); return false; }",True,PHP,localFileSystemInotify,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function configure() { $this->ARGS = $_SERVER['REQUEST_METHOD'] === 'POST'? $_POST : $_GET; $path = $this->options['tmbPath']; if ($path) { if (!file_exists($path)) { if (mkdir($path)) { chmod($path, $this->options['tmbPathMode']); } else { $path = ''; } } if (is_dir($path) && is_readable($path)) { $this->tmbPath = $path; $this->tmbPathWritable = is_writable($path); } } if (! is_dir($this->options['resourcePath'])) { $this->options['resourcePath'] = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'resources'; } $type = preg_match('/^(imagick|gd|convert|auto)$/i', $this->options['imgLib']) ? strtolower($this->options['imgLib']) : 'auto'; $imgLibFallback = extension_loaded('imagick')? 'imagick' : (function_exists('gd_info')? 'gd' : ''); if (($type === 'imagick' || $type === 'auto') && extension_loaded('imagick')) { $this->imgLib = 'imagick'; } else if (($type === 'gd' || $type === 'auto') && function_exists('gd_info')) { $this->imgLib = 'gd'; } else { $convertCache = 'imgLibConvert'; if (($convertCmd = $this->session->get($convertCache, false)) !== false) { $this->imgLib = $convertCmd; } else { $this->imgLib = ($this->procExec('convert -version') === 0)? 'convert' : ''; $this->session->set($convertCache, $this->imgLib); } } if ($type !== 'auto' && $this->imgLib === '') { $this->imgLib = extension_loaded('imagick')? 'imagick' : (function_exists('gd_info')? 'gd' : ''); } if (! empty($this->options['imgConverter']) && is_array($this->options['imgConverter'])) { foreach($this->options['imgConverter'] as $_type => $_converter) { if (isset($_converter['func'])) { $this->imgConverter[strtolower($_type)] = $_converter; } } } if (! isset($this->imgConverter['video'])) { $videoLibCache = 'videoLib'; if (($videoLibCmd = $this->session->get($videoLibCache, false)) === false) { $videoLibCmd = ($this->procExec('ffmpeg -version') === 0)? 'ffmpeg' : ''; $this->session->set($videoLibCache, $videoLibCmd); } if ($videoLibCmd) { $this->imgConverter['video'] = array( 'func' => array($this, $videoLibCmd . 'ToImg'), 'maxlen' => $this->options['tmbVideoConvLen'] ); } } if (empty($this->archivers['create'])) { $this->disabled[] ='archive'; } if (empty($this->archivers['extract'])) { $this->disabled[] ='extract'; } $_arc = $this->getArchivers(); if (empty($_arc['create'])) { $this->disabled[] ='zipdl'; } if (empty($this->options['statOwner'])) { $this->disabled[] ='chmod'; } if (!is_array($this->options['mimeMap'])) { $this->options['mimeMap'] = array(); } }" 3794,"protected function _mkdir($path, $name) { $path = $this->_joinPath($path, $name); if (@mkdir($path)) { @chmod($path, $this->options['dirMode']); clearstatcache(); return $path; } return false; }",True,PHP,_mkdir,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function copy($src, $dst, $name) { elFinder::extendTimeLimit(); $srcStat = $this->stat($src); $this->clearcache(); if (!empty($srcStat['thash'])) { $target = $this->decode($srcStat['thash']); if (!$this->inpathCE($target, $this->root)) { return $this->setError(elFinder::ERROR_COPY, $this->path($srcStat['hash']), elFinder::ERROR_MKOUTLINK); } $stat = $this->stat($target); $this->clearcache(); return $stat && $this->symlinkCE($target, $dst, $name) ? $this->joinPathCE($dst, $name) : $this->setError(elFinder::ERROR_COPY, $this->path($srcStat['hash'])); } if ($srcStat['mime'] === 'directory') { $testStat = $this->stat($this->joinPathCE($dst, $name)); $this->clearcache(); if (($testStat && $testStat['mime'] != 'directory') || (! $testStat && ! $testStat = $this->mkdir($this->encode($dst), $name))) { return $this->setError(elFinder::ERROR_COPY, $this->path($srcStat['hash'])); } $dst = $this->decode($testStat['hash']); foreach ($this->getScandir($src) as $stat) { if (empty($stat['hidden'])) { $name = $stat['name']; $_src = $this->decode($stat['hash']); if (! $this->copy($_src, $dst, $name)) { $this->remove($dst, true); return $this->setError($this->error, elFinder::ERROR_COPY, $this->_path($src)); } } } $this->added[] = $testStat; return $dst; } if ($this->options['copyJoin']) { $test = $this->joinPathCE($dst, $name); if ($testStat = $this->stat($test)) { $this->remove($test); } } else { $testStat = false; } if ($res = $this->convEncOut($this->_copy($this->convEncIn($src), $this->convEncIn($dst), $this->convEncIn($name)))) { $path = is_string($res)? $res : $this->joinPathCE($dst, $name); $this->clearcache(); $this->added[] = $this->stat($path); return $path; } return $this->setError(elFinder::ERROR_COPY, $this->path($srcStat['hash'])); }" 3795,protected function _unlink($path) { $ret = @unlink($path); $ret && clearstatcache(); return $ret; },True,PHP,_unlink,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function imgSquareFit($path, $width, $height, $align = 'center', $valign = 'middle', $bgcolor = '#0000ff', $destformat = null, $jpgQuality = null) { if (($s = getimagesize($path)) == false) { return false; } $result = false; $y = ceil(abs($height - $s[1]) / 2); $x = ceil(abs($width - $s[0]) / 2); if (!$jpgQuality) { $jpgQuality = $this->options['jpgQuality']; } elFinder::extendTimeLimit(300); switch ($this->imgLib) { case 'imagick': try { $img = new imagick($path); } catch (Exception $e) { return false; } if ($bgcolor === 'transparent') { $bgcolor = 'rgba(255, 255, 255, 0.0)'; } $ani = ($img->getNumberImages() > 1); if ($ani && is_null($destformat)) { $img1 = new Imagick(); $img1->setFormat('gif'); $img = $img->coalesceImages(); do { $gif = new Imagick(); $gif->newImage($width, $height, new ImagickPixel($bgcolor)); $gif->setImageColorspace($img->getImageColorspace()); $gif->setImageFormat('gif'); $gif->compositeImage( $img, imagick::COMPOSITE_OVER, $x, $y ); $gif->setImageDelay($img->getImageDelay()); $gif->setImageIterations($img->getImageIterations()); $img1->addImage($gif); $gif->clear(); } while ($img->nextImage()); $img1 = $img1->optimizeImageLayers(); $result = $img1->writeImages($path, true); } else { if ($ani) { $img->setFirstIterator(); } $img1 = new Imagick(); $img1->newImage($width, $height, new ImagickPixel($bgcolor)); $img1->setImageColorspace($img->getImageColorspace()); $img1->compositeImage( $img, imagick::COMPOSITE_OVER, $x, $y ); $result = $this->imagickImage($img1, $path, $destformat, $jpgQuality); } $img1->clear(); $img->clear(); return $result ? $path : false; break; case 'convert': extract($this->imageMagickConvertPrepare($path, $destformat, $jpgQuality, $s)); if ($bgcolor === 'transparent') { $bgcolor = 'rgba(255, 255, 255, 0.0)'; } $cmd = sprintf('convert -size %dx%d ""xc:%s"" png:- | convert%s%s png:- %s -geometry +%d+%d -compose over -composite%s %s', $width, $height, $bgcolor, $coalesce, $jpgQuality, $quotedPath, $x, $y, $deconstruct, $quotedDstPath); $result = false; if ($this->procExec($cmd) === 0) { $result = true; } return $result ? $path : false; break; case 'gd': $img = $this->gdImageCreate($path,$s['mime']); if ($img && false != ($tmp = imagecreatetruecolor($width, $height))) { $this->gdImageBackground($tmp, $bgcolor); if ($bgcolor === 'transparent' && ($destformat === 'png' || $s[2] === IMAGETYPE_PNG)) { $bgNum = imagecolorallocatealpha($tmp, 255, 255, 255, 127); imagefill($tmp, 0, 0, $bgNum); } if (!imagecopy($tmp, $img, $x, $y, 0, 0, $s[0], $s[1])) { return false; } $result = $this->gdImage($tmp, $path, $destformat, $s['mime'], $jpgQuality); imagedestroy($img); imagedestroy($tmp); return $result ? $path : false; } break; } return false; }" 3796,"protected function _stat($path) { static $statOwner; if (is_null($statOwner)) { $statOwner = (!empty($this->options['statOwner'])); } $stat = array(); if (!file_exists($path) && !is_link($path)) { return $stat; } if (!$this->_inpath($path, $this->root)) { return $stat; } $gid = $uid = 0; $stat['isowner'] = false; $linkreadable = false; if ($path != $this->root && is_link($path)) { if (! $this->options['followSymLinks']) { return array(); } if (!($target = $this->readlink($path)) || $target == $path) { if (is_null($target)) { $stat = array(); return $stat; } else { $stat['mime'] = 'symlink-broken'; $target = readlink($path); $lstat = lstat($path); $ostat = $this->getOwnerStat($lstat['uid'], $lstat['gid']); $linkreadable = !empty($ostat['isowner']); } } $stat['alias'] = $this->_path($target); $stat['target'] = $target; } $size = sprintf('%u', @filesize($path)); $stat['ts'] = filemtime($path); if ($statOwner) { $fstat = stat($path); $uid = $fstat['uid']; $gid = $fstat['gid']; $stat['perm'] = substr((string)decoct($fstat['mode']), -4); $stat = array_merge($stat, $this->getOwnerStat($uid, $gid)); } $dir = is_dir($path); if (!isset($stat['mime'])) { $stat['mime'] = $dir ? 'directory' : $this->mimetype($path); } $stat['read'] = ($linkreadable || is_readable($path))? null : false; $stat['write'] = is_writable($path)? null : false; if (is_null($stat['read'])) { $stat['size'] = $dir ? 0 : $size; } return $stat; }",True,PHP,_stat,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,protected static function localScandir($dir) { $files = array(); if ($dh = opendir($dir)) { while (false !== ($file = readdir($dh))) { if ($file !== '.' && $file !== '..') { $files[] = $file; } } closedir($dh); } else { throw new Exception('Can not open local directory.'); } return $files; } 3797,"protected function configure() { $root = $this->stat($this->root); if ($this->options['tmbPath']) { $this->options['tmbPath'] = strpos($this->options['tmbPath'], DIRECTORY_SEPARATOR) === false ? $this->_abspath($this->options['tmbPath']) : $this->_normpath($this->options['tmbPath']); } parent::configure(); $this->tmp = ''; if (!empty($this->options['tmpPath'])) { if ((is_dir($this->options['tmpPath']) || @mkdir($this->options['tmpPath'], 0755, true)) && is_writable($this->options['tmpPath'])) { $this->tmp = $this->options['tmpPath']; } } if (!$this->tmp && ($tmp = elFinder::getStaticVar('commonTempPath'))) { $this->tmp = $tmp; } if ($root['read'] && !$this->tmbURL && $this->URL) { if (strpos($this->tmbPath, $this->root) === 0) { $this->tmbURL = $this->URL.str_replace(DIRECTORY_SEPARATOR, '/', substr($this->tmbPath, strlen($this->root)+1)); if (preg_match(""|[^/?&=]$|"", $this->tmbURL)) { $this->tmbURL .= '/'; } } } $this->quarantine = ''; if (!empty($this->options['quarantine'])) { if (is_dir($this->options['quarantine'])) { if (is_writable($this->options['quarantine'])) { $this->quarantine = $this->options['quarantine']; } $this->options['quarantine'] = ''; } else { $this->quarantine = $this->_abspath($this->options['quarantine']); if ((!is_dir($this->quarantine) && !$this->_mkdir($this->root, $this->options['quarantine'])) || !is_writable($this->quarantine)) { $this->options['quarantine'] = $this->quarantine = ''; } } } if (!$this->quarantine) { if (!$this->tmp) { $this->archivers['extract'] = array(); $this->disabled[] = 'extract'; } else { $this->quarantine = $this->tmp; } } if ($this->options['quarantine']) { $this->attributes[] = array( 'pattern' => '~^'.preg_quote(DIRECTORY_SEPARATOR.$this->options['quarantine']).'$~', 'read' => false, 'write' => false, 'locked' => true, 'hidden' => true ); } }",True,PHP,configure,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function gdImage($image, $filename, $destformat, $mime, $jpgQuality = null ) { if (! $jpgQuality) { $jpgQuality = $this->options['jpgQuality']; } if ($destformat) { switch ($destformat) { case 'jpg': $mime = 'image/jpeg'; break; case 'gif': $mime = 'image/gif'; break; case 'png': default: $mime = 'image/png'; break; } } switch ($mime) { case 'image/gif': return imagegif ($image, $filename); case 'image/jpeg': return imagejpeg($image, $filename, $jpgQuality); case 'image/wbmp': return imagewbmp($image, $filename); case 'image/png': default: return imagepng($image, $filename); } }" 3800,"protected function _normpath($path) { if (empty($path)) { return '.'; } $changeSep = (DIRECTORY_SEPARATOR !== '/'); if ($changeSep) { $path = str_replace(DIRECTORY_SEPARATOR, '/', $path); } if (strpos($path, '/') === 0) { $initial_slashes = true; } else { $initial_slashes = false; } if (($initial_slashes) && (strpos($path, '//') === 0) && (strpos($path, '/ $initial_slashes = 2; } $initial_slashes = (int) $initial_slashes; $comps = explode('/', $path); $new_comps = array(); foreach ($comps as $comp) { if (in_array($comp, array('', '.'))) { continue; } if (($comp != '..') || (!$initial_slashes && !$new_comps) || ($new_comps && (end($new_comps) == '..'))) { array_push($new_comps, $comp); } elseif ($new_comps) { array_pop($new_comps); } } $comps = $new_comps; $path = implode('/', $comps); if ($initial_slashes) { $path = str_repeat('/', $initial_slashes) . $path; } if ($changeSep) { $path = str_replace('/', DIRECTORY_SEPARATOR, $path); } return $path ? $path : '.'; }",True,PHP,_normpath,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getImageSize($path, $mime = '') { $size = false; if ($mime === '' || strtolower(substr($mime, 0, 5)) === 'image') { if ($work = $this->getWorkFile($path)) { if ($size = getimagesize($work)) { $size['dimensions'] = $size[0].'x'.$size[1]; } } is_file($work) && unlink($work); } return $size; }" 3801,"protected function _dimensions($path, $mime) { clearstatcache(); return strpos($mime, 'image') === 0 && ($s = @getimagesize($path)) !== false ? $s[0].'x'.$s[1] : false; }",True,PHP,_dimensions,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function uniqueName($dir, $name, $suffix = ' copy', $checkNum = true, $start = 1) { $ext = ''; if (preg_match('/\.((tar\.(gz|bz|bz2|z|lzo))|cpio\.gz|ps\.gz|xcf\.(gz|bz2)|[a-z0-9]{1,4})$/i', $name, $m)) { $ext = '.'.$m[1]; $name = substr($name, 0, strlen($name)-strlen($m[0])); } if ($checkNum && preg_match('/('.preg_quote($suffix, '/').')(\d*)$/i', $name, $m)) { $i = (int)$m[2]; $name = substr($name, 0, strlen($name)-strlen($m[2])); } else { $i = $start; $name .= $suffix; } $max = $i+100000; while ($i <= $max) { $n = $name.($i > 0 ? sprintf($this->options['uniqueNumFormat'], $i) : '').$ext; if (!$this->stat($this->joinPathCE($dir, $n))) { $this->clearcache(); return $n; } $i++; }" 3803,"protected function _fopen($path, $mode='rb') { return @fopen($path, $mode); }",True,PHP,_fopen,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function canCreateTmb($path, $stat, $checkTmbPath = true) { if ((! $checkTmbPath || $this->tmbPathWritable) && (! $this->tmbPath || strpos($path, $this->tmbPath) === false) ) { $mime = strtolower($stat['mime']); list($type) = explode('/', $mime); if (! empty($this->imgConverter)) { if (isset($this->imgConverter[$mime])) { return true; } if (isset($this->imgConverter[$type])) { return true; } } return $this->imgLib && ($type === 'image') && ($this->imgLib == 'gd' ? in_array($stat['mime'], array('image/jpeg', 'image/png', 'image/gif', 'image/x-ms-bmp')) : true); } return false; }" 3804,public function __construct() { $this->options['alias'] = ''; $this->options['dirMode'] = 0755; $this->options['fileMode'] = 0644; $this->options['quarantine'] = '.quarantine'; $this->options['rootCssClass'] = 'elfinder-navbar-root-local'; $this->options['followSymLinks'] = true; },True,PHP,__construct,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function getTempFile($path = '') { static $cache = array(); static $rmfunc; $key = ''; if ($path !== '') { $key = $this->id . '#' . $path; if (isset($cache[$key])) { return $cache[$key]; } } if ($tmpdir = $this->getTempPath()) { if (!$rmfunc) { $rmfunc = create_function('$f', 'is_file($f) && unlink($f);'); } $name = tempnam($tmpdir, 'ELF'); if ($key) { $cache[$key] = $name; } register_shutdown_function($rmfunc, $name); return $name; } return false; }" 3809,"protected function _mkfile($path, $name) { $path = $this->_joinPath($path, $name); if (($fp = @fopen($path, 'w'))) { @fclose($fp); @chmod($path, $this->options['fileMode']); clearstatcache(); return $path; } return false; }",True,PHP,_mkfile,elFinderVolumeLocalFileSystem.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function resize($hash, $width, $height, $x, $y, $mode = 'resize', $bg = '', $degree = 0, $jpgQuality = null) { if ($this->commandDisabled('resize')) { return $this->setError(elFinder::ERROR_PERM_DENIED); } if (($file = $this->file($hash)) == false) { return $this->setError(elFinder::ERROR_FILE_NOT_FOUND); } if (!$file['write'] || !$file['read']) { return $this->setError(elFinder::ERROR_PERM_DENIED); } $path = $this->decode($hash); $work_path = $this->getWorkFile($this->encoding? $this->convEncIn($path, true) : $path); if (!$work_path || !is_writable($work_path)) { if ($work_path && $path !== $work_path && is_file($work_path)) { unlink($work_path); } return $this->setError(elFinder::ERROR_PERM_DENIED); } if ($this->imgLib !== 'imagick' && $this->imgLib !== 'convert') { if (elFinder::isAnimationGif ($work_path)) { return $this->setError(elFinder::ERROR_UNSUPPORT_TYPE); } } switch($mode) { case 'propresize': $result = $this->imgResize($work_path, $width, $height, true, true, null, $jpgQuality); break; case 'crop': $result = $this->imgCrop($work_path, $width, $height, $x, $y, null, $jpgQuality); break; case 'fitsquare': $result = $this->imgSquareFit($work_path, $width, $height, 'center', 'middle', ($bg ? $bg : $this->options['tmbBgColor']), null, $jpgQuality); break; case 'rotate': $result = $this->imgRotate($work_path, $degree, ($bg ? $bg : $this->options['bgColorFb']), null, $jpgQuality); break; default: $result = $this->imgResize($work_path, $width, $height, false, true, null, $jpgQuality); break; } $ret = false; if ($result) { $stat = $this->stat($path); clearstatcache(); $fstat = stat($work_path); $stat['size'] = $fstat['size']; $stat['ts'] = $fstat['mtime']; if ($imgsize = getimagesize($work_path)) { $stat['width'] = $imgsize[0]; $stat['height'] = $imgsize[1]; $stat['mime'] = $imgsize['mime']; } if ($path !== $work_path) { if ($fp = fopen($work_path, 'rb')) { $ret = $this->saveCE($fp, $this->dirnameCE($path), $this->basenameCE($path), $stat); fclose($fp); } } else { $ret = true; } if ($ret) { $this->rmTmb($file); $this->clearcache(); $ret = $this->stat($path); $ret['width'] = $stat['width']; $ret['height'] = $stat['height']; } } if ($path !== $work_path) { is_file($work_path) && unlink($work_path); } return $ret; }" 3812,"protected function configure() { parent::configure(); if (($tmp = $this->options['tmpPath'])) { if (!file_exists($tmp)) { if (@mkdir($tmp)) { @chmod($tmp, $this->options['tmbPathMode']); } } $this->tmpPath = is_dir($tmp) && is_writable($tmp) ? $tmp : false; } if (!$this->tmpPath && ($tmp = elFinder::getStaticVar('commonTempPath'))) { $this->tmpPath = $tmp; } if (!$this->tmpPath && $this->tmbPath && $this->tmbPathWritable) { $this->tmpPath = $this->tmbPath; } $this->mimeDetect = 'internal'; }",True,PHP,configure,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _filePutContents($path, $content) { $res = false; if ($local = $this->getTempFile($path)) { if (file_put_contents($local, $content, LOCK_EX) !== false && ($fp = fopen($local, 'rb'))) { clearstatcache(); $res = $this->_save($fp, $path, '', array()); fclose($fp); } file_exists($local) && unlink($local); } return $res; }" 3814,"protected function doSearch($path, $q, $mimes) { $dirs = array(); $timeout = $this->options['searchTimeout']? $this->searchStart + $this->options['searchTimeout'] : 0; if ($path != $this->root) { $inpath = array(intval($path)); while($inpath) { $in = '('.join(',', $inpath).')'; $inpath = array(); $sql = 'SELECT f.id FROM %s AS f WHERE f.parent_id IN '.$in.' AND `mime` = \'directory\''; $sql = sprintf($sql, $this->tbf); if ($res = $this->query($sql)) { $_dir = array(); while ($dat = $res->fetch_assoc()) { $inpath[] = $dat['id']; } $dirs = array_merge($dirs, $inpath); } } } $result = array(); if ($mimes) { $whrs = array(); foreach($mimes as $mime) { if (strpos($mime, '/') === false) { $whrs[] = sprintf('f.mime LIKE ""%s/%%""', $this->db->real_escape_string($mime)); } else { $whrs[] = sprintf('f.mime = ""%s""', $this->db->real_escape_string($mime)); } } $whr = join(' OR ', $whrs); } else { $whr = sprintf('f.name RLIKE ""%s""', $this->db->real_escape_string($q)); } if ($dirs) { $whr = '(' . $whr . ') AND (`parent_id` IN (' . join(',', $dirs) . '))'; } $sql = 'SELECT f.id, f.parent_id, f.name, f.size, f.mtime AS ts, f.mime, f.read, f.write, f.locked, f.hidden, f.width, f.height, 0 AS dirs FROM %s AS f WHERE %s'; $sql = sprintf($sql, $this->tbf, $whr); if (($res = $this->query($sql))) { while ($row = $res->fetch_assoc()) { if ($timeout && $timeout < time()) { $this->setError(elFinder::ERROR_SEARCH_TIMEOUT, $this->path($this->encode($path))); break; } if (!$this->mimeAccepted($row['mime'], $mimes)) { continue; } $id = $row['id']; if ($row['parent_id']) { $row['phash'] = $this->encode($row['parent_id']); } $row['path'] = $this->_path($id); if ($row['mime'] == 'directory') { unset($row['width']); unset($row['height']); } else { unset($row['dirs']); } unset($row['id']); unset($row['parent_id']); if (($stat = $this->updateCache($id, $row)) && empty($stat['hidden'])) { $result[] = $stat; } } } return $result; }",True,PHP,doSearch,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function getHttpResponseHeader($url) { if (function_exists('curl_exec')) { $c = curl_init(); curl_setopt( $c, CURLOPT_RETURNTRANSFER, true ); curl_setopt( $c, CURLOPT_CUSTOMREQUEST, 'HEAD' ); curl_setopt( $c, CURLOPT_HEADER, 1 ); curl_setopt( $c, CURLOPT_NOBODY, true ); curl_setopt( $c, CURLOPT_URL, $url ); $res = curl_exec( $c ); } else { require_once 'HTTP/Request2.php'; try { $request2 = new HTTP_Request2(); $request2->setConfig(array( 'ssl_verify_peer' => false, 'ssl_verify_host' => false )); $request2->setUrl($url); $request2->setMethod(HTTP_Request2::METHOD_HEAD); $result = $request2->send(); $res = array(); $res[] = 'HTTP/'.$result->getVersion().' '.$result->getStatus().' '.$result->getReasonPhrase(); foreach($result->getHeader() as $key => $val) { $res[] = $key . ': ' . $val; } $res = join(""\r\n"", $res); } catch( HTTP_Request2_Exception $e ) { $res = ''; } catch (Exception $e) { $res = ''; } } return $res; }" 3816,"protected function _copy($source, $targetDir, $name) { $this->clearcache(); $id = $this->_joinPath($targetDir, $name); $sql = $id > 0 ? sprintf('REPLACE INTO %s (id, parent_id, name, content, size, mtime, mime, width, height, `read`, `write`, `locked`, `hidden`) (SELECT %d, %d, name, content, size, mtime, mime, width, height, `read`, `write`, `locked`, `hidden` FROM %s WHERE id=%d)', $this->tbf, $id, $this->_dirname($id), $this->tbf, $source) : sprintf('INSERT INTO %s (parent_id, name, content, size, mtime, mime, width, height, `read`, `write`, `locked`, `hidden`) SELECT %d, ""%s"", content, size, %d, mime, width, height, `read`, `write`, `locked`, `hidden` FROM %s WHERE id=%d', $this->tbf, $targetDir, $this->db->real_escape_string($name), time(), $this->tbf, $source); return $this->query($sql); }",True,PHP,_copy,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _fopen($path, $mode='rb') { if (($mode == 'rb' || $mode == 'r')) { try { $res = $this->dropbox->media($path); $url = parse_url($res['url']); $fp = stream_socket_client('ssl: fputs($fp, ""GET {$url['path']} HTTP/1.0\r\n""); fputs($fp, ""Host: {$url['host']}\r\n""); fputs($fp, ""\r\n""); while(trim(fgets($fp)) !== '') {}; return $fp; } catch (Dropbox_Exception $e) { return false; } } if ($this->tmp) { $contents = $this->_getContents($path); if ($contents === false) { return false; } if ($local = $this->getTempFile($path)) { if (file_put_contents($local, $contents, LOCK_EX) !== false) { return fopen($local, $mode); } } } return false; }" 3817,"protected function init() { if (!($this->options['host'] || $this->options['socket']) || !$this->options['user'] || !$this->options['pass'] || !$this->options['db'] || !$this->options['path'] || !$this->options['files_table']) { return false; } $this->db = new mysqli($this->options['host'], $this->options['user'], $this->options['pass'], $this->options['db'], $this->options['port'], $this->options['socket']); if ($this->db->connect_error || @mysqli_connect_error()) { return false; } $this->db->set_charset('utf8'); if ($res = $this->db->query('SHOW TABLES')) { while ($row = $res->fetch_array()) { if ($row[0] == $this->options['files_table']) { $this->tbf = $this->options['files_table']; break; } } } if (!$this->tbf) { return false; } $this->updateCache($this->options['path'], $this->_stat($this->options['path'])); return true; }",True,PHP,init,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function init() { if (!class_exists('PDO', false)) { return $this->setError('PHP PDO class is require.'); } if (!$this->options['consumerKey'] || !$this->options['consumerSecret'] || !$this->options['accessToken'] || !$this->options['accessTokenSecret']) { return $this->setError('Required options undefined.'); } if (empty($this->options['metaCachePath']) && defined('ELFINDER_DROPBOX_META_CACHE_PATH')) { $this->options['metaCachePath'] = ELFINDER_DROPBOX_META_CACHE_PATH; } $this->netMountKey = md5(join('-', array('dropbox', $this->options['path']))); if (! $this->oauth) { if (defined('ELFINDER_DROPBOX_USE_CURL_PUT')) { $this->oauth = new Dropbox_OAuth_Curl($this->options['consumerKey'], $this->options['consumerSecret']); } else { if (class_exists('OAuth', false)) { $this->oauth = new Dropbox_OAuth_PHP($this->options['consumerKey'], $this->options['consumerSecret']); } else { if (! class_exists('HTTP_OAuth_Consumer')) { include 'HTTP/OAuth/Consumer.php'; } if (class_exists('HTTP_OAuth_Consumer', false)) { $this->oauth = new Dropbox_OAuth_PEAR($this->options['consumerKey'], $this->options['consumerSecret']); } } } } if (! $this->oauth) { return $this->setError('OAuth extension not loaded.'); } $this->root = $this->options['path'] = $this->_normpath($this->options['path']); if (empty($this->options['alias'])) { $this->options['alias'] = ($this->options['path'] === '/')? 'Dropbox.com' : 'Dropbox'.$this->options['path']; } $this->rootName = $this->options['alias']; try { $this->oauth->setToken($this->options['accessToken'], $this->options['accessTokenSecret']); $this->dropbox = new Dropbox_API($this->oauth, $this->options['root']); } catch (Dropbox_Exception $e) { $this->session->remove('DropboxTokens'); return $this->setError('Dropbox error: '.$e->getMessage()); } if (empty($this->options['dropboxUid'])) { try { $res = $this->dropbox->getAccountInfo(); $this->options['dropboxUid'] = $res['uid']; } catch (Dropbox_Exception $e) { $this->session->remove('DropboxTokens'); return $this->setError('Dropbox error: '.$e->getMessage()); } } $this->dropboxUid = $this->options['dropboxUid']; $this->tmbPrefix = 'dropbox'.base_convert($this->dropboxUid, 10, 32); if (!empty($this->options['tmpPath'])) { if ((is_dir($this->options['tmpPath']) || mkdir($this->options['tmpPath'])) && is_writable($this->options['tmpPath'])) { $this->tmp = $this->options['tmpPath']; } } if (!$this->tmp && is_writable($this->options['tmbPath'])) { $this->tmp = $this->options['tmbPath']; } if (!$this->tmp && ($tmp = elFinder::getStaticVar('commonTempPath'))) { $this->tmp = $tmp; } if (!empty($this->options['metaCachePath'])) { if ((is_dir($this->options['metaCachePath']) || mkdir($this->options['metaCachePath'])) && is_writable($this->options['metaCachePath'])) { $this->metaCache = $this->options['metaCachePath']; } } if (!$this->metaCache && $this->tmp) { $this->metaCache = $this->tmp; } if (!$this->metaCache) { return $this->setError('Cache dirctory (metaCachePath or tmp) is require.'); } if (! $this->options['PDO_DSN']) { $this->options['PDO_DSN'] = 'sqlite:'.$this->metaCache.DIRECTORY_SEPARATOR.'.elFinder_dropbox_db_'.md5($this->dropboxUid.$this->options['consumerSecret']); } $this->DB_TableName = $this->options['PDO_DBName']; try { $this->DB = new PDO($this->options['PDO_DSN'], $this->options['PDO_User'], $this->options['PDO_Pass'], $this->options['PDO_Options']); if (! $this->checkDB()) { return $this->setError('Can not make DB table'); } } catch (PDOException $e) { return $this->setError('PDO connection failed: '.$e->getMessage()); } $res = $this->deltaCheck($this->isMyReload()); if ($res !== true) { if (is_string($res)) { return $this->setError($res); } else { return $this->setError('Could not check API ""delta""'); } } if (is_null($this->options['syncChkAsTs'])) { $this->options['syncChkAsTs'] = true; } if ($this->options['syncChkAsTs']) { $this->options['tsPlSleep'] = max(5, $this->options['tsPlSleep']); } else { $this->options['lsPlSleep'] = max(10, $this->options['lsPlSleep']); } return true; }" 3819,"protected function _setContent($path, $fp) { rewind($fp); $fstat = fstat($fp); $size = $fstat['size']; }",True,PHP,_setContent,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function __construct() { $this->dropbox_phpFound = class_exists('Dropbox_API'); if (! $this->dropbox_phpFound) { if (include_once 'Dropbox/autoload.php') { $this->dropbox_phpFound = in_array('Dropbox_autoload', spl_autoload_functions()); } } $opts = array( 'consumerKey' => '', 'consumerSecret' => '', 'accessToken' => '', 'accessTokenSecret' => '', 'dropboxUid' => '', 'root' => 'dropbox', 'path' => '/', 'separator' => '/', 'PDO_DSN' => '', 'PDO_User' => '', 'PDO_Pass' => '', 'PDO_Options' => array(), 'PDO_DBName' => 'dropbox', 'treeDeep' => 0, 'tmbPath' => '', 'tmbURL' => '', 'tmpPath' => '', 'getTmbSize' => 'large', 'metaCachePath' => '', 'metaCacheTime' => '600', 'acceptedName' => '#^[^/\\?*:|""<>]*[^./\\?*:|""<>]$ 'rootCssClass' => 'elfinder-navbar-root-dropbox' ); $this->options = array_merge($this->options, $opts); $this->options['mimeDetect'] = 'internal'; }" 3822,"protected function _rmdir($path) { return $this->query(sprintf('DELETE FROM %s WHERE id=%d AND mime=""directory"" LIMIT 1', $this->tbf, $path)) && $this->db->affected_rows; }",True,PHP,_rmdir,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _dimensions($path, $mime) { if (strpos($mime, 'image') !== 0) return ''; $cache = $this->getDBdat($path); if (isset($cache['width']) && isset($cache['height'])) { return $cache['width'].'x'.$cache['height']; } $ret = ''; if ($work = $this->getWorkFile($path)) { if ($size = getimagesize($work)) { $cache['width'] = $size[0]; $cache['height'] = $size[1]; $this->updateDBdat($path, $cache); $ret = $size[0].'x'.$size[1]; } } is_file($work) && unlink($work); return $ret; }" 3823,"protected function make($path, $name, $mime) { $sql = 'INSERT INTO %s (`parent_id`, `name`, `size`, `mtime`, `mime`, `content`, `read`, `write`) VALUES (""%s"", ""%s"", 0, %d, ""%s"", """", ""%d"", ""%d"")'; $sql = sprintf($sql, $this->tbf, $path, $this->db->real_escape_string($name), time(), $mime, $this->defaults['read'], $this->defaults['write']); return $this->query($sql) && $this->db->affected_rows > 0; }",True,PHP,make,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _fclose($fp, $path='') { fclose($fp); if ($path) { unlink($this->getTempFile($path)); } }" 3825,"protected function _move($source, $targetDir, $name) { $sql = 'UPDATE %s SET parent_id=%d, name=""%s"" WHERE id=%d LIMIT 1'; $sql = sprintf($sql, $this->tbf, $targetDir, $this->db->real_escape_string($name), $source); return $this->query($sql) && $this->db->affected_rows > 0 ? $source : false; }",True,PHP,_move,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function configure() { parent::configure(); if (!empty($this->options['tmpPath'])) { if ((is_dir($this->options['tmpPath']) || mkdir($this->options['tmpPath'], 0755, true)) && is_writable($this->options['tmpPath'])) { $this->tmp = $this->options['tmpPath']; } } if (!$this->tmp && ($tmp = elFinder::getStaticVar('commonTempPath'))) { $this->tmp = $tmp; } if (!$this->tmp && $this->tmbPath) { $this->tmp = $this->tmbPath; } if (!$this->tmp) { $this->disabled[] = 'mkfile'; $this->disabled[] = 'paste'; $this->disabled[] = 'duplicate'; $this->disabled[] = 'upload'; $this->disabled[] = 'edit'; $this->disabled[] = 'archive'; $this->disabled[] = 'extract'; } }" 3826,"protected function _filePutContents($path, $content) { return $this->query(sprintf('UPDATE %s SET content=""%s"", size=%d, mtime=%d WHERE id=%d LIMIT 1', $this->tbf, $this->db->real_escape_string($content), strlen($content), time(), $path)); }",True,PHP,_filePutContents,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,public function umount() { $this->connect && ftp_close($this->connect); } 3828,"protected function _fclose($fp, $path='') { @fclose($fp); if ($path) { @unlink($this->getTempFile($path)); } }",True,PHP,_fclose,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _archive($dir, $files, $name, $arc) { $cwd = getcwd(); $tmpDir = $this->tempDir(); if (!$tmpDir) { return false; } if (!$this->ftp_download_files($dir, $files, $tmpDir)) { $this->rmdirRecursive($tmpDir); return false; } $remoteArchiveFile = false; if ($path = $this->makeArchive($tmpDir, $files, $name, $arc)) { $remoteArchiveFile = $this->_joinPath($dir, $name); if (!ftp_put($this->connect, $remoteArchiveFile, $path, FTP_BINARY)) { $remoteArchiveFile = false; } } if (!$this->rmdirRecursive($tmpDir)) { return false; } return $remoteArchiveFile; }" 3830,"protected function _save($fp, $dir, $name, $stat) { $this->clearcache(); $mime = $stat['mime']; $w = !empty($stat['width']) ? $stat['width'] : 0; $h = !empty($stat['height']) ? $stat['height'] : 0; $id = $this->_joinPath($dir, $name); rewind($fp); $stat = fstat($fp); $size = $stat['size']; if (($tmpfile = tempnam($this->tmpPath, $this->id))) { if (($trgfp = fopen($tmpfile, 'wb')) == false) { unlink($tmpfile); } else { while (!feof($fp)) { fwrite($trgfp, fread($fp, 8192)); } fclose($trgfp); chmod($tmpfile, 0644); $sql = $id > 0 ? 'REPLACE INTO %s (id, parent_id, name, content, size, mtime, mime, width, height) VALUES ('.$id.', %d, ""%s"", LOAD_FILE(""%s""), %d, %d, ""%s"", %d, %d)' : 'INSERT INTO %s (parent_id, name, content, size, mtime, mime, width, height) VALUES (%d, ""%s"", LOAD_FILE(""%s""), %d, %d, ""%s"", %d, %d)'; $sql = sprintf($sql, $this->tbf, $dir, $this->db->real_escape_string($name), $this->loadFilePath($tmpfile), $size, time(), $mime, $w, $h); $res = $this->query($sql); unlink($tmpfile); if ($res) { return $id > 0 ? $id : $this->db->insert_id; } } } $content = ''; rewind($fp); while (!feof($fp)) { $content .= fread($fp, 8192); } $sql = $id > 0 ? 'REPLACE INTO %s (id, parent_id, name, content, size, mtime, mime, width, height) VALUES ('.$id.', %d, ""%s"", ""%s"", %d, %d, ""%s"", %d, %d)' : 'INSERT INTO %s (parent_id, name, content, size, mtime, mime, width, height) VALUES (%d, ""%s"", ""%s"", %d, %d, ""%s"", %d, %d)'; $sql = sprintf($sql, $this->tbf, $dir, $this->db->real_escape_string($name), $this->db->real_escape_string($content), $size, time(), $mime, $w, $h); unset($content); if ($this->query($sql)) { return $id > 0 ? $id : $this->db->insert_id; } return false; }",True,PHP,_save,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private static function listFilesInDirectory($dir, $omitSymlinks, $prefix = '') { if (!is_dir($dir)) { return false; } $excludes = array(""."",""..""); $result = array(); $files = self::localScandir($dir); if (!$files) { return array(); } foreach($files as $file) { if (!in_array($file, $excludes)) { $path = $dir.DIRECTORY_SEPARATOR.$file; if (is_link($path)) { if ($omitSymlinks) { continue; } else { $result[] = $prefix.$file; } } else if (is_dir($path)) { $result[] = $prefix.$file.DIRECTORY_SEPARATOR; $subs = elFinderVolumeFTP::listFilesInDirectory($path, $omitSymlinks, $prefix.$file.DIRECTORY_SEPARATOR); if ($subs) { $result = array_merge($result, $subs); } } else { $result[] = $prefix.$file; } } } return $result; }" 3832,"protected function _unlink($path) { return $this->query(sprintf('DELETE FROM %s WHERE id=%d AND mime!=""directory"" LIMIT 1', $this->tbf, $path)) && $this->db->affected_rows; }",True,PHP,_unlink,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _dirname($path) { $parts = explode($this->separator, trim($path, $this->separator)); array_pop($parts); return $this->separator . join($this->separator, $parts); }" 3833,"protected function _fopen($path, $mode='rb') { $fp = $this->tmbPath ? @fopen($this->getTempFile($path), 'w+') : @tmpfile(); if ($fp) { if (($res = $this->query('SELECT content FROM '.$this->tbf.' WHERE id=""'.$path.'""')) && ($r = $res->fetch_assoc())) { fwrite($fp, $r['content']); rewind($fp); return $fp; } else { $this->_fclose($fp, $path); } } return false; }",True,PHP,_fopen,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _copy($source, $targetDir, $name) { $res = false; if ($this->tmp) { $local = $this->getTempFile(); $target = $this->_joinPath($targetDir, $name); if (ftp_get($this->connect, $local, $source, FTP_BINARY) && ftp_put($this->connect, $target, $local, $this->ftpMode($target))) { $res = $target; } unlink($local); } return $res; }" 3840,"protected function cacheDir($path) { $this->dirsCache[$path] = array(); $sql = 'SELECT f.id, f.parent_id, f.name, f.size, f.mtime AS ts, f.mime, f.read, f.write, f.locked, f.hidden, f.width, f.height, IF(ch.id, 1, 0) AS dirs FROM '.$this->tbf.' AS f LEFT JOIN '.$this->tbf.' AS ch ON ch.parent_id=f.id AND ch.mime=""directory"" WHERE f.parent_id=""'.$path.'"" GROUP BY f.id'; $res = $this->query($sql); if ($res) { while ($row = $res->fetch_assoc()) { $id = $row['id']; if ($row['parent_id']) { $row['phash'] = $this->encode($row['parent_id']); } if ($row['mime'] == 'directory') { unset($row['width']); unset($row['height']); } else { unset($row['dirs']); } unset($row['id']); unset($row['parent_id']); if (($stat = $this->updateCache($id, $row)) && empty($stat['hidden'])) { $this->dirsCache[$path][] = $id; } } } return $this->dirsCache[$path]; }",True,PHP,cacheDir,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _mkfile($path, $name) { if ($this->tmp) { $path = $this->_joinPath($path, $name); $local = $this->getTempFile(); $res = touch($local) && ftp_put($this->connect, $path, $local, FTP_ASCII); unlink($local); return $res ? $path : false; } return false; }" 3841,"protected function _stat($path) { $sql = 'SELECT f.id, f.parent_id, f.name, f.size, f.mtime AS ts, f.mime, f.read, f.write, f.locked, f.hidden, f.width, f.height, IF(ch.id, 1, 0) AS dirs FROM '.$this->tbf.' AS f LEFT JOIN '.$this->tbf.' AS p ON p.id=f.parent_id LEFT JOIN '.$this->tbf.' AS ch ON ch.parent_id=f.id AND ch.mime=""directory"" WHERE f.id=""'.$path.'"" GROUP BY f.id'; $res = $this->query($sql); if ($res) { $stat = $res->fetch_assoc(); if ($stat['parent_id']) { $stat['phash'] = $this->encode($stat['parent_id']); } if ($stat['mime'] == 'directory') { unset($stat['width']); unset($stat['height']); } else { unset($stat['dirs']); } unset($stat['id']); unset($stat['parent_id']); return $stat; } return array(); }",True,PHP,_stat,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function netmountPrepare($options) { if (!empty($_REQUEST['encoding']) && iconv('UTF-8', $_REQUEST['encoding'], '') !== false) { $options['encoding'] = $_REQUEST['encoding']; if (!empty($_REQUEST['locale']) && setlocale(LC_ALL, $_REQUEST['locale'])) { setlocale(LC_ALL, elFinder::$locale); $options['locale'] = $_REQUEST['locale']; } } $options['statOwner'] = true; $options['allowChmodReadOnly'] = true; return $options; }" 3842,"protected function _joinPath($dir, $name) { $sql = 'SELECT id FROM '.$this->tbf.' WHERE parent_id=""'.$dir.'"" AND name=""'.$this->db->real_escape_string($name).'""'; if (($res = $this->query($sql)) && ($r = $res->fetch_assoc())) { $this->updateCache($r['id'], $this->_stat($r['id'])); return $r['id']; } return -1; }",True,PHP,_joinPath,elFinderVolumeMySQL.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _filePutContents($path, $content) { $res = false; if ($this->tmp) { $local = $this->getTempFile(); if (file_put_contents($local, $content, LOCK_EX) !== false && ($fp = fopen($local, 'rb'))) { clearstatcache(); $res = ftp_fput($this->connect, $path, $fp, $this->ftpMode($path)); fclose($fp); } file_exists($local) && unlink($local); } return $res; }" 3850,"public function onUpLoadPreSave(&$path, &$name, $src, $elfinder, $volume) { $opts = $this->opts; $volOpts = $volume->getOptionsPlugin('AutoResize'); if (is_array($volOpts)) { $opts = array_merge($this->opts, $volOpts); } if (! $opts['enable']) { return false; } $srcImgInfo = @getimagesize($src); if ($srcImgInfo === false) { return false; } $imgTypes = array( IMAGETYPE_GIF => IMG_GIF, IMAGETYPE_JPEG => IMG_JPEG, IMAGETYPE_PNG => IMG_PNG, IMAGETYPE_BMP => IMG_WBMP, IMAGETYPE_WBMP => IMG_WBMP ); if (! ($opts['targetType'] & @$imgTypes[$srcImgInfo[2]])) { return false; } if ($srcImgInfo[0] > $opts['maxWidth'] || $srcImgInfo[1] > $opts['maxHeight']) { return $this->resize($src, $srcImgInfo, $opts['maxWidth'], $opts['maxHeight'], $opts['quality'], $opts['preserveExif']); } return false; }",True,PHP,onUpLoadPreSave,plugin.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _basename($path) { $parts = explode($this->separator, trim($path, $this->separator)); return array_pop($parts); }" 3851,"private function resize_gd($src, $width, $height, $quality, $srcImgInfo) { switch ($srcImgInfo['mime']) { case 'image/gif': if (@imagetypes() & IMG_GIF) { $oSrcImg = @imagecreatefromgif($src); } else { $ermsg = 'GIF images are not supported'; } break; case 'image/jpeg': if (@imagetypes() & IMG_JPG) { $oSrcImg = @imagecreatefromjpeg($src) ; } else { $ermsg = 'JPEG images are not supported'; } break; case 'image/png': if (@imagetypes() & IMG_PNG) { $oSrcImg = @imagecreatefrompng($src) ; } else { $ermsg = 'PNG images are not supported'; } break; case 'image/wbmp': if (@imagetypes() & IMG_WBMP) { $oSrcImg = @imagecreatefromwbmp($src); } else { $ermsg = 'WBMP images are not supported'; } break; default: $oSrcImg = false; $ermsg = $srcImgInfo['mime'].' images are not supported'; break; } if ($oSrcImg && false != ($tmp = imagecreatetruecolor($width, $height))) { if (!imagecopyresampled($tmp, $oSrcImg, 0, 0, 0, 0, $width, $height, $srcImgInfo[0], $srcImgInfo[1])) { return false; } switch ($srcImgInfo['mime']) { case 'image/gif': imagegif($tmp, $src); break; case 'image/jpeg': imagejpeg($tmp, $src, $quality); break; case 'image/png': if (function_exists('imagesavealpha') && function_exists('imagealphablending')) { imagealphablending($tmp, false); imagesavealpha($tmp, true); } imagepng($tmp, $src); break; case 'image/wbmp': imagewbmp($tmp, $src); break; } imagedestroy($oSrcImg); imagedestroy($tmp); return true; } return false; }",True,PHP,resize_gd,plugin.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function connect() { if (!($this->connect = ftp_connect($this->options['host'], $this->options['port'], $this->options['timeout']))) { return $this->setError('Unable to connect to FTP server '.$this->options['host']); } if (!ftp_login($this->connect, $this->options['user'], $this->options['pass'])) { $this->umount(); return $this->setError('Unable to login into '.$this->options['host']); } if ($this->encoding) { ftp_raw($this->connect, 'OPTS UTF8 OFF'); } else { ftp_raw($this->connect, 'OPTS UTF8 ON' ); } ftp_raw($this->connect, 'epsv4 off' ); $pasv = ($this->options['mode'] == 'passive'); if (! ftp_pasv($this->connect, $pasv)) { if ($pasv) { $this->options['mode'] = 'active'; } } if (! ftp_chdir($this->connect, $this->root) || $this->root != ftp_pwd($this->connect)) { $this->umount(); return $this->setError('Unable to open root folder.'); } $features = ftp_raw($this->connect, 'FEAT'); if (!is_array($features)) { $this->umount(); return $this->setError('Server does not support command FEAT.'); } foreach ($features as $feat) { if (strpos(trim($feat), 'MLST') === 0) { $this->MLSTsupprt = true; break; } } return true; }" 3853,"private function resize($src, $srcImgInfo, $maxWidth, $maxHeight, $quality, $preserveExif) { $zoom = min(($maxWidth/$srcImgInfo[0]),($maxHeight/$srcImgInfo[1])); $width = round($srcImgInfo[0] * $zoom); $height = round($srcImgInfo[1] * $zoom); if (class_exists('Imagick', false)) { return $this->resize_imagick($src, $width, $height, $quality, $preserveExif); } else { return $this->resize_gd($src, $width, $height, $quality, $srcImgInfo); } }",True,PHP,resize,plugin.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _fclose($fp, $path='') { fclose($fp); if ($path) { unlink($this->getTempFile($path)); } }" 3860,"private function normalize($str, $opts) { if ($opts['nfc'] || $opts['nfkc']) { if (class_exists('Normalizer', false)) { if ($opts['nfc'] && ! Normalizer::isNormalized($str, Normalizer::FORM_C)) $str = Normalizer::normalize($str, Normalizer::FORM_C); if ($opts['nfkc'] && ! Normalizer::isNormalized($str, Normalizer::FORM_KC)) $str = Normalizer::normalize($str, Normalizer::FORM_KC); } else { if (! class_exists('I18N_UnicodeNormalizer', false)) { @ include_once 'I18N/UnicodeNormalizer.php'; } if (class_exists('I18N_UnicodeNormalizer', false)) { $normalizer = new I18N_UnicodeNormalizer(); if ($opts['nfc']) $str = $normalizer->normalize($str, 'NFC'); if ($opts['nfkc']) $str = $normalizer->normalize($str, 'NFKC'); } } } if ($opts['lowercase']) { $str = strtolower($str); } if ($opts['convmap'] && is_array($opts['convmap'])) { $str = strtr($str, $opts['convmap']); } return $str; }",True,PHP,normalize,plugin.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _fopen($path, $mode='rb') { if ($this->options['mode'] == 'passive' && ini_get('allow_url_fopen')) { $url = 'ftp: if (strtolower($mode[0]) === 'w') { $context = stream_context_create(array('ftp' => array('overwrite' => true))); $fp = fopen($url, $mode, false, $context); } else { $fp = fopen($url, $mode); } if ($fp) { return $fp; } } if ($this->tmp) { $local = $this->getTempFile($path); $fp = fopen($local, 'wb'); if (ftp_fget($this->connect, $fp, $path, FTP_BINARY)) { fclose($fp); $fp = fopen($local, $mode); return $fp; } fclose($fp); is_file($local) && unlink($local); } return false; }" 3862,"$args['name'][$i] = $this->normalize($name, $opts); } } else { $args['name'] = $this->normalize($args['name'], $opts); } } return true; }",True,PHP,normalize,plugin.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function deleteDir($dirPath) { if (!is_dir($dirPath)) { $success = unlink($dirPath); } else { $success = true; foreach (array_reverse(elFinderVolumeFTP::listFilesInDirectory($dirPath, false)) as $path) { $path = $dirPath . DIRECTORY_SEPARATOR . $path; if (is_link($path)) { unlink($path); } else if (is_dir($path)) { $success = rmdir($path); } else { $success = unlink($path); } if (!$success) { break; } } if ($success) { $success = rmdir($dirPath); } } if (!$success) { $this->setError(elFinder::ERROR_RM, $dirPath); return false; } return $success; }" 3863,"$args['name'][$i] = $this->sanitizeFileName($name, $opts); } } else { $args['name'] = $this->sanitizeFileName($args['name'], $opts); } } return true; }",True,PHP,sanitizeFileName,plugin.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _mkdir($path, $name) { $path = $this->_joinPath($path, $name); if (ftp_mkdir($this->connect, $path) === false) { return false; } $this->options['dirMode'] && ftp_chmod($this->connect, $this->options['dirMode'], $path); return $path; }" 3867,"public function onUpLoadPreSave(&$path, &$name, $src, $elfinder, $volume) { $opts = $this->opts; $volOpts = $volume->getOptionsPlugin('Watermark'); if (is_array($volOpts)) { $opts = array_merge($this->opts, $volOpts); } if (! $opts['enable']) { return false; } $srcImgInfo = @getimagesize($src); if ($srcImgInfo === false) { return false; } if (elFinder::isAnimationGif($src)) { return false; } if (! file_exists($opts['source'])) { $opts['source'] = dirname(__FILE__) . ""/"" . $opts['source']; } if (is_readable($opts['source'])) { $watermarkImgInfo = @getimagesize($opts['source']); if (! $watermarkImgInfo) { return false; } } else { return false; } $watermark = $opts['source']; $marginLeft = $opts['marginRight']; $marginBottom = $opts['marginBottom']; $quality = $opts['quality']; $transparency = $opts['transparency']; $imgTypes = array( IMAGETYPE_GIF => IMG_GIF, IMAGETYPE_JPEG => IMG_JPEG, IMAGETYPE_PNG => IMG_PNG, IMAGETYPE_BMP => IMG_WBMP, IMAGETYPE_WBMP => IMG_WBMP ); if (! ($opts['targetType'] & @$imgTypes[$srcImgInfo[2]])) { return false; } if ($opts['targetMinPixel'] > 0 && $opts['targetMinPixel'] > min($srcImgInfo[0], $srcImgInfo[1])) { return false; } $watermark_width = $watermarkImgInfo[0]; $watermark_height = $watermarkImgInfo[1]; $dest_x = $srcImgInfo[0] - $watermark_width - $marginLeft; $dest_y = $srcImgInfo[1] - $watermark_height - $marginBottom; if (class_exists('Imagick', false)) { return $this->watermarkPrint_imagick($src, $watermark, $dest_x, $dest_y, $quality, $transparency, $watermarkImgInfo); } else { return $this->watermarkPrint_gd($src, $watermark, $dest_x, $dest_y, $quality, $transparency, $watermarkImgInfo, $srcImgInfo); } }",True,PHP,onUpLoadPreSave,plugin.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _chmod($path, $mode) { $modeOct = is_string($mode) ? octdec($mode) : octdec(sprintf(""%04o"",$mode)); return ftp_chmod($this->connect, $modeOct, $path); }" 3868,"private function watermarkPrint_gd($src, $watermark, $dest_x, $dest_y, $quality, $transparency, $watermarkImgInfo, $srcImgInfo) { $watermark_width = $watermarkImgInfo[0]; $watermark_height = $watermarkImgInfo[1]; $ermsg = ''; switch ($watermarkImgInfo['mime']) { case 'image/gif': if (@imagetypes() & IMG_GIF) { $oWatermarkImg = @imagecreatefromgif($watermark); } else { $ermsg = 'GIF images are not supported'; } break; case 'image/jpeg': if (@imagetypes() & IMG_JPG) { $oWatermarkImg = @imagecreatefromjpeg($watermark) ; } else { $ermsg = 'JPEG images are not supported'; } break; case 'image/png': if (@imagetypes() & IMG_PNG) { $oWatermarkImg = @imagecreatefrompng($watermark) ; } else { $ermsg = 'PNG images are not supported'; } break; case 'image/wbmp': if (@imagetypes() & IMG_WBMP) { $oWatermarkImg = @imagecreatefromwbmp($watermark); } else { $ermsg = 'WBMP images are not supported'; } break; default: $oWatermarkImg = false; $ermsg = $watermarkImgInfo['mime'].' images are not supported'; break; } if (! $ermsg) { switch ($srcImgInfo['mime']) { case 'image/gif': if (@imagetypes() & IMG_GIF) { $oSrcImg = @imagecreatefromgif($src); } else { $ermsg = 'GIF images are not supported'; } break; case 'image/jpeg': if (@imagetypes() & IMG_JPG) { $oSrcImg = @imagecreatefromjpeg($src) ; } else { $ermsg = 'JPEG images are not supported'; } break; case 'image/png': if (@imagetypes() & IMG_PNG) { $oSrcImg = @imagecreatefrompng($src) ; } else { $ermsg = 'PNG images are not supported'; } break; case 'image/wbmp': if (@imagetypes() & IMG_WBMP) { $oSrcImg = @imagecreatefromwbmp($src); } else { $ermsg = 'WBMP images are not supported'; } break; default: $oSrcImg = false; $ermsg = $srcImgInfo['mime'].' images are not supported'; break; } } if ($ermsg || false === $oSrcImg || false === $oWatermarkImg) { return false; } if ($srcImgInfo['mime'] === 'image/png') { if (function_exists('imagecolorallocatealpha')) { $bg = imagecolorallocatealpha($oSrcImg, 255, 255, 255, 127); imagefill($oSrcImg, 0, 0 , $bg); } } if ($watermarkImgInfo['mime'] === 'image/png') { imagecopy($oSrcImg, $oWatermarkImg, $dest_x, $dest_y, 0, 0, $watermark_width, $watermark_height); } else { imagecopymerge($oSrcImg, $oWatermarkImg, $dest_x, $dest_y, 0, 0, $watermark_width, $watermark_height, $transparency); } switch ($srcImgInfo['mime']) { case 'image/gif': imagegif($oSrcImg, $src); break; case 'image/jpeg': imagejpeg($oSrcImg, $src, $quality); break; case 'image/png': if (function_exists('imagesavealpha') && function_exists('imagealphablending')) { imagealphablending($oSrcImg, false); imagesavealpha($oSrcImg, true); } imagepng($oSrcImg, $src); break; case 'image/wbmp': imagewbmp($oSrcImg, $src); break; } imageDestroy($oSrcImg); imageDestroy($oWatermarkImg); return true; }",True,PHP,watermarkPrint_gd,plugin.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function parseRaw($raw, $base, $nameOnly = false) { static $now; static $lastyear; if (! $now) { $now = time(); $lastyear = date('Y') - 1; } $info = preg_split(""/\s+/"", $raw, 9); $stat = array(); if (!isset($this->ftpOsUnix)) { $this->ftpOsUnix = !preg_match('/\d/', substr($info[0], 0, 1)); } if (!$this->ftpOsUnix) { $info = $this->normalizeRawWindows($raw); } if (count($info) < 9 || $info[8] == '.' || $info[8] == '..') { return false; } $name = $info[8]; if (preg_match('|(.+)\-\>(.+)|', $name, $m)) { $name = trim($m[1]); if ($this->cacheDirTarget && $this->_joinPath($base, $name) !== $this->cacheDirTarget) { return array(); } if (!$nameOnly) { $target = trim($m[2]); if (substr($target, 0, 1) !== $this->separator) { $target = $this->getFullPath($target, $base); } $target = $this->_normpath($target); $stat['name'] = $name; $stat['target'] = $target; return $stat; } } if ($nameOnly) { return array('name' => $name); } if (is_numeric($info[5]) && !$info[6] && !$info[7]) { $stat['ts'] = $info[5]; } else { $stat['ts'] = strtotime($info[5].' '.$info[6].' '.$info[7]); if ($stat['ts'] && $stat['ts'] > $now && strpos($info[7], ':') !== false) { $stat['ts'] = strtotime($info[5].' '.$info[6].' '.$lastyear.' '.$info[7]); } if (empty($stat['ts'])) { $stat['ts'] = strtotime($info[6].' '.$info[5].' '.$info[7]); if ($stat['ts'] && $stat['ts'] > $now && strpos($info[7], ':') !== false) { $stat['ts'] = strtotime($info[6].' '.$info[5].' '.$lastyear.' '.$info[7]); } } } if ($this->options['statOwner']) { $stat['owner'] = $info[2]; $stat['group'] = $info[3]; $stat['perm'] = substr($info[0], 1); $stat['isowner'] = $stat['owner']? ($stat['owner'] == $this->options['user']) : $this->options['owner']; } $owner = isset($stat['owner'])? $stat['owner'] : ''; $perm = $this->parsePermissions($info[0], $owner); $stat['name'] = $name; $stat['mime'] = substr(strtolower($info[0]), 0, 1) == 'd' ? 'directory' : $this->mimetype($stat['name']); $stat['size'] = $stat['mime'] == 'directory' ? 0 : $info[4]; $stat['read'] = $perm['read']; $stat['write'] = $perm['write']; return $stat; }" 3873,"$class = $container->getParameterBag()->resolveValue($def->getClass()); $refClass = new \ReflectionClass($class); $interface = 'Symfony\Component\EventDispatcher\EventSubscriberInterface'; if (!$refClass->implementsInterface($interface)) { throw new \InvalidArgumentException(sprintf('Service ""%s"" must implement interface ""%s"".', $id, $interface)); } $definition->addMethodCall('addSubscriberService', array($id, $class)); }",True,PHP,resolveValue,RegisterListenersPass.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _symlink($source, $targetDir, $name) { return symlink($source, $this->_joinPath($targetDir, $name)); }" 3874,"call_user_func($listener, $event, $eventName, $this); if ($event->isPropagationStopped()) { break; } } }",True,PHP,call_user_func,EventDispatcher.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _move($source, $targetDir, $name) { $mtime = filemtime($source); $target = $this->_joinPath($targetDir, $name); if ($ret = rename($source, $target) ? $target : false) { isset($this->options['keepTimestamp']['move']) && $mtime && touch($target, $mtime); clearstatcache(); } return $ret; }" 3876,"public function testLegacyDispatch() { $event = new Event(); $return = $this->dispatcher->dispatch(self::preFoo, $event); $this->assertEquals('pre.foo', $event->getName()); }",True,PHP,testLegacyDispatch,AbstractEventDispatcherTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _chmod($path, $mode) { $modeOct = is_string($mode) ? octdec($mode) : octdec(sprintf(""%04o"",$mode)); $ret = chmod($path, $modeOct); $ret && clearstatcache(); return $ret; }" 3883,"public static function checkIp6($requestIp, $ip) { if (!((extension_loaded('sockets') && defined('AF_INET6')) || @inet_pton('::1'))) { throw new \RuntimeException('Unable to check Ipv6. Check that PHP was not compiled with option ""disable-ipv6"".'); } if (false !== strpos($ip, '/')) { list($address, $netmask) = explode('/', $ip, 2); if ($netmask < 1 || $netmask > 128) { return false; } } else { $address = $ip; $netmask = 128; } $bytesAddr = unpack('n*', inet_pton($address)); $bytesTest = unpack('n*', inet_pton($requestIp)); for ($i = 1, $ceil = ceil($netmask / 16); $i <= $ceil; ++$i) { $left = $netmask - 16 * ($i - 1); $left = ($left <= 16) ? $left : 16; $mask = ~(0xffff >> $left) & 0xffff; if (($bytesAddr[$i] & $mask) != ($bytesTest[$i] & $mask)) { return false; } } return true; }",True,PHP,checkIp6,IpUtils.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _filePutContents($path, $content) { if (file_put_contents($path, $content, LOCK_EX) !== false) { clearstatcache(); return true; } return false; }" 3886,"public function getInt($key, $default = 0, $deep = false) { return (int) $this->get($key, $default, $deep); }",True,PHP,getInt,ParameterBag.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,protected function _rmdir($path) { $ret = rmdir($path); $ret && clearstatcache(); return $ret; } 3888,"public function getAlpha($key, $default = '', $deep = false) { return preg_replace('/[^[:alpha:]]/', '', $this->get($key, $default, $deep)); }",True,PHP,getAlpha,ParameterBag.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _copy($source, $targetDir, $name) { $mtime = filemtime($source); $target = $this->_joinPath($targetDir, $name); if ($ret = copy($source, $target)) { isset($this->options['keepTimestamp']['copy']) && $mtime && touch($target, $mtime); clearstatcache(); } return $ret; }" 3891,"public function get($key, $default = null, $deep = false) { if ($deep) { @trigger_error('Using paths to find deeper items in '.__METHOD__.' is deprecated since version 2.8 and will be removed in 3.0. Filter the returned value in your own code instead.', E_USER_DEPRECATED); } if (!$deep || false === $pos = strpos($key, '[')) { return array_key_exists($key, $this->parameters) ? $this->parameters[$key] : $default; } $root = substr($key, 0, $pos); if (!array_key_exists($root, $this->parameters)) { return $default; } $value = $this->parameters[$root]; $currentKey = null; for ($i = $pos, $c = strlen($key); $i < $c; ++$i) { $char = $key[$i]; if ('[' === $char) { if (null !== $currentKey) { throw new \InvalidArgumentException(sprintf('Malformed path. Unexpected ""["" at position %d.', $i)); } $currentKey = ''; } elseif (']' === $char) { if (null === $currentKey) { throw new \InvalidArgumentException(sprintf('Malformed path. Unexpected ""]"" at position %d.', $i)); } if (!is_array($value) || !array_key_exists($currentKey, $value)) { return $default; } $value = $value[$currentKey]; $currentKey = null; } else { if (null === $currentKey) { throw new \InvalidArgumentException(sprintf('Malformed path. Unexpected ""%s"" at position %d.', $char, $i)); } $currentKey .= $char; } } if (null !== $currentKey) { throw new \InvalidArgumentException(sprintf('Malformed path. Path must end with ""]"".')); } return $value; }",True,PHP,get,ParameterBag.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _extract($path, $arc) { if ($this->quarantine) { $dir = $this->quarantine.DIRECTORY_SEPARATOR.md5(basename($path).mt_rand()); $archive = $dir.DIRECTORY_SEPARATOR.basename($path); if (!mkdir($dir)) { return false; } register_shutdown_function(array($this, 'rmdirRecursive'), realpath($dir)); chmod($dir, 0777); if (!copy($path, $archive)) { return false; } $this->unpackArchive($archive, $arc); $ls = self::localScandir($dir); if (empty($ls)) { return false; } $this->archiveSize = 0; $symlinks = $this->_findSymlinks($dir); if ($symlinks) { $this->delTree($dir); return $this->setError(array_merge($this->error, array(elFinder::ERROR_ARC_SYMLINKS))); } if ($this->options['maxArcFilesSize'] > 0 && $this->options['maxArcFilesSize'] < $this->archiveSize) { $this->delTree($dir); return $this->setError(elFinder::ERROR_ARC_MAXSIZE); } $extractTo = $this->extractToNewdir; $name = ''; $src = $dir.DIRECTORY_SEPARATOR.$ls[0]; if (($extractTo === 'auto' || !$extractTo) && count($ls) === 1 && is_file($src)) { $name = $ls[0]; } else if ($extractTo === 'auto' || $extractTo) { $src = $dir; $name = basename($path); if (preg_match('/\.((tar\.(gz|bz|bz2|z|lzo))|cpio\.gz|ps\.gz|xcf\.(gz|bz2)|[a-z0-9]{1,4})$/i', $name, $m)) { $name = substr($name, 0, strlen($name)-strlen($m[0])); } $test = dirname($path).DIRECTORY_SEPARATOR.$name; if (file_exists($test) || is_link($test)) { $name = $this->uniqueName(dirname($path), $name, '-', false); } } if ($name !== '') { $result = dirname($path).DIRECTORY_SEPARATOR.$name; if (! rename($src, $result)) { $this->delTree($dir); return false; } } else { $dstDir = dirname($path); $res = false; $result = array(); foreach($ls as $name) { $target = $dstDir.DIRECTORY_SEPARATOR.$name; if (is_dir($target)) { $this->delTree($target); } if (rename($dir.DIRECTORY_SEPARATOR.$name, $target)) { $result[] = $target; } } if (!$result) { $this->delTree($dir); return false; } } is_dir($dir) && $this->delTree($dir); return (is_array($result) || file_exists($result)) ? $result : false; } }" 3893,"public function getBoolean($key, $default = false, $deep = false) { return $this->filter($key, $default, FILTER_VALIDATE_BOOLEAN, array(), $deep); }",True,PHP,getBoolean,ParameterBag.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _save($fp, $dir, $name, $stat) { $path = $this->_joinPath($dir, $name); $meta = stream_get_meta_data($fp); $uri = isset($meta['uri'])? $meta['uri'] : ''; if ($uri && ! preg_match('#^[a-zA-Z0-9]+: fclose($fp); $mtime = filemtime($uri); $isCmdPaste = ($this->ARGS['cmd'] === 'paste'); $isCmdCopy = ($isCmdPaste && empty($this->ARGS['cut'])); if (($isCmdCopy || !rename($uri, $path)) && !copy($uri, $path)) { return false; } if ($mtime && $this->ARGS['cmd'] === 'upload' && isset($this->options['keepTimestamp']['upload'])) { touch($path, $mtime); } $isCmdPaste && !$isCmdCopy && touch($uri); } else { if (file_put_contents($path, $fp, LOCK_EX) === false) { return false; } } if (is_link($path)) { unlink($path); return $this->setError(elFinder::ERROR_SAVE, $name); } chmod($path, $this->options['fileMode']); clearstatcache(); return $path; }" 3895,"public function getDigits($key, $default = '', $deep = false) { return str_replace(array('-', '+'), '', $this->filter($key, $default, FILTER_SANITIZE_NUMBER_INT, array(), $deep)); }",True,PHP,getDigits,ParameterBag.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function localFileSystemSearchIteratorFilter($file, $key, $iterator) { $name = $file->getFilename(); if ($this->doSearchCurrentQuery['excludes']) { foreach($this->doSearchCurrentQuery['excludes'] as $exclude) { if ($this->stripos($name, $exclude) !== false) { return false; } } } if ($iterator->hasChildren()) { if ($this->options['searchExDirReg'] && preg_match($this->options['searchExDirReg'], $key)) { return false; } return (bool)$this->attr($key, 'read', null, true); } return ($this->stripos($name, $this->doSearchCurrentQuery['q']) === false)? false : true; }" 3896,"public function getAlnum($key, $default = '', $deep = false) { return preg_replace('/[^[:alnum:]]/', '', $this->get($key, $default, $deep)); }",True,PHP,getAlnum,ParameterBag.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function readlink($path) { if (!($target = readlink($path))) { return null; } if (strpos($target, $this->systemRoot) !== 0) { $target = $this->_joinPath(dirname($path), $target); } if (!file_exists($target)) { return false; } return $target; }" 3899,"$clientIps = array_map('trim', explode(',', $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_IP])));",True,PHP,array_map,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _fclose($fp, $path='') { return fclose($fp); }" 3900,"private function isFromTrustedProxy() { return self::$trustedProxies && IpUtils::checkIp($this->server->get('REMOTE_ADDR'), self::$trustedProxies); }",True,PHP,isFromTrustedProxy,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function localFileSystemInotify($path, $standby, $compare) { if (isset($this->sessionCache['localFileSystemInotify_disable'])) { return false; } $path = realpath($path); $mtime = filemtime($path); if (! $mtime) { return false; } if ($mtime != $compare) { return $mtime; } $inotifywait = defined('ELFINER_INOTIFYWAIT_PATH')? ELFINER_INOTIFYWAIT_PATH : 'inotifywait'; $standby = max(1, intval($standby)); $cmd = $inotifywait.' '.escapeshellarg($path).' -t '.$standby.' -e moved_to,moved_from,move,close_write,delete,delete_self'; $this->procExec($cmd , $o, $r); if ($r === 0) { clearstatcache(); if (file_exists($path)) { $mtime = filemtime($path); return $mtime? $mtime : time(); } else { return 0; } } else if ($r === 2) { return $compare; } $this->sessionCache['localFileSystemInotify_disable'] = true; $this->session->set($this->id, $this->sessionCache, true); return false; }" 3901,"public function isMethodSafe() { return in_array($this->getMethod(), array('GET', 'HEAD')); }",True,PHP,isMethodSafe,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _mkdir($path, $name) { $path = $this->_joinPath($path, $name); if (mkdir($path)) { chmod($path, $this->options['dirMode']); clearstatcache(); return $path; } return false; }" 3903,"private function getUrlencodedPrefix($string, $prefix) { if (0 !== strpos(rawurldecode($string), $prefix)) { return false; } $len = strlen($prefix); if (preg_match(sprintf('#^(%%[[:xdigit:]]{2}|.){%d} return $match[0]; } return false; }",True,PHP,getUrlencodedPrefix,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,protected function _unlink($path) { $ret = unlink($path); $ret && clearstatcache(); return $ret; } 3904,"public static function createFromGlobals() { $server = $_SERVER; if ('cli-server' === php_sapi_name()) { if (array_key_exists('HTTP_CONTENT_LENGTH', $_SERVER)) { $server['CONTENT_LENGTH'] = $_SERVER['HTTP_CONTENT_LENGTH']; } if (array_key_exists('HTTP_CONTENT_TYPE', $_SERVER)) { $server['CONTENT_TYPE'] = $_SERVER['HTTP_CONTENT_TYPE']; } } $request = self::createRequestFromFactory($_GET, $_POST, array(), $_COOKIE, $_FILES, $server); if (0 === strpos($request->headers->get('CONTENT_TYPE'), 'application/x-www-form-urlencoded') && in_array(strtoupper($request->server->get('REQUEST_METHOD', 'GET')), array('PUT', 'DELETE', 'PATCH')) ) { parse_str($request->getContent(), $data); $request->request = new ParameterBag($data); } return $request; }",True,PHP,createFromGlobals,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _stat($path) { static $statOwner; if (is_null($statOwner)) { $statOwner = (!empty($this->options['statOwner'])); } $stat = array(); if (!file_exists($path) && !is_link($path)) { return $stat; } if (!$this->_inpath($path, $this->root)) { return $stat; } $gid = $uid = 0; $stat['isowner'] = false; $linkreadable = false; if ($path != $this->root && is_link($path)) { if (! $this->options['followSymLinks']) { return array(); } if (!($target = $this->readlink($path)) || $target == $path) { if (is_null($target)) { $stat = array(); return $stat; } else { $stat['mime'] = 'symlink-broken'; $target = readlink($path); $lstat = lstat($path); $ostat = $this->getOwnerStat($lstat['uid'], $lstat['gid']); $linkreadable = !empty($ostat['isowner']); } } $stat['alias'] = $this->_path($target); $stat['target'] = $target; } $size = sprintf('%u', filesize($path)); $stat['ts'] = filemtime($path); if ($statOwner) { $fstat = stat($path); $uid = $fstat['uid']; $gid = $fstat['gid']; $stat['perm'] = substr((string)decoct($fstat['mode']), -4); $stat = array_merge($stat, $this->getOwnerStat($uid, $gid)); } if (($dir = is_dir($path)) && $this->options['detectDirIcon']) { $favicon = $path . DIRECTORY_SEPARATOR . $this->options['detectDirIcon']; if ($this->URL && file_exists($favicon)) { $stat['icon'] = $this->URL . str_replace(DIRECTORY_SEPARATOR, '/', substr($favicon, strlen($this->root) + 1)); } } if (!isset($stat['mime'])) { $stat['mime'] = $dir ? 'directory' : $this->mimetype($path); } $stat['read'] = ($linkreadable || is_readable($path))? null : false; $stat['write'] = is_writable($path)? null : false; if (is_null($stat['read'])) { $stat['size'] = $dir ? 0 : $size; } return $stat; }" 3909,"public function getFormat($mimeType) { if (false !== $pos = strpos($mimeType, ';')) { $mimeType = substr($mimeType, 0, $pos); } if (null === static::$formats) { static::initializeFormats(); } foreach (static::$formats as $format => $mimeTypes) { if (in_array($mimeType, (array) $mimeTypes)) { return $format; } } }",True,PHP,getFormat,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function configure() { $root = $this->stat($this->root); if ($this->options['tmbPath']) { $this->options['tmbPath'] = strpos($this->options['tmbPath'], DIRECTORY_SEPARATOR) === false ? $this->_abspath($this->options['tmbPath']) : $this->_normpath($this->options['tmbPath']); } parent::configure(); $this->tmp = ''; if (!empty($this->options['tmpPath'])) { if ((is_dir($this->options['tmpPath']) || mkdir($this->options['tmpPath'], 0755, true)) && is_writable($this->options['tmpPath'])) { $this->tmp = $this->options['tmpPath']; } } if (!$this->tmp && ($tmp = elFinder::getStaticVar('commonTempPath'))) { $this->tmp = $tmp; } if ($root['read'] && !$this->tmbURL && $this->URL) { if (strpos($this->tmbPath, $this->root) === 0) { $this->tmbURL = $this->URL.str_replace(DIRECTORY_SEPARATOR, '/', substr($this->tmbPath, strlen($this->root)+1)); if (preg_match(""|[^/?&=]$|"", $this->tmbURL)) { $this->tmbURL .= '/'; } } } $this->quarantine = ''; if (!empty($this->options['quarantine'])) { if (is_dir($this->options['quarantine'])) { if (is_writable($this->options['quarantine'])) { $this->quarantine = $this->options['quarantine']; } $this->options['quarantine'] = ''; } else { $this->quarantine = $this->_abspath($this->options['quarantine']); if ((!is_dir($this->quarantine) && !mkdir($this->quarantine)) || !is_writable($this->quarantine)) { $this->options['quarantine'] = $this->quarantine = ''; } } } if (!$this->quarantine) { if (!$this->tmp) { $this->archivers['extract'] = array(); $this->disabled[] = 'extract'; } else { $this->quarantine = $this->tmp; } } if ($this->options['quarantine']) { $this->attributes[] = array( 'pattern' => '~^'.preg_quote(DIRECTORY_SEPARATOR.$this->options['quarantine']).'$~', 'read' => false, 'write' => false, 'locked' => true, 'hidden' => true ); } if (! empty($this->options['keepTimestamp'])) { $this->options['keepTimestamp'] = array_flip($this->options['keepTimestamp']); } }" 3910,"public function getRequestFormat($default = 'html') { if (null === $this->format) { $this->format = $this->get('_format', $default); } return $this->format; }",True,PHP,getRequestFormat,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _normpath($path) { if (empty($path)) { return '.'; } $changeSep = (DIRECTORY_SEPARATOR !== '/'); if ($changeSep) { $drive = ''; if (preg_match('/^([a-zA-Z]:)(.*)/', $path, $m)) { $drive = $m[1]; $path = $m[2]? $m[2] : '/'; } $path = str_replace(DIRECTORY_SEPARATOR, '/', $path); } if (strpos($path, '/') === 0) { $initial_slashes = true; } else { $initial_slashes = false; } if (($initial_slashes) && (strpos($path, '//') === 0) && (strpos($path, '/ $initial_slashes = 2; } $initial_slashes = (int) $initial_slashes; $comps = explode('/', $path); $new_comps = array(); foreach ($comps as $comp) { if (in_array($comp, array('', '.'))) { continue; } if (($comp != '..') || (!$initial_slashes && !$new_comps) || ($new_comps && (end($new_comps) == '..'))) { array_push($new_comps, $comp); } elseif ($new_comps) { array_pop($new_comps); } } $comps = $new_comps; $path = implode('/', $comps); if ($initial_slashes) { $path = str_repeat('/', $initial_slashes) . $path; } if ($changeSep) { $path = $drive . str_replace('/', DIRECTORY_SEPARATOR, $path); } return $path ? $path : '.'; }" 3914,"public function get($key, $default = null, $deep = false) { if ($deep) { @trigger_error('Using paths to find deeper items in '.__METHOD__.' is deprecated since version 2.8 and will be removed in 3.0. Filter the returned value in your own code instead.', E_USER_DEPRECATED); } if ($this !== $result = $this->query->get($key, $this, $deep)) { return $result; } if ($this !== $result = $this->attributes->get($key, $this, $deep)) { return $result; } if ($this !== $result = $this->request->get($key, $this, $deep)) { return $result; } return $default; }",True,PHP,get,Request.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _dimensions($path, $mime) { clearstatcache(); return strpos($mime, 'image') === 0 && ($s = getimagesize($path)) !== false ? $s[0].'x'.$s[1] : false; }" 3917,"setcookie($cookie->getName(), $cookie->getValue(), $cookie->getExpiresTime(), $cookie->getPath(), $cookie->getDomain(), $cookie->isSecure(), $cookie->isHttpOnly()); }",True,PHP,isHttpOnly,Response.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _fopen($path, $mode='rb') { return fopen($path, $mode); }" 3918,"public function getIterator() { @trigger_error('The '.__METHOD__.' method is deprecated since version 2.4 and will be removed in 3.0.', E_USER_DEPRECATED); return new \ArrayIterator($this->all()); }",True,PHP,getIterator,FlashBag.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function __construct() { $this->options['alias'] = ''; $this->options['dirMode'] = 0755; $this->options['fileMode'] = 0644; $this->options['quarantine'] = '.quarantine'; $this->options['rootCssClass'] = 'elfinder-navbar-root-local'; $this->options['followSymLinks'] = true; $this->options['detectDirIcon'] = ''; $this->options['keepTimestamp'] = array('copy', 'move'); }" 3920,"public function __construct($mongo, array $options) { if (!($mongo instanceof \MongoClient || $mongo instanceof \Mongo)) { throw new \InvalidArgumentException('MongoClient or Mongo instance required'); } if (!isset($options['database']) || !isset($options['collection'])) { throw new \InvalidArgumentException('You must provide the ""database"" and ""collection"" option for MongoDBSessionHandler'); } $this->mongo = $mongo; $this->options = array_merge(array( 'id_field' => '_id', 'data_field' => 'data', 'time_field' => 'time', 'expiry_field' => 'expires_at', ), $options); }",True,PHP,__construct,MongoDbSessionHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _mkfile($path, $name) { $path = $this->_joinPath($path, $name); if (($fp = fopen($path, 'w'))) { fclose($fp); chmod($path, $this->options['fileMode']); clearstatcache(); return $path; } return false; }" 3923,"public function destroy($sessionId) { $this->getCollection()->remove(array( $this->options['id_field'] => $sessionId, )); return true; }",True,PHP,destroy,MongoDbSessionHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function configure() { parent::configure(); if (($tmp = $this->options['tmpPath'])) { if (!file_exists($tmp)) { if (mkdir($tmp)) { chmod($tmp, $this->options['tmbPathMode']); } } $this->tmpPath = is_dir($tmp) && is_writable($tmp) ? $tmp : false; } if (!$this->tmpPath && ($tmp = elFinder::getStaticVar('commonTempPath'))) { $this->tmpPath = $tmp; } if (!$this->tmpPath && $this->tmbPath && $this->tmbPathWritable) { $this->tmpPath = $this->tmbPath; } $this->mimeDetect = 'internal'; }" 3926,"public function gc($maxlifetime) { $this->getCollection()->remove(array( $this->options['expiry_field'] => array('$lt' => new \MongoDate()), )); return true; }",True,PHP,gc,MongoDbSessionHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function doSearch($path, $q, $mimes) { $dirs = array(); $timeout = $this->options['searchTimeout']? $this->searchStart + $this->options['searchTimeout'] : 0; if ($path != $this->root) { $dirs = $inpath = array(intval($path)); while($inpath) { $in = '('.join(',', $inpath).')'; $inpath = array(); $sql = 'SELECT f.id FROM %s AS f WHERE f.parent_id IN '.$in.' AND `mime` = \'directory\''; $sql = sprintf($sql, $this->tbf); if ($res = $this->query($sql)) { $_dir = array(); while ($dat = $res->fetch_assoc()) { $inpath[] = $dat['id']; } $dirs = array_merge($dirs, $inpath); } } } $result = array(); if ($mimes) { $whrs = array(); foreach($mimes as $mime) { if (strpos($mime, '/') === false) { $whrs[] = sprintf('f.mime LIKE \'%s/%%\'', $this->db->real_escape_string($mime)); } else { $whrs[] = sprintf('f.mime = \'%s\'', $this->db->real_escape_string($mime)); } } $whr = join(' OR ', $whrs); } else { $whr = sprintf('f.name RLIKE \'%s\'', $this->db->real_escape_string($q)); } if ($dirs) { $whr = '(' . $whr . ') AND (`parent_id` IN (' . join(',', $dirs) . '))'; } $sql = 'SELECT f.id, f.parent_id, f.name, f.size, f.mtime AS ts, f.mime, f.read, f.write, f.locked, f.hidden, f.width, f.height, 0 AS dirs FROM %s AS f WHERE %s'; $sql = sprintf($sql, $this->tbf, $whr); if (($res = $this->query($sql))) { while ($row = $res->fetch_assoc()) { if ($timeout && $timeout < time()) { $this->setError(elFinder::ERROR_SEARCH_TIMEOUT, $this->path($this->encode($path))); break; } if (!$this->mimeAccepted($row['mime'], $mimes)) { continue; } $id = $row['id']; if ($row['parent_id']) { $row['phash'] = $this->encode($row['parent_id']); } $row['path'] = $this->_path($id); if ($row['mime'] == 'directory') { unset($row['width']); unset($row['height']); } else { unset($row['dirs']); } unset($row['id']); unset($row['parent_id']); if (($stat = $this->updateCache($id, $row)) && empty($stat['hidden'])) { $result[] = $stat; } } } return $result; }" 3928,"public function read($sessionId) { $dbData = $this->getCollection()->findOne(array( $this->options['id_field'] => $sessionId, $this->options['expiry_field'] => array('$gte' => new \MongoDate()), )); return null === $dbData ? '' : $dbData[$this->options['data_field']]->bin; }",True,PHP,read,MongoDbSessionHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _copy($source, $targetDir, $name) { $this->clearcache(); $id = $this->_joinPath($targetDir, $name); $sql = $id > 0 ? sprintf('REPLACE INTO %s (id, parent_id, name, content, size, mtime, mime, width, height, `read`, `write`, `locked`, `hidden`) (SELECT %d, %d, name, content, size, mtime, mime, width, height, `read`, `write`, `locked`, `hidden` FROM %s WHERE id=%d)', $this->tbf, $id, $this->_dirname($id), $this->tbf, $source) : sprintf('INSERT INTO %s (parent_id, name, content, size, mtime, mime, width, height, `read`, `write`, `locked`, `hidden`) SELECT %d, \'%s\', content, size, %d, mime, width, height, `read`, `write`, `locked`, `hidden` FROM %s WHERE id=%d', $this->tbf, $targetDir, $this->db->real_escape_string($name), time(), $this->tbf, $source); return $this->query($sql); }" 3929,"private function doRead($sessionId) { $this->sessionExpired = false; if (self::LOCK_ADVISORY === $this->lockMode) { $this->unlockStatements[] = $this->doAdvisoryLock($sessionId); } $selectSql = $this->getSelectSql(); $selectStmt = $this->pdo->prepare($selectSql); $selectStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR); $selectStmt->execute(); $sessionRows = $selectStmt->fetchAll(\PDO::FETCH_NUM); if ($sessionRows) { if ($sessionRows[0][1] + $sessionRows[0][2] < time()) { $this->sessionExpired = true; return ''; } return is_resource($sessionRows[0][0]) ? stream_get_contents($sessionRows[0][0]) : $sessionRows[0][0]; } if (self::LOCK_TRANSACTIONAL === $this->lockMode && 'sqlite' !== $this->driver) { try { $insertStmt = $this->pdo->prepare( ""INSERT INTO $this->table ($this->idCol, $this->dataCol, $this->lifetimeCol, $this->timeCol) VALUES (:id, :data, :lifetime, :time)"" ); $insertStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR); $insertStmt->bindValue(':data', '', \PDO::PARAM_LOB); $insertStmt->bindValue(':lifetime', 0, \PDO::PARAM_INT); $insertStmt->bindValue(':time', time(), \PDO::PARAM_INT); $insertStmt->execute(); } catch (\PDOException $e) { if (0 === strpos($e->getCode(), '23')) { $selectStmt->execute(); $sessionRows = $selectStmt->fetchAll(\PDO::FETCH_NUM); if ($sessionRows) { return is_resource($sessionRows[0][0]) ? stream_get_contents($sessionRows[0][0]) : $sessionRows[0][0]; } return ''; } throw $e; } } return ''; }",True,PHP,doRead,PdoSessionHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function init() { if (!($this->options['host'] || $this->options['socket']) || !$this->options['user'] || !$this->options['pass'] || !$this->options['db'] || !$this->options['path'] || !$this->options['files_table']) { return false; } $this->db = new mysqli($this->options['host'], $this->options['user'], $this->options['pass'], $this->options['db'], $this->options['port'], $this->options['socket']); if ($this->db->connect_error || mysqli_connect_error()) { return false; } $this->db->set_charset('utf8'); if ($res = $this->db->query('SHOW TABLES')) { while ($row = $res->fetch_array()) { if ($row[0] == $this->options['files_table']) { $this->tbf = $this->options['files_table']; break; } } } if (!$this->tbf) { return false; } $this->updateCache($this->options['path'], $this->_stat($this->options['path'])); return true; }" 3930,"public function write($sessionId, $data) { $maxlifetime = (int) ini_get('session.gc_maxlifetime'); try { $mergeSql = $this->getMergeSql(); if (null !== $mergeSql) { $mergeStmt = $this->pdo->prepare($mergeSql); $mergeStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR); $mergeStmt->bindParam(':data', $data, \PDO::PARAM_LOB); $mergeStmt->bindParam(':lifetime', $maxlifetime, \PDO::PARAM_INT); $mergeStmt->bindValue(':time', time(), \PDO::PARAM_INT); $mergeStmt->execute(); return true; } $updateStmt = $this->pdo->prepare( ""UPDATE $this->table SET $this->dataCol = :data, $this->lifetimeCol = :lifetime, $this->timeCol = :time WHERE $this->idCol = :id"" ); $updateStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR); $updateStmt->bindParam(':data', $data, \PDO::PARAM_LOB); $updateStmt->bindParam(':lifetime', $maxlifetime, \PDO::PARAM_INT); $updateStmt->bindValue(':time', time(), \PDO::PARAM_INT); $updateStmt->execute(); if (!$updateStmt->rowCount()) { try { $insertStmt = $this->pdo->prepare( ""INSERT INTO $this->table ($this->idCol, $this->dataCol, $this->lifetimeCol, $this->timeCol) VALUES (:id, :data, :lifetime, :time)"" ); $insertStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR); $insertStmt->bindParam(':data', $data, \PDO::PARAM_LOB); $insertStmt->bindParam(':lifetime', $maxlifetime, \PDO::PARAM_INT); $insertStmt->bindValue(':time', time(), \PDO::PARAM_INT); $insertStmt->execute(); } catch (\PDOException $e) { if (0 === strpos($e->getCode(), '23')) { $updateStmt->execute(); } else { throw $e; } } } } catch (\PDOException $e) { $this->rollback(); throw $e; } return true; }",True,PHP,write,PdoSessionHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _setContent($path, $fp) { elFinder::rewind($fp); $fstat = fstat($fp); $size = $fstat['size']; }" 3931,"private function getMergeSql() { switch ($this->driver) { case 'mysql': return ""INSERT INTO $this->table ($this->idCol, $this->dataCol, $this->lifetimeCol, $this->timeCol) VALUES (:id, :data, :lifetime, :time) "". ""ON DUPLICATE KEY UPDATE $this->dataCol = VALUES($this->dataCol), $this->lifetimeCol = VALUES($this->lifetimeCol), $this->timeCol = VALUES($this->timeCol)""; case 'oci': return ""MERGE INTO $this->table USING DUAL ON ($this->idCol = :id) "". ""WHEN NOT MATCHED THEN INSERT ($this->idCol, $this->dataCol, $this->lifetimeCol, $this->timeCol) VALUES (:id, :data, :lifetime, :time) "". ""WHEN MATCHED THEN UPDATE SET $this->dataCol = :data, $this->lifetimeCol = :lifetime, $this->timeCol = :time""; case 'sqlsrv' === $this->driver && version_compare($this->pdo->getAttribute(\PDO::ATTR_SERVER_VERSION), '10', '>='): return ""MERGE INTO $this->table WITH (HOLDLOCK) USING (SELECT 1 AS dummy) AS src ON ($this->idCol = :id) "". ""WHEN NOT MATCHED THEN INSERT ($this->idCol, $this->dataCol, $this->lifetimeCol, $this->timeCol) VALUES (:id, :data, :lifetime, :time) "". ""WHEN MATCHED THEN UPDATE SET $this->dataCol = :data, $this->lifetimeCol = :lifetime, $this->timeCol = :time;""; case 'sqlite': return ""INSERT OR REPLACE INTO $this->table ($this->idCol, $this->dataCol, $this->lifetimeCol, $this->timeCol) VALUES (:id, :data, :lifetime, :time)""; } }",True,PHP,getMergeSql,PdoSessionHandler.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _rmdir($path) { return $this->query(sprintf('DELETE FROM %s WHERE id=%d AND mime=\'directory\' LIMIT 1', $this->tbf, $path)) && $this->db->affected_rows; }" 3936,public function save() { session_write_close(); if (!$this->saveHandler->isWrapper() && !$this->saveHandler->isSessionHandlerInterface()) { $this->saveHandler->setActive(false); } $this->closed = true; $this->started = false; },True,PHP,save,NativeSessionStorage.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function make($path, $name, $mime) { $sql = 'INSERT INTO %s (`parent_id`, `name`, `size`, `mtime`, `mime`, `content`, `read`, `write`) VALUES (\'%s\', \'%s\', 0, %d, \'%s\', \'\', \'%d\', \'%d\')'; $sql = sprintf($sql, $this->tbf, $path, $this->db->real_escape_string($name), time(), $mime, $this->defaults['read'], $this->defaults['write']); return $this->query($sql) && $this->db->affected_rows > 0; }" 3938,"public function regenerate($destroy = false, $lifetime = null) { if (PHP_VERSION_ID >= 50400 && \PHP_SESSION_ACTIVE !== session_status()) { return false; } if (PHP_VERSION_ID < 50400 && '' === session_id()) { return false; } if (null !== $lifetime) { ini_set('session.cookie_lifetime', $lifetime); } if ($destroy) { $this->metadataBag->stampNew(); } $isRegenerated = session_regenerate_id($destroy); $this->loadSession(); return $isRegenerated; }",True,PHP,regenerate,NativeSessionStorage.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _move($source, $targetDir, $name) { $sql = 'UPDATE %s SET parent_id=%d, name=\'%s\' WHERE id=%d LIMIT 1'; $sql = sprintf($sql, $this->tbf, $targetDir, $this->db->real_escape_string($name), $source); return $this->query($sql) && $this->db->affected_rows > 0 ? $source : false; }" 3941,"public function start() { if ($this->started) { return true; } if (PHP_VERSION_ID >= 50400 && \PHP_SESSION_ACTIVE === session_status()) { throw new \RuntimeException('Failed to start the session: already started by PHP.'); } if (PHP_VERSION_ID < 50400 && !$this->closed && isset($_SESSION) && session_id()) { throw new \RuntimeException('Failed to start the session: already started by PHP ($_SESSION is set).'); } if (ini_get('session.use_cookies') && headers_sent($file, $line)) { throw new \RuntimeException(sprintf('Failed to start the session because headers have already been sent by ""%s"" at line %d.', $file, $line)); } if (!session_start()) { throw new \RuntimeException('Failed to start the session'); } $this->loadSession(); if (!$this->saveHandler->isWrapper() && !$this->saveHandler->isSessionHandlerInterface()) { $this->saveHandler->setActive(true); } return true; }",True,PHP,start,NativeSessionStorage.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _filePutContents($path, $content) { return $this->query(sprintf('UPDATE %s SET content=\'%s\', size=%d, mtime=%d WHERE id=%d LIMIT 1', $this->tbf, $this->db->real_escape_string($content), strlen($content), time(), $path)); }" 3942,new SessionHandlerProxy(new \SessionHandler()) : new NativeProxy(); },True,PHP,SessionHandlerProxy,NativeSessionStorage.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _fclose($fp, $path='') { fclose($fp); if ($path) { unlink($this->getTempFile($path)); } }" 3943,public function start() { if ($this->started) { return true; } $this->loadSession(); if (!$this->saveHandler->isWrapper() && !$this->saveHandler->isSessionHandlerInterface()) { $this->saveHandler->setActive(true); } return true; },True,PHP,start,PhpBridgeSessionStorage.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _save($fp, $dir, $name, $stat) { $this->clearcache(); $mime = $stat['mime']; $w = !empty($stat['width']) ? $stat['width'] : 0; $h = !empty($stat['height']) ? $stat['height'] : 0; $id = $this->_joinPath($dir, $name); elFinder::rewind($fp); $stat = fstat($fp); $size = $stat['size']; if (($tmpfile = tempnam($this->tmpPath, $this->id))) { if (($trgfp = fopen($tmpfile, 'wb')) == false) { unlink($tmpfile); } else { while (!feof($fp)) { fwrite($trgfp, fread($fp, 8192)); } fclose($trgfp); chmod($tmpfile, 0644); $sql = $id > 0 ? 'REPLACE INTO %s (id, parent_id, name, content, size, mtime, mime, width, height) VALUES ('.$id.', %d, \'%s\', LOAD_FILE(\'%s\'), %d, %d, \'%s\', %d, %d)' : 'INSERT INTO %s (parent_id, name, content, size, mtime, mime, width, height) VALUES (%d, \'%s\', LOAD_FILE(\'%s\'), %d, %d, \'%s\', %d, %d)'; $sql = sprintf($sql, $this->tbf, $dir, $this->db->real_escape_string($name), $this->loadFilePath($tmpfile), $size, time(), $mime, $w, $h); $res = $this->query($sql); unlink($tmpfile); if ($res) { return $id > 0 ? $id : $this->db->insert_id; } } } $content = ''; elFinder::rewind($fp); while (!feof($fp)) { $content .= fread($fp, 8192); } $sql = $id > 0 ? 'REPLACE INTO %s (id, parent_id, name, content, size, mtime, mime, width, height) VALUES ('.$id.', %d, \'%s\', \'%s\', %d, %d, \'%s\', %d, %d)' : 'INSERT INTO %s (parent_id, name, content, size, mtime, mime, width, height) VALUES (%d, \'%s\', \'%s\', %d, %d, \'%s\', %d, %d)'; $sql = sprintf($sql, $this->tbf, $dir, $this->db->real_escape_string($name), $this->db->real_escape_string($content), $size, time(), $mime, $w, $h); unset($content); if ($this->query($sql)) { return $id > 0 ? $id : $this->db->insert_id; } return false; }" 3944,public function setActive($flag) { if (PHP_VERSION_ID >= 50400) { throw new \LogicException('This method is disabled in PHP 5.4.0+'); } $this->active = (bool) $flag; },True,PHP,setActive,AbstractProxy.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _unlink($path) { return $this->query(sprintf('DELETE FROM %s WHERE id=%d AND mime!=\'directory\' LIMIT 1', $this->tbf, $path)) && $this->db->affected_rows; }" 3945,public function isActive() { if (PHP_VERSION_ID >= 50400) { return $this->active = \PHP_SESSION_ACTIVE === session_status(); } return $this->active; },True,PHP,isActive,AbstractProxy.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _fopen($path, $mode='rb') { $fp = $this->tmbPath ? fopen($this->getTempFile($path), 'w+') : tmpfile(); if ($fp) { if (($res = $this->query('SELECT content FROM '.$this->tbf.' WHERE id=\''.$path.'\'')) && ($r = $res->fetch_assoc())) { fwrite($fp, $r['content']); rewind($fp); return $fp; } else { $this->_fclose($fp, $path); } } return false; }" 3947,public function close() { $this->active = false; return (bool) $this->handler->close(); },True,PHP,close,SessionHandlerProxy.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function cacheDir($path) { $this->dirsCache[$path] = array(); $sql = 'SELECT f.id, f.parent_id, f.name, f.size, f.mtime AS ts, f.mime, f.read, f.write, f.locked, f.hidden, f.width, f.height, if (ch.id, 1, 0) AS dirs FROM '.$this->tbf.' AS f LEFT JOIN '.$this->tbf.' AS ch ON ch.parent_id=f.id AND ch.mime=\'directory\' WHERE f.parent_id=\''.$path.'\' GROUP BY f.id'; $res = $this->query($sql); if ($res) { while ($row = $res->fetch_assoc()) { $id = $row['id']; if ($row['parent_id']) { $row['phash'] = $this->encode($row['parent_id']); } if ($row['mime'] == 'directory') { unset($row['width']); unset($row['height']); } else { unset($row['dirs']); } unset($row['id']); unset($row['parent_id']); if (($stat = $this->updateCache($id, $row)) && empty($stat['hidden'])) { $this->dirsCache[$path][] = $id; } } } return $this->dirsCache[$path]; }" 3948,"public function open($savePath, $sessionName) { $return = (bool) $this->handler->open($savePath, $sessionName); if (true === $return) { $this->active = true; } return $return; }",True,PHP,open,SessionHandlerProxy.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _stat($path) { $sql = 'SELECT f.id, f.parent_id, f.name, f.size, f.mtime AS ts, f.mime, f.read, f.write, f.locked, f.hidden, f.width, f.height, if (ch.id, 1, 0) AS dirs FROM '.$this->tbf.' AS f LEFT JOIN '.$this->tbf.' AS p ON p.id=f.parent_id LEFT JOIN '.$this->tbf.' AS ch ON ch.parent_id=f.id AND ch.mime=\'directory\' WHERE f.id=\''.$path.'\' GROUP BY f.id'; $res = $this->query($sql); if ($res) { $stat = $res->fetch_assoc(); if ($stat['parent_id']) { $stat['phash'] = $this->encode($stat['parent_id']); } if ($stat['mime'] == 'directory') { unset($stat['width']); unset($stat['height']); } else { unset($stat['dirs']); } unset($stat['id']); unset($stat['parent_id']); return $stat; } return array(); }" 3950,public function setCallback($callback) { if (!is_callable($callback)) { throw new \LogicException('The Response callback must be a valid PHP callable.'); } $this->callback = $callback; },True,PHP,setCallback,StreamedResponse.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"protected function _joinPath($dir, $name) { $sql = 'SELECT id FROM '.$this->tbf.' WHERE parent_id=\''.$dir.'\' AND name=\''.$this->db->real_escape_string($name).'\''; if (($res = $this->query($sql)) && ($r = $res->fetch_assoc())) { $this->updateCache($r['id'], $this->_stat($r['id'])); return $r['id']; } return -1; }" 3955,"public function testInvalidRequests($requestRange) { $response = BinaryFileResponse::create(__DIR__.'/File/Fixtures/test.gif', 200, array('Content-Type' => 'application/octet-stream'))->setAutoEtag(); $request = Request::create('/'); $request->headers->set('Range', $requestRange); $response = clone $response; $response->prepare($request); $response->sendContent(); $this->assertEquals(416, $response->getStatusCode()); }",True,PHP,testInvalidRequests,BinaryFileResponseTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function onUpLoadPreSave(&$path, &$name, $src, $elfinder, $volume) { $opts = $this->opts; $volOpts = $volume->getOptionsPlugin('AutoResize'); if (is_array($volOpts)) { $opts = array_merge($this->opts, $volOpts); } if (! $opts['enable']) { return false; } $srcImgInfo = getimagesize($src); if ($srcImgInfo === false) { return false; } $imgTypes = array( IMAGETYPE_GIF => IMG_GIF, IMAGETYPE_JPEG => IMG_JPEG, IMAGETYPE_PNG => IMG_PNG, IMAGETYPE_BMP => IMG_WBMP, IMAGETYPE_WBMP => IMG_WBMP ); if (! ($opts['targetType'] & $imgTypes[$srcImgInfo[2]])) { return false; } if ($srcImgInfo[0] > $opts['maxWidth'] || $srcImgInfo[1] > $opts['maxHeight']) { return $this->resize($volume, $src, $srcImgInfo, $opts['maxWidth'], $opts['maxHeight'], $opts['quality'], $opts['preserveExif']); } return false; }" 3959,"public function testGetDeep() { $bag = new ParameterBag(array('foo' => array('bar' => array('moo' => 'boo')))); $this->assertEquals(array('moo' => 'boo'), $bag->get('foo[bar]', null, true)); $this->assertEquals('boo', $bag->get('foo[bar][moo]', null, true)); $this->assertEquals('default', $bag->get('foo[bar][foo]', 'default', true)); $this->assertEquals('default', $bag->get('bar[moo][foo]', 'default', true)); }",True,PHP,testGetDeep,ParameterBagTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function resize_gd($src, $width, $height, $quality, $srcImgInfo) { switch ($srcImgInfo['mime']) { case 'image/gif': if (imagetypes() & IMG_GIF) { $oSrcImg = imagecreatefromgif ($src); } else { $ermsg = 'GIF images are not supported'; } break; case 'image/jpeg': if (imagetypes() & IMG_JPG) { $oSrcImg = imagecreatefromjpeg($src) ; } else { $ermsg = 'JPEG images are not supported'; } break; case 'image/png': if (imagetypes() & IMG_PNG) { $oSrcImg = imagecreatefrompng($src) ; } else { $ermsg = 'PNG images are not supported'; } break; case 'image/wbmp': if (imagetypes() & IMG_WBMP) { $oSrcImg = imagecreatefromwbmp($src); } else { $ermsg = 'WBMP images are not supported'; } break; default: $oSrcImg = false; $ermsg = $srcImgInfo['mime'].' images are not supported'; break; } if ($oSrcImg && false != ($tmp = imagecreatetruecolor($width, $height))) { if (!imagecopyresampled($tmp, $oSrcImg, 0, 0, 0, 0, $width, $height, $srcImgInfo[0], $srcImgInfo[1])) { return false; } switch ($srcImgInfo['mime']) { case 'image/gif': imagegif ($tmp, $src); break; case 'image/jpeg': imagejpeg($tmp, $src, $quality); break; case 'image/png': if (function_exists('imagesavealpha') && function_exists('imagealphablending')) { imagealphablending($tmp, false); imagesavealpha($tmp, true); } imagepng($tmp, $src); break; case 'image/wbmp': imagewbmp($tmp, $src); break; } imagedestroy($oSrcImg); imagedestroy($tmp); return true; } return false; }" 3960,"public function testGetDeepWithInvalidPaths($path) { $bag = new ParameterBag(array('foo' => array('bar' => 'moo'))); $bag->get($path, null, true); }",True,PHP,testGetDeepWithInvalidPaths,ParameterBagTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function resize($volume, $src, $srcImgInfo, $maxWidth, $maxHeight, $jpgQuality, $preserveExif) { $zoom = min(($maxWidth/$srcImgInfo[0]),($maxHeight/$srcImgInfo[1])); $width = round($srcImgInfo[0] * $zoom); $height = round($srcImgInfo[1] * $zoom); return $volume->imageUtil('resize', $src, compact('width', 'height', 'jpgQuality', 'preserveExif')); }" 3961,"public function getInvalidPaths() { return array( array('foo[['), array('foo[d'), array('foo[bar]]'), array('foo[bar]d'), ); }",True,PHP,getInvalidPaths,ParameterBagTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$this->replaced[$cmd][$name] = $args[$key][$i] = $this->normalize($name, $opts); } } else { $name = $args[$key]; $this->replaced[$cmd][$name] = $args[$key] = $this->normalize($name, $opts); } } return true; }" 3965,"public function testVeryLongHosts($host) { $start = microtime(true); $request = Request::create('/'); $request->headers->set('host', $host); $this->assertEquals($host, $request->getHost()); $this->assertLessThan(3, microtime(true) - $start); }",True,PHP,testVeryLongHosts,RequestTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function normalize($str, $opts) { if ($opts['nfc'] || $opts['nfkc']) { if (class_exists('Normalizer', false)) { if ($opts['nfc'] && ! Normalizer::isNormalized($str, Normalizer::FORM_C)) $str = Normalizer::normalize($str, Normalizer::FORM_C); if ($opts['nfkc'] && ! Normalizer::isNormalized($str, Normalizer::FORM_KC)) $str = Normalizer::normalize($str, Normalizer::FORM_KC); } else { if (! class_exists('I18N_UnicodeNormalizer', false)) { include_once 'I18N/UnicodeNormalizer.php'; } if (class_exists('I18N_UnicodeNormalizer', false)) { $normalizer = new I18N_UnicodeNormalizer(); if ($opts['nfc']) $str = $normalizer->normalize($str, 'NFC'); if ($opts['nfkc']) $str = $normalizer->normalize($str, 'NFKC'); } } } if ($opts['convmap'] && is_array($opts['convmap'])) { $str = strtr($str, $opts['convmap']); } if ($opts['lowercase']) { if (function_exists('mb_strtolower')) { $str = mb_strtolower($str, 'UTF-8'); } else { $str = strtolower($str); } } return $str; }" 3977,"$this->assertEquals(array($flashes[$key]), $val); ++$i; }",True,PHP,assertEquals,FlashBagTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$this->replaced[$cmd][$name] = $args[$key][$i] = $this->normalize($name, $opts); } } else { $name = $args[$key]; $this->replaced[$cmd][$name] = $args[$key] = $this->normalize($name, $opts); } } return true; }" 3978,private function createMongoCollectionMock() { $collection = $this->getMockBuilder('MongoCollection') ->disableOriginalConstructor() ->getMock(); return $collection; },True,PHP,createMongoCollectionMock,MongoDbSessionHandlerTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function normalize($str, $opts) { if ($opts['nfc'] || $opts['nfkc']) { if (class_exists('Normalizer', false)) { if ($opts['nfc'] && ! Normalizer::isNormalized($str, Normalizer::FORM_C)) $str = Normalizer::normalize($str, Normalizer::FORM_C); if ($opts['nfkc'] && ! Normalizer::isNormalized($str, Normalizer::FORM_KC)) $str = Normalizer::normalize($str, Normalizer::FORM_KC); } else { if (! class_exists('I18N_UnicodeNormalizer', false)) { include_once 'I18N/UnicodeNormalizer.php'; } if (class_exists('I18N_UnicodeNormalizer', false)) { $normalizer = new I18N_UnicodeNormalizer(); if ($opts['nfc']) $str = $normalizer->normalize($str, 'NFC'); if ($opts['nfkc']) $str = $normalizer->normalize($str, 'NFKC'); } } } if ($opts['convmap'] && is_array($opts['convmap'])) { $str = strtr($str, $opts['convmap']); } if ($opts['lowercase']) { if (function_exists('mb_strtolower')) { $str = mb_strtolower($str, 'UTF-8'); } else { $str = strtolower($str); } } return $str; }" 3979,"$that->assertGreaterThanOrEqual(time() - 1, $criteria[$that->options['expiry_field']]['$lt']->sec); }));",True,PHP,assertGreaterThanOrEqual,MongoDbSessionHandlerTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$this->replaced[$cmd][$name] = $args[$key][$i] = $this->sanitizeFileName($name, $opts); } } else { $name = $args[$key]; $this->replaced[$cmd][$name] = $args[$key] = $this->sanitizeFileName($name, $opts); } } return true; }" 3983,"protected function setUp() { parent::setUp(); $mongoClass = version_compare(phpversion('mongo'), '1.3.0', '<') ? 'Mongo' : 'MongoClient'; $this->mongo = $this->getMockBuilder($mongoClass) ->disableOriginalConstructor() ->getMock(); $this->options = array( 'id_field' => '_id', 'data_field' => 'data', 'time_field' => 'time', 'expiry_field' => 'expires_at', 'database' => 'sf2-test', 'collection' => 'session-test', ); $this->storage = new MongoDbSessionHandler($this->mongo, $this->options); }",True,PHP,setUp,MongoDbSessionHandlerTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function onUpLoadPreSave(&$path, &$name, $src, $elfinder, $volume) { $opts = $this->opts; $volOpts = $volume->getOptionsPlugin('Watermark'); if (is_array($volOpts)) { $opts = array_merge($this->opts, $volOpts); } if (! $opts['enable']) { return false; } $srcImgInfo = getimagesize($src); if ($srcImgInfo === false) { return false; } if (elFinder::isAnimationGif ($src)) { return false; } if (! file_exists($opts['source'])) { $opts['source'] = dirname(__FILE__) . ""/"" . $opts['source']; } if (is_readable($opts['source'])) { $watermarkImgInfo = getimagesize($opts['source']); if (! $watermarkImgInfo) { return false; } } else { return false; } $watermark = $opts['source']; $marginLeft = $opts['marginRight']; $marginBottom = $opts['marginBottom']; $quality = $opts['quality']; $transparency = $opts['transparency']; $imgTypes = array( IMAGETYPE_GIF => IMG_GIF, IMAGETYPE_JPEG => IMG_JPEG, IMAGETYPE_PNG => IMG_PNG, IMAGETYPE_BMP => IMG_WBMP, IMAGETYPE_WBMP => IMG_WBMP ); if (! ($opts['targetType'] & $imgTypes[$srcImgInfo[2]])) { return false; } if ($opts['targetMinPixel'] > 0 && $opts['targetMinPixel'] > min($srcImgInfo[0], $srcImgInfo[1])) { return false; } $watermark_width = $watermarkImgInfo[0]; $watermark_height = $watermarkImgInfo[1]; $dest_x = $srcImgInfo[0] - $watermark_width - $marginLeft; $dest_y = $srcImgInfo[1] - $watermark_height - $marginBottom; if (class_exists('Imagick', false)) { return $this->watermarkPrint_imagick($src, $watermark, $dest_x, $dest_y, $quality, $transparency, $watermarkImgInfo); } else { return $this->watermarkPrint_gd($src, $watermark, $dest_x, $dest_y, $quality, $transparency, $watermarkImgInfo, $srcImgInfo); } }" 3984,"public function testDestroy() { $collection = $this->createMongoCollectionMock(); $this->mongo->expects($this->once()) ->method('selectCollection') ->with($this->options['database'], $this->options['collection']) ->will($this->returnValue($collection)); $collection->expects($this->once()) ->method('remove') ->with(array($this->options['id_field'] => 'foo')); $this->assertTrue($this->storage->destroy('foo')); }",True,PHP,testDestroy,MongoDbSessionHandlerTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function watermarkPrint_gd($src, $watermark, $dest_x, $dest_y, $quality, $transparency, $watermarkImgInfo, $srcImgInfo) { $watermark_width = $watermarkImgInfo[0]; $watermark_height = $watermarkImgInfo[1]; $ermsg = ''; switch ($watermarkImgInfo['mime']) { case 'image/gif': if (imagetypes() & IMG_GIF) { $oWatermarkImg = imagecreatefromgif ($watermark); } else { $ermsg = 'GIF images are not supported'; } break; case 'image/jpeg': if (imagetypes() & IMG_JPG) { $oWatermarkImg = imagecreatefromjpeg($watermark) ; } else { $ermsg = 'JPEG images are not supported'; } break; case 'image/png': if (imagetypes() & IMG_PNG) { $oWatermarkImg = imagecreatefrompng($watermark) ; } else { $ermsg = 'PNG images are not supported'; } break; case 'image/wbmp': if (imagetypes() & IMG_WBMP) { $oWatermarkImg = imagecreatefromwbmp($watermark); } else { $ermsg = 'WBMP images are not supported'; } break; default: $oWatermarkImg = false; $ermsg = $watermarkImgInfo['mime'].' images are not supported'; break; } if (! $ermsg) { switch ($srcImgInfo['mime']) { case 'image/gif': if (imagetypes() & IMG_GIF) { $oSrcImg = imagecreatefromgif ($src); } else { $ermsg = 'GIF images are not supported'; } break; case 'image/jpeg': if (imagetypes() & IMG_JPG) { $oSrcImg = imagecreatefromjpeg($src) ; } else { $ermsg = 'JPEG images are not supported'; } break; case 'image/png': if (imagetypes() & IMG_PNG) { $oSrcImg = imagecreatefrompng($src) ; } else { $ermsg = 'PNG images are not supported'; } break; case 'image/wbmp': if (imagetypes() & IMG_WBMP) { $oSrcImg = imagecreatefromwbmp($src); } else { $ermsg = 'WBMP images are not supported'; } break; default: $oSrcImg = false; $ermsg = $srcImgInfo['mime'].' images are not supported'; break; } } if ($ermsg || false === $oSrcImg || false === $oWatermarkImg) { return false; } if ($srcImgInfo['mime'] === 'image/png') { if (function_exists('imagecolorallocatealpha')) { $bg = imagecolorallocatealpha($oSrcImg, 255, 255, 255, 127); imagefill($oSrcImg, 0, 0 , $bg); } } if ($watermarkImgInfo['mime'] === 'image/png') { imagecopy($oSrcImg, $oWatermarkImg, $dest_x, $dest_y, 0, 0, $watermark_width, $watermark_height); } else { imagecopymerge($oSrcImg, $oWatermarkImg, $dest_x, $dest_y, 0, 0, $watermark_width, $watermark_height, $transparency); } switch ($srcImgInfo['mime']) { case 'image/gif': imagegif ($oSrcImg, $src); break; case 'image/jpeg': imagejpeg($oSrcImg, $src, $quality); break; case 'image/png': if (function_exists('imagesavealpha') && function_exists('imagealphablending')) { imagealphablending($oSrcImg, false); imagesavealpha($oSrcImg, true); } imagepng($oSrcImg, $src); break; case 'image/wbmp': imagewbmp($oSrcImg, $src); break; } imageDestroy($oSrcImg); imageDestroy($oWatermarkImg); return true; }" 3987,"$that->options['id_field'] => new \MongoDate(), ); }));",True,PHP,MongoDate,MongoDbSessionHandlerTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"$class = $container->getParameterBag()->resolveValue($def->getClass()); $interface = 'Symfony\Component\EventDispatcher\EventSubscriberInterface'; if (!is_subclass_of($class, $interface)) { if (!class_exists($class, false)) { throw new \InvalidArgumentException(sprintf('Class ""%s"" used for service ""%s"" cannot be found.', $class, $id)); } throw new \InvalidArgumentException(sprintf('Service ""%s"" must implement interface ""%s"".', $id, $interface)); } $definition->addMethodCall('addSubscriberService', array($id, $class)); }" 3989,"public function testConstruct() { $storage = new NativeSessionStorage(array('name' => 'TESTING'), new NativeFileSessionHandler(sys_get_temp_dir())); if (PHP_VERSION_ID < 50400) { $this->assertEquals('files', $storage->getSaveHandler()->getSaveHandlerName()); $this->assertEquals('files', ini_get('session.save_handler')); } else { $this->assertEquals('files', $storage->getSaveHandler()->getSaveHandlerName()); $this->assertEquals('user', ini_get('session.save_handler')); } $this->assertEquals(sys_get_temp_dir(), ini_get('session.save_path')); $this->assertEquals('TESTING', ini_get('session.name')); }",True,PHP,testConstruct,NativeFileSessionHandlerTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"call_user_func($listener, $event, $eventName, $this); } }" 3991,public function testConstruct() { $handler = new NativeSessionHandler(); if (PHP_VERSION_ID < 50400) { $this->assertFalse($handler instanceof \SessionHandler); $this->assertTrue($handler instanceof NativeSessionHandler); } else { $this->assertTrue($handler instanceof \SessionHandler); $this->assertTrue($handler instanceof NativeSessionHandler); } },True,PHP,testConstruct,NativeSessionHandlerTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function testLegacyDispatch() { $event = new Event(); $this->dispatcher->dispatch(self::preFoo, $event); $this->assertEquals('pre.foo', $event->getName()); }" 3995,public function testStartedOutside() { $storage = $this->getStorage(); $this->assertFalse($storage->getSaveHandler()->isActive()); $this->assertFalse($storage->isStarted()); session_start(); $this->assertTrue(isset($_SESSION)); if (PHP_VERSION_ID >= 50400) { $this->assertTrue($storage->getSaveHandler()->isActive()); } $this->assertFalse($storage->isStarted()); $key = $storage->getMetadataBag()->getStorageKey(); $this->assertFalse(isset($_SESSION[$key])); $storage->start(); },True,PHP,testStartedOutside,NativeSessionStorageTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function checkIp6($requestIp, $ip) { if (!((extension_loaded('sockets') && defined('AF_INET6')) || @inet_pton('::1'))) { throw new \RuntimeException('Unable to check Ipv6. Check that PHP was not compiled with option ""disable-ipv6"".'); } if (false !== strpos($ip, '/')) { list($address, $netmask) = explode('/', $ip, 2); if ($netmask < 1 || $netmask > 128) { return false; } } else { $address = $ip; $netmask = 128; } $bytesAddr = unpack('n*', @inet_pton($address)); $bytesTest = unpack('n*', @inet_pton($requestIp)); if (!$bytesAddr || !$bytesTest) { return false; } for ($i = 1, $ceil = ceil($netmask / 16); $i <= $ceil; ++$i) { $left = $netmask - 16 * ($i - 1); $left = ($left <= 16) ? $left : 16; $mask = ~(0xffff >> $left) & 0xffff; if (($bytesAddr[$i] & $mask) != ($bytesTest[$i] & $mask)) { return false; } } return true; }" 3996,"public function testSetSaveHandler53() { if (PHP_VERSION_ID >= 50400) { $this->markTestSkipped('Test skipped, for PHP 5.3 only.'); } $this->iniSet('session.save_handler', 'files'); $storage = $this->getStorage(); $storage->setSaveHandler(); $this->assertInstanceOf('Symfony\Component\HttpFoundation\Session\Storage\Proxy\NativeProxy', $storage->getSaveHandler()); $storage->setSaveHandler(null); $this->assertInstanceOf('Symfony\Component\HttpFoundation\Session\Storage\Proxy\NativeProxy', $storage->getSaveHandler()); $storage->setSaveHandler(new NativeSessionHandler()); $this->assertInstanceOf('Symfony\Component\HttpFoundation\Session\Storage\Proxy\NativeProxy', $storage->getSaveHandler()); $storage->setSaveHandler(new SessionHandlerProxy(new NullSessionHandler())); $this->assertInstanceOf('Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy', $storage->getSaveHandler()); $storage->setSaveHandler(new NullSessionHandler()); $this->assertInstanceOf('Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy', $storage->getSaveHandler()); $storage->setSaveHandler(new NativeProxy()); $this->assertInstanceOf('Symfony\Component\HttpFoundation\Session\Storage\Proxy\NativeProxy', $storage->getSaveHandler()); }",True,PHP,testSetSaveHandler53,NativeSessionStorageTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getInt($key, $default = 0) { return (int) $this->get($key, $default); }" 3999,"public function testSetSaveHandler54() { $this->iniSet('session.save_handler', 'files'); $storage = $this->getStorage(); $storage->setSaveHandler(); $this->assertInstanceOf('Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy', $storage->getSaveHandler()); $storage->setSaveHandler(null); $this->assertInstanceOf('Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy', $storage->getSaveHandler()); $storage->setSaveHandler(new SessionHandlerProxy(new NativeSessionHandler())); $this->assertInstanceOf('Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy', $storage->getSaveHandler()); $storage->setSaveHandler(new NativeSessionHandler()); $this->assertInstanceOf('Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy', $storage->getSaveHandler()); $storage->setSaveHandler(new SessionHandlerProxy(new NullSessionHandler())); $this->assertInstanceOf('Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy', $storage->getSaveHandler()); $storage->setSaveHandler(new NullSessionHandler()); $this->assertInstanceOf('Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy', $storage->getSaveHandler()); }",True,PHP,testSetSaveHandler54,NativeSessionStorageTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getAlpha($key, $default = '') { return preg_replace('/[^[:alpha:]]/', '', $this->get($key, $default)); }" 4002,"public function testPhpSession53() { if (PHP_VERSION_ID >= 50400) { $this->markTestSkipped('Test skipped, for PHP 5.3 only.'); } $storage = $this->getStorage(); $this->assertFalse(isset($_SESSION)); $this->assertFalse($storage->getSaveHandler()->isActive()); session_start(); $this->assertTrue(isset($_SESSION)); $this->assertFalse($storage->getSaveHandler()->isActive()); $this->assertFalse($storage->isStarted()); $key = $storage->getMetadataBag()->getStorageKey(); $this->assertFalse(isset($_SESSION[$key])); $storage->start(); $this->assertTrue(isset($_SESSION[$key])); }",True,PHP,testPhpSession53,PhpBridgeSessionStorageTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function get($key, $default = null) { return array_key_exists($key, $this->parameters) ? $this->parameters[$key] : $default; }" 4003,public function testPhpSession54() { $storage = $this->getStorage(); $this->assertFalse($storage->getSaveHandler()->isActive()); $this->assertFalse($storage->isStarted()); session_start(); $this->assertTrue(isset($_SESSION)); $this->assertTrue($storage->getSaveHandler()->isActive()); $this->assertFalse($storage->isStarted()); $key = $storage->getMetadataBag()->getStorageKey(); $this->assertFalse(isset($_SESSION[$key])); $storage->start(); $this->assertTrue(isset($_SESSION[$key])); },True,PHP,testPhpSession54,PhpBridgeSessionStorageTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getBoolean($key, $default = false) { return $this->filter($key, $default, FILTER_VALIDATE_BOOLEAN); }" 4004,"public function testNameExceptionPhp53() { if (PHP_VERSION_ID >= 50400) { $this->markTestSkipped('Test skipped, for PHP 5.3 only.'); } $this->proxy->setActive(true); $this->proxy->setName('foo'); }",True,PHP,testNameExceptionPhp53,AbstractProxyTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getDigits($key, $default = '') { return str_replace(array('-', '+'), '', $this->filter($key, $default, FILTER_SANITIZE_NUMBER_INT)); }" 4006,public function testIsActivePhp54() { $this->assertFalse($this->proxy->isActive()); session_start(); $this->assertTrue($this->proxy->isActive()); },True,PHP,testIsActivePhp54,AbstractProxyTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getAlnum($key, $default = '') { return preg_replace('/[^[:alnum:]]/', '', $this->get($key, $default)); }" 4007,public function testNameExceptionPhp54() { session_start(); $this->proxy->setName('foo'); },True,PHP,testNameExceptionPhp54,AbstractProxyTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function isFromTrustedProxy() { return self::$trustedProxies && IpUtils::checkIp($this->server->get('REMOTE_ADDR'), self::$trustedProxies); }" 4008,"public function testSetActivePhp53() { if (PHP_VERSION_ID >= 50400) { $this->markTestSkipped('Test skipped, for PHP 5.3 only.'); } $this->proxy->setActive(true); $this->assertTrue($this->proxy->isActive()); $this->proxy->setActive(false); $this->assertFalse($this->proxy->isActive()); }",True,PHP,testSetActivePhp53,AbstractProxyTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function isMethodSafe() { return in_array($this->getMethod(), array('GET', 'HEAD', 'OPTIONS', 'TRACE')); }" 4009,"public function testIdExceptionPhp53() { if (PHP_VERSION_ID >= 50400) { $this->markTestSkipped('Test skipped, for PHP 5.3 only.'); } $this->proxy->setActive(true); $this->proxy->setId('foo'); }",True,PHP,testIdExceptionPhp53,AbstractProxyTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"private function getUrlencodedPrefix($string, $prefix) { if (0 !== strpos(rawurldecode($string), $prefix)) { return false; } $len = strlen($prefix); if (preg_match(sprintf('#^(%%[[:xdigit:]]{2}|.) {%d} return $match[0]; } return false; }" 4011,"public function testIsActivePhp53() { if (PHP_VERSION_ID >= 50400) { $this->markTestSkipped('Test skipped, for PHP 5.3 only.'); } $this->assertFalse($this->proxy->isActive()); }",True,PHP,testIsActivePhp53,AbstractProxyTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public static function createFromGlobals() { $server = $_SERVER; if ('cli-server' === PHP_SAPI) { if (array_key_exists('HTTP_CONTENT_LENGTH', $_SERVER)) { $server['CONTENT_LENGTH'] = $_SERVER['HTTP_CONTENT_LENGTH']; } if (array_key_exists('HTTP_CONTENT_TYPE', $_SERVER)) { $server['CONTENT_TYPE'] = $_SERVER['HTTP_CONTENT_TYPE']; } } $request = self::createRequestFromFactory($_GET, $_POST, array(), $_COOKIE, $_FILES, $server); if (0 === strpos($request->headers->get('CONTENT_TYPE'), 'application/x-www-form-urlencoded') && in_array(strtoupper($request->server->get('REQUEST_METHOD', 'GET')), array('PUT', 'DELETE', 'PATCH')) ) { parse_str($request->getContent(), $data); $request->request = new ParameterBag($data); } return $request; }" 4012,public function testSetActivePhp54() { $this->proxy->setActive(true); },True,PHP,testSetActivePhp54,AbstractProxyTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getFormat($mimeType) { $canonicalMimeType = null; if (false !== $pos = strpos($mimeType, ';')) { $canonicalMimeType = substr($mimeType, 0, $pos); } if (null === static::$formats) { static::initializeFormats(); } foreach (static::$formats as $format => $mimeTypes) { if (in_array($mimeType, (array) $mimeTypes)) { return $format; } if (null !== $canonicalMimeType && in_array($canonicalMimeType, (array) $mimeTypes)) { return $format; } } }" 4014,public function testIdExceptionPhp54() { session_start(); $this->proxy->setId('foo'); },True,PHP,testIdExceptionPhp54,AbstractProxyTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function getRequestFormat($default = 'html') { if (null === $this->format) { $this->format = $this->attributes->get('_format', $default); } return $this->format; }" 4016,"public function testOpen() { $this->mock->expects($this->once()) ->method('open') ->will($this->returnValue(true)); $this->assertFalse($this->proxy->isActive()); $this->proxy->open('name', 'id'); if (PHP_VERSION_ID < 50400) { $this->assertTrue($this->proxy->isActive()); } else { $this->assertFalse($this->proxy->isActive()); } }",True,PHP,testOpen,SessionHandlerProxyTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function get($key, $default = null) { if ($this !== $result = $this->attributes->get($key, $this)) { return $result; } if ($this !== $result = $this->query->get($key, $this)) { return $result; } if ($this !== $result = $this->request->get($key, $this)) { return $result; } return $default; }" 4017,public function testSetCallbackNonCallable() { $response = new StreamedResponse(null); $response->setCallback(null); },True,PHP,testSetCallbackNonCallable,StreamedResponseTest.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function __construct($mongo, array $options) { if (!($mongo instanceof \MongoDB\Client || $mongo instanceof \MongoClient || $mongo instanceof \Mongo)) { throw new \InvalidArgumentException('MongoClient or Mongo instance required'); } if (!isset($options['database']) || !isset($options['collection'])) { throw new \InvalidArgumentException('You must provide the ""database"" and ""collection"" option for MongoDBSessionHandler'); } $this->mongo = $mongo; $this->options = array_merge(array( 'id_field' => '_id', 'data_field' => 'data', 'time_field' => 'time', 'expiry_field' => 'expires_at', ), $options); }" 4084,public function __construct() { self::$key = Options::v('google_captcha_sitekey'); self::$secret = Options::v('google_captcha_secret'); self::$lang = Options::v('google_captcha_lang'); },True,PHP,__construct,Xaptcha.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function destroy($sessionId) { $methodName = $this->mongo instanceof \MongoDB\Client ? 'deleteOne' : 'remove'; $this->getCollection()->$methodName(array( $this->options['id_field'] => $sessionId, )); return true; }" 4086,public static function isEnable() { if (Options::v('google_captcha_enable') === 'on') { return true; }else{ return false; } },True,PHP,isEnable,Xaptcha.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function gc($maxlifetime) { $methodName = $this->mongo instanceof \MongoDB\Client ? 'deleteOne' : 'remove'; $this->getCollection()->$methodName(array( $this->options['expiry_field'] => array('$lt' => $this->createDateTime()), )); return true; }" 4089,"public static function verify($gresponse) { new Xaptcha(); $recaptcha = new \ReCaptcha\ReCaptcha(self::$secret); $resp = $recaptcha->verify($gresponse, $_SERVER['REMOTE_ADDR']); if ($resp->isSuccess()) { return true; }else{ return false; } }",True,PHP,verify,Xaptcha.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2016-08-14 11:15:50+07:00,Major Update for Version 1.0.0 release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10096,"public function read($sessionId) { $dbData = $this->getCollection()->findOne(array( $this->options['id_field'] => $sessionId, $this->options['expiry_field'] => array('$gte' => $this->createDateTime()), )); if (null === $dbData) { return ''; } if ($dbData[$this->options['data_field']] instanceof \MongoDB\BSON\Binary) { return $dbData[$this->options['data_field']]->getData(); } return $dbData[$this->options['data_field']]->bin; }" 4090,"public static function html() { new Xaptcha(); $html = ""
    '; if (self::isEnable()) { return $html; } else { return ''; } }" 4150,"$q = self::$mysqli->query($vars) ; if($q === false) { user_error(""Query failed: "".self::$mysqli->error.""
    \n$vars""); return false; } } return $q; }",True,PHP,query,Db.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"foreach ($usr as $u) { $msgs = str_replace('{{userid}}', $u->userid, $msg); $vars = array( 'to' => $u->email, 'to_name' => $u->userid, 'message' => $msgs, 'subject' => $subject, 'msgtype' => $_POST['type'] ); $mailsend = Mail::send($vars); if ($mailsend !== null) { $alermailsend[] = $mailsend; } sleep(3); }" 4151,"$q = self::$mysqli->query($vars) ; if($q === false) { user_error(""Query failed: "".self::$mysqli->error.""
    \n$vars""); return false; } } return $q; }",True,PHP,query,Db.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"foreach ($data['alertDanger'] as $alert) { echo ""
  • $alert
    • \n""; }" 4158,"public static function insertData () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', 'favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpssl', '0'), (null, 'timezone', '+7'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.11.1'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nbing.com/webmaster/ping.aspx\r\nhttp: (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', '')""; $db->query($options); }",True,PHP,insertData,Install.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"foreach ($data['alertred'] as $alert) { echo ""
  • $alert
    • \n""; }" 4159,"public static function insertData () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', 'favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpssl', '0'), (null, 'timezone', '+7'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.11.1'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nbing.com/webmaster/ping.aspx\r\nhttp: (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', '')""; $db->query($options); }",True,PHP,insertData,Install.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"foreach ($data['alertred'] as $alert) { echo ""
  • $alert
    • \n""; }" 4160,"public static function insertData () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', 'favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpssl', '0'), (null, 'timezone', '+7'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.11.1'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nbing.com/webmaster/ping.aspx\r\nhttp: (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', '')""; $db->query($options); }",True,PHP,insertData,Install.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"foreach ($data['alertred'] as $alert) { echo ""
  • $alert
    • \n""; }" 4161,"public static function createTable () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $cat = ""CREATE TABLE IF NOT EXISTS `cat` ( `id` int(11) NOT NULL, `name` text NOT NULL, `slug` text NOT NULL, `parent` text DEFAULT NULL, `desc` text DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 ""; $db->query($cat); $pr = ""ALTER TABLE `cat` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `cat` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $menu = ""CREATE TABLE IF NOT EXISTS `menus` ( `id` int(11) NOT NULL, `name` varchar(64) NOT NULL, `menuid` varchar(32) NOT NULL, `parent` varchar(11) DEFAULT NULL, `sub` enum('0','1') NOT NULL, `type` varchar(8) NOT NULL, `value` text NOT NULL, `class` varchar(64) DEFAULT NULL, `order` varchar(4) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($menu); $pr = ""ALTER TABLE `menus` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `menus` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $options = ""CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` text CHARACTER SET utf8 NOT NULL, `value` text CHARACTER SET utf8 NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($options); $pr = ""ALTER TABLE `options` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $posts = ""CREATE TABLE IF NOT EXISTS `posts` ( `id` bigint(32) NOT NULL, `date` datetime NOT NULL, `title` text NOT NULL, `slug` text NOT NULL, `content` mediumtext NOT NULL, `author` text NOT NULL, `type` text NOT NULL, `cat` int(11) NOT NULL, `modified` datetime DEFAULT NULL, `status` enum('0','1','2') NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($posts); $pr = ""ALTER TABLE `posts` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $post_param = ""CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, `post_id` bigint(32) NOT NULL, `param` text NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8""; $db->query($post_param); $pr = ""ALTER TABLE `posts_param` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts_param` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user = ""CREATE TABLE IF NOT EXISTS `user` ( `id` bigint(32) NOT NULL, `userid` varchar(16) NOT NULL, `pass` varchar(255) NOT NULL, `confirm` varchar(255) DEFAULT NULL, `group` enum('0','1','2','3','4','5') NOT NULL, `email` varchar(255) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user); $pr = ""ALTER TABLE `user` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user_detail = ""CREATE TABLE IF NOT EXISTS `user_detail` ( `id` bigint(20) NOT NULL, `userid` varchar(32) COLLATE latin1_general_ci NOT NULL, `fname` varchar(32) COLLATE latin1_general_ci NOT NULL, `lname` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `sex` varchar(2) COLLATE latin1_general_ci DEFAULT NULL, `birthplace` varchar(32) COLLATE latin1_general_ci DEFAULT NULL, `birthdate` date DEFAULT NULL, `addr` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `city` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `state` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `country` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `postcode` varchar(32) COLLATE latin1_general_ci DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user_detail); $pr = ""ALTER TABLE `user_detail` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user_detail` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT""; $db->query($pr); }",True,PHP,createTable,Install.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"foreach ($data['alertred'] as $alert) { echo ""
  • $alert
    • \n""; }" 4162,"public static function createTable () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $cat = ""CREATE TABLE IF NOT EXISTS `cat` ( `id` int(11) NOT NULL, `name` text NOT NULL, `slug` text NOT NULL, `parent` text DEFAULT NULL, `desc` text DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 ""; $db->query($cat); $pr = ""ALTER TABLE `cat` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `cat` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $menu = ""CREATE TABLE IF NOT EXISTS `menus` ( `id` int(11) NOT NULL, `name` varchar(64) NOT NULL, `menuid` varchar(32) NOT NULL, `parent` varchar(11) DEFAULT NULL, `sub` enum('0','1') NOT NULL, `type` varchar(8) NOT NULL, `value` text NOT NULL, `class` varchar(64) DEFAULT NULL, `order` varchar(4) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($menu); $pr = ""ALTER TABLE `menus` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `menus` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $options = ""CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` text CHARACTER SET utf8 NOT NULL, `value` text CHARACTER SET utf8 NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($options); $pr = ""ALTER TABLE `options` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $posts = ""CREATE TABLE IF NOT EXISTS `posts` ( `id` bigint(32) NOT NULL, `date` datetime NOT NULL, `title` text NOT NULL, `slug` text NOT NULL, `content` mediumtext NOT NULL, `author` text NOT NULL, `type` text NOT NULL, `cat` int(11) NOT NULL, `modified` datetime DEFAULT NULL, `status` enum('0','1','2') NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($posts); $pr = ""ALTER TABLE `posts` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $post_param = ""CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, `post_id` bigint(32) NOT NULL, `param` text NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8""; $db->query($post_param); $pr = ""ALTER TABLE `posts_param` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts_param` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user = ""CREATE TABLE IF NOT EXISTS `user` ( `id` bigint(32) NOT NULL, `userid` varchar(16) NOT NULL, `pass` varchar(255) NOT NULL, `confirm` varchar(255) DEFAULT NULL, `group` enum('0','1','2','3','4','5') NOT NULL, `email` varchar(255) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user); $pr = ""ALTER TABLE `user` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user_detail = ""CREATE TABLE IF NOT EXISTS `user_detail` ( `id` bigint(20) NOT NULL, `userid` varchar(32) COLLATE latin1_general_ci NOT NULL, `fname` varchar(32) COLLATE latin1_general_ci NOT NULL, `lname` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `sex` varchar(2) COLLATE latin1_general_ci DEFAULT NULL, `birthplace` varchar(32) COLLATE latin1_general_ci DEFAULT NULL, `birthdate` date DEFAULT NULL, `addr` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `city` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `state` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `country` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `postcode` varchar(32) COLLATE latin1_general_ci DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user_detail); $pr = ""ALTER TABLE `user_detail` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user_detail` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT""; $db->query($pr); }",True,PHP,createTable,Install.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"foreach ($data['alertred'] as $alert) { echo ""
  • $alert
    • \n""; }" 4163,"public static function createTable () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $cat = ""CREATE TABLE IF NOT EXISTS `cat` ( `id` int(11) NOT NULL, `name` text NOT NULL, `slug` text NOT NULL, `parent` text DEFAULT NULL, `desc` text DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 ""; $db->query($cat); $pr = ""ALTER TABLE `cat` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `cat` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $menu = ""CREATE TABLE IF NOT EXISTS `menus` ( `id` int(11) NOT NULL, `name` varchar(64) NOT NULL, `menuid` varchar(32) NOT NULL, `parent` varchar(11) DEFAULT NULL, `sub` enum('0','1') NOT NULL, `type` varchar(8) NOT NULL, `value` text NOT NULL, `class` varchar(64) DEFAULT NULL, `order` varchar(4) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($menu); $pr = ""ALTER TABLE `menus` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `menus` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $options = ""CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` text CHARACTER SET utf8 NOT NULL, `value` text CHARACTER SET utf8 NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($options); $pr = ""ALTER TABLE `options` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $posts = ""CREATE TABLE IF NOT EXISTS `posts` ( `id` bigint(32) NOT NULL, `date` datetime NOT NULL, `title` text NOT NULL, `slug` text NOT NULL, `content` mediumtext NOT NULL, `author` text NOT NULL, `type` text NOT NULL, `cat` int(11) NOT NULL, `modified` datetime DEFAULT NULL, `status` enum('0','1','2') NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($posts); $pr = ""ALTER TABLE `posts` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $post_param = ""CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, `post_id` bigint(32) NOT NULL, `param` text NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8""; $db->query($post_param); $pr = ""ALTER TABLE `posts_param` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts_param` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user = ""CREATE TABLE IF NOT EXISTS `user` ( `id` bigint(32) NOT NULL, `userid` varchar(16) NOT NULL, `pass` varchar(255) NOT NULL, `confirm` varchar(255) DEFAULT NULL, `group` enum('0','1','2','3','4','5') NOT NULL, `email` varchar(255) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user); $pr = ""ALTER TABLE `user` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user_detail = ""CREATE TABLE IF NOT EXISTS `user_detail` ( `id` bigint(20) NOT NULL, `userid` varchar(32) COLLATE latin1_general_ci NOT NULL, `fname` varchar(32) COLLATE latin1_general_ci NOT NULL, `lname` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `sex` varchar(2) COLLATE latin1_general_ci DEFAULT NULL, `birthplace` varchar(32) COLLATE latin1_general_ci DEFAULT NULL, `birthdate` date DEFAULT NULL, `addr` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `city` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `state` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `country` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `postcode` varchar(32) COLLATE latin1_general_ci DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user_detail); $pr = ""ALTER TABLE `user_detail` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user_detail` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT""; $db->query($pr); }",True,PHP,createTable,Install.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"foreach ($data['alertred'] as $alert) { echo ""
  • $alert
    • \n""; }" 4164,"public static function makeConfig ($file) { $config = ""getMessage(); } return $config; }",True,PHP,makeConfig,Install.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"foreach ($data['alertred'] as $alert) { echo ""
  • $alert
    • \n""; }" 4165,"public static function makeConfig ($file) { $config = ""getMessage(); } return $config; }",True,PHP,makeConfig,Install.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"foreach ($data['alertred'] as $alert) { echo ""
  • $alert
    • \n""; }" 4166,"public static function makeConfig ($file) { $config = ""getMessage(); } return $config; }",True,PHP,makeConfig,Install.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"foreach ($data['alertred'] as $alert) { echo ""
  • $alert
    • \n""; }" 4176,function __construct() { self::$smtphost = Options::get('smtphost'); self::$smtpuser = Options::get('smtpuser'); self::$smtppass = Options::get('smtppass'); self::$smtpssl = Options::get('smtpssl'); self::$siteemail = Options::get('siteemail'); self::$sitename = Options::get('sitename'); },True,PHP,__construct,Mail.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function dropdown($vars) { if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' ""; }else{ $where .= ""1 ""; } $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = "" ASC""; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = """"; return $drop; }" 4177,function __construct() { self::$smtphost = Options::get('smtphost'); self::$smtpuser = Options::get('smtpuser'); self::$smtppass = Options::get('smtppass'); self::$smtpssl = Options::get('smtpssl'); self::$siteemail = Options::get('siteemail'); self::$sitename = Options::get('sitename'); },True,PHP,__construct,Mail.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function dropdown($vars) { if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' ""; }else{ $where .= ""1 ""; } $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = "" ASC""; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = """"; return $drop; }" 4178,function __construct() { self::$smtphost = Options::get('smtphost'); self::$smtpuser = Options::get('smtpuser'); self::$smtppass = Options::get('smtppass'); self::$smtpssl = Options::get('smtpssl'); self::$siteemail = Options::get('siteemail'); self::$sitename = Options::get('sitename'); },True,PHP,__construct,Mail.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function dropdown($vars) { if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' ""; }else{ $where .= ""1 ""; } $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = "" ASC""; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = """"; return $drop; }" 4179,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }",True,PHP,getMenuAdmin,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function dropdown($vars) { if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' ""; }else{ $where .= ""1 ""; } $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = "" ASC""; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = """"; return $drop; }" 4180,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }",True,PHP,getMenuAdmin,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function dropdown($vars) { if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' ""; }else{ $where .= ""1 ""; } $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = "" ASC""; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = """"; return $drop; }" 4181,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }",True,PHP,getMenuAdmin,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function dropdown($vars) { if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' ""; }else{ $where .= ""1 ""; } $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = "" ASC""; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = """"; return $drop; }" 4185,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == ''){ $parent = self::getParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::getParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::getParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::getParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }",True,PHP,getMenu,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function dropdown($vars) { if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' ""; }else{ $where .= ""1 ""; } $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = "" ASC""; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = """"; return $drop; }" 4186,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == ''){ $parent = self::getParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::getParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::getParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::getParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }",True,PHP,getMenu,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function dropdown($vars) { if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' ""; }else{ $where .= ""1 ""; } $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = "" ASC""; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = """"; return $drop; }" 4187,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == ''){ $parent = self::getParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::getParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::getParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::getParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }",True,PHP,getMenu,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function dropdown($vars) { if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['parent'])) { $where .= "" `parent` = '{$vars['parent']}' ""; }else{ $where .= ""1 ""; } $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = "" ASC""; } } $cat = Db::result(""SELECT * FROM `cat` {$where} {$order_by} {$sort}""); $drop = """"; return $drop; }" 4191,public function __construct(){ },True,PHP,__construct,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function error ($vars="""", $val='') { if( isset($vars) && $vars != """" ) { include(GX_PATH.'/inc/lib/Control/Error/'.$vars.'.control.php'); }else{ include(GX_PATH.'/inc/lib/Control/Error/unknown.control.php'); } }" 4192,public function __construct(){ },True,PHP,__construct,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function error ($vars="""", $val='') { if( isset($vars) && $vars != """" ) { include(GX_PATH.'/inc/lib/Control/Error/'.$vars.'.control.php'); }else{ include(GX_PATH.'/inc/lib/Control/Error/unknown.control.php'); } }" 4193,public function __construct(){ },True,PHP,__construct,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function error ($vars="""", $val='') { if( isset($vars) && $vars != """" ) { include(GX_PATH.'/inc/lib/Control/Error/'.$vars.'.control.php'); }else{ include(GX_PATH.'/inc/lib/Control/Error/unknown.control.php'); } }" 4194,"public static function isHadSub($parent, $menuid =''){ $sql = sprintf(""SELECT * FROM `menus` WHERE `parent` = '%s' %s"", $parent, $where); }",True,PHP,isHadSub,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function error ($vars="""", $val='') { if( isset($vars) && $vars != """" ) { include(GX_PATH.'/inc/lib/Control/Error/'.$vars.'.control.php'); }else{ include(GX_PATH.'/inc/lib/Control/Error/unknown.control.php'); } }" 4195,"public static function isHadSub($parent, $menuid =''){ $sql = sprintf(""SELECT * FROM `menus` WHERE `parent` = '%s' %s"", $parent, $where); }",True,PHP,isHadSub,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function error ($vars="""", $val='') { if( isset($vars) && $vars != """" ) { include(GX_PATH.'/inc/lib/Control/Error/'.$vars.'.control.php'); }else{ include(GX_PATH.'/inc/lib/Control/Error/unknown.control.php'); } }" 4196,"public static function isHadSub($parent, $menuid =''){ $sql = sprintf(""SELECT * FROM `menus` WHERE `parent` = '%s' %s"", $parent, $where); }",True,PHP,isHadSub,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function error ($vars="""", $val='') { if( isset($vars) && $vars != """" ) { include(GX_PATH.'/inc/lib/Control/Error/'.$vars.'.control.php'); }else{ include(GX_PATH.'/inc/lib/Control/Error/unknown.control.php'); } }" 4200,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d' ORDER BY `order` ASC"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }",True,PHP,getId,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function error ($vars="""", $val='') { if( isset($vars) && $vars != """" ) { include(GX_PATH.'/inc/lib/Control/Error/'.$vars.'.control.php'); }else{ include(GX_PATH.'/inc/lib/Control/Error/unknown.control.php'); } }" 4201,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d' ORDER BY `order` ASC"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }",True,PHP,getId,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function error ($vars="""", $val='') { if( isset($vars) && $vars != """" ) { include(GX_PATH.'/inc/lib/Control/Error/'.$vars.'.control.php'); }else{ include(GX_PATH.'/inc/lib/Control/Error/unknown.control.php'); } }" 4202,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d' ORDER BY `order` ASC"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }",True,PHP,getId,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function error ($vars="""", $val='') { if( isset($vars) && $vars != """" ) { include(GX_PATH.'/inc/lib/Control/Error/'.$vars.'.control.php'); }else{ include(GX_PATH.'/inc/lib/Control/Error/unknown.control.php'); } }" 4209,"public static function getParent($parent='', $menuid = ''){ if(isset($menuid)){ $where = "" AND `menuid` = '{$menuid}'""; }else{ $where = ''; } $sql = sprintf(""SELECT * FROM `menus` WHERE `parent` = '%s' %s"", $parent, $where); $menu = Db::result($sql); return $menu; }",True,PHP,getParent,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function insert ($vars) { if(is_array($vars)){ $set = """"; $k = """"; foreach ($vars['key'] as $key => $val) { $set .= ""'$val',""; $k .= ""`$key`,""; } $set = substr($set, 0,-1); $k = substr($k, 0,-1); $sql = sprintf(""INSERT INTO `%s` (%s) VALUES (%s) "", $vars['table'], $k, $set) ; }else{ $sql = $vars; } if(DB_DRIVER == 'mysql') { mysql_query('SET CHARACTER SET utf8'); $q = mysql_query($sql) or die(mysql_error()); self::$last_id = mysql_insert_id(); }elseif(DB_DRIVER == 'mysqli'){ try { if(!self::query($sql)){ }else{ self::$last_id = self::$mysqli->insert_id; } } catch (exception $e) { echo $e->getMessage(); } } return true; }" 4210,"public static function getParent($parent='', $menuid = ''){ if(isset($menuid)){ $where = "" AND `menuid` = '{$menuid}'""; }else{ $where = ''; } $sql = sprintf(""SELECT * FROM `menus` WHERE `parent` = '%s' %s"", $parent, $where); $menu = Db::result($sql); return $menu; }",True,PHP,getParent,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function insert ($vars) { if(is_array($vars)){ $set = """"; $k = """"; foreach ($vars['key'] as $key => $val) { $set .= ""'$val',""; $k .= ""`$key`,""; } $set = substr($set, 0,-1); $k = substr($k, 0,-1); $sql = sprintf(""INSERT INTO `%s` (%s) VALUES (%s) "", $vars['table'], $k, $set) ; }else{ $sql = $vars; } if(DB_DRIVER == 'mysql') { mysql_query('SET CHARACTER SET utf8'); $q = mysql_query($sql) or die(mysql_error()); self::$last_id = mysql_insert_id(); }elseif(DB_DRIVER == 'mysqli'){ try { if(!self::query($sql)){ }else{ self::$last_id = self::$mysqli->insert_id; } } catch (exception $e) { echo $e->getMessage(); } } return true; }" 4211,"public static function getParent($parent='', $menuid = ''){ if(isset($menuid)){ $where = "" AND `menuid` = '{$menuid}'""; }else{ $where = ''; } $sql = sprintf(""SELECT * FROM `menus` WHERE `parent` = '%s' %s"", $parent, $where); $menu = Db::result($sql); return $menu; }",True,PHP,getParent,Menus.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function insert ($vars) { if(is_array($vars)){ $set = """"; $k = """"; foreach ($vars['key'] as $key => $val) { $set .= ""'$val',""; $k .= ""`$key`,""; } $set = substr($set, 0,-1); $k = substr($k, 0,-1); $sql = sprintf(""INSERT INTO `%s` (%s) VALUES (%s) "", $vars['table'], $k, $set) ; }else{ $sql = $vars; } if(DB_DRIVER == 'mysql') { mysql_query('SET CHARACTER SET utf8'); $q = mysql_query($sql) or die(mysql_error()); self::$last_id = mysql_insert_id(); }elseif(DB_DRIVER == 'mysqli'){ try { if(!self::query($sql)){ }else{ self::$last_id = self::$mysqli->insert_id; } } catch (exception $e) { echo $e->getMessage(); } } return true; }" 4215,"public static function insert($vars) { if(is_array($vars)) { $slug = Typo::slugify($vars['title']); $vars = array_merge($vars, array('slug' => $slug)); $ins = array( 'table' => 'options', 'key' => $vars ); $post = Db::insert($ins); } return $post; }",True,PHP,insert,Options.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function insert ($vars) { if(is_array($vars)){ $set = """"; $k = """"; foreach ($vars['key'] as $key => $val) { $set .= ""'$val',""; $k .= ""`$key`,""; } $set = substr($set, 0,-1); $k = substr($k, 0,-1); $sql = sprintf(""INSERT INTO `%s` (%s) VALUES (%s) "", $vars['table'], $k, $set) ; }else{ $sql = $vars; } if(DB_DRIVER == 'mysql') { mysql_query('SET CHARACTER SET utf8'); $q = mysql_query($sql) or die(mysql_error()); self::$last_id = mysql_insert_id(); }elseif(DB_DRIVER == 'mysqli'){ try { if(!self::query($sql)){ }else{ self::$last_id = self::$mysqli->insert_id; } } catch (exception $e) { echo $e->getMessage(); } } return true; }" 4216,"public static function insert($vars) { if(is_array($vars)) { $slug = Typo::slugify($vars['title']); $vars = array_merge($vars, array('slug' => $slug)); $ins = array( 'table' => 'options', 'key' => $vars ); $post = Db::insert($ins); } return $post; }",True,PHP,insert,Options.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function insert ($vars) { if(is_array($vars)){ $set = """"; $k = """"; foreach ($vars['key'] as $key => $val) { $set .= ""'$val',""; $k .= ""`$key`,""; } $set = substr($set, 0,-1); $k = substr($k, 0,-1); $sql = sprintf(""INSERT INTO `%s` (%s) VALUES (%s) "", $vars['table'], $k, $set) ; }else{ $sql = $vars; } if(DB_DRIVER == 'mysql') { mysql_query('SET CHARACTER SET utf8'); $q = mysql_query($sql) or die(mysql_error()); self::$last_id = mysql_insert_id(); }elseif(DB_DRIVER == 'mysqli'){ try { if(!self::query($sql)){ }else{ self::$last_id = self::$mysqli->insert_id; } } catch (exception $e) { echo $e->getMessage(); } } return true; }" 4217,"public static function insert($vars) { if(is_array($vars)) { $slug = Typo::slugify($vars['title']); $vars = array_merge($vars, array('slug' => $slug)); $ins = array( 'table' => 'options', 'key' => $vars ); $post = Db::insert($ins); } return $post; }",True,PHP,insert,Options.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function insert ($vars) { if(is_array($vars)){ $set = """"; $k = """"; foreach ($vars['key'] as $key => $val) { $set .= ""'$val',""; $k .= ""`$key`,""; } $set = substr($set, 0,-1); $k = substr($k, 0,-1); $sql = sprintf(""INSERT INTO `%s` (%s) VALUES (%s) "", $vars['table'], $k, $set) ; }else{ $sql = $vars; } if(DB_DRIVER == 'mysql') { mysql_query('SET CHARACTER SET utf8'); $q = mysql_query($sql) or die(mysql_error()); self::$last_id = mysql_insert_id(); }elseif(DB_DRIVER == 'mysqli'){ try { if(!self::query($sql)){ }else{ self::$last_id = self::$mysqli->insert_id; } } catch (exception $e) { echo $e->getMessage(); } } return true; }" 4218,"public static function recent($vars, $type = 'post') { $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' ORDER BY `date` DESC LIMIT {$vars}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = $posts; } return $posts; }",True,PHP,recent,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function insert ($vars) { if(is_array($vars)){ $set = """"; $k = """"; foreach ($vars['key'] as $key => $val) { $set .= ""'$val',""; $k .= ""`$key`,""; } $set = substr($set, 0,-1); $k = substr($k, 0,-1); $sql = sprintf(""INSERT INTO `%s` (%s) VALUES (%s) "", $vars['table'], $k, $set) ; }else{ $sql = $vars; } if(DB_DRIVER == 'mysql') { mysql_query('SET CHARACTER SET utf8'); $q = mysql_query($sql) or die(mysql_error()); self::$last_id = mysql_insert_id(); }elseif(DB_DRIVER == 'mysqli'){ try { if(!self::query($sql)){ }else{ self::$last_id = self::$mysqli->insert_id; } } catch (exception $e) { echo $e->getMessage(); } } return true; }" 4219,"public static function recent($vars, $type = 'post') { $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' ORDER BY `date` DESC LIMIT {$vars}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = $posts; } return $posts; }",True,PHP,recent,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function insert ($vars) { if(is_array($vars)){ $set = """"; $k = """"; foreach ($vars['key'] as $key => $val) { $set .= ""'$val',""; $k .= ""`$key`,""; } $set = substr($set, 0,-1); $k = substr($k, 0,-1); $sql = sprintf(""INSERT INTO `%s` (%s) VALUES (%s) "", $vars['table'], $k, $set) ; }else{ $sql = $vars; } if(DB_DRIVER == 'mysql') { mysql_query('SET CHARACTER SET utf8'); $q = mysql_query($sql) or die(mysql_error()); self::$last_id = mysql_insert_id(); }elseif(DB_DRIVER == 'mysqli'){ try { if(!self::query($sql)){ }else{ self::$last_id = self::$mysqli->insert_id; } } catch (exception $e) { echo $e->getMessage(); } } return true; }" 4220,"public static function recent($vars, $type = 'post') { $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' ORDER BY `date` DESC LIMIT {$vars}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = $posts; } return $posts; }",True,PHP,recent,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function insert ($vars) { if(is_array($vars)){ $set = """"; $k = """"; foreach ($vars['key'] as $key => $val) { $set .= ""'$val',""; $k .= ""`$key`,""; } $set = substr($set, 0,-1); $k = substr($k, 0,-1); $sql = sprintf(""INSERT INTO `%s` (%s) VALUES (%s) "", $vars['table'], $k, $set) ; }else{ $sql = $vars; } if(DB_DRIVER == 'mysql') { mysql_query('SET CHARACTER SET utf8'); $q = mysql_query($sql) or die(mysql_error()); self::$last_id = mysql_insert_id(); }elseif(DB_DRIVER == 'mysqli'){ try { if(!self::query($sql)){ }else{ self::$last_id = self::$mysqli->insert_id; } } catch (exception $e) { echo $e->getMessage(); } } return true; }" 4221,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }",True,PHP,dropdown,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"$q = self::$mysqli->query($vars) ; if($q === false) { Control::error('db',""Query failed: "".self::$mysqli->error.""
    \n""); } } return $q; }" 4222,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }",True,PHP,dropdown,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"$q = self::$mysqli->query($vars) ; if($q === false) { Control::error('db',""Query failed: "".self::$mysqli->error.""
    \n""); } } return $q; }" 4223,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }",True,PHP,dropdown,Posts.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"$q = self::$mysqli->query($vars) ; if($q === false) { Control::error('db',""Query failed: "".self::$mysqli->error.""
    \n""); } } return $q; }" 4233,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".Options::get('sitedesc')),0,150); }else{ $desc = substr(Options::get('sitedesc'),0,150); } return $desc; }",True,PHP,desc,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"$q = self::$mysqli->query($vars) ; if($q === false) { Control::error('db',""Query failed: "".self::$mysqli->error.""
    \n""); } } return $q; }" 4234,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".Options::get('sitedesc')),0,150); }else{ $desc = substr(Options::get('sitedesc'),0,150); } return $desc; }",True,PHP,desc,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"$q = self::$mysqli->query($vars) ; if($q === false) { Control::error('db',""Query failed: "".self::$mysqli->error.""
    \n""); } } return $q; }" 4235,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".Options::get('sitedesc')),0,150); }else{ $desc = substr(Options::get('sitedesc'),0,150); } return $desc; }",True,PHP,desc,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"$q = self::$mysqli->query($vars) ; if($q === false) { Control::error('db',""Query failed: "".self::$mysqli->error.""
    \n""); } } return $q; }" 4239,"public static function meta($cont_title='', $cont_desc='', $pre =''){ global $data; if(is_array($data) && isset($data['posts'][0]->title)){ $sitenamelength = strlen(Options::get('sitename')); $limit = 70-$sitenamelength-6; $cont_title = substr(Typo::Xclean(Typo::strip($data['posts'][0]->title)),0,$limit); $titlelength = strlen($data['posts'][0]->title); if($titlelength > $limit+3) { $dotted = ""..."";} else {$dotted = """";} $cont_title = ""{$pre} {$cont_title}{$dotted} - ""; }else{ $cont_title = """"; } if(is_array($data) && isset($data['posts'][0]->content)){ $desc = Typo::strip($data['posts'][0]->content); }else{ $desc = """"; } $meta = "" {$cont_title}"".Options::get('sitename')."" ""; $meta .= "" {$cont_title}"".Options::get('sitename')."" ""; $meta .= "" {$cont_title}"".Options::get('sitename')."" ""; $meta .= "" \t \t""; } $fa = Options::get('use_fontawesome'); if($fa == 'on'){ $foot .= "" \t \t \t \t \t \t \t ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" \t \t ""; $foot .= $GLOBALS['validator_js']; } echo $foot; }",True,PHP,footer,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function insertData () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', 'favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpssl', '0'), (null, 'timezone', '+7'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.11.1'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nbing.com/webmaster/ping.aspx\r\nhttp: (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', ''), (null, 'tokens', '')""; $db->query($options); }" 4243,"public static function footer(){ $foot =""""; $bs = Options::get('use_bootstrap'); if($bs == 'on'){ $foot .= "" \n""; } $jquery = Options::get('use_jquery'); $jquery_v = Options::get('jquery_v'); if($jquery == 'on'){ $foot .= "" \t""; } $fa = Options::get('use_fontawesome'); if($fa == 'on'){ $foot .= "" \t \t \t \t \t \t \t ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" \t \t ""; $foot .= $GLOBALS['validator_js']; } echo $foot; }",True,PHP,footer,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function insertData () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', 'favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpssl', '0'), (null, 'timezone', '+7'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.11.1'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nbing.com/webmaster/ping.aspx\r\nhttp: (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', ''), (null, 'tokens', '')""; $db->query($options); }" 4244,"public static function footer(){ $foot =""""; $bs = Options::get('use_bootstrap'); if($bs == 'on'){ $foot .= "" \n""; } $jquery = Options::get('use_jquery'); $jquery_v = Options::get('jquery_v'); if($jquery == 'on'){ $foot .= "" \t""; } $fa = Options::get('use_fontawesome'); if($fa == 'on'){ $foot .= "" \t \t \t \t \t \t \t ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" \t \t ""; $foot .= $GLOBALS['validator_js']; } echo $foot; }",True,PHP,footer,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function insertData () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', 'favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpssl', '0'), (null, 'timezone', '+7'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.11.1'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nbing.com/webmaster/ping.aspx\r\nhttp: (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', ''), (null, 'tokens', '')""; $db->query($options); }" 4248,"$logo = """"; }else{ $logo = """"; } return $logo; }",True,PHP,get,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function insertData () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', 'favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpssl', '0'), (null, 'timezone', '+7'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.11.1'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nbing.com/webmaster/ping.aspx\r\nhttp: (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', ''), (null, 'tokens', '')""; $db->query($options); }" 4249,"$logo = """"; }else{ $logo = """"; } return $logo; }",True,PHP,get,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function insertData () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', 'favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpssl', '0'), (null, 'timezone', '+7'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.11.1'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nbing.com/webmaster/ping.aspx\r\nhttp: (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', ''), (null, 'tokens', '')""; $db->query($options); }" 4250,"$logo = """"; }else{ $logo = """"; } return $logo; }",True,PHP,get,Site.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function insertData () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', 'favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpssl', '0'), (null, 'timezone', '+7'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.11.1'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nbing.com/webmaster/ping.aspx\r\nhttp: (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', ''), (null, 'tokens', '')""; $db->query($options); }" 4257,public function __construct () { if (self::existConf()) { self::config('config'); self::lang(GX_LANG); }else{ GxMain::install(); } },True,PHP,__construct,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function insertData () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', 'favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpssl', '0'), (null, 'timezone', '+7'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.11.1'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nbing.com/webmaster/ping.aspx\r\nhttp: (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', ''), (null, 'tokens', '')""; $db->query($options); }" 4258,public function __construct () { if (self::existConf()) { self::config('config'); self::lang(GX_LANG); }else{ GxMain::install(); } },True,PHP,__construct,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function insertData () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', 'favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpssl', '0'), (null, 'timezone', '+7'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.11.1'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nbing.com/webmaster/ping.aspx\r\nhttp: (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', ''), (null, 'tokens', '')""; $db->query($options); }" 4259,public function __construct () { if (self::existConf()) { self::config('config'); self::lang(GX_LANG); }else{ GxMain::install(); } },True,PHP,__construct,System.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function insertData () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $url = Session::val('siteurl'); $domain = Session::val('sitedomain'); $sitename = Session::val('sitename'); $slogan = Session::val('siteslogan'); $options = ""INSERT INTO `options` (`id`, `name`, `value`) VALUES (null, 'sitename', '{$sitename}'), (null, 'siteurl', '{$url}'), (null, 'sitedomain', '{$domain}'), (null, 'siteslogan', '{$slogan}'), (null, 'sitedesc', 'Descriptions'), (null, 'sitekeywords', 'keywords'), (null, 'siteicon', 'favicon.ico'), (null, 'siteaddress', ''), (null, 'siteemail', ''), (null, 'fbacc', ''), (null, 'fbpage', ''), (null, 'twitter', ''), (null, 'linkedin', ''), (null, 'gplus', ''), (null, 'logo', '/assets/images/genixcms-logo-small.png'), (null, 'logourl', ''), (null, 'is_logourl', 'off'), (null, 'currency', 'USD'), (null, 'country_id', 'ID'), (null, 'mailtype', '0'), (null, 'smtphost', ''), (null, 'smtpuser', ''), (null, 'smtppass', ''), (null, 'smtpssl', '0'), (null, 'timezone', '+7'), (null, 'paypalemail', ''), (null, 'robots', 'index, follow'), (null, 'use_jquery', 'on'), (null, 'use_bootstrap', 'on'), (null, 'use_fontawesome', 'on'), (null, 'use_bsvalidator', 'on'), (null, 'jquery_v', '1.11.1'), (null, 'bs_v', ''), (null, 'fontawesome_v', ''), (null, 'use_editor', 'on'), (null, 'editor_type', 'summernote'), (null, 'editor_v', ''), (null, 'menus', '{\""mainmenu\"":{\""name\"":\""Main Menu\"",\""class\"":\""\"",\""menu\"":[]},\""footer\"":{\""name\"":\""Footer Menu\"",\""class\"":\""\"",\""menu\"":[{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""custom\"",\""value\"":\""{$url}\""},{\""parent\"":\""\"",\""menuid\"":\""footer\"",\""type\"":\""cat\"",\""value\"":\""1\""}]}}'), (null, 'post_perpage', '3'), (null, 'pagination', 'pager'), (null, 'pinger', 'rpc.pingomatic.com\r\nblogsearch.google.com/ping/RPC2\r\nbing.com/webmaster/ping.aspx\r\nhttp: (null, 'bsvalidator_v', ''), (null, 'ppsandbox', 'off'), (null, 'ppuser', ''), (null, 'pppass', ''), (null, 'ppsign', ''), (null, 'tokens', '')""; $db->query($options); }" 4284,"public static function go($input, $path, $allowed='', $uniq=false, $size='', $width = '', $height = ''){ $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if(isset($_FILES[$input]) && $_FILES[$input]['error'] == 0){ if($uniq == true){ $uniqfile = sha1(microtime().$filename); }else{ $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH.$path.$uniqfile.$filename; if(!in_array(strtolower($extension), $allowed)){ $result['error'] = 'File not allowed'; }else{ if(move_uploaded_file( $filetmp, $filepath) ){ $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile.$filename; $result['path'] = $path.$uniqfile.$filename; $result['filepath'] = $filepath; $result['fileurl'] = Options::get('siteurl').$path.$uniqfile.$filename; }else{ $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } }else{ $result['error'] = ''; } return $result; }",True,PHP,go,Upload.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function createTable () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $cat = ""CREATE TABLE IF NOT EXISTS `cat` ( `id` int(11) NOT NULL, `name` text NOT NULL, `slug` text NOT NULL, `parent` text DEFAULT NULL, `desc` text DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 ""; $db->query($cat); $pr = ""ALTER TABLE `cat` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `cat` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $menu = ""CREATE TABLE IF NOT EXISTS `menus` ( `id` int(11) NOT NULL, `name` varchar(64) NOT NULL, `menuid` varchar(32) NOT NULL, `parent` varchar(11) DEFAULT NULL, `sub` enum('0','1') NOT NULL, `type` varchar(8) NOT NULL, `value` text NOT NULL, `class` varchar(64) DEFAULT NULL, `order` varchar(4) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($menu); $pr = ""ALTER TABLE `menus` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `menus` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $options = ""CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` text CHARACTER SET utf8 NOT NULL, `value` text CHARACTER SET utf8 NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($options); $pr = ""ALTER TABLE `options` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $posts = ""CREATE TABLE IF NOT EXISTS `posts` ( `id` bigint(32) NOT NULL, `date` datetime NOT NULL, `title` text NOT NULL, `slug` text NOT NULL, `content` mediumtext NOT NULL, `author` text NOT NULL, `type` text NOT NULL, `cat` int(11) NOT NULL, `modified` datetime DEFAULT NULL, `status` enum('0','1','2') NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($posts); $pr = ""ALTER TABLE `posts` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $post_param = ""CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, `post_id` bigint(32) NOT NULL, `param` text NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8""; $db->query($post_param); $pr = ""ALTER TABLE `posts_param` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts_param` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user = ""CREATE TABLE IF NOT EXISTS `user` ( `id` bigint(32) NOT NULL, `userid` varchar(16) NOT NULL, `pass` varchar(255) NOT NULL, `confirm` varchar(255) DEFAULT NULL, `group` enum('0','1','2','3','4','5') NOT NULL, `email` varchar(255) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user); $pr = ""ALTER TABLE `user` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user_detail = ""CREATE TABLE IF NOT EXISTS `user_detail` ( `id` bigint(20) NOT NULL, `userid` varchar(32) COLLATE latin1_general_ci NOT NULL, `fname` varchar(32) COLLATE latin1_general_ci NULL, `lname` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `sex` varchar(2) COLLATE latin1_general_ci DEFAULT NULL, `birthplace` varchar(32) COLLATE latin1_general_ci DEFAULT NULL, `birthdate` date DEFAULT NULL, `addr` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `city` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `state` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `country` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `postcode` varchar(32) COLLATE latin1_general_ci DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user_detail); $pr = ""ALTER TABLE `user_detail` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user_detail` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT""; $db->query($pr); }" 4285,"public static function go($input, $path, $allowed='', $uniq=false, $size='', $width = '', $height = ''){ $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if(isset($_FILES[$input]) && $_FILES[$input]['error'] == 0){ if($uniq == true){ $uniqfile = sha1(microtime().$filename); }else{ $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH.$path.$uniqfile.$filename; if(!in_array(strtolower($extension), $allowed)){ $result['error'] = 'File not allowed'; }else{ if(move_uploaded_file( $filetmp, $filepath) ){ $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile.$filename; $result['path'] = $path.$uniqfile.$filename; $result['filepath'] = $filepath; $result['fileurl'] = Options::get('siteurl').$path.$uniqfile.$filename; }else{ $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } }else{ $result['error'] = ''; } return $result; }",True,PHP,go,Upload.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function createTable () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $cat = ""CREATE TABLE IF NOT EXISTS `cat` ( `id` int(11) NOT NULL, `name` text NOT NULL, `slug` text NOT NULL, `parent` text DEFAULT NULL, `desc` text DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 ""; $db->query($cat); $pr = ""ALTER TABLE `cat` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `cat` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $menu = ""CREATE TABLE IF NOT EXISTS `menus` ( `id` int(11) NOT NULL, `name` varchar(64) NOT NULL, `menuid` varchar(32) NOT NULL, `parent` varchar(11) DEFAULT NULL, `sub` enum('0','1') NOT NULL, `type` varchar(8) NOT NULL, `value` text NOT NULL, `class` varchar(64) DEFAULT NULL, `order` varchar(4) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($menu); $pr = ""ALTER TABLE `menus` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `menus` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $options = ""CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` text CHARACTER SET utf8 NOT NULL, `value` text CHARACTER SET utf8 NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($options); $pr = ""ALTER TABLE `options` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $posts = ""CREATE TABLE IF NOT EXISTS `posts` ( `id` bigint(32) NOT NULL, `date` datetime NOT NULL, `title` text NOT NULL, `slug` text NOT NULL, `content` mediumtext NOT NULL, `author` text NOT NULL, `type` text NOT NULL, `cat` int(11) NOT NULL, `modified` datetime DEFAULT NULL, `status` enum('0','1','2') NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($posts); $pr = ""ALTER TABLE `posts` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $post_param = ""CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, `post_id` bigint(32) NOT NULL, `param` text NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8""; $db->query($post_param); $pr = ""ALTER TABLE `posts_param` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts_param` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user = ""CREATE TABLE IF NOT EXISTS `user` ( `id` bigint(32) NOT NULL, `userid` varchar(16) NOT NULL, `pass` varchar(255) NOT NULL, `confirm` varchar(255) DEFAULT NULL, `group` enum('0','1','2','3','4','5') NOT NULL, `email` varchar(255) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user); $pr = ""ALTER TABLE `user` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user_detail = ""CREATE TABLE IF NOT EXISTS `user_detail` ( `id` bigint(20) NOT NULL, `userid` varchar(32) COLLATE latin1_general_ci NOT NULL, `fname` varchar(32) COLLATE latin1_general_ci NULL, `lname` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `sex` varchar(2) COLLATE latin1_general_ci DEFAULT NULL, `birthplace` varchar(32) COLLATE latin1_general_ci DEFAULT NULL, `birthdate` date DEFAULT NULL, `addr` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `city` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `state` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `country` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `postcode` varchar(32) COLLATE latin1_general_ci DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user_detail); $pr = ""ALTER TABLE `user_detail` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user_detail` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT""; $db->query($pr); }" 4286,"public static function go($input, $path, $allowed='', $uniq=false, $size='', $width = '', $height = ''){ $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if(isset($_FILES[$input]) && $_FILES[$input]['error'] == 0){ if($uniq == true){ $uniqfile = sha1(microtime().$filename); }else{ $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH.$path.$uniqfile.$filename; if(!in_array(strtolower($extension), $allowed)){ $result['error'] = 'File not allowed'; }else{ if(move_uploaded_file( $filetmp, $filepath) ){ $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile.$filename; $result['path'] = $path.$uniqfile.$filename; $result['filepath'] = $filepath; $result['fileurl'] = Options::get('siteurl').$path.$uniqfile.$filename; }else{ $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } }else{ $result['error'] = ''; } return $result; }",True,PHP,go,Upload.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function createTable () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $cat = ""CREATE TABLE IF NOT EXISTS `cat` ( `id` int(11) NOT NULL, `name` text NOT NULL, `slug` text NOT NULL, `parent` text DEFAULT NULL, `desc` text DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 ""; $db->query($cat); $pr = ""ALTER TABLE `cat` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `cat` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $menu = ""CREATE TABLE IF NOT EXISTS `menus` ( `id` int(11) NOT NULL, `name` varchar(64) NOT NULL, `menuid` varchar(32) NOT NULL, `parent` varchar(11) DEFAULT NULL, `sub` enum('0','1') NOT NULL, `type` varchar(8) NOT NULL, `value` text NOT NULL, `class` varchar(64) DEFAULT NULL, `order` varchar(4) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($menu); $pr = ""ALTER TABLE `menus` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `menus` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $options = ""CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` text CHARACTER SET utf8 NOT NULL, `value` text CHARACTER SET utf8 NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($options); $pr = ""ALTER TABLE `options` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $posts = ""CREATE TABLE IF NOT EXISTS `posts` ( `id` bigint(32) NOT NULL, `date` datetime NOT NULL, `title` text NOT NULL, `slug` text NOT NULL, `content` mediumtext NOT NULL, `author` text NOT NULL, `type` text NOT NULL, `cat` int(11) NOT NULL, `modified` datetime DEFAULT NULL, `status` enum('0','1','2') NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($posts); $pr = ""ALTER TABLE `posts` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $post_param = ""CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, `post_id` bigint(32) NOT NULL, `param` text NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8""; $db->query($post_param); $pr = ""ALTER TABLE `posts_param` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts_param` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user = ""CREATE TABLE IF NOT EXISTS `user` ( `id` bigint(32) NOT NULL, `userid` varchar(16) NOT NULL, `pass` varchar(255) NOT NULL, `confirm` varchar(255) DEFAULT NULL, `group` enum('0','1','2','3','4','5') NOT NULL, `email` varchar(255) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user); $pr = ""ALTER TABLE `user` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user_detail = ""CREATE TABLE IF NOT EXISTS `user_detail` ( `id` bigint(20) NOT NULL, `userid` varchar(32) COLLATE latin1_general_ci NOT NULL, `fname` varchar(32) COLLATE latin1_general_ci NULL, `lname` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `sex` varchar(2) COLLATE latin1_general_ci DEFAULT NULL, `birthplace` varchar(32) COLLATE latin1_general_ci DEFAULT NULL, `birthdate` date DEFAULT NULL, `addr` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `city` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `state` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `country` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `postcode` varchar(32) COLLATE latin1_general_ci DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user_detail); $pr = ""ALTER TABLE `user_detail` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user_detail` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT""; $db->query($pr); }" 4287,"public static function sitemap() { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/sitemap"".GX_URL_PREFIX; break; default: $url = Options::get('siteurl').""/index.php?page=sitemap""; break; } return $url; }",True,PHP,sitemap,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function createTable () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $cat = ""CREATE TABLE IF NOT EXISTS `cat` ( `id` int(11) NOT NULL, `name` text NOT NULL, `slug` text NOT NULL, `parent` text DEFAULT NULL, `desc` text DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 ""; $db->query($cat); $pr = ""ALTER TABLE `cat` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `cat` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $menu = ""CREATE TABLE IF NOT EXISTS `menus` ( `id` int(11) NOT NULL, `name` varchar(64) NOT NULL, `menuid` varchar(32) NOT NULL, `parent` varchar(11) DEFAULT NULL, `sub` enum('0','1') NOT NULL, `type` varchar(8) NOT NULL, `value` text NOT NULL, `class` varchar(64) DEFAULT NULL, `order` varchar(4) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($menu); $pr = ""ALTER TABLE `menus` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `menus` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $options = ""CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` text CHARACTER SET utf8 NOT NULL, `value` text CHARACTER SET utf8 NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($options); $pr = ""ALTER TABLE `options` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $posts = ""CREATE TABLE IF NOT EXISTS `posts` ( `id` bigint(32) NOT NULL, `date` datetime NOT NULL, `title` text NOT NULL, `slug` text NOT NULL, `content` mediumtext NOT NULL, `author` text NOT NULL, `type` text NOT NULL, `cat` int(11) NOT NULL, `modified` datetime DEFAULT NULL, `status` enum('0','1','2') NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($posts); $pr = ""ALTER TABLE `posts` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $post_param = ""CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, `post_id` bigint(32) NOT NULL, `param` text NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8""; $db->query($post_param); $pr = ""ALTER TABLE `posts_param` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts_param` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user = ""CREATE TABLE IF NOT EXISTS `user` ( `id` bigint(32) NOT NULL, `userid` varchar(16) NOT NULL, `pass` varchar(255) NOT NULL, `confirm` varchar(255) DEFAULT NULL, `group` enum('0','1','2','3','4','5') NOT NULL, `email` varchar(255) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user); $pr = ""ALTER TABLE `user` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user_detail = ""CREATE TABLE IF NOT EXISTS `user_detail` ( `id` bigint(20) NOT NULL, `userid` varchar(32) COLLATE latin1_general_ci NOT NULL, `fname` varchar(32) COLLATE latin1_general_ci NULL, `lname` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `sex` varchar(2) COLLATE latin1_general_ci DEFAULT NULL, `birthplace` varchar(32) COLLATE latin1_general_ci DEFAULT NULL, `birthdate` date DEFAULT NULL, `addr` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `city` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `state` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `country` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `postcode` varchar(32) COLLATE latin1_general_ci DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user_detail); $pr = ""ALTER TABLE `user_detail` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user_detail` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT""; $db->query($pr); }" 4288,"public static function sitemap() { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/sitemap"".GX_URL_PREFIX; break; default: $url = Options::get('siteurl').""/index.php?page=sitemap""; break; } return $url; }",True,PHP,sitemap,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function createTable () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $cat = ""CREATE TABLE IF NOT EXISTS `cat` ( `id` int(11) NOT NULL, `name` text NOT NULL, `slug` text NOT NULL, `parent` text DEFAULT NULL, `desc` text DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 ""; $db->query($cat); $pr = ""ALTER TABLE `cat` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `cat` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $menu = ""CREATE TABLE IF NOT EXISTS `menus` ( `id` int(11) NOT NULL, `name` varchar(64) NOT NULL, `menuid` varchar(32) NOT NULL, `parent` varchar(11) DEFAULT NULL, `sub` enum('0','1') NOT NULL, `type` varchar(8) NOT NULL, `value` text NOT NULL, `class` varchar(64) DEFAULT NULL, `order` varchar(4) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($menu); $pr = ""ALTER TABLE `menus` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `menus` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $options = ""CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` text CHARACTER SET utf8 NOT NULL, `value` text CHARACTER SET utf8 NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($options); $pr = ""ALTER TABLE `options` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $posts = ""CREATE TABLE IF NOT EXISTS `posts` ( `id` bigint(32) NOT NULL, `date` datetime NOT NULL, `title` text NOT NULL, `slug` text NOT NULL, `content` mediumtext NOT NULL, `author` text NOT NULL, `type` text NOT NULL, `cat` int(11) NOT NULL, `modified` datetime DEFAULT NULL, `status` enum('0','1','2') NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($posts); $pr = ""ALTER TABLE `posts` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $post_param = ""CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, `post_id` bigint(32) NOT NULL, `param` text NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8""; $db->query($post_param); $pr = ""ALTER TABLE `posts_param` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts_param` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user = ""CREATE TABLE IF NOT EXISTS `user` ( `id` bigint(32) NOT NULL, `userid` varchar(16) NOT NULL, `pass` varchar(255) NOT NULL, `confirm` varchar(255) DEFAULT NULL, `group` enum('0','1','2','3','4','5') NOT NULL, `email` varchar(255) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user); $pr = ""ALTER TABLE `user` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user_detail = ""CREATE TABLE IF NOT EXISTS `user_detail` ( `id` bigint(20) NOT NULL, `userid` varchar(32) COLLATE latin1_general_ci NOT NULL, `fname` varchar(32) COLLATE latin1_general_ci NULL, `lname` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `sex` varchar(2) COLLATE latin1_general_ci DEFAULT NULL, `birthplace` varchar(32) COLLATE latin1_general_ci DEFAULT NULL, `birthdate` date DEFAULT NULL, `addr` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `city` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `state` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `country` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `postcode` varchar(32) COLLATE latin1_general_ci DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user_detail); $pr = ""ALTER TABLE `user_detail` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user_detail` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT""; $db->query($pr); }" 4289,"public static function sitemap() { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/sitemap"".GX_URL_PREFIX; break; default: $url = Options::get('siteurl').""/index.php?page=sitemap""; break; } return $url; }",True,PHP,sitemap,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function createTable () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $cat = ""CREATE TABLE IF NOT EXISTS `cat` ( `id` int(11) NOT NULL, `name` text NOT NULL, `slug` text NOT NULL, `parent` text DEFAULT NULL, `desc` text DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 ""; $db->query($cat); $pr = ""ALTER TABLE `cat` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `cat` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $menu = ""CREATE TABLE IF NOT EXISTS `menus` ( `id` int(11) NOT NULL, `name` varchar(64) NOT NULL, `menuid` varchar(32) NOT NULL, `parent` varchar(11) DEFAULT NULL, `sub` enum('0','1') NOT NULL, `type` varchar(8) NOT NULL, `value` text NOT NULL, `class` varchar(64) DEFAULT NULL, `order` varchar(4) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($menu); $pr = ""ALTER TABLE `menus` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `menus` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $options = ""CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` text CHARACTER SET utf8 NOT NULL, `value` text CHARACTER SET utf8 NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($options); $pr = ""ALTER TABLE `options` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $posts = ""CREATE TABLE IF NOT EXISTS `posts` ( `id` bigint(32) NOT NULL, `date` datetime NOT NULL, `title` text NOT NULL, `slug` text NOT NULL, `content` mediumtext NOT NULL, `author` text NOT NULL, `type` text NOT NULL, `cat` int(11) NOT NULL, `modified` datetime DEFAULT NULL, `status` enum('0','1','2') NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($posts); $pr = ""ALTER TABLE `posts` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $post_param = ""CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, `post_id` bigint(32) NOT NULL, `param` text NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8""; $db->query($post_param); $pr = ""ALTER TABLE `posts_param` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts_param` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user = ""CREATE TABLE IF NOT EXISTS `user` ( `id` bigint(32) NOT NULL, `userid` varchar(16) NOT NULL, `pass` varchar(255) NOT NULL, `confirm` varchar(255) DEFAULT NULL, `group` enum('0','1','2','3','4','5') NOT NULL, `email` varchar(255) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user); $pr = ""ALTER TABLE `user` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user_detail = ""CREATE TABLE IF NOT EXISTS `user_detail` ( `id` bigint(20) NOT NULL, `userid` varchar(32) COLLATE latin1_general_ci NOT NULL, `fname` varchar(32) COLLATE latin1_general_ci NULL, `lname` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `sex` varchar(2) COLLATE latin1_general_ci DEFAULT NULL, `birthplace` varchar(32) COLLATE latin1_general_ci DEFAULT NULL, `birthdate` date DEFAULT NULL, `addr` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `city` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `state` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `country` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `postcode` varchar(32) COLLATE latin1_general_ci DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user_detail); $pr = ""ALTER TABLE `user_detail` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user_detail` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT""; $db->query($pr); }" 4293,"public static function page($vars) { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/"".self::slug($vars).GX_URL_PREFIX; break; default: $url = Options::get('siteurl').""/index.php?page={$vars}""; break; } return $url; }",True,PHP,page,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function createTable () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $cat = ""CREATE TABLE IF NOT EXISTS `cat` ( `id` int(11) NOT NULL, `name` text NOT NULL, `slug` text NOT NULL, `parent` text DEFAULT NULL, `desc` text DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 ""; $db->query($cat); $pr = ""ALTER TABLE `cat` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `cat` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $menu = ""CREATE TABLE IF NOT EXISTS `menus` ( `id` int(11) NOT NULL, `name` varchar(64) NOT NULL, `menuid` varchar(32) NOT NULL, `parent` varchar(11) DEFAULT NULL, `sub` enum('0','1') NOT NULL, `type` varchar(8) NOT NULL, `value` text NOT NULL, `class` varchar(64) DEFAULT NULL, `order` varchar(4) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($menu); $pr = ""ALTER TABLE `menus` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `menus` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $options = ""CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` text CHARACTER SET utf8 NOT NULL, `value` text CHARACTER SET utf8 NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($options); $pr = ""ALTER TABLE `options` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $posts = ""CREATE TABLE IF NOT EXISTS `posts` ( `id` bigint(32) NOT NULL, `date` datetime NOT NULL, `title` text NOT NULL, `slug` text NOT NULL, `content` mediumtext NOT NULL, `author` text NOT NULL, `type` text NOT NULL, `cat` int(11) NOT NULL, `modified` datetime DEFAULT NULL, `status` enum('0','1','2') NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($posts); $pr = ""ALTER TABLE `posts` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $post_param = ""CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, `post_id` bigint(32) NOT NULL, `param` text NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8""; $db->query($post_param); $pr = ""ALTER TABLE `posts_param` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts_param` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user = ""CREATE TABLE IF NOT EXISTS `user` ( `id` bigint(32) NOT NULL, `userid` varchar(16) NOT NULL, `pass` varchar(255) NOT NULL, `confirm` varchar(255) DEFAULT NULL, `group` enum('0','1','2','3','4','5') NOT NULL, `email` varchar(255) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user); $pr = ""ALTER TABLE `user` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user_detail = ""CREATE TABLE IF NOT EXISTS `user_detail` ( `id` bigint(20) NOT NULL, `userid` varchar(32) COLLATE latin1_general_ci NOT NULL, `fname` varchar(32) COLLATE latin1_general_ci NULL, `lname` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `sex` varchar(2) COLLATE latin1_general_ci DEFAULT NULL, `birthplace` varchar(32) COLLATE latin1_general_ci DEFAULT NULL, `birthdate` date DEFAULT NULL, `addr` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `city` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `state` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `country` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `postcode` varchar(32) COLLATE latin1_general_ci DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user_detail); $pr = ""ALTER TABLE `user_detail` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user_detail` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT""; $db->query($pr); }" 4294,"public static function page($vars) { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/"".self::slug($vars).GX_URL_PREFIX; break; default: $url = Options::get('siteurl').""/index.php?page={$vars}""; break; } return $url; }",True,PHP,page,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function createTable () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $cat = ""CREATE TABLE IF NOT EXISTS `cat` ( `id` int(11) NOT NULL, `name` text NOT NULL, `slug` text NOT NULL, `parent` text DEFAULT NULL, `desc` text DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 ""; $db->query($cat); $pr = ""ALTER TABLE `cat` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `cat` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $menu = ""CREATE TABLE IF NOT EXISTS `menus` ( `id` int(11) NOT NULL, `name` varchar(64) NOT NULL, `menuid` varchar(32) NOT NULL, `parent` varchar(11) DEFAULT NULL, `sub` enum('0','1') NOT NULL, `type` varchar(8) NOT NULL, `value` text NOT NULL, `class` varchar(64) DEFAULT NULL, `order` varchar(4) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($menu); $pr = ""ALTER TABLE `menus` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `menus` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $options = ""CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` text CHARACTER SET utf8 NOT NULL, `value` text CHARACTER SET utf8 NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($options); $pr = ""ALTER TABLE `options` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $posts = ""CREATE TABLE IF NOT EXISTS `posts` ( `id` bigint(32) NOT NULL, `date` datetime NOT NULL, `title` text NOT NULL, `slug` text NOT NULL, `content` mediumtext NOT NULL, `author` text NOT NULL, `type` text NOT NULL, `cat` int(11) NOT NULL, `modified` datetime DEFAULT NULL, `status` enum('0','1','2') NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($posts); $pr = ""ALTER TABLE `posts` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $post_param = ""CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, `post_id` bigint(32) NOT NULL, `param` text NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8""; $db->query($post_param); $pr = ""ALTER TABLE `posts_param` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts_param` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user = ""CREATE TABLE IF NOT EXISTS `user` ( `id` bigint(32) NOT NULL, `userid` varchar(16) NOT NULL, `pass` varchar(255) NOT NULL, `confirm` varchar(255) DEFAULT NULL, `group` enum('0','1','2','3','4','5') NOT NULL, `email` varchar(255) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user); $pr = ""ALTER TABLE `user` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user_detail = ""CREATE TABLE IF NOT EXISTS `user_detail` ( `id` bigint(20) NOT NULL, `userid` varchar(32) COLLATE latin1_general_ci NOT NULL, `fname` varchar(32) COLLATE latin1_general_ci NULL, `lname` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `sex` varchar(2) COLLATE latin1_general_ci DEFAULT NULL, `birthplace` varchar(32) COLLATE latin1_general_ci DEFAULT NULL, `birthdate` date DEFAULT NULL, `addr` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `city` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `state` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `country` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `postcode` varchar(32) COLLATE latin1_general_ci DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user_detail); $pr = ""ALTER TABLE `user_detail` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user_detail` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT""; $db->query($pr); }" 4295,"public static function page($vars) { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/"".self::slug($vars).GX_URL_PREFIX; break; default: $url = Options::get('siteurl').""/index.php?page={$vars}""; break; } return $url; }",True,PHP,page,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function createTable () { require_once(GX_PATH.'/inc/config/config.php'); $db = new Db(); $cat = ""CREATE TABLE IF NOT EXISTS `cat` ( `id` int(11) NOT NULL, `name` text NOT NULL, `slug` text NOT NULL, `parent` text DEFAULT NULL, `desc` text DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8 ""; $db->query($cat); $pr = ""ALTER TABLE `cat` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `cat` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $menu = ""CREATE TABLE IF NOT EXISTS `menus` ( `id` int(11) NOT NULL, `name` varchar(64) NOT NULL, `menuid` varchar(32) NOT NULL, `parent` varchar(11) DEFAULT NULL, `sub` enum('0','1') NOT NULL, `type` varchar(8) NOT NULL, `value` text NOT NULL, `class` varchar(64) DEFAULT NULL, `order` varchar(4) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($menu); $pr = ""ALTER TABLE `menus` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `menus` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $options = ""CREATE TABLE IF NOT EXISTS `options` ( `id` int(11) NOT NULL, `name` text CHARACTER SET utf8 NOT NULL, `value` text CHARACTER SET utf8 NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($options); $pr = ""ALTER TABLE `options` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `options` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT""; $db->query($pr); $posts = ""CREATE TABLE IF NOT EXISTS `posts` ( `id` bigint(32) NOT NULL, `date` datetime NOT NULL, `title` text NOT NULL, `slug` text NOT NULL, `content` mediumtext NOT NULL, `author` text NOT NULL, `type` text NOT NULL, `cat` int(11) NOT NULL, `modified` datetime DEFAULT NULL, `status` enum('0','1','2') NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($posts); $pr = ""ALTER TABLE `posts` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $post_param = ""CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, `post_id` bigint(32) NOT NULL, `param` text NOT NULL, `value` text NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8""; $db->query($post_param); $pr = ""ALTER TABLE `posts_param` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `posts_param` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user = ""CREATE TABLE IF NOT EXISTS `user` ( `id` bigint(32) NOT NULL, `userid` varchar(16) NOT NULL, `pass` varchar(255) NOT NULL, `confirm` varchar(255) DEFAULT NULL, `group` enum('0','1','2','3','4','5') NOT NULL, `email` varchar(255) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user); $pr = ""ALTER TABLE `user` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user` MODIFY `id` bigint(32) NOT NULL AUTO_INCREMENT""; $db->query($pr); $user_detail = ""CREATE TABLE IF NOT EXISTS `user_detail` ( `id` bigint(20) NOT NULL, `userid` varchar(32) COLLATE latin1_general_ci NOT NULL, `fname` varchar(32) COLLATE latin1_general_ci NULL, `lname` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `sex` varchar(2) COLLATE latin1_general_ci DEFAULT NULL, `birthplace` varchar(32) COLLATE latin1_general_ci DEFAULT NULL, `birthdate` date DEFAULT NULL, `addr` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `city` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `state` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `country` varchar(255) COLLATE latin1_general_ci DEFAULT NULL, `postcode` varchar(32) COLLATE latin1_general_ci DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8""; $db->query($user_detail); $pr = ""ALTER TABLE `user_detail` ADD PRIMARY KEY (`id`)""; $db->query($pr); $pr = ""ALTER TABLE `user_detail` MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT""; $db->query($pr); }" 4296,"public static function rss() { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/rss"".GX_URL_PREFIX; break; default: $url = Options::get('siteurl').""/index.php?rss""; break; } return $url; }",True,PHP,rss,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function makeConfig ($file) { $config = ""getMessage(); } return $config; }" 4297,"public static function rss() { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/rss"".GX_URL_PREFIX; break; default: $url = Options::get('siteurl').""/index.php?rss""; break; } return $url; }",True,PHP,rss,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function makeConfig ($file) { $config = ""getMessage(); } return $config; }" 4298,"public static function rss() { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/rss"".GX_URL_PREFIX; break; default: $url = Options::get('siteurl').""/index.php?rss""; break; } return $url; }",True,PHP,rss,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function makeConfig ($file) { $config = ""getMessage(); } return $config; }" 4305,"public static function post($vars) { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/"".self::slug($vars).""/{$vars}""; break; default: $url = Options::get('siteurl').""/index.php?post={$vars}""; break; } return $url; }",True,PHP,post,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function makeConfig ($file) { $config = ""getMessage(); } return $config; }" 4306,"public static function post($vars) { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/"".self::slug($vars).""/{$vars}""; break; default: $url = Options::get('siteurl').""/index.php?post={$vars}""; break; } return $url; }",True,PHP,post,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function makeConfig ($file) { $config = ""getMessage(); } return $config; }" 4307,"public static function post($vars) { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/"".self::slug($vars).""/{$vars}""; break; default: $url = Options::get('siteurl').""/index.php?post={$vars}""; break; } return $url; }",True,PHP,post,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function makeConfig ($file) { $config = ""getMessage(); } return $config; }" 4314,"public static function cat($vars) { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/"".$vars.""/"".Typo::slugify(Categories::name($vars)); break; default: $url = Options::get('siteurl').""/index.php?cat={$vars}""; break; } return $url; }",True,PHP,cat,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-2678,"public static function makeConfig ($file) { $config = ""getMessage(); } return $config; }" 4315,"public static function cat($vars) { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/"".$vars.""/"".Typo::slugify(Categories::name($vars)); break; default: $url = Options::get('siteurl').""/index.php?cat={$vars}""; break; } return $url; }",True,PHP,cat,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-2679,"public static function makeConfig ($file) { $config = ""getMessage(); } return $config; }" 4316,"public static function cat($vars) { switch (SMART_URL) { case true: $url = Options::get('siteurl').""/"".$vars.""/"".Typo::slugify(Categories::name($vars)); break; default: $url = Options::get('siteurl').""/index.php?cat={$vars}""; break; } return $url; }",True,PHP,cat,Url.class.php,https://github.com/semplon/GeniXCMS,semplon,Puguh Wijayanto,2015-03-10 08:55:02+07:00,"Security FIX, Bug FIX",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2680,"public static function makeConfig ($file) { $config = ""getMessage(); } return $config; }" 4318,"function display_error_block() { if (!empty($_SESSION['error_msg'])) { echo '

    '. $_SESSION['error_msg'] .'

    '.""\n""; unset($_SESSION['error_msg']); } }",True,PHP,display_error_block,main.php,https://github.com/serghey-rodin/vesta,serghey-rodin,Serghey Rodin,2015-06-03 02:31:03+03:00,UI update,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-2861,public function __construct() { self::$smtphost = Options::get('smtphost'); self::$smtpuser = Options::get('smtpuser'); self::$smtppass = Options::get('smtppass'); self::$smtpssl = Options::get('smtpssl'); self::$siteemail = Options::get('siteemail'); self::$sitename = Options::get('sitename'); } 4322,"public static function decode($jwt, $key = null, $verify = true) { $tks = explode('.', $jwt); if (count($tks) != 3) { throw new Exception('Wrong number of segments'); } list($headb64, $payloadb64, $cryptob64) = $tks; if (null === ($header = json_decode(JWT::urlsafeB64Decode($headb64)))) { throw new Exception('Invalid segment encoding'); } if (null === $payload = json_decode(JWT::urlsafeB64Decode($payloadb64))) { throw new Exception('Invalid segment encoding'); } $sig = JWT::urlsafeB64Decode($cryptob64); if ($verify) { if (empty($header->alg)) { throw new DomainException('Empty algorithm'); } if (!JWT::verifySignature($sig, ""$headb64.$payloadb64"", $key, $header->alg)) { throw new UnexpectedValueException('Signature verification failed'); } } return $payload; }",True,PHP,decode,JWT.php,https://github.com/F21/jwt,F21,F21,2015-05-01 22:21:32+10:00,Fixed security issue: JVN#06120222,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-2951,public function __construct() { self::$smtphost = Options::get('smtphost'); self::$smtpuser = Options::get('smtpuser'); self::$smtppass = Options::get('smtppass'); self::$smtpssl = Options::get('smtpssl'); self::$siteemail = Options::get('siteemail'); self::$sitename = Options::get('sitename'); } 4323,"private static function verifySignature($signature, $input, $key, $algo = 'HS256') { switch ($algo) { case'HS256': case'HS384': case'HS512': return JWT::sign($input, $key, $algo) === $signature; case 'RS256': return (boolean) openssl_verify($input, $signature, $key, OPENSSL_ALGO_SHA256); case 'RS384': return (boolean) openssl_verify($input, $signature, $key, OPENSSL_ALGO_SHA384); case 'RS512': return (boolean) openssl_verify($input, $signature, $key, OPENSSL_ALGO_SHA512); default: throw new Exception(""Unsupported or invalid signing algorithm.""); } }",True,PHP,verifySignature,JWT.php,https://github.com/F21/jwt,F21,F21,2015-05-01 22:21:32+10:00,Fixed security issue: JVN#06120222,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-2951,public function __construct() { self::$smtphost = Options::get('smtphost'); self::$smtpuser = Options::get('smtpuser'); self::$smtppass = Options::get('smtppass'); self::$smtpssl = Options::get('smtpssl'); self::$siteemail = Options::get('siteemail'); self::$sitename = Options::get('sitename'); } 4324,"private static function sign($input, $key, $algo = 'HS256') { switch ($algo) { case 'HS256': return hash_hmac('sha256', $input, $key, true); case 'HS384': return hash_hmac('sha384', $input, $key, true); case 'HS512': return hash_hmac('sha512', $input, $key, true); case 'RS256': return JWT::generateRSASignature($input, $key, OPENSSL_ALGO_SHA256); case 'RS384': return JWT::generateRSASignature($input, $key, OPENSSL_ALGO_SHA384); case 'RS512': return JWT::generateRSASignature($input, $key, OPENSSL_ALGO_SHA512); default: throw new Exception(""Unsupported or invalid signing algorithm.""); } }",True,PHP,sign,JWT.php,https://github.com/F21/jwt,F21,F21,2015-05-01 22:21:32+10:00,Fixed security issue: JVN#06120222,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-2951,public function __construct() { self::$smtphost = Options::get('smtphost'); self::$smtpuser = Options::get('smtpuser'); self::$smtppass = Options::get('smtppass'); self::$smtpssl = Options::get('smtpssl'); self::$siteemail = Options::get('siteemail'); self::$sitename = Options::get('sitename'); } 4328,"public static function getStylesheet($styleName) { $stylesheet = get_option($styleName, ''); if (strlen($stylesheet) <= 0) { $stylesheetFile = SlideshowPluginMain::getPluginPath() . DIRECTORY_SEPARATOR . 'style' . DIRECTORY_SEPARATOR . 'SlideshowPlugin' . DIRECTORY_SEPARATOR . $styleName . '.css'; if (!file_exists($stylesheetFile)) { $stylesheetFile = SlideshowPluginMain::getPluginPath() . DIRECTORY_SEPARATOR . 'style' . DIRECTORY_SEPARATOR . 'SlideshowPlugin' . DIRECTORY_SEPARATOR . 'style-light.css'; } ob_start(); include($stylesheetFile); $stylesheet .= ob_get_clean(); } $stylesheet = str_replace('%plugin-url%', SlideshowPluginMain::getPluginUrl(), $stylesheet); $stylesheet = str_replace('%site-url%', get_bloginfo('url'), $stylesheet); $stylesheet = str_replace('%stylesheet-url%', get_stylesheet_directory_uri(), $stylesheet); $stylesheet = str_replace('%template-url%', get_template_directory_uri(), $stylesheet); $stylesheet = str_replace('.slideshow_container', '.slideshow_container_' . $styleName, $stylesheet); return $stylesheet; }",True,PHP,getStylesheet,SlideshowPluginSlideshowStylesheet.php,https://github.com/Boonstra/Slideshow,Boonstra,Stefan Boonstra,2015-04-23 16:20:41+02:00,Fixed security vulnerability with custom stylesheets,CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2015-3634,public function __construct() { self::$smtphost = Options::get('smtphost'); self::$smtpuser = Options::get('smtpuser'); self::$smtppass = Options::get('smtppass'); self::$smtpssl = Options::get('smtpssl'); self::$siteemail = Options::get('siteemail'); self::$sitename = Options::get('sitename'); } 4331,"$this->setType('folder'); } if (preg_match(""@\.ph(p[\d+]?|t|tml|ps)$@i"", $this->getFilename()) || $this->getFilename() == '.htaccess') { $this->setFilename($this->getFilename() . '.txt'); } if(mb_strlen($this->getFilename()) > 255) { throw new \Exception('Filenames longer than 255 characters are not allowed'); } if (Asset\Service::pathExists($this->getRealFullPath())) { $duplicate = Asset::getByPath($this->getRealFullPath()); if ($duplicate instanceof Asset and $duplicate->getId() != $this->getId()) { throw new \Exception('Duplicate full path [ ' . $this->getRealFullPath() . ' ] - cannot save asset'); } } $this->validatePathLength(); }",True,PHP,setType,Asset.php,https://github.com/pimcore/pimcore,pimcore,Bernhard Rusch,2019-03-19 14:59:24+01:00,[Asset] do not allow PHAR upload,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2019-16317,public function __construct() { self::$smtphost = Options::get('smtphost'); self::$smtpuser = Options::get('smtpuser'); self::$smtppass = Options::get('smtppass'); self::$smtpssl = Options::get('smtpssl'); self::$siteemail = Options::get('siteemail'); self::$sitename = Options::get('sitename'); } 4332,"} elseif ($type == 'customlayout') { $layoutData = unserialize($data['name']); $className = $layoutData['className']; $layoutName = $layoutData['name']; if ($item['name'] == $layoutName && $item['className'] == $className) { $class = DataObject\ClassDefinition::getByName($className); if (!$class) { throw new \Exception('Class does not exist'); } $classId = $class->getId(); $layoutList = new DataObject\ClassDefinition\CustomLayout\Listing(); $db = \Pimcore\Db::get(); $layoutList->setCondition('name = ' . $db->quote($layoutName) . ' AND classId = ' . $classId); $layoutList = $layoutList->load(); $layoutDefinition = null; if ($layoutList) { $layoutDefinition = $layoutList[0]; } if (!$layoutDefinition) { $layoutDefinition = new DataObject\ClassDefinition\CustomLayout(); $layoutDefinition->setName($layoutName); $layoutDefinition->setClassId($classId); } try { $layoutDefinition->setDescription($item['description']); $layoutDef = DataObject\ClassDefinition\Service::generateLayoutTreeFromArray($item['layoutDefinitions'], true); $layoutDefinition->setLayoutDefinitions($layoutDef); $layoutDefinition->save(); } catch (\Exception $e) { Logger::error($e->getMessage()); return $this->adminJson(['success' => false, 'message' => $e->getMessage()]); } } } } return $this->adminJson(['success' => true]); }",True,PHP,elseif,ClassController.php,https://github.com/pimcore/pimcore,pimcore,Bernhard Rusch,2019-03-19 15:59:11+01:00,[Object] optimized bulk import,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2019-10867,public function __construct() { self::$smtphost = Options::get('smtphost'); self::$smtpuser = Options::get('smtpuser'); self::$smtppass = Options::get('smtppass'); self::$smtpssl = Options::get('smtpssl'); self::$siteemail = Options::get('siteemail'); self::$sitename = Options::get('sitename'); } 4336,$resultItem['qtip'] = $item->getDescription() ? $item->getDescription() : ' '; $result[] = $resultItem; } return $this->adminJson($result); },True,PHP,getDescription,ClassificationstoreController.php,https://github.com/pimcore/pimcore,pimcore,Divesh Pahuja,2021-12-21 09:15:58+01:00,[Classification Store] Properly escape values on grids & titles,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-4139,public function __construct() { self::$smtphost = Options::get('smtphost'); self::$smtpuser = Options::get('smtpuser'); self::$smtppass = Options::get('smtppass'); self::$smtpssl = Options::get('smtpssl'); self::$siteemail = Options::get('siteemail'); self::$sitename = Options::get('sitename'); } 4339,"public function videoThumbnailTreeAction() { $this->checkPermission('thumbnails'); $thumbnails = []; $list = new Asset\Video\Thumbnail\Config\Listing(); $groups = []; foreach ($list->getThumbnails() as $item) { if ($item->getGroup()) { if (!$groups[$item->getGroup()]) { $groups[$item->getGroup()] = [ 'id' => 'group_' . $item->getName(), 'text' => $item->getGroup(), 'expandable' => true, 'leaf' => false, 'allowChildren' => true, 'iconCls' => 'pimcore_icon_folder', 'group' => $item->getGroup(), 'children' => [], ]; } $groups[$item->getGroup()]['children'][] = [ 'id' => $item->getName(), 'text' => $item->getName(), 'leaf' => true, 'iconCls' => 'pimcore_icon_videothumbnails', 'cls' => 'pimcore_treenode_disabled', 'writeable' => $item->isWriteable(), ]; } else { $thumbnails[] = [ 'id' => $item->getName(), 'text' => $item->getName(), 'leaf' => true, 'iconCls' => 'pimcore_icon_videothumbnails', 'cls' => 'pimcore_treenode_disabled', 'writeable' => $item->isWriteable(), ]; } } foreach ($groups as $group) { $thumbnails[] = $group; } return $this->adminJson($thumbnails); }",True,PHP,videoThumbnailTreeAction,SettingsController.php,https://github.com/pimcore/pimcore,pimcore,Divesh Pahuja,2022-01-19 16:24:47+01:00,[Thumbnails] Escape group text properly,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0285,public function __construct() { self::$smtphost = Options::get('smtphost'); self::$smtpuser = Options::get('smtpuser'); self::$smtppass = Options::get('smtppass'); self::$smtpssl = Options::get('smtpssl'); self::$siteemail = Options::get('siteemail'); self::$sitename = Options::get('sitename'); } 4340,"public function thumbnailTreeAction() { $this->checkPermission('thumbnails'); $thumbnails = []; $list = new Asset\Image\Thumbnail\Config\Listing(); $groups = []; foreach ($list->getThumbnails() as $item) { if ($item->getGroup()) { if (empty($groups[$item->getGroup()])) { $groups[$item->getGroup()] = [ 'id' => 'group_' . $item->getName(), 'text' => $item->getGroup(), 'expandable' => true, 'leaf' => false, 'allowChildren' => true, 'iconCls' => 'pimcore_icon_folder', 'group' => $item->getGroup(), 'children' => [], ]; } $groups[$item->getGroup()]['children'][] = [ 'id' => $item->getName(), 'text' => $item->getName(), 'leaf' => true, 'iconCls' => 'pimcore_icon_thumbnails', 'cls' => 'pimcore_treenode_disabled', 'writeable' => $item->isWriteable(), ]; } else { $thumbnails[] = [ 'id' => $item->getName(), 'text' => $item->getName(), 'leaf' => true, 'iconCls' => 'pimcore_icon_thumbnails', 'cls' => 'pimcore_treenode_disabled', 'writeable' => $item->isWriteable(), ]; } } foreach ($groups as $group) { $thumbnails[] = $group; } return $this->adminJson($thumbnails); }",True,PHP,thumbnailTreeAction,SettingsController.php,https://github.com/pimcore/pimcore,pimcore,Divesh Pahuja,2022-01-19 16:24:47+01:00,[Thumbnails] Escape group text properly,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0285,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }" 4342,"public static function generateLayoutTreeFromArray($array, $throwException = false, $insideLocalizedField = false) { if (is_array($array) && count($array) > 0) { if ($name = $array['name'] ?? false) { $sanitizedName = htmlentities($name); if ($sanitizedName !== $name) { throw new \Exception('not a valid name:' . htmlentities($name)); } } $loader = \Pimcore::getContainer()->get('pimcore.implementation_loader.object.' . $array['datatype']); if ($loader->supports($array['fieldtype'])) { $item = $loader->build($array['fieldtype']); $insideLocalizedField = $insideLocalizedField || $item instanceof DataObject\ClassDefinition\Data\Localizedfields; if (method_exists($item, 'addChild')) { $item->setValues($array, ['childs']); $childs = $array['childs'] ?? []; if (!empty($childs['datatype'])) { $childO = self::generateLayoutTreeFromArray($childs, $throwException, $insideLocalizedField); $item->addChild($childO); } elseif (is_array($childs) && count($childs) > 0) { foreach ($childs as $child) { $childO = self::generateLayoutTreeFromArray($child, $throwException, $insideLocalizedField); if ($childO !== false) { $item->addChild($childO); } else { if ($throwException) { throw new \Exception('Could not add child ' . var_export($child, true)); } Logger::err('Could not add child ' . var_export($child, true)); return false; } } } } else { $blockedVars = []; if (method_exists($item, 'resolveBlockedVars')) { $blockedVars = $item->resolveBlockedVars(); } self::removeDynamicOptionsFromArray($array, $blockedVars); $item->setValues($array); if ($item instanceof DataObject\ClassDefinition\Data\EncryptedField) { $item->setupDelegate($array); } } return $item; } } if ($throwException) { throw new \Exception('Could not add child ' . var_export($array, true)); } return false; }",True,PHP,generateLayoutTreeFromArray,Service.php,https://github.com/pimcore/pimcore,pimcore,Divesh,2022-01-25 12:20:25+01:00,disallow html entity names on import - follow up to #11217,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0251,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }" 4345,"public function uploadCustomLogoAction(Request $request) { $fileExt = File::getFileExtension($_FILES['Filedata']['name']); if (!in_array($fileExt, ['svg', 'png', 'jpg'])) { throw new \Exception('Unsupported file format'); } if ($fileExt === 'svg' && stripos(file_get_contents($_FILES['Filedata']['tmp_name']), 'writeStream(self::CUSTOM_LOGO_PATH, fopen($_FILES['Filedata']['tmp_name'], 'rb')); $response = $this->adminJson(['success' => true]); $response->headers->set('Content-Type', 'text/html'); return $response; }",True,PHP,uploadCustomLogoAction,SettingsController.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2022-02-11 13:29:01+01:00,"Svg sanitization (#11386) * setting up the svg saniziter on logo and assets upload * more detailed exception message * changed to mime type check instead of file extension * adding the sanitization to ""Upload new version"" * refactor to sanitize on preAdd/preUpdate, rollback AssetController.php * fix resource|string, null given on mime_content_type * using symfony mime component + small tweaks * avoiding save without changes case * tweak when checking if is image type",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0565,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }" 4398,"public function setGroupBy($groupBy, $qoute = true) { $this->setData(null); if ($groupBy) { $this->groupBy = $groupBy; if ($qoute && strpos($groupBy, '`') !== 0) { $this->groupBy = '`' . $this->groupBy . '`'; } } return $this; }",True,PHP,setGroupBy,AbstractListing.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2022-06-20 15:37:31+02:00,"[Security] SQL Injection in Data Hub GraphQL (#12444) * [Security] SQL Injection in Data Hub GraphQL (AbstractListing) * Update lib/Model/Listing/AbstractListing.php Co-authored-by: Jacob Dreesen * Update lib/Model/Listing/AbstractListing.php Co-authored-by: mcop1 <89011527+mcop1@users.noreply.github.com> Co-authored-by: Jacob Dreesen Co-authored-by: Bernhard Rusch ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31092,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }" 4399,} elseif ($this->isValidOrderKey($o)) { $this->orderKey[] = '`' . $o . '`'; } } },True,PHP,elseif,AbstractListing.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2022-06-20 15:37:31+02:00,"[Security] SQL Injection in Data Hub GraphQL (#12444) * [Security] SQL Injection in Data Hub GraphQL (AbstractListing) * Update lib/Model/Listing/AbstractListing.php Co-authored-by: Jacob Dreesen * Update lib/Model/Listing/AbstractListing.php Co-authored-by: mcop1 <89011527+mcop1@users.noreply.github.com> Co-authored-by: Jacob Dreesen Co-authored-by: Bernhard Rusch ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31092,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }" 4401,"public function getBodyHtmlRendered() { $html = $this->getHtmlBody(); if (!$html) { if ($this->getDocument() instanceof Model\Document) { $attributes = $this->getParams(); $attributes[ElementListener::FORCE_ALLOW_PROCESSING_UNPUBLISHED_ELEMENTS] = true; $html = Model\Document\Service::render($this->getDocument(), $attributes); } } $content = null; if ($html) { $content = $this->renderParams($html); $content = MailHelper::embedAndModifyCss($content, $this->getDocument()); $content = MailHelper::setAbsolutePaths($content, $this->getDocument(), $this->getHostUrl()); } return $content; }",True,PHP,getBodyHtmlRendered,Mail.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2022-10-27 15:09:23+02:00,"[Mail] Renderer email content twig templates in a sandbox (#13347) * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * Apply suggestions from code review Co-authored-by: Sebastian Blank * Update lib/Templating/TwigDefaultDelegatingEngine.php Co-authored-by: Jacob Dreesen * [Twig] Renderer user controlled twig templates in a sandbox - review changes #13347 * [Twig] Renderer user controlled twig templates in a sandbox - use custom security policy to whitelist object properties and methods execution by default #13347 * [Twig] Renderer user controlled twig templates in a sandbox - review changes #13347 * [Twig] Renderer user controlled twig templates in a sandbox - fix phpstan #13347 * [Twig] Renderer user controlled twig templates in a sandbox - fix service definition #13347 * [Twig] Renderer user controlled twig templates in a sandbox - docs typo #13347 Co-authored-by: Sebastian Blank Co-authored-by: Jacob Dreesen ",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-39365,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }" 4403,public function getSubjectRendered() { $subject = $this->getSubject(); if (!$subject && $this->getDocument()) { $subject = $this->getDocument()->getSubject(); } if ($subject) { return $this->renderParams($subject); } return ''; },True,PHP,getSubjectRendered,Mail.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2022-10-27 15:09:23+02:00,"[Mail] Renderer email content twig templates in a sandbox (#13347) * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * Apply suggestions from code review Co-authored-by: Sebastian Blank * Update lib/Templating/TwigDefaultDelegatingEngine.php Co-authored-by: Jacob Dreesen * [Twig] Renderer user controlled twig templates in a sandbox - review changes #13347 * [Twig] Renderer user controlled twig templates in a sandbox - use custom security policy to whitelist object properties and methods execution by default #13347 * [Twig] Renderer user controlled twig templates in a sandbox - review changes #13347 * [Twig] Renderer user controlled twig templates in a sandbox - fix phpstan #13347 * [Twig] Renderer user controlled twig templates in a sandbox - fix service definition #13347 * [Twig] Renderer user controlled twig templates in a sandbox - docs typo #13347 Co-authored-by: Sebastian Blank Co-authored-by: Jacob Dreesen ",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-39365,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }" 4406,public function getBodyTextRendered() { $text = $this->getTextBody(); if ($text) { $content = $this->renderParams($text); } else { try { $htmlContent = $this->getBodyHtmlRendered(); $html = new DomCrawler($htmlContent); $body = $html->filter('body')->eq(0); if ($body->count()) { $style = $body->filter('style')->eq(0); if ($style->count()) { $style->clear(); } $htmlContent = $body->html(); } $html->clear(); unset($html); $content = $this->html2Text($htmlContent); } catch (\Exception $e) { Logger::err((string) $e); $content = ''; } } return $content; },True,PHP,getBodyTextRendered,Mail.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2022-10-27 15:09:23+02:00,"[Mail] Renderer email content twig templates in a sandbox (#13347) * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * Apply suggestions from code review Co-authored-by: Sebastian Blank * Update lib/Templating/TwigDefaultDelegatingEngine.php Co-authored-by: Jacob Dreesen * [Twig] Renderer user controlled twig templates in a sandbox - review changes #13347 * [Twig] Renderer user controlled twig templates in a sandbox - use custom security policy to whitelist object properties and methods execution by default #13347 * [Twig] Renderer user controlled twig templates in a sandbox - review changes #13347 * [Twig] Renderer user controlled twig templates in a sandbox - fix phpstan #13347 * [Twig] Renderer user controlled twig templates in a sandbox - fix service definition #13347 * [Twig] Renderer user controlled twig templates in a sandbox - docs typo #13347 Co-authored-by: Sebastian Blank Co-authored-by: Jacob Dreesen ",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-39365,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }" 4408,"public function __construct(Environment $twig, array $engines = []) { $this->twig = $twig; parent::__construct($engines); }",True,PHP,__construct,TwigDefaultDelegatingEngine.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2022-10-27 15:09:23+02:00,"[Mail] Renderer email content twig templates in a sandbox (#13347) * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * Apply suggestions from code review Co-authored-by: Sebastian Blank * Update lib/Templating/TwigDefaultDelegatingEngine.php Co-authored-by: Jacob Dreesen * [Twig] Renderer user controlled twig templates in a sandbox - review changes #13347 * [Twig] Renderer user controlled twig templates in a sandbox - use custom security policy to whitelist object properties and methods execution by default #13347 * [Twig] Renderer user controlled twig templates in a sandbox - review changes #13347 * [Twig] Renderer user controlled twig templates in a sandbox - fix phpstan #13347 * [Twig] Renderer user controlled twig templates in a sandbox - fix service definition #13347 * [Twig] Renderer user controlled twig templates in a sandbox - docs typo #13347 Co-authored-by: Sebastian Blank Co-authored-by: Jacob Dreesen ",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-39365,"public static function getMenuAdmin($menuid, $class=''){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
    ""; }else{ $menu = """"; } return $menu; }" 4417,"public function enrichLayoutDefinition( $object, $context = []) { $renderer = Model\DataObject\ClassDefinition\Helper\DynamicTextResolver::resolveRenderingClass( $this->getRenderingClass() ); $context['fieldname'] = $this->getName(); $context['layout'] = $this; if ($renderer instanceof DynamicTextLabelInterface) { $result = $renderer->renderLayoutText($this->renderingData, $object, $context); $this->html = $result; } $templatingEngine = \Pimcore::getContainer()->get('pimcore.templating.engine.delegating'); $twig = $templatingEngine->getTwigEnvironment(); $template = $twig->createTemplate($this->html); $this->html = $template->render(array_merge($context, [ 'object' => $object, ] )); return $this; }",True,PHP,enrichLayoutDefinition,Text.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2022-10-27 15:09:23+02:00,"[Mail] Renderer email content twig templates in a sandbox (#13347) * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * Apply suggestions from code review Co-authored-by: Sebastian Blank * Update lib/Templating/TwigDefaultDelegatingEngine.php Co-authored-by: Jacob Dreesen * [Twig] Renderer user controlled twig templates in a sandbox - review changes #13347 * [Twig] Renderer user controlled twig templates in a sandbox - use custom security policy to whitelist object properties and methods execution by default #13347 * [Twig] Renderer user controlled twig templates in a sandbox - review changes #13347 * [Twig] Renderer user controlled twig templates in a sandbox - fix phpstan #13347 * [Twig] Renderer user controlled twig templates in a sandbox - fix service definition #13347 * [Twig] Renderer user controlled twig templates in a sandbox - docs typo #13347 Co-authored-by: Sebastian Blank Co-authored-by: Jacob Dreesen ",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-39365,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == ''){ $parent = self::isHadParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::isHadParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::isHadParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::isHadParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }" 4420,"$slug = $item->getSlug(); $foundSlug = true; if (strlen($slug) > 0) { $document = Model\Document::getByPath($slug); if ($document) { throw new Model\Element\ValidationException('Slug must be unique. Found conflict with document path ""' . $slug . '""'); } if (strlen($slug) < 2 || $slug[0] !== '/') { throw new Model\Element\ValidationException('Slug must be at least 2 characters long and start with slash'); } if (strpos($slug, '//') !== false || !filter_var('https: throw new Model\Element\ValidationException('Slug ""' . $slug . '"" is not valid'); } } } } if (!$omitMandatoryCheck && $this->getMandatory() && !$foundSlug) { throw new Model\Element\ValidationException('Mandatory check failed'); } parent::checkValidity($data, $omitMandatoryCheck); }",True,PHP,getSlug,UrlSlug.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-02-14 09:14:01+01:00,"[Task] Improve check validity (#14301) * set value to sanitized string if string doesn't match requirements * sanitized string to improve validity check * sanitized string to improve validity check * added exception to validation",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0827,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == ''){ $parent = self::isHadParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::isHadParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::isHadParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::isHadParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }" 4422,"foreach ($items as $item) { $type = $item['type']; unset($item['type']); $pipe->addItem($type, $item, $mediaName); }",True,PHP,foreach,SettingsController.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-02-27 16:29:25+01:00,optimized video thumbnail creation (#14472),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1117,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == ''){ $parent = self::isHadParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::isHadParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::isHadParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::isHadParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }" 4423,"return ($mediaOrder[$a] < $mediaOrder[$b]) ? -1 : 1; }); foreach ($mediaData as $mediaName => $items) { foreach ($items as $item) { $type = $item['type']; unset($item['type']); $pipe->addItem($type, $item, $mediaName); } } $pipe->save(); return $this->adminJson(['success' => true]); }",True,PHP,return,SettingsController.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-02-27 16:29:25+01:00,optimized video thumbnail creation (#14472),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1117,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == ''){ $parent = self::isHadParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::isHadParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::isHadParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::isHadParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }" 4427,"$sql .= 'SELECT ' . $db->quoteIdentifier($selectField); } else { $sql .= 'SELECT *'; } if (!empty($config['from'])) { if (strpos(strtoupper(trim($config['from'])), 'FROM') !== 0) { $sql .= ' FROM '; } $sql .= ' ' . str_replace(""\n"", ' ', $config['from']); } if (!empty($config['where'])) { if (str_starts_with(strtoupper(trim($config['where'])), 'WHERE')) { $config['where'] = preg_replace('/^\s*WHERE\s*/', '', $config['where']); } $sql .= ' WHERE (' . str_replace(""\n"", ' ', $config['where']) . ')'; } if (!empty($config['groupby']) && !$ignoreSelectAndGroupBy) { if (strpos(strtoupper(trim($config['groupby'])), 'GROUP BY') !== 0) { $sql .= ' GROUP BY '; } $sql .= ' ' . str_replace(""\n"", ' ', $config['groupby']); } if ($drillDownFilters) { $havingParts = []; $db = Db::get(); foreach ($drillDownFilters as $field => $value) { if ($value !== '' && $value !== null) { $havingParts[] = ""$field = "" . $db->quote($value); } } if ($havingParts) { $sql .= ' HAVING ' . implode(' AND ', $havingParts); } } return $sql; }",True,PHP,quoteIdentifier,Sql.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-03-06 14:06:07+01:00,"[Task] Optimized custom reports filter (#14526) * optimized custom reports filter * Update models/Tool/CustomReport/Adapter/Sql.php Co-authored-by: Jacob Dreesen --------- Co-authored-by: Jacob Dreesen ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-28438,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == ''){ $parent = self::isHadParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::isHadParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::isHadParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::isHadParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }" 4431,"public function getByUuid($uuid) { $data = $this->db->fetchAssociative('SELECT * FROM ' . self::TABLE_NAME ."" where uuid='"" . $uuid . ""'""); $model = new Model\Tool\UUID(); $model->setValues($data); return $model; }",True,PHP,getByUuid,Dao.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-03-15 16:24:56+01:00,"[Task] Optimized get by UUID (#14633) * fix: unify uuid queries * replaced query with queryBuilder --------- Co-authored-by: ChristianFeldkirchne ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-28108,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == ''){ $parent = self::isHadParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::isHadParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::isHadParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::isHadParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }" 4432,"public function exists($uuid) { return (bool) $this->db->fetchOne('SELECT uuid FROM ' . self::TABLE_NAME . ' where uuid = ?', [$uuid]); }",True,PHP,exists,Dao.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-03-15 16:24:56+01:00,"[Task] Optimized get by UUID (#14633) * fix: unify uuid queries * replaced query with queryBuilder --------- Co-authored-by: ChristianFeldkirchne ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-28108,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == ''){ $parent = self::isHadParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::isHadParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::isHadParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::isHadParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }" 4435,public function setGroup($group) { $this->group = $group; return $this; },True,PHP,setGroup,Unit.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-17 16:07:13+02:00,fixed xss in quantity values (#14937),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2328,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == ''){ $parent = self::isHadParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::isHadParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::isHadParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::isHadParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }" 4437,public function setReference($reference) { $this->reference = $reference; return $this; },True,PHP,setReference,Unit.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-17 16:07:13+02:00,fixed xss in quantity values (#14937),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2328,"public static function getMenu($menuid, $class='', $bsnav=false){ $menus = self::getMenuRaw($menuid); $n = Db::$num_rows; if($n > 0){ $menu = ""
      ""; foreach ($menus as $m) { if($m->parent == ''){ $parent = self::isHadParent($m->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m->type; $menu .= ""
    • ""; $menu .= ""class} {$aclass}\"">"".$m->name.""""; $parent = $m->id; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
        ""; foreach ($menus as $m2) { if($m2->parent == $m->id){ $parent = self::isHadParent($m2->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m2->type; $menu .= ""
      • ""; $menu .= ""class} {$aclass}\"">"".$m2->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
          ""; foreach ($menus as $m3) { if($m3->parent == $m2->id){ $parent = self::isHadParent($m3->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m3->type; $menu .= ""
        • ""; $menu .= ""
        • ""; $menu .= ""class} {$aclass}\"">"".$m3->name.""""; if($n > 0){ $class = ""dropdown-menu""; $menu .= ""
            ""; foreach ($menus as $m4) { if($m4->parent == $m3->id){ $parent = self::isHadParent($m4->id, $menuid); $n = Db::$num_rows; if($n > 0 && $bsnav) { $class = ""class=\""dropdown\""""; $aclass = ""dropdown-toggle\"" data-toggle=\""dropdown""; }else{ $class =""""; $aclass = """"; } $type = $m4->type; $menu .= ""
          • ""; $menu .= ""class} {$aclass}\"">"".$m4->name.""""; $menu .= ""
            • ""; } } $menu .= ""
          ""; } $menu .= ""
          • ""; } } $menu .= ""
        ""; } $menu .= ""
        • ""; } } $menu .= ""
      ""; } $menu .= ""
      • ""; } } $menu .= ""
    ""; }else{ $menu = """"; } return $menu; }" 4439,public function setConverter($converter) { $this->converter = (string)$converter; return $this; },True,PHP,setConverter,Unit.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-17 16:07:13+02:00,fixed xss in quantity values (#14937),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2328,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d'"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }" 4440,public function setLongname($longname) { $this->longname = $longname; return $this; },True,PHP,setLongname,Unit.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-17 16:07:13+02:00,fixed xss in quantity values (#14937),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2328,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d'"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }" 4441,public function setAbbreviation($abbreviation) { $this->abbreviation = $abbreviation; return $this; },True,PHP,setAbbreviation,Unit.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-17 16:07:13+02:00,fixed xss in quantity values (#14937),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2328,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d'"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }" 4444,"public function downloadAsZipJobsAction(Request $request) { $jobId = uniqid(); $filesPerJob = 5; $jobs = []; $asset = Asset::getById((int) $request->get('id')); if (!$asset) { throw $this->createNotFoundException('Asset not found'); } if ($asset->isAllowed('view')) { $parentPath = $asset->getRealFullPath(); if ($asset->getId() == 1) { $parentPath = ''; } $db = \Pimcore\Db::get(); $conditionFilters = []; $selectedIds = explode(',', $request->get('selectedIds', '')); $quotedSelectedIds = []; foreach ($selectedIds as $selectedId) { if ($selectedId) { $quotedSelectedIds[] = $db->quote($selectedId); } } if (!empty($quotedSelectedIds)) { $conditionFilters[] = 'id IN (' . implode(',', $quotedSelectedIds) . ')'; } $conditionFilters[] = 'path LIKE ' . $db->quote(Helper::escapeLike($parentPath) . '/%') . ' AND type != ' . $db->quote('folder'); if (!$this->getAdminUser()->isAdmin()) { $userIds = $this->getAdminUser()->getRoles(); $userIds[] = $this->getAdminUser()->getId(); $conditionFilters[] = ' ( (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 OR (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 )'; } $condition = implode(' AND ', $conditionFilters); $assetList = new Asset\Listing(); $assetList->setCondition($condition); $assetList->setOrderKey('LENGTH(path)', false); $assetList->setOrder('ASC'); for ($i = 0; $i < ceil($assetList->getTotalCount() / $filesPerJob); $i++) { $jobs[] = [[ 'url' => $this->generateUrl('pimcore_admin_asset_downloadaszipaddfiles'), 'method' => 'GET', 'params' => [ 'id' => $asset->getId(), 'selectedIds' => implode(',', $selectedIds), 'offset' => $i * $filesPerJob, 'limit' => $filesPerJob, 'jobId' => $jobId, ], ]]; } } return $this->adminJson([ 'success' => true, 'jobs' => $jobs, 'jobId' => $jobId, ]); }",True,PHP,downloadAsZipJobsAction,AssetController.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 08:31:10+02:00,"fixed sql injection, readjust tabs (#14941)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-2338,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d'"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }" 4445,"public function downloadAsZipAddFilesAction(Request $request) { $zipFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . '/download-zip-' . $request->get('jobId') . '.zip'; $asset = Asset::getById((int) $request->get('id')); $success = false; if (!$asset) { throw $this->createNotFoundException('Asset not found'); } if ($asset->isAllowed('view')) { $zip = new \ZipArchive(); if (!is_file($zipFile)) { $zipState = $zip->open($zipFile, \ZipArchive::CREATE); } else { $zipState = $zip->open($zipFile); } if ($zipState === true) { $parentPath = $asset->getRealFullPath(); if ($asset->getId() == 1) { $parentPath = ''; } $db = \Pimcore\Db::get(); $conditionFilters = []; $selectedIds = $request->get('selectedIds', []); if (!empty($selectedIds)) { $selectedIds = explode(',', $selectedIds); $conditionFilters[] = 'id IN (' . implode(',', $selectedIds) . ')'; } $conditionFilters[] = ""type != 'folder' AND path LIKE "" . $db->quote(Helper::escapeLike($parentPath) . '/%'); if (!$this->getAdminUser()->isAdmin()) { $userIds = $this->getAdminUser()->getRoles(); $userIds[] = $this->getAdminUser()->getId(); $conditionFilters[] = ' ( (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 OR (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 )'; } $condition = implode(' AND ', $conditionFilters); $assetList = new Asset\Listing(); $assetList->setCondition($condition); $assetList->setOrderKey('LENGTH(path) ASC, id ASC', false); $assetList->setOffset((int)$request->get('offset')); $assetList->setLimit((int)$request->get('limit')); foreach ($assetList as $a) { if ($a->isAllowed('view')) { if (!$a instanceof Asset\Folder) { $zip->addFile($a->getLocalFile(), preg_replace('@^' . preg_quote($asset->getRealPath(), '@') . '@i', '', $a->getRealFullPath())); } } } $zip->close(); $success = true; } } return $this->adminJson([ 'success' => $success, ]); }",True,PHP,downloadAsZipAddFilesAction,AssetController.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 08:31:10+02:00,"fixed sql injection, readjust tabs (#14941)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-2338,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d'"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }" 4448,public function setPattern($pattern) { $this->pattern = $pattern; return $this; },True,PHP,setPattern,Staticroute.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 11:35:21+02:00,"[Security] Fix xss in static routes panel (#14947) * added new helper function to htmlEncode textFields, fixed xss issue in static routes panel * added `htmlspecialchars` to model * fixed double encode issue * fixed double encode problem in BE * changed type of `htmlspecialchars`, added `htmlspecialchars` to `setMethods` * improved `htmlSpecialChars` * changed SecurityHelper method name to `convertHtmlSpecialChars` * added htmlEncode to `deleteConfirm` msgbox",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2616,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d'"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }" 4452,public function setName($name) { $this->name = $name; return $this; },True,PHP,setName,Staticroute.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 11:35:21+02:00,"[Security] Fix xss in static routes panel (#14947) * added new helper function to htmlEncode textFields, fixed xss issue in static routes panel * added `htmlspecialchars` to model * fixed double encode issue * fixed double encode problem in BE * changed type of `htmlspecialchars`, added `htmlspecialchars` to `setMethods` * improved `htmlSpecialChars` * changed SecurityHelper method name to `convertHtmlSpecialChars` * added htmlEncode to `deleteConfirm` msgbox",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2616,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d'"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }" 4453,public function setReverse($reverse) { $this->reverse = $reverse; return $this; },True,PHP,setReverse,Staticroute.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 11:35:21+02:00,"[Security] Fix xss in static routes panel (#14947) * added new helper function to htmlEncode textFields, fixed xss issue in static routes panel * added `htmlspecialchars` to model * fixed double encode issue * fixed double encode problem in BE * changed type of `htmlspecialchars`, added `htmlspecialchars` to `setMethods` * improved `htmlSpecialChars` * changed SecurityHelper method name to `convertHtmlSpecialChars` * added htmlEncode to `deleteConfirm` msgbox",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2616,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d'"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }" 4454,public function setDefaults($defaults) { $this->defaults = $defaults; return $this; },True,PHP,setDefaults,Staticroute.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 11:35:21+02:00,"[Security] Fix xss in static routes panel (#14947) * added new helper function to htmlEncode textFields, fixed xss issue in static routes panel * added `htmlspecialchars` to model * fixed double encode issue * fixed double encode problem in BE * changed type of `htmlspecialchars`, added `htmlspecialchars` to `setMethods` * improved `htmlSpecialChars` * changed SecurityHelper method name to `convertHtmlSpecialChars` * added htmlEncode to `deleteConfirm` msgbox",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2616,"public static function getId($id=''){ if(isset($id)){ $sql = sprintf(""SELECT * FROM `menus` WHERE `id` = '%d'"", $id); $menus = Db::result($sql); $n = Db::$num_rows; }else{ $menus = ''; } return $menus; }" 4455,public function setVariables($variables) { $this->variables = $variables; return $this; },True,PHP,setVariables,Staticroute.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 11:35:21+02:00,"[Security] Fix xss in static routes panel (#14947) * added new helper function to htmlEncode textFields, fixed xss issue in static routes panel * added `htmlspecialchars` to model * fixed double encode issue * fixed double encode problem in BE * changed type of `htmlspecialchars`, added `htmlspecialchars` to `setMethods` * improved `htmlSpecialChars` * changed SecurityHelper method name to `convertHtmlSpecialChars` * added htmlEncode to `deleteConfirm` msgbox",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2616,public static function getParent($id){ $q = self::getId($id); return $q[0]->parent; } 4458,public function setController($controller) { $this->controller = $controller; return $this; },True,PHP,setController,Staticroute.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 11:35:21+02:00,"[Security] Fix xss in static routes panel (#14947) * added new helper function to htmlEncode textFields, fixed xss issue in static routes panel * added `htmlspecialchars` to model * fixed double encode issue * fixed double encode problem in BE * changed type of `htmlspecialchars`, added `htmlspecialchars` to `setMethods` * improved `htmlSpecialChars` * changed SecurityHelper method name to `convertHtmlSpecialChars` * added htmlEncode to `deleteConfirm` msgbox",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2616,public static function getParent($id){ $q = self::getId($id); return $q[0]->parent; } 4460,"public function setMethods($methods) { if (is_string($methods)) { $methods = strlen($methods) ? explode(',', $methods) : []; $methods = array_map('trim', $methods); } $this->methods = $methods; return $this; }",True,PHP,setMethods,Staticroute.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 11:35:21+02:00,"[Security] Fix xss in static routes panel (#14947) * added new helper function to htmlEncode textFields, fixed xss issue in static routes panel * added `htmlspecialchars` to model * fixed double encode issue * fixed double encode problem in BE * changed type of `htmlspecialchars`, added `htmlspecialchars` to `setMethods` * improved `htmlSpecialChars` * changed SecurityHelper method name to `convertHtmlSpecialChars` * added htmlEncode to `deleteConfirm` msgbox",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2616,public static function getParent($id){ $q = self::getId($id); return $q[0]->parent; } 4462,public function setDescription($description) { $this->description = $description; return $this; },True,PHP,setDescription,Predefined.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 14:14:18+02:00,"[Security] Fix xss in predefined properties panel (#14943) * fixed xss in predefined properties panel * used global helper function for htmlEncode `pimcore.helpers.htmlEncodeTextField` * added `SecurityHelper::convertHtmlSpecialChars` * Update predefined.js prevented xss",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2615,public static function getParent($id){ $q = self::getId($id); return $q[0]->parent; } 4463,public function setName($name) { $this->name = $name; return $this; },True,PHP,setName,Predefined.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 14:14:18+02:00,"[Security] Fix xss in predefined properties panel (#14943) * fixed xss in predefined properties panel * used global helper function for htmlEncode `pimcore.helpers.htmlEncodeTextField` * added `SecurityHelper::convertHtmlSpecialChars` * Update predefined.js prevented xss",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2615,public static function getParent($id){ $q = self::getId($id); return $q[0]->parent; } 4465,public function setKey($key) { $this->key = $key; return $this; },True,PHP,setKey,Predefined.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 14:14:18+02:00,"[Security] Fix xss in predefined properties panel (#14943) * fixed xss in predefined properties panel * used global helper function for htmlEncode `pimcore.helpers.htmlEncodeTextField` * added `SecurityHelper::convertHtmlSpecialChars` * Update predefined.js prevented xss",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2615,public static function getParent($id){ $q = self::getId($id); return $q[0]->parent; } 4467,public function setData($data) { $this->data = $data; return $this; },True,PHP,setData,Predefined.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 14:14:18+02:00,"[Security] Fix xss in predefined properties panel (#14943) * fixed xss in predefined properties panel * used global helper function for htmlEncode `pimcore.helpers.htmlEncodeTextField` * added `SecurityHelper::convertHtmlSpecialChars` * Update predefined.js prevented xss",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2615,public static function getParent($id){ $q = self::getId($id); return $q[0]->parent; } 4468,public function setConfig($config) { $this->config = $config; return $this; },True,PHP,setConfig,Predefined.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 14:14:18+02:00,"[Security] Fix xss in predefined properties panel (#14943) * fixed xss in predefined properties panel * used global helper function for htmlEncode `pimcore.helpers.htmlEncodeTextField` * added `SecurityHelper::convertHtmlSpecialChars` * Update predefined.js prevented xss",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2615,public static function getParent($id){ $q = self::getId($id); return $q[0]->parent; } 4471,"public function setName($name, $locale = null) { $this->name = $name; return $this; }",True,PHP,setName,Rule.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-19 18:41:58+02:00,Fix XSS in name parameter of Pricing Rules (#14969),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2323,public static function getParent($id){ $q = self::getId($id); return $q[0]->parent; } 4474,"$filter['value'] = strtotime($filter['value']); $field = $fieldname; $value = $filter['value']; } } if ($field && $value) { $condition = $field . ' ' . $operator . ' ' . $db->quote($value); if ($languageMode) { $conditions[$fieldname] = $condition; $joins[] = [ 'language' => $fieldname, ]; } else { $conditionFilters[] = $condition; } } } } if ($request->get('searchString')) { $filterTerm = $db->quote('%' . mb_strtolower($request->get('searchString')) . '%'); $conditionFilters[] = '(lower(' . $tableName . '.key) LIKE ' . $filterTerm . ' OR lower(' . $tableName . '.text) LIKE ' . $filterTerm . ')'; } if ($languageMode) { $result = [ 'joins' => $joins, 'conditions' => $conditions, ]; return $result; } else { if (!empty($conditionFilters)) { return implode(' AND ', $conditionFilters); } return null; } }",True,PHP,strtotime,TranslationController.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-20 10:07:32+02:00,"[Security] Fix Admin Translation Export SQL Injection (#14968) * Fix admin translation export sql injection * Change to setConditon * Add SyntaxError Exception, replace sql comments * Remove empty line * Use const, remove unecessary line",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-30849,"public static function insert($vars) { if(is_array($vars)) { $ins = array( 'table' => 'options', 'name' => $vars['name'], 'value' => $vars['value'] ); $opt = Db::insert($ins); }else{ Control::error('unknown','Format not Found, please in array'); } return $opt; }" 4475,"$filter['value'] = strtotime($filter['value']); $field = $fieldname; $value = $filter['value']; } } if ($field && $value) { $condition = $field . ' ' . $operator . ' ' . $db->quote($value); if ($languageMode) { $conditions[$fieldname] = $condition; $joins[] = [ 'language' => $fieldname, ]; } else { $placeHolderName = self::PLACEHOLDER_NAME . $placeHolderCount; $placeHolderCount++; $conditionFilters[] = [ 'condition' => $field . ' ' . $operator . ' :' . $placeHolderName, 'field' => $placeHolderName, 'value' => $value, ]; } } } } if ($request->get('searchString')) { $conditionFilters[] = [ 'condition' => '(lower(' . $tableName . '.key) LIKE :filterTerm OR lower(' . $tableName . '.text) LIKE :filterTerm)', 'field' => 'filterTerm', 'value' => '%' . mb_strtolower($request->get('searchString')) . '%', ]; } if ($languageMode) { return [ 'joins' => $joins, 'conditions' => $conditions, ]; } if(!empty($conditionFilters)) { $conditions = []; $params = []; foreach($conditionFilters as $conditionFilter) { $conditions[] = $conditionFilter['condition']; $params[$conditionFilter['field']] = $conditionFilter['value']; } $conditionFilters = [ 'condition' => implode(' AND ', $conditions), 'params' => $params, ]; } return $conditionFilters; }",True,PHP,strtotime,TranslationController.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-20 11:51:21+02:00,fixed sql injection in translation api (#14952),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2630,"public static function insert($vars) { if(is_array($vars)) { $ins = array( 'table' => 'options', 'name' => $vars['name'], 'value' => $vars['value'] ); $opt = Db::insert($ins); }else{ Control::error('unknown','Format not Found, please in array'); } return $opt; }" 4476,"$filter['value'] = strtotime($filter['value']); $field = $fieldname; $value = $filter['value']; } } if ($field && $value) { $condition = $field . ' ' . $operator . ' ' . $db->quote($value); if ($languageMode) { $conditions[$fieldname] = $condition; $joins[] = [ 'language' => $fieldname, ]; } else { $placeHolderName = self::PLACEHOLDER_NAME . $placeHolderCount; $placeHolderCount++; $conditionFilters[] = [ 'condition' => $field . ' ' . $operator . ' :' . $placeHolderName, 'field' => $placeHolderName, 'value' => $value, ]; } } } } if ($request->get('searchString')) { $conditionFilters[] = [ 'condition' => '(lower(' . $tableName . '.key) LIKE :filterTerm OR lower(' . $tableName . '.text) LIKE :filterTerm)', 'field' => 'filterTerm', 'value' => '%' . mb_strtolower($request->get('searchString')) . '%', ]; } if ($languageMode) { return [ 'joins' => $joins, 'conditions' => $conditions, ]; } if(!empty($conditionFilters)) { $conditions = []; $params = []; foreach($conditionFilters as $conditionFilter) { $conditions[] = $conditionFilter['condition']; $params[$conditionFilter['field']] = $conditionFilter['value']; } $conditionFilters = [ 'condition' => implode(' AND ', $conditions), 'params' => $params, ]; } return $conditionFilters; }",True,PHP,strtotime,TranslationController.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-20 11:51:21+02:00,fixed sql injection in translation api (#14952),CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-30850,"public static function insert($vars) { if(is_array($vars)) { $ins = array( 'table' => 'options', 'name' => $vars['name'], 'value' => $vars['value'] ); $opt = Db::insert($ins); }else{ Control::error('unknown','Format not Found, please in array'); } return $opt; }" 4480,"public function loginAction(Request $request, CsrfProtectionHandler $csrfProtection, Config $config) { if ($request->get('_route') === 'pimcore_admin_login_fallback') { return $this->redirectToRoute('pimcore_admin_login', $request->query->all(), Response::HTTP_MOVED_PERMANENTLY); } $csrfProtection->regenerateCsrfToken(); $user = $this->getAdminUser(); if ($user instanceof UserInterface) { return $this->redirectToRoute('pimcore_admin_index'); } $params = $this->buildLoginPageViewParams($config); $session_gc_maxlifetime = ini_get('session.gc_maxlifetime'); if (empty($session_gc_maxlifetime)) { $session_gc_maxlifetime = 120; } $params['csrfTokenRefreshInterval'] = ((int)$session_gc_maxlifetime - 60) * 1000; if ($request->get('too_many_attempts')) { $params['error'] = $request->get('too_many_attempts'); } if ($request->get('auth_failed')) { $params['error'] = 'error_auth_failed'; } if ($request->get('session_expired')) { $params['error'] = 'error_session_expired'; } if ($request->get('deeplink')) { $params['deeplink'] = true; } $params['browserSupported'] = $this->detectBrowser(); $params['debug'] = \Pimcore::inDebugMode(); return $this->render('@PimcoreAdmin/Admin/Login/login.html.twig', $params); }",True,PHP,loginAction,LoginController.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-20 14:36:19+02:00,fixed xss on login page (#14975),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2341,"public static function insert($vars) { if(is_array($vars)) { $ins = array( 'table' => 'options', 'name' => $vars['name'], 'value' => $vars['value'] ); $opt = Db::insert($ins); }else{ Control::error('unknown','Format not Found, please in array'); } return $opt; }" 4483,public function setData($data) { if ($data instanceof ElementInterface) { $this->setType(Service::getElementType($data)); $data = $data->getId(); } $this->data = $data; return $this; },True,PHP,setData,WebsiteSetting.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-20 15:23:18+02:00,"[Security] Fixed xss in website settings panel (#14957) * fixed xss in website settings panel * added `htmlspecialchars` to model * added `SecurityHelper::convertHtmlSpecialChars`",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2342,"public static function insert($vars) { if(is_array($vars)) { $ins = array( 'table' => 'options', 'name' => $vars['name'], 'value' => $vars['value'] ); $opt = Db::insert($ins); }else{ Control::error('unknown','Format not Found, please in array'); } return $opt; }" 4484,public function setName($name) { $this->name = $name; return $this; },True,PHP,setName,WebsiteSetting.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-20 15:23:18+02:00,"[Security] Fixed xss in website settings panel (#14957) * fixed xss in website settings panel * added `htmlspecialchars` to model * added `SecurityHelper::convertHtmlSpecialChars`",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2342,"public static function insert($vars) { if(is_array($vars)) { $ins = array( 'table' => 'options', 'name' => $vars['name'], 'value' => $vars['value'] ); $opt = Db::insert($ins); }else{ Control::error('unknown','Format not Found, please in array'); } return $opt; }" 4485,public function setLabel($label) { $this->label = $label; },True,PHP,setLabel,AbstractOperator.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-21 10:46:57+02:00,"[Security] Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration (#14984) * Fix: xss in anyGetter * Fix: xss for predefined asset metadata",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2339,"public static function insert($vars) { if(is_array($vars)) { $ins = array( 'table' => 'options', 'name' => $vars['name'], 'value' => $vars['value'] ); $opt = Db::insert($ins); }else{ Control::error('unknown','Format not Found, please in array'); } return $opt; }" 4488,"public function __construct(\stdClass $config, array $context = []) { $this->label = $config->label; $this->childs = $config->childs; $this->context = $context; }",True,PHP,__construct,AbstractOperator.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-21 10:46:57+02:00,"[Security] Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration (#14984) * Fix: xss in anyGetter * Fix: xss for predefined asset metadata",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2339,"public static function insert($vars) { if(is_array($vars)) { $ins = array( 'table' => 'options', 'name' => $vars['name'], 'value' => $vars['value'] ); $opt = Db::insert($ins); }else{ Control::error('unknown','Format not Found, please in array'); } return $opt; }" 4490,"public function __construct(\stdClass $config, $context = null) { if (!Admin::getCurrentUser()->isAdmin()) { throw new \Exception('AnyGetter only allowed for admin users'); } parent::__construct($config, $context); $this->attribute = $config->attribute ?? ''; $this->param1 = $config->param1 ?? ''; $this->isArrayType = $config->isArrayType ?? false; $this->forwardAttribute = $config->forwardAttribute ?? ''; $this->forwardParam1 = $config->forwardParam1 ?? ''; $this->returnLastResult = $config->returnLastResult ?? false; }",True,PHP,__construct,AnyGetter.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-21 10:46:57+02:00,"[Security] Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration (#14984) * Fix: xss in anyGetter * Fix: xss for predefined asset metadata",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2339,"public static function insert($vars) { if(is_array($vars)) { $ins = array( 'table' => 'options', 'name' => $vars['name'], 'value' => $vars['value'] ); $opt = Db::insert($ins); }else{ Control::error('unknown','Format not Found, please in array'); } return $opt; }" 4491,public function setAttribute($attribute) { $this->attribute = $attribute; },True,PHP,setAttribute,AnyGetter.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-21 10:46:57+02:00,"[Security] Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration (#14984) * Fix: xss in anyGetter * Fix: xss for predefined asset metadata",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2339,"public static function recent($vars, $type = 'post') { $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' AND `status` = '1' ORDER BY `date` DESC LIMIT {$vars}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = $posts; } return $posts; }" 4493,public function setParam1($param1) { $this->param1 = $param1; },True,PHP,setParam1,AnyGetter.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-21 10:46:57+02:00,"[Security] Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration (#14984) * Fix: xss in anyGetter * Fix: xss for predefined asset metadata",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2339,"public static function recent($vars, $type = 'post') { $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' AND `status` = '1' ORDER BY `date` DESC LIMIT {$vars}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = $posts; } return $posts; }" 4499,public function getRel() { return $this->data['rel'] ?? ''; },True,PHP,getRel,Link.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-24 15:38:21+02:00,"[Security] Fix xss in link editable (#14986) * fixed xss in link editable * added `sanitizeHtmlAttributes` to some other fields * sanitized some more fields * added update notes * Update 18_Link.md --------- Co-authored-by: robertSt7 ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2361,"public static function recent($vars, $type = 'post') { $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' AND `status` = '1' ORDER BY `date` DESC LIMIT {$vars}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = $posts; } return $posts; }" 4501,"public function getHref() { $this->updatePathFromInternal(); $url = $this->data['path'] ?? ''; if (strlen($this->data['parameters'] ?? '') > 0) { $url .= (strpos($url, '?') !== false ? '&' : '?') . str_replace('?', '', $this->getParameters()); } if (strlen($this->data['anchor'] ?? '') > 0) { $anchor = $this->getAnchor(); $anchor = str_replace('""', urlencode('""'), $anchor); $url .= '#' . str_replace('#', '', $anchor); } return $url; }",True,PHP,getHref,Link.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-24 15:38:21+02:00,"[Security] Fix xss in link editable (#14986) * fixed xss in link editable * added `sanitizeHtmlAttributes` to some other fields * sanitized some more fields * added update notes * Update 18_Link.md --------- Co-authored-by: robertSt7 ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2361,"public static function recent($vars, $type = 'post') { $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' AND `status` = '1' ORDER BY `date` DESC LIMIT {$vars}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = $posts; } return $posts; }" 4503,public function getClass() { return $this->data['class'] ?? ''; },True,PHP,getClass,Link.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-24 15:38:21+02:00,"[Security] Fix xss in link editable (#14986) * fixed xss in link editable * added `sanitizeHtmlAttributes` to some other fields * sanitized some more fields * added update notes * Update 18_Link.md --------- Co-authored-by: robertSt7 ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2361,"public static function recent($vars, $type = 'post') { $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' AND `status` = '1' ORDER BY `date` DESC LIMIT {$vars}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = $posts; } return $posts; }" 4505,"public function frontend() { $url = $this->getHref(); if (strlen($url) > 0) { if (!is_array($this->config)) { $this->config = []; } $prefix = ''; $suffix = ''; $noText = false; if (array_key_exists('textPrefix', $this->config)) { $prefix = $this->config['textPrefix']; unset($this->config['textPrefix']); } if (array_key_exists('textSuffix', $this->config)) { $suffix = $this->config['textSuffix']; unset($this->config['textSuffix']); } if (isset($this->config['noText']) && $this->config['noText'] == true) { $noText = true; unset($this->config['noText']); } $allowedAttributes = [ 'charset', 'coords', 'hreflang', 'name', 'rel', 'rev', 'shape', 'target', 'accesskey', 'class', 'dir', 'draggable', 'dropzone', 'contextmenu', 'id', 'lang', 'style', 'tabindex', 'title', 'media', 'download', 'ping', 'type', 'referrerpolicy', 'xml:lang', 'onblur', 'onclick', 'ondblclick', 'onfocus', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onkeydown', 'onkeypress', 'onkeyup', ]; $defaultAttributes = []; if (!is_array($this->data)) { $this->data = []; } $availableAttribs = array_merge($defaultAttributes, $this->data, $this->config); $attribs = []; foreach ($availableAttribs as $key => $value) { if ((is_string($value) || is_numeric($value)) && (strpos($key, 'data-') === 0 || strpos($key, 'aria-') === 0 || in_array($key, $allowedAttributes))) { if (!empty($this->data[$key]) && !empty($this->config[$key])) { $attribs[] = $key.'=""'. $this->data[$key] .' '. $this->config[$key] .'""'; } elseif (!empty($value)) { $attribs[] = $key.'=""'.$value.'""'; } } } $attribs = array_unique($attribs); if (array_key_exists('attributes', $this->data) && !empty($this->data['attributes'])) { $attribs[] = $this->data['attributes']; } return '' . $prefix . ($noText ? '' : htmlspecialchars($this->data['text'])) . $suffix . ''; }",True,PHP,frontend,Link.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-24 15:38:21+02:00,"[Security] Fix xss in link editable (#14986) * fixed xss in link editable * added `sanitizeHtmlAttributes` to some other fields * sanitized some more fields * added update notes * Update 18_Link.md --------- Co-authored-by: robertSt7 ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2361,"public static function recent($vars, $type = 'post') { $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' AND `status` = '1' ORDER BY `date` DESC LIMIT {$vars}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = $posts; } return $posts; }" 4507,public function getTabindex() { return $this->data['tabindex'] ?? ''; },True,PHP,getTabindex,Link.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-24 15:38:21+02:00,"[Security] Fix xss in link editable (#14986) * fixed xss in link editable * added `sanitizeHtmlAttributes` to some other fields * sanitized some more fields * added update notes * Update 18_Link.md --------- Co-authored-by: robertSt7 ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2361,"public static function recent($vars, $type = 'post') { $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' AND `status` = '1' ORDER BY `date` DESC LIMIT {$vars}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = $posts; } return $posts; }" 4508,public function getParameters() { return $this->data['parameters'] ?? ''; },True,PHP,getParameters,Link.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-24 15:38:21+02:00,"[Security] Fix xss in link editable (#14986) * fixed xss in link editable * added `sanitizeHtmlAttributes` to some other fields * sanitized some more fields * added update notes * Update 18_Link.md --------- Co-authored-by: robertSt7 ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2361,"public static function recent($vars, $type = 'post') { $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' AND `status` = '1' ORDER BY `date` DESC LIMIT {$vars}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = $posts; } return $posts; }" 4511,public function getAccesskey() { return $this->data['accesskey'] ?? ''; },True,PHP,getAccesskey,Link.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-24 15:38:21+02:00,"[Security] Fix xss in link editable (#14986) * fixed xss in link editable * added `sanitizeHtmlAttributes` to some other fields * sanitized some more fields * added update notes * Update 18_Link.md --------- Co-authored-by: robertSt7 ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2361,"public static function recent($vars, $type = 'post') { $sql = ""SELECT * FROM `posts` WHERE `type` = '{$type}' AND `status` = '1' ORDER BY `date` DESC LIMIT {$vars}""; $posts = Db::result($sql); if(isset($posts['error'])){ $posts['error'] = ""No Posts found.""; }else{ $posts = $posts; } return $posts; }" 4513,public function getAnchor() { return $this->data['anchor'] ?? ''; },True,PHP,getAnchor,Link.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-04-24 15:38:21+02:00,"[Security] Fix xss in link editable (#14986) * fixed xss in link editable * added `sanitizeHtmlAttributes` to some other fields * sanitized some more fields * added update notes * Update 18_Link.md --------- Co-authored-by: robertSt7 ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-2361,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE `status` = '1' AND ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }" 4515,"public static function initLogger() { if (array_key_exists('pimcore_log', $_REQUEST) && self::inDebugMode()) { $requestLogName = date('Y-m-d_H-i-s'); if (!empty($_REQUEST['pimcore_log'])) { $requestLogName = str_replace('/', '-', $_REQUEST['pimcore_log']); } $requestLogFile = resolvePath(PIMCORE_LOG_DIRECTORY . '/request-' . $requestLogName . '.log'); if (strpos($requestLogFile, PIMCORE_LOG_DIRECTORY) !== 0) { throw new \Exception('Not allowed'); } if (!file_exists($requestLogFile)) { File::put($requestLogFile, ''); } $requestDebugHandler = new \Monolog\Handler\StreamHandler($requestLogFile); $container = self::getContainer(); foreach ($container->getServiceIds() as $id) { if (strpos($id, 'monolog.logger.') === 0) { $logger = self::getContainer()->get($id); if ($logger->getName() != 'event') { $logger->setHandlers([$requestDebugHandler]); } } } } }",True,PHP,initLogger,Pimcore.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-05-03 13:47:19+02:00,"[Security] Improved sanatizing of `pimcore_log` parameter (#15084) * added some more chars to remove * Update Pimcore.php",CWE-29,Path Traversal: '\..\filename',"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.",https://cwe.mitre.org/data/definitions/29.html,CVE-2023-2984,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE `status` = '1' AND ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }" 4518,"public function showAction(Request $request, Connection $db) { $qb = $db->createQueryBuilder(); $qb ->select('*') ->from(ApplicationLoggerDb::TABLE_NAME) ->setFirstResult($request->get('start', 0)) ->setMaxResults($request->get('limit', 50)); $sortingSettings = QueryParams::extractSortingSettings(array_merge( $request->request->all(), $request->query->all() )); if ($sortingSettings['orderKey']) { $qb->orderBy($sortingSettings['orderKey'], $sortingSettings['order']); } else { $qb->orderBy('id', 'DESC'); } $priority = $request->get('priority'); if(!empty($priority)) { $qb->andWhere($qb->expr()->eq('priority', ':priority')); $qb->setParameter('priority', $priority); } if ($fromDate = $this->parseDateObject($request->get('fromDate'), $request->get('fromTime'))) { $qb->andWhere('timestamp > :fromDate'); $qb->setParameter('fromDate', $fromDate, Types::DATETIME_MUTABLE); } if ($toDate = $this->parseDateObject($request->get('toDate'), $request->get('toTime'))) { $qb->andWhere('timestamp <= :toDate'); $qb->setParameter('toDate', $toDate, Types::DATETIME_MUTABLE); } if (!empty($component = $request->get('component'))) { $qb->andWhere('component = ' . $qb->createNamedParameter($component)); } if (!empty($relatedObject = $request->get('relatedobject'))) { $qb->andWhere('relatedobject = ' . $qb->createNamedParameter($relatedObject)); } if (!empty($message = $request->get('message'))) { $qb->andWhere('message LIKE ' . $qb->createNamedParameter('%' . $message . '%')); } if (!empty($pid = $request->get('pid'))) { $qb->andWhere('pid LIKE ' . $qb->createNamedParameter('%' . $pid . '%')); } $totalQb = clone $qb; $totalQb->setMaxResults(null) ->setFirstResult(0) ->select('COUNT(id) as count'); $total = $totalQb->execute()->fetch(); $total = (int) $total['count']; $stmt = $qb->execute(); $result = $stmt->fetchAllAssociative(); $logEntries = []; foreach ($result as $row) { $fileobject = null; if ($row['fileobject']) { $fileobject = str_replace(PIMCORE_PROJECT_ROOT, '', $row['fileobject']); } $logEntry = [ 'id' => $row['id'], 'pid' => $row['pid'], 'message' => $row['message'], 'timestamp' => $row['timestamp'], 'priority' => $row['priority'], 'fileobject' => $fileobject, 'relatedobject' => $row['relatedobject'], 'relatedobjecttype' => $row['relatedobjecttype'], 'component' => $row['component'], 'source' => $row['source'], ]; $logEntries[] = $logEntry; } return $this->adminJson([ 'p_totalCount' => $total, 'p_results' => $logEntries, ]); }",True,PHP,showAction,LogController.php,https://github.com/pimcore/pimcore,pimcore,GitHub,2023-06-14 12:33:22+02:00,"[Task]: Improve Admin translation and application logger sorting (#15303) * task: improve valid key for translation listing * task: force the direction to be ASC/DESC since these are the only valid options * task: quote application logger sorting setting * task: add backend search grid valid order keys",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-3673,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE `status` = '1' AND ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }" 4523,"public function lostpasswordAction(Request $request, BruteforceProtectionHandler $bruteforceProtectionHandler) { $view = $this->buildLoginPageViewModel(); $view->success = false; if ($request->getMethod() === 'POST' && $username = $request->get('username')) { $user = User::getByName($username); if ($user instanceof User) { if (!$user->isActive()) { $view->error = 'user inactive'; } if (!$user->getEmail()) { $view->error = 'user has no email address'; } if (!$user->getPassword()) { $view->error = 'user has no password'; } } else { $view->error = 'user unknown'; } if (!$view->error) { $token = Authentication::generateToken($username, $user->getPassword()); $loginUrl = $this->generateUrl('pimcore_admin_login_check', [ 'username' => $username, 'token' => $token, 'reset' => 'true' ], UrlGeneratorInterface::ABSOLUTE_URL); try { $event = new LostPasswordEvent($user, $loginUrl); $this->get('event_dispatcher')->dispatch(AdminEvents::LOGIN_LOSTPASSWORD, $event); if ($event->getSendMail()) { $mail = Tool::getMail([$user->getEmail()], 'Pimcore lost password service'); $mail->setIgnoreDebugMode(true); $mail->setBodyText(""Login to pimcore and change your password using the following link. This temporary login link will expire in 24 hours: \r\n\r\n"" . $loginUrl); $mail->send(); } if ($event->hasResponse()) { return $event->getResponse(); } $view->success = true; } catch (\Exception $e) { $view->error = 'could not send email'; } } if ($view->error) { $bruteforceProtectionHandler->addEntry($request->get('username'), $request); } } return $view; }",True,PHP,lostpasswordAction,LoginController.php,https://github.com/pimcore/pimcore,pimcore,Bernhard Rusch,2019-10-21 16:47:15+02:00,Lost password service: do not expose info whether a user exists or not (avoid brute-force attacks),CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2019-18986,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE `status` = '1' AND ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }" 4526,"public function twoFactorAuthenticationAction(Request $request) { $view = $this->buildLoginPageViewModel(); if ($request->hasSession()) { $session = $request->getSession(); $authException = $session->get(Security::AUTHENTICATION_ERROR); if ($authException instanceof AuthenticationException) { $session->remove(Security::AUTHENTICATION_ERROR); $view->error = $authException->getMessage(); } } else { $view->error = 'No session available, it either timed out or cookies are not enabled.'; } return $view; }",True,PHP,twoFactorAuthenticationAction,LoginController.php,https://github.com/pimcore/pimcore,pimcore,Bernhard Rusch,2019-10-22 16:26:06+02:00,Brute-force attack protection for 2fa codes,CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2019-18985,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE `status` = '1' AND ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }" 4527,"public function renew2FaSecretAction(Request $request) { $this->checkCsrfToken($request); $user = $this->getAdminUser(); $proxyUser = $this->getAdminUser(true); $twoFactorService = $this->get('scheb_two_factor.security.google_authenticator'); $newSecret = $twoFactorService->generateSecret(); $user->setTwoFactorAuthentication('enabled', true); $user->setTwoFactorAuthentication('type', 'google'); $user->setTwoFactorAuthentication('secret', $newSecret); $user->save(); Tool\Session::useSession(function (AttributeBagInterface $adminSession) { Tool\Session::regenerateId(); $adminSession->set('2fa_required', true); }); $twoFactorService = $this->get('scheb_two_factor.security.google_authenticator'); $url = $twoFactorService->getQRContent($proxyUser); $code = new \Endroid\QrCode\QrCode; $code->setWriterByName('png'); $code->setText($url); $code->setSize(200); $qrCodeFile = PIMCORE_PRIVATE_VAR . '/qr-code-' . uniqid() . '.png'; $code->writeFile($qrCodeFile); $response = new BinaryFileResponse($qrCodeFile); return $response; }",True,PHP,renew2FaSecretAction,UserController.php,https://github.com/pimcore/pimcore,pimcore,Bernhard Rusch,2019-10-22 16:26:06+02:00,Brute-force attack protection for 2fa codes,CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2019-18985,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE `status` = '1' AND ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }" 4529,return new Response($emailLog->getHtmlLog()); } elseif ($request->get('type') == 'params') {,True,PHP,Response,EmailController.php,https://github.com/pimcore/pimcore,pimcore,Bernhard Rusch,2019-10-30 17:00:19+01:00,[Email] Email log: do not allow script/iframe execution in preview window,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-18982,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE `status` = '1' AND ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }" 4531,"public function updateAmazonOrderTracking($order_id, $courier_id, $courier_from_list, $tracking_no) { $this->db->query("" UPDATE `"" . DB_PREFIX . ""amazon_order` SET `courier_id` = '"" . $courier_id . ""', `courier_other` = "" . (int)!$courier_from_list . "", `tracking_no` = '"" . $tracking_no . ""' WHERE `order_id` = "" . (int)$order_id . """");",True,PHP,updateAmazonOrderTracking,amazon.php,https://github.com/opencart/opencart,opencart,Daniel Kerr,2016-03-14 20:19:45+08:00,https://github.com/opencart/opencart/issues/4114,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-10509,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE `status` = '1' AND ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }" 4532,"protected function validateForm() { if ((utf8_strlen(trim($this->request->post['firstname'])) < 1) || (utf8_strlen(trim($this->request->post['firstname'])) > 32)) { $this->error['firstname'] = $this->language->get('error_firstname'); } if ((utf8_strlen(trim($this->request->post['lastname'])) < 1) || (utf8_strlen(trim($this->request->post['lastname'])) > 32)) { $this->error['lastname'] = $this->language->get('error_lastname'); } if ((utf8_strlen(trim($this->request->post['address_1'])) < 3) || (utf8_strlen(trim($this->request->post['address_1'])) > 128)) { $this->error['address_1'] = $this->language->get('error_address_1'); } if ((utf8_strlen(trim($this->request->post['city'])) < 2) || (utf8_strlen(trim($this->request->post['city'])) > 128)) { $this->error['city'] = $this->language->get('error_city'); } $this->load->model('localisation/country'); $country_info = $this->model_localisation_country->getCountry($this->request->post['country_id']); if ($country_info && $country_info['postcode_required'] && (utf8_strlen(trim($this->request->post['postcode'])) < 2 || utf8_strlen(trim($this->request->post['postcode'])) > 10)) { $this->error['postcode'] = $this->language->get('error_postcode'); } if ($this->request->post['country_id'] == '') { $this->error['country'] = $this->language->get('error_country'); } if (!isset($this->request->post['zone_id']) || $this->request->post['zone_id'] == '') { $this->error['zone'] = $this->language->get('error_zone'); } $this->load->model('account/custom_field'); $custom_fields = $this->model_account_custom_field->getCustomFields($this->config->get('config_customer_group_id')); foreach ($custom_fields as $custom_field) { if (($custom_field['location'] == 'address') && $custom_field['required'] && empty($this->request->post['custom_field'][$custom_field['custom_field_id']])) { $this->error['custom_field'][$custom_field['custom_field_id']] = sprintf($this->language->get('error_custom_field'), $custom_field['name']); } } return !$this->error; }",True,PHP,validateForm,address.php,https://github.com/opencart/opencart,opencart,James Allsup,2015-12-17 23:59:08+00:00,"Fixed low risk XSS issue with user account address edit. Thanks to @robert81 for the find. Close #3721",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-4671,"public static function dropdown($vars){ if(is_array($vars)){ $name = $vars['name']; $where = ""WHERE `status` = '1' AND ""; if(isset($vars['type'])) { $where .= "" `type` = '{$vars['type']}' AND ""; }else{ $where .= "" ""; } $where .= "" `status` = '1' ""; $order_by = ""ORDER BY ""; if(isset($vars['order_by'])) { $order_by .= "" {$vars['order_by']} ""; }else{ $order_by .= "" `name` ""; } if (isset($vars['sort'])) { $sort = "" {$vars['sort']}""; }else{ $sort = 'ASC'; } } $cat = Db::result(""SELECT * FROM `posts` {$where} {$order_by} {$sort}""); $num = Db::$num_rows; $drop = """"; return $drop; }" 4534,"public function testUserCredentials($email, $password, $server, $port, $security) { require_once(realpath(Yii::app()->basePath.'/components/phpMailer/class.phpmailer.php')); require_once(realpath(Yii::app()->basePath.'/components/phpMailer/class.smtp.php')); $phpMail = new PHPMailer(true); $phpMail->isSMTP(); $phpMail->SMTPAuth = true; $phpMail->Username = $email; $phpMail->Password = $password; $phpMail->Host = $server; $phpMail->Port = $port; $phpMail->SMTPSecure = $security; try { $validCredentials = $phpMail->SmtpConnect(); } catch(phpmailerException $error) { $validCredentials = false; } return $validCredentials; }",True,PHP,testUserCredentials,EmailDeliveryBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".self::$desc),0,150); }else{ $desc = substr(self::$desc,0,150); } return $desc; }" 4535,"public function testUserCredentials($email, $password, $server, $port, $security) { require_once(realpath(Yii::app()->basePath.'/components/phpMailer/class.phpmailer.php')); require_once(realpath(Yii::app()->basePath.'/components/phpMailer/class.smtp.php')); $phpMail = new PHPMailer(true); $phpMail->isSMTP(); $phpMail->SMTPAuth = true; $phpMail->Username = $email; $phpMail->Password = $password; $phpMail->Host = $server; $phpMail->Port = $port; $phpMail->SMTPSecure = $security; try { $validCredentials = $phpMail->SmtpConnect(); } catch(phpmailerException $error) { $validCredentials = false; } return $validCredentials; }",True,PHP,testUserCredentials,EmailDeliveryBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".self::$desc),0,150); }else{ $desc = substr(self::$desc,0,150); } return $desc; }" 4538,"public function safePath($filename = 'data.csv'){ return implode(DIRECTORY_SEPARATOR, array( Yii::app()->basePath, 'data', $filename )); }",True,PHP,safePath,ImportExportBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".self::$desc),0,150); }else{ $desc = substr(self::$desc,0,150); } return $desc; }" 4539,"public function safePath($filename = 'data.csv'){ return implode(DIRECTORY_SEPARATOR, array( Yii::app()->basePath, 'data', $filename )); }",True,PHP,safePath,ImportExportBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".self::$desc),0,150); }else{ $desc = substr(self::$desc,0,150); } return $desc; }" 4542,"public static function getViewActionMenuListItem ($modelId) { if (Yii::app()->controller->action->getId () === 'view') { return array( 'name'=>'view', 'label' => Yii::t('app', 'View').X2Html::minimizeButton (array ( 'class' => 'record-view-type-menu-toggle', ), '#record-view-type-menu', true, Yii::app()->params->profile->miscLayoutSettings['viewModeActionSubmenuOpen']), 'encodeLabel' => false, 'url' => array('view', 'id' => $modelId), 'linkOptions' => array ( 'onClick' => '$(this).find (""i:visible"").click ();', ), 'itemOptions' => array ( 'id' => 'view-record-action-menu-item', ), 'submenuOptions' => array ( 'id' => 'record-view-type-menu', 'style' => Yii::app()->params->profile->miscLayoutSettings ['viewModeActionSubmenuOpen'] ? '' : 'display: none;', ), 'items' => array ( array ( 'encodeLabel' => false, 'name'=>'journalView', 'label' => CHtml::checkBox ( 'journalView', Yii::app()->params->profile->miscLayoutSettings ['enableJournalView'], array ( 'class' => 'journal-view-checkbox', )).CHtml::label (Yii::t('app', 'Journal View'), 'journalView'), ), array ( 'encodeLabel' => false, 'name'=>'transactionalView', 'label' => CHtml::checkBox ( 'transactionalView', Yii::app()->params->profile->miscLayoutSettings[ 'enableTransactionalView'], array ( 'class' => 'transactional-view-checkbox', )).CHtml::label ( Yii::t('app', 'Transactional View'), 'transactionalView'), ), ), ); } else { return array( 'name'=>'view', 'label' => Yii::t('app', 'View'), 'encodeLabel' => true, 'url' => array('view', 'id' => $modelId), ); } }",True,PHP,getViewActionMenuListItem,RecordViewLayoutManager.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".self::$desc),0,150); }else{ $desc = substr(self::$desc,0,150); } return $desc; }" 4543,"public static function getViewActionMenuListItem ($modelId) { if (Yii::app()->controller->action->getId () === 'view') { return array( 'name'=>'view', 'label' => Yii::t('app', 'View').X2Html::minimizeButton (array ( 'class' => 'record-view-type-menu-toggle', ), '#record-view-type-menu', true, Yii::app()->params->profile->miscLayoutSettings['viewModeActionSubmenuOpen']), 'encodeLabel' => false, 'url' => array('view', 'id' => $modelId), 'linkOptions' => array ( 'onClick' => '$(this).find (""i:visible"").click ();', ), 'itemOptions' => array ( 'id' => 'view-record-action-menu-item', ), 'submenuOptions' => array ( 'id' => 'record-view-type-menu', 'style' => Yii::app()->params->profile->miscLayoutSettings ['viewModeActionSubmenuOpen'] ? '' : 'display: none;', ), 'items' => array ( array ( 'encodeLabel' => false, 'name'=>'journalView', 'label' => CHtml::checkBox ( 'journalView', Yii::app()->params->profile->miscLayoutSettings ['enableJournalView'], array ( 'class' => 'journal-view-checkbox', )).CHtml::label (Yii::t('app', 'Journal View'), 'journalView'), ), array ( 'encodeLabel' => false, 'name'=>'transactionalView', 'label' => CHtml::checkBox ( 'transactionalView', Yii::app()->params->profile->miscLayoutSettings[ 'enableTransactionalView'], array ( 'class' => 'transactional-view-checkbox', )).CHtml::label ( Yii::t('app', 'Transactional View'), 'transactionalView'), ), ), ); } else { return array( 'name'=>'view', 'label' => Yii::t('app', 'View'), 'encodeLabel' => true, 'url' => array('view', 'id' => $modelId), ); } }",True,PHP,getViewActionMenuListItem,RecordViewLayoutManager.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".self::$desc),0,150); }else{ $desc = substr(self::$desc,0,150); } return $desc; }" 4548,"public function clearTags() { $this->_tags = array(); return (bool) CActiveRecord::model('Tags')->deleteAllByAttributes(array( 'type' => get_class($this->getOwner()), 'itemId' => $this->getOwner()->id) ); }",True,PHP,clearTags,TagBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".self::$desc),0,150); }else{ $desc = substr(self::$desc,0,150); } return $desc; }" 4549,"public function clearTags() { $this->_tags = array(); return (bool) CActiveRecord::model('Tags')->deleteAllByAttributes(array( 'type' => get_class($this->getOwner()), 'itemId' => $this->getOwner()->id) ); }",True,PHP,clearTags,TagBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".self::$desc),0,150); }else{ $desc = substr(self::$desc,0,150); } return $desc; }" 4550,"$text = preg_replace($exp, '', $text); } $exp = '/(?:^|\s|\.)( $matches = array(); preg_match_all($exp, $text, $matches); return $matches; }",True,PHP,preg_replace,TagBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function desc($vars){ if(!empty($vars)){ $desc = substr(strip_tags(htmlspecialchars_decode($vars)."". "".self::$desc),0,150); }else{ $desc = substr(self::$desc,0,150); } return $desc; }" 4551,"$text = preg_replace($exp, '', $text); } $exp = '/(?:^|\s|\.)( $matches = array(); preg_match_all($exp, $text, $matches); return $matches; }",True,PHP,preg_replace,TagBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function meta($cont_title='', $cont_desc='', $pre =''){ global $data; if(is_array($data) && isset($data['posts'][0]->title)){ $sitenamelength = strlen(self::$name); $limit = 70-$sitenamelength-6; $cont_title = substr(Typo::Xclean(Typo::strip($data['posts'][0]->title)),0,$limit); $titlelength = strlen($data['posts'][0]->title); if($titlelength > $limit+3) { $dotted = ""..."";} else {$dotted = """";} $cont_title = ""{$pre} {$cont_title}{$dotted} - ""; }else{ $cont_title = """"; } if(is_array($data) && isset($data['posts'][0]->content)){ $desc = Typo::strip($data['posts'][0]->content); }else{ $desc = """"; } $meta = "" {$cont_title}"".self::$name."" ""; $meta .= "" {$cont_title}"".self::$name."" ""; $meta .= "" {$cont_title}"".self::$name."" ""; $meta .= "" {$cont_title}"".self::$name."" ""; $meta .= "" {$cont_title}"".self::$name."" ""; $meta .= "" {$cont_title}"".self::$name."" ""; $meta .= "" {$cont_title}"".self::$name."" ""; $meta .= "" {$cont_title}"".self::$name."" ""; $meta .= "" {$cont_title}"".self::$name."" ""; $meta .= "" \t \t""; } $fa = Options::get('use_fontawesome'); if($fa == 'on'){ $foot .= "" \t \t \t \t \t \t \t ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" \t \t ""; $foot .= $GLOBALS['validator_js']; } echo $foot; }" 4591,"public function getItems2 ( $prefix='', $page=0, $limit=20, $valueAttr='name', $nameAttr='name') { $modelClass = get_class ($this->owner); $model = CActiveRecord::model ($modelClass); $table = $model->tableName (); $offset = intval ($page) * intval ($limit); AuxLib::coerceToArray ($valueAttr); $modelClass::checkThrowAttrError (array_merge ($valueAttr, array ($nameAttr))); $params = array (); if ($prefix !== '') { $params[':prefix'] = $prefix . '%'; } $offset = abs ((int) $offset); $limit = abs ((int) $limit); $command = Yii::app()->db->createCommand ("" SELECT "" . implode (',', $valueAttr) . "", $nameAttr as __name FROM $table WHERE "" . ($prefix === '' ? '1=1' : ($nameAttr . ' LIKE :prefix') ) . "" ORDER BY __name LIMIT $offset, $limit "");",True,PHP,getItems2,X2LinkableBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function footer(){ $foot =""""; $bs = Options::get('use_bootstrap'); if($bs == 'on'){ $foot .= "" \n""; } $jquery = Options::get('use_jquery'); $jquery_v = Options::get('jquery_v'); if($jquery == 'on'){ $foot .= "" \t""; } $fa = Options::get('use_fontawesome'); if($fa == 'on'){ $foot .= "" \t \t \t \t \t \t \t ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" \t \t ""; $foot .= $GLOBALS['validator_js']; } echo $foot; }" 4592,"public static function getItems($term) { $model = X2Model::model(Yii::app()->controller->modelClass); if (isset($model)) { $tableName = $model->tableName(); $sql = 'SELECT id, name as value FROM ' . $tableName . ' WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $term . '%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); } Yii::app()->end(); }",True,PHP,getItems,X2LinkableBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function footer(){ $foot =""""; $bs = Options::get('use_bootstrap'); if($bs == 'on'){ $foot .= "" \n""; } $jquery = Options::get('use_jquery'); $jquery_v = Options::get('jquery_v'); if($jquery == 'on'){ $foot .= "" \t""; } $fa = Options::get('use_fontawesome'); if($fa == 'on'){ $foot .= "" \t \t \t \t \t \t \t ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" \t \t ""; $foot .= $GLOBALS['validator_js']; } echo $foot; }" 4593,"public static function getItems($term) { $model = X2Model::model(Yii::app()->controller->modelClass); if (isset($model)) { $tableName = $model->tableName(); $sql = 'SELECT id, name as value FROM ' . $tableName . ' WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $term . '%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); } Yii::app()->end(); }",True,PHP,getItems,X2LinkableBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function footer(){ $foot =""""; $bs = Options::get('use_bootstrap'); if($bs == 'on'){ $foot .= "" \n""; } $jquery = Options::get('use_jquery'); $jquery_v = Options::get('jquery_v'); if($jquery == 'on'){ $foot .= "" \t""; } $fa = Options::get('use_fontawesome'); if($fa == 'on'){ $foot .= "" \t \t \t \t \t \t \t ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" \t \t ""; $foot .= $GLOBALS['validator_js']; } echo $foot; }" 4600,public function IsHTML($ishtml = true) { if ($ishtml) { $this->ContentType = 'text/html'; } else { $this->ContentType = 'text/plain'; } },True,PHP,IsHTML,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function footer(){ $foot =""""; $bs = Options::get('use_bootstrap'); if($bs == 'on'){ $foot .= "" \n""; } $jquery = Options::get('use_jquery'); $jquery_v = Options::get('jquery_v'); if($jquery == 'on'){ $foot .= "" \t""; } $fa = Options::get('use_fontawesome'); if($fa == 'on'){ $foot .= "" \t \t \t \t \t \t \t ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" \t \t ""; $foot .= $GLOBALS['validator_js']; } echo $foot; }" 4601,public function IsHTML($ishtml = true) { if ($ishtml) { $this->ContentType = 'text/html'; } else { $this->ContentType = 'text/plain'; } },True,PHP,IsHTML,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function footer(){ $foot =""""; $bs = Options::get('use_bootstrap'); if($bs == 'on'){ $foot .= "" \n""; } $jquery = Options::get('use_jquery'); $jquery_v = Options::get('jquery_v'); if($jquery == 'on'){ $foot .= "" \t""; } $fa = Options::get('use_fontawesome'); if($fa == 'on'){ $foot .= "" \t \t \t \t \t \t \t ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" \t \t ""; $foot .= $GLOBALS['validator_js']; } echo $foot; }" 4602,"private function edebug($str) { if ($this->Debugoutput == ""error_log"") { error_log($str); } else { echo $str; } }",True,PHP,edebug,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function footer(){ $foot =""""; $bs = Options::get('use_bootstrap'); if($bs == 'on'){ $foot .= "" \n""; } $jquery = Options::get('use_jquery'); $jquery_v = Options::get('jquery_v'); if($jquery == 'on'){ $foot .= "" \t""; } $fa = Options::get('use_fontawesome'); if($fa == 'on'){ $foot .= "" \t \t \t \t \t \t \t ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" \t \t ""; $foot .= $GLOBALS['validator_js']; } echo $foot; }" 4603,"private function edebug($str) { if ($this->Debugoutput == ""error_log"") { error_log($str); } else { echo $str; } }",True,PHP,edebug,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function footer(){ $foot =""""; $bs = Options::get('use_bootstrap'); if($bs == 'on'){ $foot .= "" \n""; } $jquery = Options::get('use_jquery'); $jquery_v = Options::get('jquery_v'); if($jquery == 'on'){ $foot .= "" \t""; } $fa = Options::get('use_fontawesome'); if($fa == 'on'){ $foot .= "" \t \t \t \t \t \t \t ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" \t \t ""; $foot .= $GLOBALS['validator_js']; } echo $foot; }" 4618,"public function IsSendmail() { if (!stristr(ini_get('sendmail_path'), 'sendmail')) { $this->Sendmail = '/var/qmail/bin/sendmail'; } $this->Mailer = 'sendmail'; }",True,PHP,IsSendmail,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function footer(){ $foot =""""; $bs = Options::get('use_bootstrap'); if($bs == 'on'){ $foot .= "" \n""; } $jquery = Options::get('use_jquery'); $jquery_v = Options::get('jquery_v'); if($jquery == 'on'){ $foot .= "" \t""; } $fa = Options::get('use_fontawesome'); if($fa == 'on'){ $foot .= "" \t \t \t \t \t \t \t ""; } if(isset($GLOBALS['validator']) && $GLOBALS['validator'] == true){ $foot .= "" \t \t ""; $foot .= $GLOBALS['validator_js']; } echo $foot; }" 4619,"public function IsSendmail() { if (!stristr(ini_get('sendmail_path'), 'sendmail')) { $this->Sendmail = '/var/qmail/bin/sendmail'; } $this->Mailer = 'sendmail'; }",True,PHP,IsSendmail,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$logo = """"; }else{ $logo = """"; } return $logo; }" 4620,"public function AddBCC($address, $name = '') { return $this->AddAnAddress('bcc', $address, $name); }",True,PHP,AddBCC,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$logo = """"; }else{ $logo = """"; } return $logo; }" 4621,"public function AddBCC($address, $name = '') { return $this->AddAnAddress('bcc', $address, $name); }",True,PHP,AddBCC,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$logo = """"; }else{ $logo = """"; } return $logo; }" 4622,"public function SetFrom($address, $name = '', $auto = 1) { $address = trim($address); $name = trim(preg_replace('/[\r\n]+/', '', $name)); if (!$this->ValidateAddress($address)) { $this->SetError($this->Lang('invalid_address').': '. $address); if ($this->exceptions) { throw new phpmailerException($this->Lang('invalid_address').': '.$address); } if ($this->SMTPDebug) { $this->edebug($this->Lang('invalid_address').': '.$address); } return false; } $this->From = $address; $this->FromName = $name; if ($auto) { if (empty($this->ReplyTo)) { $this->AddAnAddress('Reply-To', $address, $name); } if (empty($this->Sender)) { $this->Sender = $address; } } return true; }",True,PHP,SetFrom,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$logo = """"; }else{ $logo = """"; } return $logo; }" 4623,"public function SetFrom($address, $name = '', $auto = 1) { $address = trim($address); $name = trim(preg_replace('/[\r\n]+/', '', $name)); if (!$this->ValidateAddress($address)) { $this->SetError($this->Lang('invalid_address').': '. $address); if ($this->exceptions) { throw new phpmailerException($this->Lang('invalid_address').': '.$address); } if ($this->SMTPDebug) { $this->edebug($this->Lang('invalid_address').': '.$address); } return false; } $this->From = $address; $this->FromName = $name; if ($auto) { if (empty($this->ReplyTo)) { $this->AddAnAddress('Reply-To', $address, $name); } if (empty($this->Sender)) { $this->Sender = $address; } } return true; }",True,PHP,SetFrom,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$logo = """"; }else{ $logo = """"; } return $logo; }" 4630,"public function AddCC($address, $name = '') { return $this->AddAnAddress('cc', $address, $name); }",True,PHP,AddCC,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$logo = """"; }else{ $logo = """"; } return $logo; }" 4631,"public function AddCC($address, $name = '') { return $this->AddAnAddress('cc', $address, $name); }",True,PHP,AddCC,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$logo = """"; }else{ $logo = """"; } return $logo; }" 4632,public function IsSMTP() { $this->Mailer = 'smtp'; },True,PHP,IsSMTP,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$logo = """"; }else{ $logo = """"; } return $logo; }" 4633,public function IsSMTP() { $this->Mailer = 'smtp'; },True,PHP,IsSMTP,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$logo = """"; }else{ $logo = """"; } return $logo; }" 4634,public function __construct($exceptions = false) { $this->exceptions = ($exceptions == true); },True,PHP,__construct,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function __construct () { if (self::existConf()) { self::config('config'); self::lang(GX_LANG); }else{ GxMain::install(); } } 4635,public function __construct($exceptions = false) { $this->exceptions = ($exceptions == true); },True,PHP,__construct,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function __construct () { if (self::existConf()) { self::config('config'); self::lang(GX_LANG); }else{ GxMain::install(); } } 4636,"public function AddAddress($address, $name = '') { return $this->AddAnAddress('to', $address, $name); }",True,PHP,AddAddress,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function __construct () { if (self::existConf()) { self::config('config'); self::lang(GX_LANG); }else{ GxMain::install(); } } 4637,"public function AddAddress($address, $name = '') { return $this->AddAnAddress('to', $address, $name); }",True,PHP,AddAddress,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function __construct () { if (self::existConf()) { self::config('config'); self::lang(GX_LANG); }else{ GxMain::install(); } } 4640,"private function mail_passthru($to, $subject, $body, $header, $params) { if ( ini_get('safe_mode') || !($this->UseSendmailOptions) ) { $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($subject)), $body, $header); } else { $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($subject)), $body, $header, $params); } return $rt; }",True,PHP,mail_passthru,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function __construct () { if (self::existConf()) { self::config('config'); self::lang(GX_LANG); }else{ GxMain::install(); } } 4641,"private function mail_passthru($to, $subject, $body, $header, $params) { if ( ini_get('safe_mode') || !($this->UseSendmailOptions) ) { $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($subject)), $body, $header); } else { $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($subject)), $body, $header, $params); } return $rt; }",True,PHP,mail_passthru,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function __construct () { if (self::existConf()) { self::config('config'); self::lang(GX_LANG); }else{ GxMain::install(); } } 4646,"protected function AddAnAddress($kind, $address, $name = '') { if (!preg_match('/^(to|cc|bcc|Reply-To)$/', $kind)) { $this->SetError($this->Lang('Invalid recipient array').': '.$kind); if ($this->exceptions) { throw new phpmailerException('Invalid recipient array: ' . $kind); } if ($this->SMTPDebug) { $this->edebug($this->Lang('Invalid recipient array').': '.$kind); } return false; } $address = trim($address); $name = trim(preg_replace('/[\r\n]+/', '', $name)); if (!$this->ValidateAddress($address)) { $this->SetError($this->Lang('invalid_address').': '. $address); if ($this->exceptions) { throw new phpmailerException($this->Lang('invalid_address').': '.$address); } if ($this->SMTPDebug) { $this->edebug($this->Lang('invalid_address').': '.$address); } return false; } if ($kind != 'Reply-To') { if (!isset($this->all_recipients[strtolower($address)])) { array_push($this->$kind, array($address, $name)); $this->all_recipients[strtolower($address)] = true; return true; } } else { if (!array_key_exists(strtolower($address), $this->ReplyTo)) { $this->ReplyTo[strtolower($address)] = array($address, $name); return true; } } return false; }",True,PHP,AddAnAddress,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function __construct () { if (self::existConf()) { self::config('config'); self::lang(GX_LANG); }else{ GxMain::install(); } } 4647,"protected function AddAnAddress($kind, $address, $name = '') { if (!preg_match('/^(to|cc|bcc|Reply-To)$/', $kind)) { $this->SetError($this->Lang('Invalid recipient array').': '.$kind); if ($this->exceptions) { throw new phpmailerException('Invalid recipient array: ' . $kind); } if ($this->SMTPDebug) { $this->edebug($this->Lang('Invalid recipient array').': '.$kind); } return false; } $address = trim($address); $name = trim(preg_replace('/[\r\n]+/', '', $name)); if (!$this->ValidateAddress($address)) { $this->SetError($this->Lang('invalid_address').': '. $address); if ($this->exceptions) { throw new phpmailerException($this->Lang('invalid_address').': '.$address); } if ($this->SMTPDebug) { $this->edebug($this->Lang('invalid_address').': '.$address); } return false; } if ($kind != 'Reply-To') { if (!isset($this->all_recipients[strtolower($address)])) { array_push($this->$kind, array($address, $name)); $this->all_recipients[strtolower($address)] = true; return true; } } else { if (!array_key_exists(strtolower($address), $this->ReplyTo)) { $this->ReplyTo[strtolower($address)] = array($address, $name); return true; } } return false; }",True,PHP,AddAnAddress,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function __construct () { if (self::existConf()) { self::config('config'); self::lang(GX_LANG); }else{ GxMain::install(); } } 4648,"public function AddReplyTo($address, $name = '') { return $this->AddAnAddress('Reply-To', $address, $name); }",True,PHP,AddReplyTo,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function __construct () { if (self::existConf()) { self::config('config'); self::lang(GX_LANG); }else{ GxMain::install(); } } 4649,"public function AddReplyTo($address, $name = '') { return $this->AddAnAddress('Reply-To', $address, $name); }",True,PHP,AddReplyTo,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function go($input, $path, $allowed='', $uniq=false, $size='', $width = '', $height = ''){ $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if(isset($_FILES[$input]) && $_FILES[$input]['error'] == 0){ if($uniq == true){ $uniqfile = sha1(microtime().$filename); }else{ $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH.$path.$uniqfile.$filename; if(!in_array(strtolower($extension), $allowed)){ $result['error'] = 'File not allowed'; }else{ if(move_uploaded_file( $filetmp, $filepath) ){ $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile.$filename; $result['path'] = $path.$uniqfile.$filename; $result['filepath'] = $filepath; $result['fileurl'] = Site::$url.$path.$uniqfile.$filename; }else{ $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } }else{ $result['error'] = ''; } return $result; }" 4650,"public function IsQmail() { if (stristr(ini_get('sendmail_path'), 'qmail')) { $this->Sendmail = '/var/qmail/bin/sendmail'; } $this->Mailer = 'sendmail'; }",True,PHP,IsQmail,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function go($input, $path, $allowed='', $uniq=false, $size='', $width = '', $height = ''){ $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if(isset($_FILES[$input]) && $_FILES[$input]['error'] == 0){ if($uniq == true){ $uniqfile = sha1(microtime().$filename); }else{ $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH.$path.$uniqfile.$filename; if(!in_array(strtolower($extension), $allowed)){ $result['error'] = 'File not allowed'; }else{ if(move_uploaded_file( $filetmp, $filepath) ){ $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile.$filename; $result['path'] = $path.$uniqfile.$filename; $result['filepath'] = $filepath; $result['fileurl'] = Site::$url.$path.$uniqfile.$filename; }else{ $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } }else{ $result['error'] = ''; } return $result; }" 4651,"public function IsQmail() { if (stristr(ini_get('sendmail_path'), 'qmail')) { $this->Sendmail = '/var/qmail/bin/sendmail'; } $this->Mailer = 'sendmail'; }",True,PHP,IsQmail,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function go($input, $path, $allowed='', $uniq=false, $size='', $width = '', $height = ''){ $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if(isset($_FILES[$input]) && $_FILES[$input]['error'] == 0){ if($uniq == true){ $uniqfile = sha1(microtime().$filename); }else{ $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH.$path.$uniqfile.$filename; if(!in_array(strtolower($extension), $allowed)){ $result['error'] = 'File not allowed'; }else{ if(move_uploaded_file( $filetmp, $filepath) ){ $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile.$filename; $result['path'] = $path.$uniqfile.$filename; $result['filepath'] = $filepath; $result['fileurl'] = Site::$url.$path.$uniqfile.$filename; }else{ $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } }else{ $result['error'] = ''; } return $result; }" 4656,public function IsMail() { $this->Mailer = 'mail'; },True,PHP,IsMail,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function go($input, $path, $allowed='', $uniq=false, $size='', $width = '', $height = ''){ $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if(isset($_FILES[$input]) && $_FILES[$input]['error'] == 0){ if($uniq == true){ $uniqfile = sha1(microtime().$filename); }else{ $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH.$path.$uniqfile.$filename; if(!in_array(strtolower($extension), $allowed)){ $result['error'] = 'File not allowed'; }else{ if(move_uploaded_file( $filetmp, $filepath) ){ $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile.$filename; $result['path'] = $path.$uniqfile.$filename; $result['filepath'] = $filepath; $result['fileurl'] = Site::$url.$path.$uniqfile.$filename; }else{ $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } }else{ $result['error'] = ''; } return $result; }" 4657,public function IsMail() { $this->Mailer = 'mail'; },True,PHP,IsMail,class.phpmailer.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function go($input, $path, $allowed='', $uniq=false, $size='', $width = '', $height = ''){ $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if(isset($_FILES[$input]) && $_FILES[$input]['error'] == 0){ if($uniq == true){ $uniqfile = sha1(microtime().$filename); }else{ $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH.$path.$uniqfile.$filename; if(!in_array(strtolower($extension), $allowed)){ $result['error'] = 'File not allowed'; }else{ if(move_uploaded_file( $filetmp, $filepath) ){ $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile.$filename; $result['path'] = $path.$uniqfile.$filename; $result['filepath'] = $filepath; $result['fileurl'] = Site::$url.$path.$uniqfile.$filename; }else{ $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } }else{ $result['error'] = ''; } return $result; }" 4660,"public function Login ($username = '', $password = '') { if ($this->connected == false) { $this->error = 'Not connected to POP3 server'; if ($this->do_debug >= 1) { $this->displayErrors(); } } if (empty($username)) { $username = $this->username; } if (empty($password)) { $password = $this->password; } $pop_username = ""USER $username"" . $this->CRLF; $pop_password = ""PASS $password"" . $this->CRLF; $this->sendString($pop_username); $pop3_response = $this->getResponse(); if ($this->checkResponse($pop3_response)) { $this->sendString($pop_password); $pop3_response = $this->getResponse(); if ($this->checkResponse($pop3_response)) { return true; } } return false; }",True,PHP,Login,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function go($input, $path, $allowed='', $uniq=false, $size='', $width = '', $height = ''){ $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if(isset($_FILES[$input]) && $_FILES[$input]['error'] == 0){ if($uniq == true){ $uniqfile = sha1(microtime().$filename); }else{ $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH.$path.$uniqfile.$filename; if(!in_array(strtolower($extension), $allowed)){ $result['error'] = 'File not allowed'; }else{ if(move_uploaded_file( $filetmp, $filepath) ){ $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile.$filename; $result['path'] = $path.$uniqfile.$filename; $result['filepath'] = $filepath; $result['fileurl'] = Site::$url.$path.$uniqfile.$filename; }else{ $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } }else{ $result['error'] = ''; } return $result; }" 4661,"public function Login ($username = '', $password = '') { if ($this->connected == false) { $this->error = 'Not connected to POP3 server'; if ($this->do_debug >= 1) { $this->displayErrors(); } } if (empty($username)) { $username = $this->username; } if (empty($password)) { $password = $this->password; } $pop_username = ""USER $username"" . $this->CRLF; $pop_password = ""PASS $password"" . $this->CRLF; $this->sendString($pop_username); $pop3_response = $this->getResponse(); if ($this->checkResponse($pop3_response)) { $this->sendString($pop_password); $pop3_response = $this->getResponse(); if ($this->checkResponse($pop3_response)) { return true; } } return false; }",True,PHP,Login,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function go($input, $path, $allowed='', $uniq=false, $size='', $width = '', $height = ''){ $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if(isset($_FILES[$input]) && $_FILES[$input]['error'] == 0){ if($uniq == true){ $uniqfile = sha1(microtime().$filename); }else{ $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH.$path.$uniqfile.$filename; if(!in_array(strtolower($extension), $allowed)){ $result['error'] = 'File not allowed'; }else{ if(move_uploaded_file( $filetmp, $filepath) ){ $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile.$filename; $result['path'] = $path.$uniqfile.$filename; $result['filepath'] = $filepath; $result['fileurl'] = Site::$url.$path.$uniqfile.$filename; }else{ $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } }else{ $result['error'] = ''; } return $result; }" 4666,"public function Connect ($host, $port = false, $tval = 30) { if ($this->connected) { return true; } set_error_handler(array(&$this, 'catchWarning')); $this->pop_conn = fsockopen($host, $port, $errno, $errstr, $tval); restore_error_handler(); if ($this->error && $this->do_debug >= 1) { $this->displayErrors(); } if ($this->pop_conn == false) { $this->error = array( 'error' => ""Failed to connect to server $host on port $port"", 'errno' => $errno, 'errstr' => $errstr ); if ($this->do_debug >= 1) { $this->displayErrors(); } return false; } if (version_compare(phpversion(), '5.0.0', 'ge')) { stream_set_timeout($this->pop_conn, $tval, 0); } else { if (substr(PHP_OS, 0, 3) !== 'WIN') { socket_set_timeout($this->pop_conn, $tval, 0); } } $pop3_response = $this->getResponse(); if ($this->checkResponse($pop3_response)) { $this->connected = true; return true; } return false; }",True,PHP,Connect,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function go($input, $path, $allowed='', $uniq=false, $size='', $width = '', $height = ''){ $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if(isset($_FILES[$input]) && $_FILES[$input]['error'] == 0){ if($uniq == true){ $uniqfile = sha1(microtime().$filename); }else{ $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH.$path.$uniqfile.$filename; if(!in_array(strtolower($extension), $allowed)){ $result['error'] = 'File not allowed'; }else{ if(move_uploaded_file( $filetmp, $filepath) ){ $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile.$filename; $result['path'] = $path.$uniqfile.$filename; $result['filepath'] = $filepath; $result['fileurl'] = Site::$url.$path.$uniqfile.$filename; }else{ $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } }else{ $result['error'] = ''; } return $result; }" 4667,"public function Connect ($host, $port = false, $tval = 30) { if ($this->connected) { return true; } set_error_handler(array(&$this, 'catchWarning')); $this->pop_conn = fsockopen($host, $port, $errno, $errstr, $tval); restore_error_handler(); if ($this->error && $this->do_debug >= 1) { $this->displayErrors(); } if ($this->pop_conn == false) { $this->error = array( 'error' => ""Failed to connect to server $host on port $port"", 'errno' => $errno, 'errstr' => $errstr ); if ($this->do_debug >= 1) { $this->displayErrors(); } return false; } if (version_compare(phpversion(), '5.0.0', 'ge')) { stream_set_timeout($this->pop_conn, $tval, 0); } else { if (substr(PHP_OS, 0, 3) !== 'WIN') { socket_set_timeout($this->pop_conn, $tval, 0); } } $pop3_response = $this->getResponse(); if ($this->checkResponse($pop3_response)) { $this->connected = true; return true; } return false; }",True,PHP,Connect,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function go($input, $path, $allowed='', $uniq=false, $size='', $width = '', $height = ''){ $filename = Typo::cleanX($_FILES[$input]['name']); $filename = str_replace(' ', '_', $filename); if(isset($_FILES[$input]) && $_FILES[$input]['error'] == 0){ if($uniq == true){ $uniqfile = sha1(microtime().$filename); }else{ $uniqfile = ''; } $extension = pathinfo($_FILES[$input]['name'], PATHINFO_EXTENSION); $filetmp = $_FILES[$input]['tmp_name']; $filepath = GX_PATH.$path.$uniqfile.$filename; if(!in_array(strtolower($extension), $allowed)){ $result['error'] = 'File not allowed'; }else{ if(move_uploaded_file( $filetmp, $filepath) ){ $result['filesize'] = filesize($filepath); $result['filename'] = $uniqfile.$filename; $result['path'] = $path.$uniqfile.$filename; $result['filepath'] = $filepath; $result['fileurl'] = Site::$url.$path.$uniqfile.$filename; }else{ $result['error'] = 'Cannot upload to directory, please check if directory is exist or You had permission to write it.'; } } }else{ $result['error'] = ''; } return $result; }" 4670,"private function checkResponse ($string) { if (substr($string, 0, 3) !== '+OK') { $this->error = array( 'error' => ""Server reported an error: $string"", 'errno' => 0, 'errstr' => '' ); if ($this->do_debug >= 1) { $this->displayErrors(); } return false; } else { return true; } }",True,PHP,checkResponse,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function sitemap() { switch (SMART_URL) { case true: $url = Site::$url.""/sitemap"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page=sitemap""; break; } return $url; }" 4671,"private function checkResponse ($string) { if (substr($string, 0, 3) !== '+OK') { $this->error = array( 'error' => ""Server reported an error: $string"", 'errno' => 0, 'errstr' => '' ); if ($this->do_debug >= 1) { $this->displayErrors(); } return false; } else { return true; } }",True,PHP,checkResponse,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function sitemap() { switch (SMART_URL) { case true: $url = Site::$url.""/sitemap"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page=sitemap""; break; } return $url; }" 4674,public function __construct() { $this->pop_conn = 0; $this->connected = false; $this->error = null; },True,PHP,__construct,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function sitemap() { switch (SMART_URL) { case true: $url = Site::$url.""/sitemap"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page=sitemap""; break; } return $url; }" 4675,public function __construct() { $this->pop_conn = 0; $this->connected = false; $this->error = null; },True,PHP,__construct,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function sitemap() { switch (SMART_URL) { case true: $url = Site::$url.""/sitemap"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page=sitemap""; break; } return $url; }" 4676,"private function sendString ($string) { $bytes_sent = fwrite($this->pop_conn, $string, strlen($string)); return $bytes_sent; }",True,PHP,sendString,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function sitemap() { switch (SMART_URL) { case true: $url = Site::$url.""/sitemap"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page=sitemap""; break; } return $url; }" 4677,"private function sendString ($string) { $bytes_sent = fwrite($this->pop_conn, $string, strlen($string)); return $bytes_sent; }",True,PHP,sendString,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function sitemap() { switch (SMART_URL) { case true: $url = Site::$url.""/sitemap"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page=sitemap""; break; } return $url; }" 4680,"public function Authorise ($host, $port = false, $tval = false, $username, $password, $debug_level = 0) { $this->host = $host; if ($port == false) { $this->port = $this->POP3_PORT; } else { $this->port = $port; } if ($tval == false) { $this->tval = $this->POP3_TIMEOUT; } else { $this->tval = $tval; } $this->do_debug = $debug_level; $this->username = $username; $this->password = $password; $this->error = null; $result = $this->Connect($this->host, $this->port, $this->tval); if ($result) { $login_result = $this->Login($this->username, $this->password); if ($login_result) { $this->Disconnect(); return true; } } $this->Disconnect(); return false; }",True,PHP,Authorise,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function sitemap() { switch (SMART_URL) { case true: $url = Site::$url.""/sitemap"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page=sitemap""; break; } return $url; }" 4681,"public function Authorise ($host, $port = false, $tval = false, $username, $password, $debug_level = 0) { $this->host = $host; if ($port == false) { $this->port = $this->POP3_PORT; } else { $this->port = $port; } if ($tval == false) { $this->tval = $this->POP3_TIMEOUT; } else { $this->tval = $tval; } $this->do_debug = $debug_level; $this->username = $username; $this->password = $password; $this->error = null; $result = $this->Connect($this->host, $this->port, $this->tval); if ($result) { $login_result = $this->Login($this->username, $this->password); if ($login_result) { $this->Disconnect(); return true; } } $this->Disconnect(); return false; }",True,PHP,Authorise,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function sitemap() { switch (SMART_URL) { case true: $url = Site::$url.""/sitemap"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page=sitemap""; break; } return $url; }" 4682,print_r($single_error); } echo ''; },True,PHP,print_r,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function sitemap() { switch (SMART_URL) { case true: $url = Site::$url.""/sitemap"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page=sitemap""; break; } return $url; }" 4683,print_r($single_error); } echo ''; },True,PHP,print_r,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function page($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page={$vars}""; break; } return $url; }" 4684,"private function getResponse ($size = 128) { $pop3_response = fgets($this->pop_conn, $size); return $pop3_response; }",True,PHP,getResponse,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function page($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page={$vars}""; break; } return $url; }" 4685,"private function getResponse ($size = 128) { $pop3_response = fgets($this->pop_conn, $size); return $pop3_response; }",True,PHP,getResponse,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function page($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page={$vars}""; break; } return $url; }" 4688,"private function catchWarning ($errno, $errstr, $errfile, $errline) { $this->error[] = array( 'error' => ""Connecting to the POP3 server raised a PHP warning: "", 'errno' => $errno, 'errstr' => $errstr ); }",True,PHP,catchWarning,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function page($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page={$vars}""; break; } return $url; }" 4689,"private function catchWarning ($errno, $errstr, $errfile, $errline) { $this->error[] = array( 'error' => ""Connecting to the POP3 server raised a PHP warning: "", 'errno' => $errno, 'errstr' => $errstr ); }",True,PHP,catchWarning,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function page($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page={$vars}""; break; } return $url; }" 4692,public function Disconnect () { $this->sendString('QUIT'); fclose($this->pop_conn); },True,PHP,Disconnect,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function page($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page={$vars}""; break; } return $url; }" 4693,public function Disconnect () { $this->sendString('QUIT'); fclose($this->pop_conn); },True,PHP,Disconnect,class.pop3.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function page($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page={$vars}""; break; } return $url; }" 4702,public function Close() { $this->error = null; $this->helo_rply = null; if(!empty($this->smtp_conn)) { fclose($this->smtp_conn); $this->smtp_conn = 0; } },True,PHP,Close,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function page($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page={$vars}""; break; } return $url; }" 4703,public function Close() { $this->error = null; $this->helo_rply = null; if(!empty($this->smtp_conn)) { fclose($this->smtp_conn); $this->smtp_conn = 0; } },True,PHP,Close,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function page($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?page={$vars}""; break; } return $url; }" 4708,"public function Hello($host = '') { $this->error = null; if(!$this->connected()) { $this->error = array( ""error"" => ""Called Hello() without being connected""); return false; } if(empty($host)) { $host = ""localhost""; } if(!$this->SendHello(""EHLO"", $host)) { if(!$this->SendHello(""HELO"", $host)) { return false; } } return true; }",True,PHP,Hello,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function rss() { switch (SMART_URL) { case true: $url = Site::$url.""/rss"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?rss""; break; } return $url; }" 4709,"public function Hello($host = '') { $this->error = null; if(!$this->connected()) { $this->error = array( ""error"" => ""Called Hello() without being connected""); return false; } if(empty($host)) { $host = ""localhost""; } if(!$this->SendHello(""EHLO"", $host)) { if(!$this->SendHello(""HELO"", $host)) { return false; } } return true; }",True,PHP,Hello,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function rss() { switch (SMART_URL) { case true: $url = Site::$url.""/rss"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?rss""; break; } return $url; }" 4710,"private function SendHello($hello, $host) { fputs($this->smtp_conn, $hello . "" "" . $host . $this->CRLF); $rply = $this->get_lines(); $code = substr($rply,0,3); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER: "" . $rply . $this->CRLF . '
    '); } if($code != 250) { $this->error = array(""error"" => $hello . "" not accepted from server"", ""smtp_code"" => $code, ""smtp_msg"" => substr($rply,4)); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": "" . $rply . $this->CRLF . '
    '); } return false; } $this->helo_rply = $rply; return true; }",True,PHP,SendHello,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function rss() { switch (SMART_URL) { case true: $url = Site::$url.""/rss"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?rss""; break; } return $url; }" 4711,"private function SendHello($hello, $host) { fputs($this->smtp_conn, $hello . "" "" . $host . $this->CRLF); $rply = $this->get_lines(); $code = substr($rply,0,3); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER: "" . $rply . $this->CRLF . '
    '); } if($code != 250) { $this->error = array(""error"" => $hello . "" not accepted from server"", ""smtp_code"" => $code, ""smtp_msg"" => substr($rply,4)); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": "" . $rply . $this->CRLF . '
    '); } return false; } $this->helo_rply = $rply; return true; }",True,PHP,SendHello,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function rss() { switch (SMART_URL) { case true: $url = Site::$url.""/rss"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?rss""; break; } return $url; }" 4718,"public function Connect($host, $port = 0, $tval = 30) { $this->error = null; if($this->connected()) { $this->error = array(""error"" => ""Already connected to a server""); return false; } if(empty($port)) { $port = $this->SMTP_PORT; } $this->smtp_conn = @fsockopen($host, $port, $errno, $errstr, $tval); if(empty($this->smtp_conn)) { $this->error = array(""error"" => ""Failed to connect to server"", ""errno"" => $errno, ""errstr"" => $errstr); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": $errstr ($errno)"" . $this->CRLF . '
    '); } return false; } if(substr(PHP_OS, 0, 3) != ""WIN"") { $max = ini_get('max_execution_time'); if ($max != 0 && $tval > $max) { @set_time_limit($tval); } stream_set_timeout($this->smtp_conn, $tval, 0); } $announce = $this->get_lines(); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $announce . $this->CRLF . '
    '); } return true; }",True,PHP,Connect,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function rss() { switch (SMART_URL) { case true: $url = Site::$url.""/rss"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?rss""; break; } return $url; }" 4719,"public function Connect($host, $port = 0, $tval = 30) { $this->error = null; if($this->connected()) { $this->error = array(""error"" => ""Already connected to a server""); return false; } if(empty($port)) { $port = $this->SMTP_PORT; } $this->smtp_conn = @fsockopen($host, $port, $errno, $errstr, $tval); if(empty($this->smtp_conn)) { $this->error = array(""error"" => ""Failed to connect to server"", ""errno"" => $errno, ""errstr"" => $errstr); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": $errstr ($errno)"" . $this->CRLF . '
    '); } return false; } if(substr(PHP_OS, 0, 3) != ""WIN"") { $max = ini_get('max_execution_time'); if ($max != 0 && $tval > $max) { @set_time_limit($tval); } stream_set_timeout($this->smtp_conn, $tval, 0); } $announce = $this->get_lines(); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $announce . $this->CRLF . '
    '); } return true; }",True,PHP,Connect,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function rss() { switch (SMART_URL) { case true: $url = Site::$url.""/rss"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?rss""; break; } return $url; }" 4726,public function getError() { return $this->error; },True,PHP,getError,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function rss() { switch (SMART_URL) { case true: $url = Site::$url.""/rss"".GX_URL_PREFIX; break; default: $url = Site::$url.""/index.php?rss""; break; } return $url; }" 4727,public function getError() { return $this->error; },True,PHP,getError,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function post($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).""/{$vars}""; break; default: $url = Site::$url.""/index.php?post={$vars}""; break; } return $url; }" 4728,"private function edebug($str) { if ($this->Debugoutput == ""error_log"") { error_log($str); } else { echo $str; } }",True,PHP,edebug,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function post($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).""/{$vars}""; break; default: $url = Site::$url.""/index.php?post={$vars}""; break; } return $url; }" 4729,"private function edebug($str) { if ($this->Debugoutput == ""error_log"") { error_log($str); } else { echo $str; } }",True,PHP,edebug,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function post($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).""/{$vars}""; break; default: $url = Site::$url.""/index.php?post={$vars}""; break; } return $url; }" 4738,"public function Connected() { if(!empty($this->smtp_conn)) { $sock_status = socket_get_status($this->smtp_conn); if($sock_status[""eof""]) { if($this->do_debug >= 1) { $this->edebug(""SMTP -> NOTICE:"" . $this->CRLF . ""EOF caught while checking if connected""); } $this->Close(); return false; } return true; } return false; }",True,PHP,Connected,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function post($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).""/{$vars}""; break; default: $url = Site::$url.""/index.php?post={$vars}""; break; } return $url; }" 4739,"public function Connected() { if(!empty($this->smtp_conn)) { $sock_status = socket_get_status($this->smtp_conn); if($sock_status[""eof""]) { if($this->do_debug >= 1) { $this->edebug(""SMTP -> NOTICE:"" . $this->CRLF . ""EOF caught while checking if connected""); } $this->Close(); return false; } return true; } return false; }",True,PHP,Connected,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function post($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).""/{$vars}""; break; default: $url = Site::$url.""/index.php?post={$vars}""; break; } return $url; }" 4742,public function __construct() { $this->smtp_conn = 0; $this->error = null; $this->helo_rply = null; $this->do_debug = 0; },True,PHP,__construct,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function post($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).""/{$vars}""; break; default: $url = Site::$url.""/index.php?post={$vars}""; break; } return $url; }" 4743,public function __construct() { $this->smtp_conn = 0; $this->error = null; $this->helo_rply = null; $this->do_debug = 0; },True,PHP,__construct,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function post($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).""/{$vars}""; break; default: $url = Site::$url.""/index.php?post={$vars}""; break; } return $url; }" 4746,"public function SendAndMail($from) { $this->error = null; if(!$this->connected()) { $this->error = array( ""error"" => ""Called SendAndMail() without being connected""); return false; } fputs($this->smtp_conn,""SAML FROM:"" . $from . $this->CRLF); $rply = $this->get_lines(); $code = substr($rply,0,3); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $rply . $this->CRLF . '
    '); } if($code != 250) { $this->error = array(""error"" => ""SAML not accepted from server"", ""smtp_code"" => $code, ""smtp_msg"" => substr($rply,4)); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": "" . $rply . $this->CRLF . '
    '); } return false; } return true; }",True,PHP,SendAndMail,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function post($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).""/{$vars}""; break; default: $url = Site::$url.""/index.php?post={$vars}""; break; } return $url; }" 4747,"public function SendAndMail($from) { $this->error = null; if(!$this->connected()) { $this->error = array( ""error"" => ""Called SendAndMail() without being connected""); return false; } fputs($this->smtp_conn,""SAML FROM:"" . $from . $this->CRLF); $rply = $this->get_lines(); $code = substr($rply,0,3); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $rply . $this->CRLF . '
    '); } if($code != 250) { $this->error = array(""error"" => ""SAML not accepted from server"", ""smtp_code"" => $code, ""smtp_msg"" => substr($rply,4)); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": "" . $rply . $this->CRLF . '
    '); } return false; } return true; }",True,PHP,SendAndMail,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function post($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".self::slug($vars).""/{$vars}""; break; default: $url = Site::$url.""/index.php?post={$vars}""; break; } return $url; }" 4748,"public function Reset() { $this->error = null; if(!$this->connected()) { $this->error = array( ""error"" => ""Called Reset() without being connected""); return false; } fputs($this->smtp_conn,""RSET"" . $this->CRLF); $rply = $this->get_lines(); $code = substr($rply,0,3); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $rply . $this->CRLF . '
    '); } if($code != 250) { $this->error = array(""error"" => ""RSET failed"", ""smtp_code"" => $code, ""smtp_msg"" => substr($rply,4)); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": "" . $rply . $this->CRLF . '
    '); } return false; } return true; }",True,PHP,Reset,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function cat($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".$vars.""/"".Typo::slugify(Categories::name($vars)); break; default: $url = Site::$url.""/index.php?cat={$vars}""; break; } return $url; }" 4749,"public function Reset() { $this->error = null; if(!$this->connected()) { $this->error = array( ""error"" => ""Called Reset() without being connected""); return false; } fputs($this->smtp_conn,""RSET"" . $this->CRLF); $rply = $this->get_lines(); $code = substr($rply,0,3); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $rply . $this->CRLF . '
    '); } if($code != 250) { $this->error = array(""error"" => ""RSET failed"", ""smtp_code"" => $code, ""smtp_msg"" => substr($rply,4)); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": "" . $rply . $this->CRLF . '
    '); } return false; } return true; }",True,PHP,Reset,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function cat($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".$vars.""/"".Typo::slugify(Categories::name($vars)); break; default: $url = Site::$url.""/index.php?cat={$vars}""; break; } return $url; }" 4756,"public function StartTLS() { $this->error = null; if(!$this->connected()) { $this->error = array(""error"" => ""Called StartTLS() without being connected""); return false; } fputs($this->smtp_conn,""STARTTLS"" . $this->CRLF); $rply = $this->get_lines(); $code = substr($rply,0,3); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $rply . $this->CRLF . '
    '); } if($code != 220) { $this->error = array(""error"" => ""STARTTLS not accepted from server"", ""smtp_code"" => $code, ""smtp_msg"" => substr($rply,4)); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": "" . $rply . $this->CRLF . '
    '); } return false; } if(!stream_socket_enable_crypto($this->smtp_conn, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { return false; } return true; }",True,PHP,StartTLS,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function cat($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".$vars.""/"".Typo::slugify(Categories::name($vars)); break; default: $url = Site::$url.""/index.php?cat={$vars}""; break; } return $url; }" 4757,"public function StartTLS() { $this->error = null; if(!$this->connected()) { $this->error = array(""error"" => ""Called StartTLS() without being connected""); return false; } fputs($this->smtp_conn,""STARTTLS"" . $this->CRLF); $rply = $this->get_lines(); $code = substr($rply,0,3); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $rply . $this->CRLF . '
    '); } if($code != 220) { $this->error = array(""error"" => ""STARTTLS not accepted from server"", ""smtp_code"" => $code, ""smtp_msg"" => substr($rply,4)); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": "" . $rply . $this->CRLF . '
    '); } return false; } if(!stream_socket_enable_crypto($this->smtp_conn, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { return false; } return true; }",True,PHP,StartTLS,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function cat($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".$vars.""/"".Typo::slugify(Categories::name($vars)); break; default: $url = Site::$url.""/index.php?cat={$vars}""; break; } return $url; }" 4762,"public function Quit($close_on_error = true) { $this->error = null; if(!$this->connected()) { $this->error = array( ""error"" => ""Called Quit() without being connected""); return false; } fputs($this->smtp_conn,""quit"" . $this->CRLF); $byemsg = $this->get_lines(); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $byemsg . $this->CRLF . '
    '); } $rval = true; $e = null; $code = substr($byemsg,0,3); if($code != 221) { $e = array(""error"" => ""SMTP server rejected quit command"", ""smtp_code"" => $code, ""smtp_rply"" => substr($byemsg,4)); $rval = false; if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $e[""error""] . "": "" . $byemsg . $this->CRLF . '
    '); } } if(empty($e) || $close_on_error) { $this->Close(); } return $rval; }",True,PHP,Quit,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function cat($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".$vars.""/"".Typo::slugify(Categories::name($vars)); break; default: $url = Site::$url.""/index.php?cat={$vars}""; break; } return $url; }" 4763,"public function Quit($close_on_error = true) { $this->error = null; if(!$this->connected()) { $this->error = array( ""error"" => ""Called Quit() without being connected""); return false; } fputs($this->smtp_conn,""quit"" . $this->CRLF); $byemsg = $this->get_lines(); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $byemsg . $this->CRLF . '
    '); } $rval = true; $e = null; $code = substr($byemsg,0,3); if($code != 221) { $e = array(""error"" => ""SMTP server rejected quit command"", ""smtp_code"" => $code, ""smtp_rply"" => substr($byemsg,4)); $rval = false; if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $e[""error""] . "": "" . $byemsg . $this->CRLF . '
    '); } } if(empty($e) || $close_on_error) { $this->Close(); } return $rval; }",True,PHP,Quit,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function cat($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".$vars.""/"".Typo::slugify(Categories::name($vars)); break; default: $url = Site::$url.""/index.php?cat={$vars}""; break; } return $url; }" 4768,"public function Recipient($to) { $this->error = null; if(!$this->connected()) { $this->error = array( ""error"" => ""Called Recipient() without being connected""); return false; } fputs($this->smtp_conn,""RCPT TO:<"" . $to . "">"" . $this->CRLF); $rply = $this->get_lines(); $code = substr($rply,0,3); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $rply . $this->CRLF . '
    '); } if($code != 250 && $code != 251) { $this->error = array(""error"" => ""RCPT not accepted from server"", ""smtp_code"" => $code, ""smtp_msg"" => substr($rply,4)); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": "" . $rply . $this->CRLF . '
    '); } return false; } return true; }",True,PHP,Recipient,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function cat($vars) { switch (SMART_URL) { case true: $url = Site::$url.""/"".$vars.""/"".Typo::slugify(Categories::name($vars)); break; default: $url = Site::$url.""/index.php?cat={$vars}""; break; } return $url; }" 4769,"public function Recipient($to) { $this->error = null; if(!$this->connected()) { $this->error = array( ""error"" => ""Called Recipient() without being connected""); return false; } fputs($this->smtp_conn,""RCPT TO:<"" . $to . "">"" . $this->CRLF); $rply = $this->get_lines(); $code = substr($rply,0,3); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $rply . $this->CRLF . '
    '); } if($code != 250 && $code != 251) { $this->error = array(""error"" => ""RCPT not accepted from server"", ""smtp_code"" => $code, ""smtp_msg"" => substr($rply,4)); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": "" . $rply . $this->CRLF . '
    '); } return false; } return true; }",True,PHP,Recipient,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"function display_error_block() { if (!empty($_SESSION['error_msg'])) { echo '

    '. htmlentities($_SESSION['error_msg']) .'

    '.""\n""; unset($_SESSION['error_msg']); } }" 4774,"public function Mail($from) { $this->error = null; if(!$this->connected()) { $this->error = array( ""error"" => ""Called Mail() without being connected""); return false; } $useVerp = ($this->do_verp ? "" XVERP"" : """"); fputs($this->smtp_conn,""MAIL FROM:<"" . $from . "">"" . $useVerp . $this->CRLF); $rply = $this->get_lines(); $code = substr($rply,0,3); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $rply . $this->CRLF . '
    '); } if($code != 250) { $this->error = array(""error"" => ""MAIL not accepted from server"", ""smtp_code"" => $code, ""smtp_msg"" => substr($rply,4)); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": "" . $rply . $this->CRLF . '
    '); } return false; } return true; }",True,PHP,Mail,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function decode($jwt, $key = null, $algo = null) { $tks = explode('.', $jwt); if (count($tks) != 3) { throw new Exception('Wrong number of segments'); } list($headb64, $payloadb64, $cryptob64) = $tks; if (null === ($header = json_decode(JWT::urlsafeB64Decode($headb64)))) { throw new Exception('Invalid segment encoding'); } if (null === $payload = json_decode(JWT::urlsafeB64Decode($payloadb64))) { throw new Exception('Invalid segment encoding'); } $sig = JWT::urlsafeB64Decode($cryptob64); if (isset($key)) { if (empty($header->alg)) { throw new DomainException('Empty algorithm'); } if (!JWT::verifySignature($sig, ""$headb64.$payloadb64"", $key, $algo)) { throw new UnexpectedValueException('Signature verification failed'); } } return $payload; }" 4775,"public function Mail($from) { $this->error = null; if(!$this->connected()) { $this->error = array( ""error"" => ""Called Mail() without being connected""); return false; } $useVerp = ($this->do_verp ? "" XVERP"" : """"); fputs($this->smtp_conn,""MAIL FROM:<"" . $from . "">"" . $useVerp . $this->CRLF); $rply = $this->get_lines(); $code = substr($rply,0,3); if($this->do_debug >= 2) { $this->edebug(""SMTP -> FROM SERVER:"" . $rply . $this->CRLF . '
    '); } if($code != 250) { $this->error = array(""error"" => ""MAIL not accepted from server"", ""smtp_code"" => $code, ""smtp_msg"" => substr($rply,4)); if($this->do_debug >= 1) { $this->edebug(""SMTP -> ERROR: "" . $this->error[""error""] . "": "" . $rply . $this->CRLF . '
    '); } return false; } return true; }",True,PHP,Mail,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"private static function verifySignature($signature, $input, $key, $algo) { switch ($algo) { case'HS256': case'HS384': case'HS512': return JWT::sign($input, $key, $algo) === $signature; case 'RS256': return (boolean) openssl_verify($input, $signature, $key, OPENSSL_ALGO_SHA256); case 'RS384': return (boolean) openssl_verify($input, $signature, $key, OPENSSL_ALGO_SHA384); case 'RS512': return (boolean) openssl_verify($input, $signature, $key, OPENSSL_ALGO_SHA512); default: throw new Exception(""Unsupported or invalid signing algorithm.""); } }" 4784,"private function get_lines() { $data = """"; $endtime = 0; if (!is_resource($this->smtp_conn)) { return $data; } stream_set_timeout($this->smtp_conn, $this->Timeout); if ($this->Timelimit > 0) { $endtime = time() + $this->Timelimit; } while(is_resource($this->smtp_conn) && !feof($this->smtp_conn)) { $str = @fgets($this->smtp_conn,515); if($this->do_debug >= 4) { $this->edebug(""SMTP -> get_lines(): \$data was \""$data\"""" . $this->CRLF . '
    '); $this->edebug(""SMTP -> get_lines(): \$str is \""$str\"""" . $this->CRLF . '
    '); } $data .= $str; if($this->do_debug >= 4) { $this->edebug(""SMTP -> get_lines(): \$data is \""$data\"""" . $this->CRLF . '
    '); } if(substr($str,3,1) == "" "") { break; } $info = stream_get_meta_data($this->smtp_conn); if ($info['timed_out']) { if($this->do_debug >= 4) { $this->edebug(""SMTP -> get_lines(): timed-out ("" . $this->Timeout . "" seconds)
    ""); } break; } if ($endtime) { if (time() > $endtime) { if($this->do_debug >= 4) { $this->edebug(""SMTP -> get_lines(): timelimit reached ("" . $this->Timelimit . "" seconds)
    ""); } break; } } } return $data; }",True,PHP,get_lines,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"private static function sign($input, $key, $algo) { switch ($algo) { case 'HS256': return hash_hmac('sha256', $input, $key, true); case 'HS384': return hash_hmac('sha384', $input, $key, true); case 'HS512': return hash_hmac('sha512', $input, $key, true); case 'RS256': return JWT::generateRSASignature($input, $key, OPENSSL_ALGO_SHA256); case 'RS384': return JWT::generateRSASignature($input, $key, OPENSSL_ALGO_SHA384); case 'RS512': return JWT::generateRSASignature($input, $key, OPENSSL_ALGO_SHA512); default: throw new Exception(""Unsupported or invalid signing algorithm.""); } }" 4785,"private function get_lines() { $data = """"; $endtime = 0; if (!is_resource($this->smtp_conn)) { return $data; } stream_set_timeout($this->smtp_conn, $this->Timeout); if ($this->Timelimit > 0) { $endtime = time() + $this->Timelimit; } while(is_resource($this->smtp_conn) && !feof($this->smtp_conn)) { $str = @fgets($this->smtp_conn,515); if($this->do_debug >= 4) { $this->edebug(""SMTP -> get_lines(): \$data was \""$data\"""" . $this->CRLF . '
    '); $this->edebug(""SMTP -> get_lines(): \$str is \""$str\"""" . $this->CRLF . '
    '); } $data .= $str; if($this->do_debug >= 4) { $this->edebug(""SMTP -> get_lines(): \$data is \""$data\"""" . $this->CRLF . '
    '); } if(substr($str,3,1) == "" "") { break; } $info = stream_get_meta_data($this->smtp_conn); if ($info['timed_out']) { if($this->do_debug >= 4) { $this->edebug(""SMTP -> get_lines(): timed-out ("" . $this->Timeout . "" seconds)
    ""); } break; } if ($endtime) { if (time() > $endtime) { if($this->do_debug >= 4) { $this->edebug(""SMTP -> get_lines(): timelimit reached ("" . $this->Timelimit . "" seconds)
    ""); } break; } } } return $data; }",True,PHP,get_lines,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function getStylesheet($styleName) { $customStyleKeys = array_keys(get_option(SlideshowPluginGeneralSettings::$customStyles, array())); if (in_array($styleName, $customStyleKeys)) { $stylesheet = get_option($styleName, ''); } else { $stylesheetFile = SlideshowPluginMain::getPluginPath() . DIRECTORY_SEPARATOR . 'style' . DIRECTORY_SEPARATOR . 'SlideshowPlugin' . DIRECTORY_SEPARATOR . $styleName . '.css'; if (!file_exists($stylesheetFile)) { $stylesheetFile = SlideshowPluginMain::getPluginPath() . DIRECTORY_SEPARATOR . 'style' . DIRECTORY_SEPARATOR . 'SlideshowPlugin' . DIRECTORY_SEPARATOR . 'style-light.css'; } ob_start(); include($stylesheetFile); $stylesheet = ob_get_clean(); } $stylesheet = str_replace('%plugin-url%', SlideshowPluginMain::getPluginUrl(), $stylesheet); $stylesheet = str_replace('%site-url%', get_bloginfo('url'), $stylesheet); $stylesheet = str_replace('%stylesheet-url%', get_stylesheet_directory_uri(), $stylesheet); $stylesheet = str_replace('%template-url%', get_template_directory_uri(), $stylesheet); $stylesheet = str_replace('.slideshow_container', '.slideshow_container_' . $styleName, $stylesheet); return $stylesheet; }" 4796,"public function Turn() { $this->error = array(""error"" => ""This method, TURN, of the SMTP "". ""is not implemented""); if($this->do_debug >= 1) { $this->edebug(""SMTP -> NOTICE: "" . $this->error[""error""] . $this->CRLF . '
    '); } return false; }",True,PHP,Turn,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$this->setType('folder'); } if (preg_match(""@\.ph(p[\d+]?|t|tml|ps|ar)$@i"", $this->getFilename()) || $this->getFilename() == '.htaccess') { $this->setFilename($this->getFilename() . '.txt'); } if(mb_strlen($this->getFilename()) > 255) { throw new \Exception('Filenames longer than 255 characters are not allowed'); } if (Asset\Service::pathExists($this->getRealFullPath())) { $duplicate = Asset::getByPath($this->getRealFullPath()); if ($duplicate instanceof Asset and $duplicate->getId() != $this->getId()) { throw new \Exception('Duplicate full path [ ' . $this->getRealFullPath() . ' ] - cannot save asset'); } } $this->validatePathLength(); }" 4797,"public function Turn() { $this->error = array(""error"" => ""This method, TURN, of the SMTP "". ""is not implemented""); if($this->do_debug >= 1) { $this->edebug(""SMTP -> NOTICE: "" . $this->error[""error""] . $this->CRLF . '
    '); } return false; }",True,PHP,Turn,class.smtp.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"} elseif ($type == 'customlayout') { $layoutData = json_decode($data['name'], true); $className = $layoutData['className']; $layoutName = $layoutData['name']; if ($item['name'] == $layoutName && $item['className'] == $className) { $class = DataObject\ClassDefinition::getByName($className); if (!$class) { throw new \Exception('Class does not exist'); } $classId = $class->getId(); $layoutList = new DataObject\ClassDefinition\CustomLayout\Listing(); $db = \Pimcore\Db::get(); $layoutList->setCondition('name = ' . $db->quote($layoutName) . ' AND classId = ' . $classId); $layoutList = $layoutList->load(); $layoutDefinition = null; if ($layoutList) { $layoutDefinition = $layoutList[0]; } if (!$layoutDefinition) { $layoutDefinition = new DataObject\ClassDefinition\CustomLayout(); $layoutDefinition->setName($layoutName); $layoutDefinition->setClassId($classId); } try { $layoutDefinition->setDescription($item['description']); $layoutDef = DataObject\ClassDefinition\Service::generateLayoutTreeFromArray($item['layoutDefinitions'], true); $layoutDefinition->setLayoutDefinitions($layoutDef); $layoutDefinition->save(); } catch (\Exception $e) { Logger::error($e->getMessage()); return $this->adminJson(['success' => false, 'message' => $e->getMessage()]); } } } } return $this->adminJson(['success' => true]); }" 4808,"$modelName = ucfirst ($module->name); if (class_exists ($modelName)) { $cache[$widgetType][$modelName.'::TemplatesGridViewProfileWidget'] = Yii::t( 'app', '{modelName} Summary', array ('{modelName}' => $modelName)); } } } } return $cache[$widgetType]; }",True,PHP,ucfirst,SortableWidget.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function videoThumbnailTreeAction() { $this->checkPermission('thumbnails'); $thumbnails = []; $list = new Asset\Video\Thumbnail\Config\Listing(); $groups = []; foreach ($list->getThumbnails() as $item) { if ($item->getGroup()) { if (empty($groups[$item->getGroup()])) { $groups[$item->getGroup()] = [ 'id' => 'group_' . $item->getName(), 'text' => htmlspecialchars($item->getGroup()), 'expandable' => true, 'leaf' => false, 'allowChildren' => true, 'iconCls' => 'pimcore_icon_folder', 'group' => $item->getGroup(), 'children' => [], ]; } $groups[$item->getGroup()]['children'][] = [ 'id' => $item->getName(), 'text' => $item->getName(), 'leaf' => true, 'iconCls' => 'pimcore_icon_videothumbnails', 'cls' => 'pimcore_treenode_disabled', 'writeable' => $item->isWriteable(), ]; } else { $thumbnails[] = [ 'id' => $item->getName(), 'text' => $item->getName(), 'leaf' => true, 'iconCls' => 'pimcore_icon_videothumbnails', 'cls' => 'pimcore_treenode_disabled', 'writeable' => $item->isWriteable(), ]; } } foreach ($groups as $group) { $thumbnails[] = $group; } return $this->adminJson($thumbnails); }" 4809,"$modelName = ucfirst ($module->name); if (class_exists ($modelName)) { $cache[$widgetType][$modelName.'::TemplatesGridViewProfileWidget'] = Yii::t( 'app', '{modelName} Summary', array ('{modelName}' => $modelName)); } } } } return $cache[$widgetType]; }",True,PHP,ucfirst,SortableWidget.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function thumbnailTreeAction() { $this->checkPermission('thumbnails'); $thumbnails = []; $list = new Asset\Image\Thumbnail\Config\Listing(); $groups = []; foreach ($list->getThumbnails() as $item) { if ($item->getGroup()) { if (empty($groups[$item->getGroup()])) { $groups[$item->getGroup()] = [ 'id' => 'group_' . $item->getName(), 'text' => htmlspecialchars($item->getGroup()), 'expandable' => true, 'leaf' => false, 'allowChildren' => true, 'iconCls' => 'pimcore_icon_folder', 'group' => $item->getGroup(), 'children' => [], ]; } $groups[$item->getGroup()]['children'][] = [ 'id' => $item->getName(), 'text' => $item->getName(), 'leaf' => true, 'iconCls' => 'pimcore_icon_thumbnails', 'cls' => 'pimcore_treenode_disabled', 'writeable' => $item->isWriteable(), ]; } else { $thumbnails[] = [ 'id' => $item->getName(), 'text' => $item->getName(), 'leaf' => true, 'iconCls' => 'pimcore_icon_thumbnails', 'cls' => 'pimcore_treenode_disabled', 'writeable' => $item->isWriteable(), ]; } } foreach ($groups as $group) { $thumbnails[] = $group; } return $this->adminJson($thumbnails); }" 4814,"public function getViewFileParams () { if (!isset ($this->_viewFileParams)) { $this->_viewFileParams = array_merge ( parent::getViewFileParams (), array ( 'userNames' => User::getNames (), 'socialSubtypes' => json_decode ( Dropdowns::model()->findByPk(113)->options,true), 'visibilityFilters' => array ( '1'=>'Public', '0'=>'Private', ), 'chartSettingsDataProvider' => self::getChartSettingsProvider ( $this->chartType), 'suppressChartSettings' => false, 'metricTypes' => array ( 'any'=>Yii::t('app', 'All Events'), 'notif'=>Yii::t('app', 'Notifications'), 'feed'=>Yii::t('app', 'Feed Events'), 'comment'=>Yii::t('app', 'Comments'), 'record_create'=>Yii::t('app', 'Records Created'), 'record_deleted'=>Yii::t('app', 'Records Deleted'), 'weblead_create'=>Yii::t('app', 'Webleads Created'), 'workflow_start'=>Yii::t('app', '{Process} Started', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'workflow_complete'=>Yii::t('app', '{Process} Complete', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'workflow_revert'=>Yii::t('app', '{Process} Reverted', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'email_sent'=>Yii::t('app', 'Emails Sent'), 'email_opened'=>Yii::t('app', 'Emails Opened'), 'web_activity'=>Yii::t('app', 'Web Activity'), 'case_escalated'=>Yii::t('app', 'Cases Escalated'), 'calendar_event'=>Yii::t('app', '{Calendar} Events', array( '{Calendar}' => Modules::displayName(false, 'Calendar') )), 'action_reminder'=>Yii::t('app', '{Action} Reminders', array( '{Action}' => Modules::displayName(false, 'Actions') )), 'action_complete'=>Yii::t('app', '{Actions} Completed', array( '{Actions}' => Modules::displayName(true, 'Actions') )), 'doc_update'=>Yii::t('app', 'Doc Updates'), 'email_from'=>Yii::t('app', 'Email Received'), 'voip_calls'=>Yii::t('app', 'VOIP Calls'), 'media'=>Yii::t('app', '{Media}', array( '{Media}' => Modules::displayName(true, 'Media') )) ), 'chartType' => 'eventsChart', 'widgetUID' => $this->widgetUID, ) ); } return $this->_viewFileParams; }",True,PHP,getViewFileParams,EventsChartProfileWidget.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function uploadCustomLogoAction(Request $request) { $sourcePath = $_FILES['Filedata']['tmp_name']; $fileExt = File::getFileExtension($_FILES['Filedata']['name']); if (!in_array($fileExt, ['svg', 'png', 'jpg'])) { throw new \Exception('Unsupported file format'); } $storage = Tool\Storage::get('admin'); $fileMimeType = MimeTypes::getDefault()->guessMimeType($sourcePath); if ($fileMimeType === 'image/svg+xml') { $fileContent = file_get_contents($sourcePath); $sanitizer = new Sanitizer(); $sanitizedFileContent = $sanitizer->sanitize($fileContent); if ($sanitizedFileContent) { $storage->write(self::CUSTOM_LOGO_PATH, $sanitizedFileContent); }else{ throw new \Exception('SVG Sanitization failed, probably due badly formatted XML. Filename:'.$sourcePath); } }else { $storage->writeStream(self::CUSTOM_LOGO_PATH, fopen($sourcePath, 'rb')); } $response = $this->adminJson(['success' => true]); $response->headers->set('Content-Type', 'text/html'); return $response; }" 4815,"public function getViewFileParams () { if (!isset ($this->_viewFileParams)) { $this->_viewFileParams = array_merge ( parent::getViewFileParams (), array ( 'userNames' => User::getNames (), 'socialSubtypes' => json_decode ( Dropdowns::model()->findByPk(113)->options,true), 'visibilityFilters' => array ( '1'=>'Public', '0'=>'Private', ), 'chartSettingsDataProvider' => self::getChartSettingsProvider ( $this->chartType), 'suppressChartSettings' => false, 'metricTypes' => array ( 'any'=>Yii::t('app', 'All Events'), 'notif'=>Yii::t('app', 'Notifications'), 'feed'=>Yii::t('app', 'Feed Events'), 'comment'=>Yii::t('app', 'Comments'), 'record_create'=>Yii::t('app', 'Records Created'), 'record_deleted'=>Yii::t('app', 'Records Deleted'), 'weblead_create'=>Yii::t('app', 'Webleads Created'), 'workflow_start'=>Yii::t('app', '{Process} Started', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'workflow_complete'=>Yii::t('app', '{Process} Complete', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'workflow_revert'=>Yii::t('app', '{Process} Reverted', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'email_sent'=>Yii::t('app', 'Emails Sent'), 'email_opened'=>Yii::t('app', 'Emails Opened'), 'web_activity'=>Yii::t('app', 'Web Activity'), 'case_escalated'=>Yii::t('app', 'Cases Escalated'), 'calendar_event'=>Yii::t('app', '{Calendar} Events', array( '{Calendar}' => Modules::displayName(false, 'Calendar') )), 'action_reminder'=>Yii::t('app', '{Action} Reminders', array( '{Action}' => Modules::displayName(false, 'Actions') )), 'action_complete'=>Yii::t('app', '{Actions} Completed', array( '{Actions}' => Modules::displayName(true, 'Actions') )), 'doc_update'=>Yii::t('app', 'Doc Updates'), 'email_from'=>Yii::t('app', 'Email Received'), 'voip_calls'=>Yii::t('app', 'VOIP Calls'), 'media'=>Yii::t('app', '{Media}', array( '{Media}' => Modules::displayName(true, 'Media') )) ), 'chartType' => 'eventsChart', 'widgetUID' => $this->widgetUID, ) ); } return $this->_viewFileParams; }",True,PHP,getViewFileParams,EventsChartProfileWidget.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getBodyHtmlRendered() { $html = $this->getHtmlBody(); if (!$html) { if ($this->getDocument() instanceof Model\Document) { $attributes = $this->getParams(); $attributes[ElementListener::FORCE_ALLOW_PROCESSING_UNPUBLISHED_ELEMENTS] = true; $html = Model\Document\Service::render($this->getDocument(), $attributes); } } $content = null; if ($html) { $content = $this->renderParams($html, 'body'); $content = MailHelper::embedAndModifyCss($content, $this->getDocument()); $content = MailHelper::setAbsolutePaths($content, $this->getDocument(), $this->getHostUrl()); } return $content; }" 4816,"public function getSetupScript () { if (!isset ($this->_setupScript)) { $widgetClass = get_called_class (); $chartData = $this->getInitialChartData (); $userNames = User::getNames (); $socialSubtypes = json_decode ( Dropdowns::model()->findByPk(113)->options,true); $visibilityFilters = array ( '1'=>'Public', '0'=>'Private', ); $chartSettingsData = self::getChartSettingsProvider ($this->chartType)->data; $this->_setupScript = parent::getSetupScript ()."" $(function () { var chartUID = '$this->chartType$this->widgetUID'; x2[chartUID] = {}; x2[chartUID].chart = X2Chart.instantiateTemporarySubtype ( X2EventsChart, { "".(isset ($chartData) ? ""chartData :"".CJSON::encode ($chartData)."","" : '')."" actionParams: "".CJSON::encode (array ( 'widgetType' => get_called_class (), ))."", socialSubtypes:"".CJSON::encode (array_keys ($socialSubtypes))."", visibilityTypes:"".CJSON::encode (array_keys ($visibilityFilters))."", eventTypes:"".CJSON::encode (array_keys ($userNames))."", translations: "".CJSON::encode ($this->getTranslations ())."", getChartDataActionName: 'getEventsBetween', saveChartSetting: function (key, value, callback) { this.lastChartSettings[key] = value; x2.$widgetClass$this->widgetUID.setProperty ( 'chartSettings', this.lastChartSettings, callback); }, suppressDateRangeSelector: false, suppressChartSettings: false, lastChartSettings: "".CJSON::encode ($this->getChartSettings ())."", widgetUID: '$this->widgetUID', chartType: '$this->chartType', chartSubtype: '"".self::getJSONProperty ( $this->profile, 'chartSubtype', $this->widgetType, $this->widgetUID).""', chartSettings: "".CJSON::encode ( count ($chartSettingsData) ? array_combine ( array_map (function ($setting) { return $setting->name; }, $chartSettingsData), $chartSettingsData) : array ())."" }); $(document).trigger ('$this->chartType' + 'Ready'); }); ""; }",True,PHP,getSetupScript,EventsChartProfileWidget.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function getSubjectRendered() { $subject = $this->getSubject(); if (!$subject && $this->getDocument()) { $subject = $this->getDocument()->getSubject(); } if ($subject) { return $this->renderParams($subject, 'subject'); } return ''; }" 4817,"public function getSetupScript () { if (!isset ($this->_setupScript)) { $widgetClass = get_called_class (); $chartData = $this->getInitialChartData (); $userNames = User::getNames (); $socialSubtypes = json_decode ( Dropdowns::model()->findByPk(113)->options,true); $visibilityFilters = array ( '1'=>'Public', '0'=>'Private', ); $chartSettingsData = self::getChartSettingsProvider ($this->chartType)->data; $this->_setupScript = parent::getSetupScript ()."" $(function () { var chartUID = '$this->chartType$this->widgetUID'; x2[chartUID] = {}; x2[chartUID].chart = X2Chart.instantiateTemporarySubtype ( X2EventsChart, { "".(isset ($chartData) ? ""chartData :"".CJSON::encode ($chartData)."","" : '')."" actionParams: "".CJSON::encode (array ( 'widgetType' => get_called_class (), ))."", socialSubtypes:"".CJSON::encode (array_keys ($socialSubtypes))."", visibilityTypes:"".CJSON::encode (array_keys ($visibilityFilters))."", eventTypes:"".CJSON::encode (array_keys ($userNames))."", translations: "".CJSON::encode ($this->getTranslations ())."", getChartDataActionName: 'getEventsBetween', saveChartSetting: function (key, value, callback) { this.lastChartSettings[key] = value; x2.$widgetClass$this->widgetUID.setProperty ( 'chartSettings', this.lastChartSettings, callback); }, suppressDateRangeSelector: false, suppressChartSettings: false, lastChartSettings: "".CJSON::encode ($this->getChartSettings ())."", widgetUID: '$this->widgetUID', chartType: '$this->chartType', chartSubtype: '"".self::getJSONProperty ( $this->profile, 'chartSubtype', $this->widgetType, $this->widgetUID).""', chartSettings: "".CJSON::encode ( count ($chartSettingsData) ? array_combine ( array_map (function ($setting) { return $setting->name; }, $chartSettingsData), $chartSettingsData) : array ())."" }); $(document).trigger ('$this->chartType' + 'Ready'); }); ""; }",True,PHP,getSetupScript,EventsChartProfileWidget.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getBodyTextRendered() { $text = $this->getTextBody(); if ($text) { $content = $this->renderParams($text, 'body'); } else { try { $htmlContent = $this->getBodyHtmlRendered(); $html = new DomCrawler($htmlContent); $body = $html->filter('body')->eq(0); if ($body->count()) { $style = $body->filter('style')->eq(0); if ($style->count()) { $style->clear(); } $htmlContent = $body->html(); } $html->clear(); unset($html); $content = $this->html2Text($htmlContent); } catch (\Exception $e) { Logger::err((string) $e); $content = ''; } } return $content; }" 4820,"public function getSetupScript () { if (!isset ($this->_setupScript)) { $widgetClass = get_called_class (); $chartData = $this->getInitialChartData (); $userNames = User::getNames (); $eventTypes = array ('all'=>Yii::t('app', 'All Events')) + Events::$eventLabels; $socialSubtypes = json_decode ( Dropdowns::model()->findByPk(113)->options,true); $visibilityFilters = array ( '1'=>'Public', '0'=>'Private', ); $chartSettingsData = self::getChartSettingsProvider ($this->chartType)->data; $this->_setupScript = parent::getSetupScript ()."" $(function () { var chartUID = '$this->chartType$this->widgetUID'; x2[chartUID] = {}; x2[chartUID].chart = X2Chart.instantiateTemporarySubtype ( X2UsersChart, { "".(isset ($chartData) ? ""chartData :"".CJSON::encode ($chartData)."","" : '')."" actionParams: "".CJSON::encode (array ( 'widgetType' => get_called_class (), ))."", socialSubtypes:"".CJSON::encode (array_keys ($socialSubtypes))."", visibilityTypes:"".CJSON::encode (array_keys ($visibilityFilters))."", eventTypes:"".CJSON::encode (array_keys ($eventTypes))."", translations: "".CJSON::encode ($this->getTranslations ())."", getChartDataActionName: 'getEventsBetween', saveChartSetting: function (key, value, callback) { this.lastChartSettings[key] = value; x2.$widgetClass$this->widgetUID.setProperty ( 'chartSettings', this.lastChartSettings, callback); }, suppressDateRangeSelector: false, suppressChartSettings: false, lastChartSettings: "".CJSON::encode ($this->getChartSettings ())."", widgetUID: '$this->widgetUID', chartType: '$this->chartType', chartSubtype: '"".self::getJSONProperty ( $this->profile, 'chartSubtype', $this->widgetType, $this->widgetUID).""', chartSettings: "".CJSON::encode ( count ($chartSettingsData) ? array_combine ( array_map (function ($setting) { return $setting->name; }, $chartSettingsData), $chartSettingsData) : array ())."" }); $(document).trigger ('$this->chartType' + 'Ready'); }); ""; }",True,PHP,getSetupScript,UsersChartProfileWidget.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function __construct(protected Environment $twig, protected Config $config, array $engines = []) { parent::__construct($engines); }" 4821,"public function getSetupScript () { if (!isset ($this->_setupScript)) { $widgetClass = get_called_class (); $chartData = $this->getInitialChartData (); $userNames = User::getNames (); $eventTypes = array ('all'=>Yii::t('app', 'All Events')) + Events::$eventLabels; $socialSubtypes = json_decode ( Dropdowns::model()->findByPk(113)->options,true); $visibilityFilters = array ( '1'=>'Public', '0'=>'Private', ); $chartSettingsData = self::getChartSettingsProvider ($this->chartType)->data; $this->_setupScript = parent::getSetupScript ()."" $(function () { var chartUID = '$this->chartType$this->widgetUID'; x2[chartUID] = {}; x2[chartUID].chart = X2Chart.instantiateTemporarySubtype ( X2UsersChart, { "".(isset ($chartData) ? ""chartData :"".CJSON::encode ($chartData)."","" : '')."" actionParams: "".CJSON::encode (array ( 'widgetType' => get_called_class (), ))."", socialSubtypes:"".CJSON::encode (array_keys ($socialSubtypes))."", visibilityTypes:"".CJSON::encode (array_keys ($visibilityFilters))."", eventTypes:"".CJSON::encode (array_keys ($eventTypes))."", translations: "".CJSON::encode ($this->getTranslations ())."", getChartDataActionName: 'getEventsBetween', saveChartSetting: function (key, value, callback) { this.lastChartSettings[key] = value; x2.$widgetClass$this->widgetUID.setProperty ( 'chartSettings', this.lastChartSettings, callback); }, suppressDateRangeSelector: false, suppressChartSettings: false, lastChartSettings: "".CJSON::encode ($this->getChartSettings ())."", widgetUID: '$this->widgetUID', chartType: '$this->chartType', chartSubtype: '"".self::getJSONProperty ( $this->profile, 'chartSubtype', $this->widgetType, $this->widgetUID).""', chartSettings: "".CJSON::encode ( count ($chartSettingsData) ? array_combine ( array_map (function ($setting) { return $setting->name; }, $chartSettingsData), $chartSettingsData) : array ())."" }); $(document).trigger ('$this->chartType' + 'Ready'); }); ""; }",True,PHP,getSetupScript,UsersChartProfileWidget.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"foreach ($items as $item) { $type = $item['type']; unset($item['type']); $pipe->addItem($type, $item, htmlspecialchars($mediaName)); }" 4824,"public function getViewFileParams () { if (!isset ($this->_viewFileParams)) { $this->_viewFileParams = array_merge ( parent::getViewFileParams (), array ( 'chartType' => $this->chartType, 'chartSettingsDataProvider' => self::getChartSettingsProvider ( $this->chartType), 'eventTypes' => array ('all'=>Yii::t('app', 'All Events')) + Events::$eventLabels, 'socialSubtypes' => json_decode ( Dropdowns::model()->findByPk(113)->options,true), 'visibilityFilters' => array ( '1'=>'Public', '0'=>'Private', ), 'suppressChartSettings' => false, 'chartType' => 'usersChart', 'widgetUID' => $this->widgetUID, 'metricTypes' => User::getUserOptions (), ) ); } return $this->_viewFileParams; }",True,PHP,getViewFileParams,UsersChartProfileWidget.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"return ($mediaOrder[$a] < $mediaOrder[$b]) ? -1 : 1; }); foreach ($mediaData as $mediaName => $items) { foreach ($items as $item) { $type = $item['type']; unset($item['type']); $pipe->addItem($type, $item, htmlspecialchars($mediaName)); } } $pipe->save(); return $this->adminJson(['success' => true]); }" 4825,"public function getViewFileParams () { if (!isset ($this->_viewFileParams)) { $this->_viewFileParams = array_merge ( parent::getViewFileParams (), array ( 'chartType' => $this->chartType, 'chartSettingsDataProvider' => self::getChartSettingsProvider ( $this->chartType), 'eventTypes' => array ('all'=>Yii::t('app', 'All Events')) + Events::$eventLabels, 'socialSubtypes' => json_decode ( Dropdowns::model()->findByPk(113)->options,true), 'visibilityFilters' => array ( '1'=>'Public', '0'=>'Private', ), 'suppressChartSettings' => false, 'chartType' => 'usersChart', 'widgetUID' => $this->widgetUID, 'metricTypes' => User::getUserOptions (), ) ); } return $this->_viewFileParams; }",True,PHP,getViewFileParams,UsersChartProfileWidget.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$sql .= 'SELECT ' . $db->quoteIdentifier($selectField); } else { $sql .= 'SELECT *'; } if (!empty($config['from'])) { if (strpos(strtoupper(trim($config['from'])), 'FROM') !== 0) { $sql .= ' FROM '; } $sql .= ' ' . str_replace(""\n"", ' ', $config['from']); } if (!empty($config['where'])) { if (str_starts_with(strtoupper(trim($config['where'])), 'WHERE')) { $config['where'] = preg_replace('/^\s*WHERE\s*/', '', $config['where']); } $sql .= ' WHERE (' . str_replace(""\n"", ' ', $config['where']) . ')'; } if (!empty($config['groupby']) && !$ignoreSelectAndGroupBy) { if (strpos(strtoupper(trim($config['groupby'])), 'GROUP BY') !== 0) { $sql .= ' GROUP BY '; } $sql .= ' ' . str_replace(""\n"", ' ', $config['groupby']); } if ($drillDownFilters) { $havingParts = []; $db = Db::get(); foreach ($drillDownFilters as $field => $value) { if ($value !== '' && $value !== null) { $havingParts[] = ($db->quoteIdentifier($field) ."" = "" . $db->quote($value)); } } if ($havingParts) { $sql .= ' HAVING ' . implode(' AND ', $havingParts); } } return $sql; }" 4834,"function renderFields ($fieldList, $type, $form, $model, $contactFields=null) { foreach($fieldList as $field) { if(!isset($field['type']) || $field['type']==='normal'){ if(isset($field['label']) && $field['label'] != '') { $label = ''; } else { if($type === 'service' && in_array($field['fieldName'], $contactFields)){ $label = Contacts::model()->getAttributeLabel($field['fieldName']); }else{ $label = $form->labelEx($model,$field['fieldName']); } } $starred = strpos($label, '*') !== false; ?>
    *' : ''); ?>
    error($model, $field['fieldName']); if($type === 'service' && in_array($field['fieldName'], $contactFields)){ ?> ]"" value="""" /> renderInput($field['fieldName']); } ?>
    "" /> {$field['fieldName']}=$field['label']; echo $form->hiddenField($model, $field['fieldName']); } } }",True,PHP,renderFields,webForm.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function getByUuid($uuid) { $queryBuilder = $this->db->createQueryBuilder(); $queryBuilder ->select('*') ->from(self::TABLE_NAME) ->where('uuid = :uuid') ->setParameter('uuid', $uuid, Types::STRING); $data = $queryBuilder ->execute() ->fetchAssociative(); $model = new Model\Tool\UUID(); $model->setValues($data); return $model; }" 4835,"function renderFields ($fieldList, $type, $form, $model, $contactFields=null) { foreach($fieldList as $field) { if(!isset($field['type']) || $field['type']==='normal'){ if(isset($field['label']) && $field['label'] != '') { $label = ''; } else { if($type === 'service' && in_array($field['fieldName'], $contactFields)){ $label = Contacts::model()->getAttributeLabel($field['fieldName']); }else{ $label = $form->labelEx($model,$field['fieldName']); } } $starred = strpos($label, '*') !== false; ?>
    *' : ''); ?>
    error($model, $field['fieldName']); if($type === 'service' && in_array($field['fieldName'], $contactFields)){ ?> ]"" value="""" /> renderInput($field['fieldName']); } ?>
    "" /> {$field['fieldName']}=$field['label']; echo $form->hiddenField($model, $field['fieldName']); } } }",True,PHP,renderFields,webForm.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function exists($uuid) { $queryBuilder = $this->db->createQueryBuilder(); $queryBuilder ->select('uuid') ->from(self::TABLE_NAME) ->where('uuid = :uuid') ->setParameter('uuid', $uuid, Types::STRING); $result = $queryBuilder ->execute() ->fetchOne(); return (bool) $result; }" 4842,"public function setModelAttributes(&$model,&$attributeList,&$params) { $data = array (); foreach($attributeList as &$attr) { if(!isset($attr['name'],$attr['value'])) continue; if(null !== $field = $model->getField($attr['name'])) { $type = $field->type; $value = $attr['value']; if(is_string($value)){ if(strpos($value, '=') === 0){ $evald = X2FlowFormatter::parseFormula($value, $params); if(!$evald[0]) return false; $value = $evald[1]; } elseif($params !== null){ if(is_string($value) && isset($params['model'])){ $value = X2FlowFormatter::replaceVariables( $value, $params['model'], $type); } } } $data[$attr['name']] = $value; } } if (!isset ($model->scenario)) $model->setScenario ('X2Flow'); $model->setX2Fields ($data); if ($model instanceof Actions && isset($data['complete'])) { switch($data['complete']) { case 'Yes': $model->complete(); break; case 'No': $model->uncomplete(); break; } } return true; }",True,PHP,setModelAttributes,X2FlowAction.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function setGroup($group) { $this->group = htmlspecialchars($group); return $this; } 4843,"public function setModelAttributes(&$model,&$attributeList,&$params) { $data = array (); foreach($attributeList as &$attr) { if(!isset($attr['name'],$attr['value'])) continue; if(null !== $field = $model->getField($attr['name'])) { $type = $field->type; $value = $attr['value']; if(is_string($value)){ if(strpos($value, '=') === 0){ $evald = X2FlowFormatter::parseFormula($value, $params); if(!$evald[0]) return false; $value = $evald[1]; } elseif($params !== null){ if(is_string($value) && isset($params['model'])){ $value = X2FlowFormatter::replaceVariables( $value, $params['model'], $type); } } } $data[$attr['name']] = $value; } } if (!isset ($model->scenario)) $model->setScenario ('X2Flow'); $model->setX2Fields ($data); if ($model instanceof Actions && isset($data['complete'])) { switch($data['complete']) { case 'Yes': $model->complete(); break; case 'No': $model->uncomplete(); break; } } return true; }",True,PHP,setModelAttributes,X2FlowAction.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function setReference($reference) { $this->reference = htmlspecialchars($reference); return $this; } 4848,"public function execute(&$params) { $options = $this->config['options']; $action = new Actions; $action->subject = $this->parseOption('subject',$params); $action->dueDate = $this->parseOption('dueDate',$params); $action->actionDescription = $this->parseOption('description',$params); $action->priority = $this->parseOption('priority',$params); $action->visibility = $this->parseOption('visibility',$params); if(isset($params['model'])) $action->assignedTo = $this->parseOption('assignedTo',$params); if ($action->save()) { return array ( true, Yii::t('studio', ""View created action: "").$action->getLink ()); } else { return array(false, array_shift($action->getErrors())); } }",True,PHP,execute,X2FlowCreateAction.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function setConverter($converter) { $this->converter = htmlspecialchars((string)$converter); return $this; } 4849,"public function execute(&$params) { $options = $this->config['options']; $action = new Actions; $action->subject = $this->parseOption('subject',$params); $action->dueDate = $this->parseOption('dueDate',$params); $action->actionDescription = $this->parseOption('description',$params); $action->priority = $this->parseOption('priority',$params); $action->visibility = $this->parseOption('visibility',$params); if(isset($params['model'])) $action->assignedTo = $this->parseOption('assignedTo',$params); if ($action->save()) { return array ( true, Yii::t('studio', ""View created action: "").$action->getLink ()); } else { return array(false, array_shift($action->getErrors())); } }",True,PHP,execute,X2FlowCreateAction.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function setLongname($longname) { $this->longname = htmlspecialchars($longname); return $this; } 4852,"public function execute(&$params){ $options = &$this->config['options']; $event = new Events; $notif = new Notification; $user = $this->parseOption('user', $params); $type = $this->parseOption('type', $params); if($type === 'auto'){ if(!isset($params['model'])) return array (false, ''); $notif->modelType = get_class($params['model']); $notif->modelId = $params['model']->id; $notif->type = $this->getNotifType(); $event->associationType = get_class($params['model']); $event->associationId = $params['model']->id; $event->type = $this->getEventType(); if($params['model']->hasAttribute('visibility')) $event->visibility = $params['model']->visibility; } else{ $text = $this->parseOption('text', $params); $notif->type = 'custom'; $notif->text = $text; $event->type = 'feed'; $event->subtype = $type; $event->text = $text; if($user == 'auto' && isset($params['model']) && $params['model']->hasAttribute('assignedTo') && !empty($params['model']->assignedTo)){ $event->user = $params['model']->assignedTo; }elseif(!empty($user)){ $event->user = $user; }else{ $event->user = 'admin'; } } if(!$this->parseOption('createNotif', $params)) { if (!$notif->save()) { return array(false, array_shift($notif->getErrors())); } } if ($event->save()) { return array (true, """"); } else { return array(false, array_shift($event->getErrors())); } }",True,PHP,execute,X2FlowCreateEvent.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function setAbbreviation($abbreviation) { $this->abbreviation = htmlspecialchars($abbreviation); return $this; } 4853,"public function execute(&$params){ $options = &$this->config['options']; $event = new Events; $notif = new Notification; $user = $this->parseOption('user', $params); $type = $this->parseOption('type', $params); if($type === 'auto'){ if(!isset($params['model'])) return array (false, ''); $notif->modelType = get_class($params['model']); $notif->modelId = $params['model']->id; $notif->type = $this->getNotifType(); $event->associationType = get_class($params['model']); $event->associationId = $params['model']->id; $event->type = $this->getEventType(); if($params['model']->hasAttribute('visibility')) $event->visibility = $params['model']->visibility; } else{ $text = $this->parseOption('text', $params); $notif->type = 'custom'; $notif->text = $text; $event->type = 'feed'; $event->subtype = $type; $event->text = $text; if($user == 'auto' && isset($params['model']) && $params['model']->hasAttribute('assignedTo') && !empty($params['model']->assignedTo)){ $event->user = $params['model']->assignedTo; }elseif(!empty($user)){ $event->user = $user; }else{ $event->user = 'admin'; } } if(!$this->parseOption('createNotif', $params)) { if (!$notif->save()) { return array(false, array_shift($notif->getErrors())); } } if ($event->save()) { return array (true, """"); } else { return array(false, array_shift($event->getErrors())); } }",True,PHP,execute,X2FlowCreateEvent.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function downloadAsZipJobsAction(Request $request) { $jobId = uniqid(); $filesPerJob = 5; $jobs = []; $asset = Asset::getById((int) $request->get('id')); if (!$asset) { throw $this->createNotFoundException('Asset not found'); } if ($asset->isAllowed('view')) { $parentPath = $asset->getRealFullPath(); if ($asset->getId() == 1) { $parentPath = ''; } $db = \Pimcore\Db::get(); $conditionFilters = []; $selectedIds = explode(',', $request->get('selectedIds', '')); $quotedSelectedIds = []; foreach ($selectedIds as $selectedId) { if ($selectedId) { $quotedSelectedIds[] = $db->quote($selectedId); } } if (!empty($quotedSelectedIds)) { $conditionFilters[] = 'id IN (' . implode(',', $quotedSelectedIds) . ')'; } $conditionFilters[] = 'path LIKE ' . $db->quote(Helper::escapeLike($parentPath) . '/%') . ' AND type != ' . $db->quote('folder'); if (!$this->getAdminUser()->isAdmin()) { $userIds = $this->getAdminUser()->getRoles(); $userIds[] = $this->getAdminUser()->getId(); $conditionFilters[] = ' ( (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 OR (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 )'; } $condition = implode(' AND ', $conditionFilters); $assetList = new Asset\Listing(); $assetList->setCondition($condition); $assetList->setOrderKey('LENGTH(path)', false); $assetList->setOrder('ASC'); for ($i = 0; $i < ceil($assetList->getTotalCount() / $filesPerJob); $i++) { $jobs[] = [[ 'url' => $this->generateUrl('pimcore_admin_asset_downloadaszipaddfiles'), 'method' => 'GET', 'params' => [ 'id' => $asset->getId(), 'selectedIds' => implode(',', $selectedIds), 'offset' => $i * $filesPerJob, 'limit' => $filesPerJob, 'jobId' => $jobId, ], ]]; } } return $this->adminJson([ 'success' => true, 'jobs' => $jobs, 'jobId' => $jobId, ]); }" 4858,"public function execute(&$params){ $options = &$this->config['options']; $notif = new Notification; $notif->user = $this->parseOption('user', $params); $notif->createdBy = 'API'; $notif->createDate = time(); $notif->type = 'custom'; $notif->text = $this->parseOption('text', $params); if ($notif->save()) { return array (true, """"); } else { return array(false, array_shift($notif->getErrors())); } }",True,PHP,execute,X2FlowCreateNotif.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function downloadAsZipAddFilesAction(Request $request) { $zipFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . '/download-zip-' . $request->get('jobId') . '.zip'; $asset = Asset::getById((int) $request->get('id')); $success = false; if (!$asset) { throw $this->createNotFoundException('Asset not found'); } if ($asset->isAllowed('view')) { $zip = new \ZipArchive(); if (!is_file($zipFile)) { $zipState = $zip->open($zipFile, \ZipArchive::CREATE); } else { $zipState = $zip->open($zipFile); } if ($zipState === true) { $parentPath = $asset->getRealFullPath(); if ($asset->getId() == 1) { $parentPath = ''; } $db = \Pimcore\Db::get(); $conditionFilters = []; $selectedIds = $request->get('selectedIds', []); if (!empty($selectedIds)) { $selectedIds = explode(',', $selectedIds); $quotedSelectedIds = []; foreach ($selectedIds as $selectedId) { if ($selectedId) { $quotedSelectedIds[] = $db->quote($selectedId); } } $conditionFilters[] = 'id IN (' . implode(',', $quotedSelectedIds) . ')'; } $conditionFilters[] = ""type != 'folder' AND path LIKE "" . $db->quote(Helper::escapeLike($parentPath) . '/%'); if (!$this->getAdminUser()->isAdmin()) { $userIds = $this->getAdminUser()->getRoles(); $userIds[] = $this->getAdminUser()->getId(); $conditionFilters[] = ' ( (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 OR (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1 )'; } $condition = implode(' AND ', $conditionFilters); $assetList = new Asset\Listing(); $assetList->setCondition($condition); $assetList->setOrderKey('LENGTH(path) ASC, id ASC', false); $assetList->setOffset((int)$request->get('offset')); $assetList->setLimit((int)$request->get('limit')); foreach ($assetList as $a) { if ($a->isAllowed('view')) { if (!$a instanceof Asset\Folder) { $zip->addFile($a->getLocalFile(), preg_replace('@^' . preg_quote($asset->getRealPath(), '@') . '@i', '', $a->getRealFullPath())); } } } $zip->close(); $success = true; } } return $this->adminJson([ 'success' => $success, ]); }" 4859,"public function execute(&$params){ $options = &$this->config['options']; $notif = new Notification; $notif->user = $this->parseOption('user', $params); $notif->createdBy = 'API'; $notif->createDate = time(); $notif->type = 'custom'; $notif->text = $this->parseOption('text', $params); if ($notif->save()) { return array (true, """"); } else { return array(false, array_shift($notif->getErrors())); } }",True,PHP,execute,X2FlowCreateNotif.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function setPattern($pattern) { $this->pattern = SecurityHelper::convertHtmlSpecialChars($pattern); return $this; } 4862,"$eml->prepareBody(); } list ($success, $message) = $this->checkDoNotEmailFields ($eml); if (!$success) { return array ($success, $message); } $result = $eml->send($historyFlag); if (isset($result['code']) && $result['code'] == 200) { if (YII_UNIT_TESTING) { return array(true, $eml->message); } else { return array(true, """"); } } else { return array (false, Yii::t('app', ""Email could not be sent"")); } }",True,PHP,prepareBody,X2FlowEmail.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function setName($name) { $this->name = SecurityHelper::convertHtmlSpecialChars($name); return $this; } 4863,"$eml->prepareBody(); } list ($success, $message) = $this->checkDoNotEmailFields ($eml); if (!$success) { return array ($success, $message); } $result = $eml->send($historyFlag); if (isset($result['code']) && $result['code'] == 200) { if (YII_UNIT_TESTING) { return array(true, $eml->message); } else { return array(true, """"); } } else { return array (false, Yii::t('app', ""Email could not be sent"")); } }",True,PHP,prepareBody,X2FlowEmail.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function setReverse($reverse) { $this->reverse = SecurityHelper::convertHtmlSpecialChars($reverse); return $this; } 4866,"public function execute(&$params){ $model = new Actions; $model->type = 'note'; $model->complete = 'Yes'; $model->associationId = $params['model']->id; $model->associationType = $params['model']->module; $model->actionDescription = $this->parseOption('comment', $params); $model->assignedTo = $this->parseOption('assignedTo', $params); $model->completedBy = $this->parseOption('assignedTo', $params); if(empty($model->assignedTo) && $params['model']->hasAttribute('assignedTo')){ $model->assignedTo = $params['model']->assignedTo; $model->completedBy = $params['model']->assignedTo; } if($params['model']->hasAttribute('visibility')) $model->visibility = $params['model']->visibility; $model->createDate = time(); $model->completeDate = time(); if($model->save()){ return array( true, Yii::t('studio', 'View created action: ').$model->getLink()); }else{ return array(false, array_shift($model->getErrors())); } }",True,PHP,execute,X2FlowRecordComment.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function setDefaults($defaults) { $this->defaults = SecurityHelper::convertHtmlSpecialChars($defaults); return $this; } 4867,"public function execute(&$params){ $model = new Actions; $model->type = 'note'; $model->complete = 'Yes'; $model->associationId = $params['model']->id; $model->associationType = $params['model']->module; $model->actionDescription = $this->parseOption('comment', $params); $model->assignedTo = $this->parseOption('assignedTo', $params); $model->completedBy = $this->parseOption('assignedTo', $params); if(empty($model->assignedTo) && $params['model']->hasAttribute('assignedTo')){ $model->assignedTo = $params['model']->assignedTo; $model->completedBy = $params['model']->assignedTo; } if($params['model']->hasAttribute('visibility')) $model->visibility = $params['model']->visibility; $model->createDate = time(); $model->completeDate = time(); if($model->save()){ return array( true, Yii::t('studio', 'View created action: ').$model->getLink()); }else{ return array(false, array_shift($model->getErrors())); } }",True,PHP,execute,X2FlowRecordComment.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function setVariables($variables) { $this->variables = SecurityHelper::convertHtmlSpecialChars($variables); return $this; } 4870,"public function execute(&$params){ $action = new Actions; $action->associationType = lcfirst(get_class($params['model'])); $action->associationId = $params['model']->id; $action->subject = $this->parseOption('subject', $params); $action->actionDescription = $this->parseOption('description', $params); if($params['model']->hasAttribute('assignedTo')) $action->assignedTo = $params['model']->assignedTo; if($params['model']->hasAttribute('priority')) $action->priority = $params['model']->priority; if($params['model']->hasAttribute('visibility')) $action->visibility = $params['model']->visibility; if ($action->save()) { return array ( true, Yii::t('studio', ""View created action: "").$action->getLink () ); } else { return array(false, array_shift($action->getErrors())); } }",True,PHP,execute,X2FlowRecordCreateAction.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function setController($controller) { $this->controller = SecurityHelper::convertHtmlSpecialChars($controller); return $this; } 4871,"public function execute(&$params){ $action = new Actions; $action->associationType = lcfirst(get_class($params['model'])); $action->associationId = $params['model']->id; $action->subject = $this->parseOption('subject', $params); $action->actionDescription = $this->parseOption('description', $params); if($params['model']->hasAttribute('assignedTo')) $action->assignedTo = $params['model']->assignedTo; if($params['model']->hasAttribute('priority')) $action->priority = $params['model']->priority; if($params['model']->hasAttribute('visibility')) $action->visibility = $params['model']->visibility; if ($action->save()) { return array ( true, Yii::t('studio', ""View created action: "").$action->getLink () ); } else { return array(false, array_shift($action->getErrors())); } }",True,PHP,execute,X2FlowRecordCreateAction.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function setDescription($description) { $this->description = SecurityHelper::convertHtmlSpecialChars($description); return $this; } 4878,"public function paramRules() { return array( 'title' => Yii::t('studio',$this->title), 'info' => Yii::t('studio',$this->info), 'modelRequired' => 'Contacts', 'options' => array( array( 'name'=>'listId', 'label'=>Yii::t('studio','List'), 'type'=>'link', 'linkType'=>'X2List', 'linkSource'=>Yii::app()->createUrl( CActiveRecord::model('X2List')->autoCompleteSource ) ), )); }",True,PHP,paramRules,X2FlowRecordListRemove.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function setName($name) { $this->name = SecurityHelper::convertHtmlSpecialChars($name); return $this; } 4879,"public function paramRules() { return array( 'title' => Yii::t('studio',$this->title), 'info' => Yii::t('studio',$this->info), 'modelRequired' => 'Contacts', 'options' => array( array( 'name'=>'listId', 'label'=>Yii::t('studio','List'), 'type'=>'link', 'linkType'=>'X2List', 'linkSource'=>Yii::app()->createUrl( CActiveRecord::model('X2List')->autoCompleteSource ) ), )); }",True,PHP,paramRules,X2FlowRecordListRemove.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function setKey($key) { $this->key = SecurityHelper::convertHtmlSpecialChars($key); return $this; } 4884,"public function check(&$params){ $tags = $this->config['options']['tags']['value']; $tags = is_array($tags) ? $tags : Tags::parseTags($tags, true); if(!empty($tags) && isset($params['tags'])){ if(!is_array($params['tags'])){ $params['tags'] = explode(',', $params['tags']); } $params['tags'] = array_map(function($item){ return preg_replace('/^ }, $params['tags']); if(count(array_intersect($params['tags'], $tags)) > 0){ return $this->checkConditions($params); }else{ return array(false, Yii::t('studio','No tags on the record matched those in the tag trigger criteria.')); } }else{ return array(false, empty($tags) ? Yii::t('studio','No tags in the trigger criteria!') : Yii::t('studio','Tags parameter missing!')); } }",True,PHP,check,BaseTagTrigger.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function setData($data) { $this->data = SecurityHelper::convertHtmlSpecialChars($data); return $this; } 4885,"public function check(&$params){ $tags = $this->config['options']['tags']['value']; $tags = is_array($tags) ? $tags : Tags::parseTags($tags, true); if(!empty($tags) && isset($params['tags'])){ if(!is_array($params['tags'])){ $params['tags'] = explode(',', $params['tags']); } $params['tags'] = array_map(function($item){ return preg_replace('/^ }, $params['tags']); if(count(array_intersect($params['tags'], $tags)) > 0){ return $this->checkConditions($params); }else{ return array(false, Yii::t('studio','No tags on the record matched those in the tag trigger criteria.')); } }else{ return array(false, empty($tags) ? Yii::t('studio','No tags in the trigger criteria!') : Yii::t('studio','Tags parameter missing!')); } }",True,PHP,check,BaseTagTrigger.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function setConfig($config) { $this->config = SecurityHelper::convertHtmlSpecialChars($config); return $this; } 4888,"foreach ($fields as $field) { $fieldName = $field->fieldName; if ($field->type == 'date' || $field->type == 'dateTime') { if (is_numeric($record->$fieldName)) $record->$fieldName = Formatter::formatLongDateTime($record->$fieldName); }elseif ($field->type == 'link') { $name = $record->$fieldName; if (!empty($field->linkType)) { list($name, $id) = Fields::nameAndId($name); } if (!empty($name)) $record->$fieldName = $name; }elseif ($fieldName == 'visibility') { $record->$fieldName = $record->$fieldName == 1 ? 'Public' : 'Private'; } }",True,PHP,foreach,AdminController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function setName($name, $locale = null) { $this->name = SecurityHelper::convertHtmlSpecialChars($name); return $this; }" 4889,"foreach ($fields as $field) { $fieldName = $field->fieldName; if ($field->type == 'date' || $field->type == 'dateTime') { if (is_numeric($record->$fieldName)) $record->$fieldName = Formatter::formatLongDateTime($record->$fieldName); }elseif ($field->type == 'link') { $name = $record->$fieldName; if (!empty($field->linkType)) { list($name, $id) = Fields::nameAndId($name); } if (!empty($name)) $record->$fieldName = $name; }elseif ($fieldName == 'visibility') { $record->$fieldName = $record->$fieldName == 1 ? 'Public' : 'Private'; } }",True,PHP,foreach,AdminController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$filter['value'] = strtotime($filter['value']); $field = $fieldname; $value = $filter['value']; } } if ($field && $value) { $condition = $field . ' ' . $operator . ' ' . $db->quote($value); if ($languageMode) { $conditions[$fieldname] = $condition; $joins[] = [ 'language' => $fieldname, ]; } else { $placeHolderName = self::PLACEHOLDER_NAME . $placeHolderCount; $placeHolderCount++; $conditionFilters[] = [ 'condition' => $field . ' ' . $operator . ' :' . $placeHolderName, 'field' => $placeHolderName, 'value' => $value ]; } } } } if ($request->get('searchString')) { $conditionFilters[] = [ 'condition' => '(lower(' . $tableName . '.key) LIKE :filterTerm OR lower(' . $tableName . '.text) LIKE :filterTerm)', 'field' => 'filterTerm', 'value' => '%' . mb_strtolower($request->get('searchString')) . '%' ]; } if ($languageMode) { return [ 'joins' => $joins, 'conditions' => $conditions, ]; } if(!empty($conditionFilters)) { $conditions = []; $params = []; foreach($conditionFilters as $conditionFilter) { $conditions[] = $conditionFilter['condition']; $params[$conditionFilter['field']] = $conditionFilter['value']; } $conditionFilters = [ 'condition' => implode(' AND ', $conditions), 'params' => $params ]; } return $conditionFilters; }" 4894,"public function actionDeleteDropdown() { $dropdowns = Dropdowns::model()->findAll(); if (isset($_POST['dropdown'])) { if ($_POST['dropdown'] != Actions::COLORS_DROPDOWN_ID) { $model = Dropdowns::model()->findByPk($_POST['dropdown']); $model->delete(); $this->redirect('manageDropDowns'); } } $this->render('deleteDropdowns', array( 'dropdowns' => $dropdowns, )); }",True,PHP,actionDeleteDropdown,AdminController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$filter['value'] = strtotime($filter['value']); $field = $fieldname; $value = $filter['value']; } } if ($field && $value) { $condition = $db->quoteIdentifier($field) . ' ' . $operator . ' ' . $db->quote($value); if ($languageMode) { $conditions[$fieldname] = $condition; $joins[] = [ 'language' => $fieldname, ]; } else { $placeHolderName = self::PLACEHOLDER_NAME . $placeHolderCount; $placeHolderCount++; $conditionFilters[] = [ 'condition' => $field . ' ' . $operator . ' :' . $placeHolderName, 'field' => $placeHolderName, 'value' => $value, ]; } } } } if ($request->get('searchString')) { $conditionFilters[] = [ 'condition' => '(lower(' . $tableName . '.key) LIKE :filterTerm OR lower(' . $tableName . '.text) LIKE :filterTerm)', 'field' => 'filterTerm', 'value' => '%' . mb_strtolower($request->get('searchString')) . '%', ]; } if ($languageMode) { return [ 'joins' => $joins, 'conditions' => $conditions, ]; } if(!empty($conditionFilters)) { $conditions = []; $params = []; foreach($conditionFilters as $conditionFilter) { $conditions[] = $conditionFilter['condition']; $params[$conditionFilter['field']] = $conditionFilter['value']; } $conditionFilters = [ 'condition' => implode(' AND ', $conditions), 'params' => $params, ]; } return $conditionFilters; }" 4895,"public function actionDeleteDropdown() { $dropdowns = Dropdowns::model()->findAll(); if (isset($_POST['dropdown'])) { if ($_POST['dropdown'] != Actions::COLORS_DROPDOWN_ID) { $model = Dropdowns::model()->findByPk($_POST['dropdown']); $model->delete(); $this->redirect('manageDropDowns'); } } $this->render('deleteDropdowns', array( 'dropdowns' => $dropdowns, )); }",True,PHP,actionDeleteDropdown,AdminController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$filter['value'] = strtotime($filter['value']); $field = $fieldname; $value = $filter['value']; } } if ($field && $value) { $condition = $db->quoteIdentifier($field) . ' ' . $operator . ' ' . $db->quote($value); if ($languageMode) { $conditions[$fieldname] = $condition; $joins[] = [ 'language' => $fieldname, ]; } else { $placeHolderName = self::PLACEHOLDER_NAME . $placeHolderCount; $placeHolderCount++; $conditionFilters[] = [ 'condition' => $field . ' ' . $operator . ' :' . $placeHolderName, 'field' => $placeHolderName, 'value' => $value, ]; } } } } if ($request->get('searchString')) { $conditionFilters[] = [ 'condition' => '(lower(' . $tableName . '.key) LIKE :filterTerm OR lower(' . $tableName . '.text) LIKE :filterTerm)', 'field' => 'filterTerm', 'value' => '%' . mb_strtolower($request->get('searchString')) . '%', ]; } if ($languageMode) { return [ 'joins' => $joins, 'conditions' => $conditions, ]; } if(!empty($conditionFilters)) { $conditions = []; $params = []; foreach($conditionFilters as $conditionFilter) { $conditions[] = $conditionFilter['condition']; $params[$conditionFilter['field']] = $conditionFilter['value']; } $conditionFilters = [ 'condition' => implode(' AND ', $conditions), 'params' => $params, ]; } return $conditionFilters; }" 4898,"protected function fixupImportedAttributes($modelName, X2Model &$model) { if ($modelName === 'Contacts' || $modelName === 'X2Leads') $this->fixupImportedContactName ($model); if ($modelName === 'Actions' && isset($model->associationType)) $this->reconstructImportedActionAssoc($model); if ($model->hasAttribute('visibility')) { if(empty($model->visibility) && ($model->visibility !== 0 && $model->visibility !== ""0"") || $model->visibility == 'Public') { $model->visibility = 1; } elseif($model->visibility == 'Private') $model->visibility = 0; } if (!empty($model->createDate) || !empty($model->lastUpdated) || !empty($model->lastActivity)) { $now = time(); if (empty($model->createDate)) $model->createDate = $now; if (empty($model->lastUpdated)) $model->lastUpdated = $now; if ($model->hasAttribute('lastActivity') && empty($model->lastActivity)) $model->lastActivity = $now; } if($_SESSION['leadRouting'] == 1){ $assignee = $this->getNextAssignee(); if($assignee == ""Anyone"") $assignee = """"; $model->assignedTo = $assignee; } foreach($_SESSION['override'] as $attr => $val){ $model->$attr = $val; } }",True,PHP,fixupImportedAttributes,AdminController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$filter['value'] = strtotime($filter['value']); $field = $fieldname; $value = $filter['value']; } } if ($field && $value) { $condition = $db->quoteIdentifier($field) . ' ' . $operator . ' ' . $db->quote($value); if ($languageMode) { $conditions[$fieldname] = $condition; $joins[] = [ 'language' => $fieldname, ]; } else { $placeHolderName = self::PLACEHOLDER_NAME . $placeHolderCount; $placeHolderCount++; $conditionFilters[] = [ 'condition' => $field . ' ' . $operator . ' :' . $placeHolderName, 'field' => $placeHolderName, 'value' => $value, ]; } } } } if ($request->get('searchString')) { $conditionFilters[] = [ 'condition' => '(lower(' . $tableName . '.key) LIKE :filterTerm OR lower(' . $tableName . '.text) LIKE :filterTerm)', 'field' => 'filterTerm', 'value' => '%' . mb_strtolower($request->get('searchString')) . '%', ]; } if ($languageMode) { return [ 'joins' => $joins, 'conditions' => $conditions, ]; } if(!empty($conditionFilters)) { $conditions = []; $params = []; foreach($conditionFilters as $conditionFilter) { $conditions[] = $conditionFilter['condition']; $params[$conditionFilter['field']] = $conditionFilter['value']; } $conditionFilters = [ 'condition' => implode(' AND ', $conditions), 'params' => $params, ]; } return $conditionFilters; }" 4899,"protected function fixupImportedAttributes($modelName, X2Model &$model) { if ($modelName === 'Contacts' || $modelName === 'X2Leads') $this->fixupImportedContactName ($model); if ($modelName === 'Actions' && isset($model->associationType)) $this->reconstructImportedActionAssoc($model); if ($model->hasAttribute('visibility')) { if(empty($model->visibility) && ($model->visibility !== 0 && $model->visibility !== ""0"") || $model->visibility == 'Public') { $model->visibility = 1; } elseif($model->visibility == 'Private') $model->visibility = 0; } if (!empty($model->createDate) || !empty($model->lastUpdated) || !empty($model->lastActivity)) { $now = time(); if (empty($model->createDate)) $model->createDate = $now; if (empty($model->lastUpdated)) $model->lastUpdated = $now; if ($model->hasAttribute('lastActivity') && empty($model->lastActivity)) $model->lastActivity = $now; } if($_SESSION['leadRouting'] == 1){ $assignee = $this->getNextAssignee(); if($assignee == ""Anyone"") $assignee = """"; $model->assignedTo = $assignee; } foreach($_SESSION['override'] as $attr => $val){ $model->$attr = $val; } }",True,PHP,fixupImportedAttributes,AdminController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$filter['value'] = strtotime($filter['value']); $field = $fieldname; $value = $filter['value']; } } if ($field && $value) { $condition = $db->quoteIdentifier($field) . ' ' . $operator . ' ' . $db->quote($value); if ($languageMode) { $conditions[$fieldname] = $condition; $joins[] = [ 'language' => $fieldname, ]; } else { $placeHolderName = self::PLACEHOLDER_NAME . $placeHolderCount; $placeHolderCount++; $conditionFilters[] = [ 'condition' => $field . ' ' . $operator . ' :' . $placeHolderName, 'field' => $placeHolderName, 'value' => $value, ]; } } } } if ($request->get('searchString')) { $conditionFilters[] = [ 'condition' => '(lower(' . $tableName . '.key) LIKE :filterTerm OR lower(' . $tableName . '.text) LIKE :filterTerm)', 'field' => 'filterTerm', 'value' => '%' . mb_strtolower($request->get('searchString')) . '%', ]; } if ($languageMode) { return [ 'joins' => $joins, 'conditions' => $conditions, ]; } if(!empty($conditionFilters)) { $conditions = []; $params = []; foreach($conditionFilters as $conditionFilter) { $conditions[] = $conditionFilter['condition']; $params[$conditionFilter['field']] = $conditionFilter['value']; } $conditionFilters = [ 'condition' => implode(' AND ', $conditions), 'params' => $params, ]; } return $conditionFilters; }" 4904,"public function actionEditDropdown() { $model = new Dropdowns; if (isset($_POST['Dropdowns'])) { $model = Dropdowns::model()->findByPk( $_POST['Dropdowns']['id']); if ($model->id == Actions::COLORS_DROPDOWN_ID) { if (AuxLib::issetIsArray($_POST['Dropdowns']['values']) && AuxLib::issetIsArray($_POST['Dropdowns']['labels']) && count($_POST['Dropdowns']['values']) === count($_POST['Dropdowns']['labels'])) { if (AuxLib::issetIsArray($_POST['Admin']) && isset($_POST['Admin']['enableColorDropdownLegend'])) { Yii::app()->settings->enableColorDropdownLegend = $_POST['Admin']['enableColorDropdownLegend']; Yii::app()->settings->save(); } $options = array_combine( $_POST['Dropdowns']['values'], $_POST['Dropdowns']['labels']); $temp = array(); foreach ($options as $value => $label) { if ($value != """") $temp[$value] = $label; } $model->options = json_encode($temp); $model->save(); } } else { $model->attributes = $_POST['Dropdowns']; $temp = array(); if (is_array($model->options) && count($model->options) > 0) { foreach ($model->options as $option) { if ($option != """") $temp[$option] = $option; } $model->options = json_encode($temp); if ($model->save()) { } } } } $this->redirect( 'manageDropDowns' ); }",True,PHP,actionEditDropdown,AdminController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function loginAction(Request $request, CsrfProtectionHandler $csrfProtection, Config $config) { if ($request->get('_route') === 'pimcore_admin_login_fallback') { return $this->redirectToRoute('pimcore_admin_login', $request->query->all(), Response::HTTP_MOVED_PERMANENTLY); } $csrfProtection->regenerateCsrfToken(); $user = $this->getAdminUser(); if ($user instanceof UserInterface) { return $this->redirectToRoute('pimcore_admin_index'); } $params = $this->buildLoginPageViewParams($config); $session_gc_maxlifetime = ini_get('session.gc_maxlifetime'); if (empty($session_gc_maxlifetime)) { $session_gc_maxlifetime = 120; } $params['csrfTokenRefreshInterval'] = ((int)$session_gc_maxlifetime - 60) * 1000; if ($request->get('too_many_attempts')) { $params['error'] = SecurityHelper::convertHtmlSpecialChars($request->get('too_many_attempts')); } if ($request->get('auth_failed')) { $params['error'] = 'error_auth_failed'; } if ($request->get('session_expired')) { $params['error'] = 'error_session_expired'; } if ($request->get('deeplink')) { $params['deeplink'] = true; } $params['browserSupported'] = $this->detectBrowser(); $params['debug'] = \Pimcore::inDebugMode(); return $this->render('@PimcoreAdmin/Admin/Login/login.html.twig', $params); }" 4905,"public function actionEditDropdown() { $model = new Dropdowns; if (isset($_POST['Dropdowns'])) { $model = Dropdowns::model()->findByPk( $_POST['Dropdowns']['id']); if ($model->id == Actions::COLORS_DROPDOWN_ID) { if (AuxLib::issetIsArray($_POST['Dropdowns']['values']) && AuxLib::issetIsArray($_POST['Dropdowns']['labels']) && count($_POST['Dropdowns']['values']) === count($_POST['Dropdowns']['labels'])) { if (AuxLib::issetIsArray($_POST['Admin']) && isset($_POST['Admin']['enableColorDropdownLegend'])) { Yii::app()->settings->enableColorDropdownLegend = $_POST['Admin']['enableColorDropdownLegend']; Yii::app()->settings->save(); } $options = array_combine( $_POST['Dropdowns']['values'], $_POST['Dropdowns']['labels']); $temp = array(); foreach ($options as $value => $label) { if ($value != """") $temp[$value] = $label; } $model->options = json_encode($temp); $model->save(); } } else { $model->attributes = $_POST['Dropdowns']; $temp = array(); if (is_array($model->options) && count($model->options) > 0) { foreach ($model->options as $option) { if ($option != """") $temp[$option] = $option; } $model->options = json_encode($temp); if ($model->save()) { } } } } $this->redirect( 'manageDropDowns' ); }",True,PHP,actionEditDropdown,AdminController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function setData($data) { if ($data instanceof ElementInterface) { $this->setType(Service::getElementType($data)); $data = $data->getId(); } $this->data = SecurityHelper::convertHtmlSpecialChars($data); return $this; } 4912,"public function actionAddPost($id, $redirect) { $post = new Events; if (isset($_POST['Events']) && $_POST['Events']['text'] != Yii::t('app', 'Enter text here...')) { $post->text = $_POST['Events']['text']; $post->visibility = $_POST['Events']['visibility']; if (isset($_POST['Events']['associationId'])) $post->associationId = $_POST['Events']['associationId']; $post->user = Yii::app()->user->getName(); $post->type = 'feed'; $post->subtype = $_POST['Events']['subtype']; $post->lastUpdated = time(); $post->timestamp = time(); if (!isset($post->associationId) || $post->associationId == 0) $post->associationId = $id; if ($post->save()) { if ($post->associationId != Yii::app()->user->getId()) { $notif = new Notification; $notif->type = 'social_post'; $notif->createdBy = $post->user; $notif->modelType = 'Profile'; $notif->modelId = $post->associationId; $notif->user = Yii::app()->db->createCommand() ->select('username') ->from('x2_users') ->where('id=:id', array(':id' => $post->associationId)) ->queryScalar(); $notif->createDate = time(); $notif->save(); } } } if ($redirect == ""view"") $this->redirect(array('view', 'id' => $id)); else $this->redirect(array('/profile/profile')); }",True,PHP,actionAddPost,ProfileController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function setName($name) { $this->name = SecurityHelper::convertHtmlSpecialChars($name); return $this; } 4913,"public function actionAddPost($id, $redirect) { $post = new Events; if (isset($_POST['Events']) && $_POST['Events']['text'] != Yii::t('app', 'Enter text here...')) { $post->text = $_POST['Events']['text']; $post->visibility = $_POST['Events']['visibility']; if (isset($_POST['Events']['associationId'])) $post->associationId = $_POST['Events']['associationId']; $post->user = Yii::app()->user->getName(); $post->type = 'feed'; $post->subtype = $_POST['Events']['subtype']; $post->lastUpdated = time(); $post->timestamp = time(); if (!isset($post->associationId) || $post->associationId == 0) $post->associationId = $id; if ($post->save()) { if ($post->associationId != Yii::app()->user->getId()) { $notif = new Notification; $notif->type = 'social_post'; $notif->createdBy = $post->user; $notif->modelType = 'Profile'; $notif->modelId = $post->associationId; $notif->user = Yii::app()->db->createCommand() ->select('username') ->from('x2_users') ->where('id=:id', array(':id' => $post->associationId)) ->queryScalar(); $notif->createDate = time(); $notif->save(); } } } if ($redirect == ""view"") $this->redirect(array('view', 'id' => $id)); else $this->redirect(array('/profile/profile')); }",True,PHP,actionAddPost,ProfileController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function setLabel($label) { $this->label = SecurityHelper::convertHtmlSpecialChars($label); } 4914,"public function actionPublishPost() { $post = new Events; if (isset($_POST['text']) && $_POST['text'] != """") { $post->text = $_POST['text']; $post->visibility = $_POST['visibility']; if (isset($_POST['associationId'])) $post->associationId = $_POST['associationId']; $post->user = Yii::app()->user->getName(); $post->type = 'feed'; $post->subtype = $_POST['subtype']; $post->lastUpdated = time(); $post->timestamp = time(); if ($post->save()) { if (!empty($post->associationId) && $post->associationId != Yii::app()->user->getId()) { $notif = new Notification; $notif->type = 'social_post'; $notif->createdBy = $post->user; $notif->modelType = 'Profile'; $notif->modelId = $post->associationId; $notif->user = Yii::app()->db->createCommand() ->select('username') ->from('x2_users') ->where('id=:id', array(':id' => $post->associationId)) ->queryScalar(); $notif->createDate = time(); $notif->save(); } } } }",True,PHP,actionPublishPost,ProfileController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function __construct(\stdClass $config, array $context = []) { $this->label = SecurityHelper::convertHtmlSpecialChars($config->label); $this->childs = $config->childs; $this->context = $context; }" 4915,"public function actionPublishPost() { $post = new Events; if (isset($_POST['text']) && $_POST['text'] != """") { $post->text = $_POST['text']; $post->visibility = $_POST['visibility']; if (isset($_POST['associationId'])) $post->associationId = $_POST['associationId']; $post->user = Yii::app()->user->getName(); $post->type = 'feed'; $post->subtype = $_POST['subtype']; $post->lastUpdated = time(); $post->timestamp = time(); if ($post->save()) { if (!empty($post->associationId) && $post->associationId != Yii::app()->user->getId()) { $notif = new Notification; $notif->type = 'social_post'; $notif->createdBy = $post->user; $notif->modelType = 'Profile'; $notif->modelId = $post->associationId; $notif->user = Yii::app()->db->createCommand() ->select('username') ->from('x2_users') ->where('id=:id', array(':id' => $post->associationId)) ->queryScalar(); $notif->createDate = time(); $notif->save(); } } } }",True,PHP,actionPublishPost,ProfileController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function __construct(\stdClass $config, $context = null) { if (!Admin::getCurrentUser()->isAdmin()) { throw new \Exception('AnyGetter only allowed for admin users'); } parent::__construct($config, $context); $this->attribute = SecurityHelper::convertHtmlSpecialChars($config->attribute ?? ''); $this->param1 = SecurityHelper::convertHtmlSpecialChars($config->param1 ?? ''); $this->isArrayType = $config->isArrayType ?? false; $this->forwardAttribute = $config->forwardAttribute ?? ''; $this->forwardParam1 = $config->forwardParam1 ?? ''; $this->returnLastResult = $config->returnLastResult ?? false; }" 4920,"}elseif($fieldRecord->type == 'phone'){ $tempPhone = preg_replace('/\D/', '', $term); if(strlen($tempPhone) == 10){ $phoneLookup = PhoneNumber::model()->findByAttributes(array('modelType' => $fieldRecord->modelName, 'number' => $tempPhone, 'fieldName' => $fieldName)); if(!in_array($otherRecord, $high, true) && !in_array($otherRecord, $medium, true) && !in_array($otherRecord, $low, true) && !in_array($otherRecord, $userHigh, true) && !in_array($otherRecord, $userMedium, true) && !in_array($otherRecord, $userLow, true)){ if(isset($phoneLookup) && $otherRecord->id == $phoneLookup->modelId){ if($otherRecord->hasAttribute('assignedTo') && $otherRecord->assignedTo == Yii::app()->user->getName()) $userHigh[] = $otherRecord; else $high[] = $otherRecord; } } } } } } } } $records = array_merge($high, $medium); $records = array_merge($records, $low); $userRecords = array_merge($userHigh, $userMedium); $userRecords = array_merge($userRecords, $userLow); $records = array_merge($userRecords, $records); $records = Record::convert($records, false); if(count($records) == 1){ if(!empty($records[0]['#recordUrl'])) { $this->redirect($records[0]['#recordUrl']); } } $dataProvider = new CArrayDataProvider($records, array( 'id' => 'id', 'pagination' => array( 'pageSize' => Profile::getResultsPerPage(), ), )); $this->render('search', array( 'records' => $records, 'dataProvider' => $dataProvider, 'term' => $term, )); }else{ Yii::app()->user->setState('vcr-list', $term); $_COOKIE['vcr-list'] = $term; $criteria = new CDbCriteria(); $criteria->addCondition ('tag=:tag'); $criteria->params = array (':tag' => $term); $results = new CActiveDataProvider('Tags', array( 'criteria' => $criteria, 'pagination' => array( 'pageSize' => Profile::getResultsPerPage(), ), 'sort' => array( 'defaultOrder' => 'timestamp DESC', ) )); $this->render('searchTags', array( 'tags' => $results, 'term' => $term, )); } }",True,PHP,elseif,SearchController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function setAttribute($attribute) { $this->attribute = SecurityHelper::convertHtmlSpecialChars($attribute); } 4921,"}elseif($fieldRecord->type == 'phone'){ $tempPhone = preg_replace('/\D/', '', $term); if(strlen($tempPhone) == 10){ $phoneLookup = PhoneNumber::model()->findByAttributes(array('modelType' => $fieldRecord->modelName, 'number' => $tempPhone, 'fieldName' => $fieldName)); if(!in_array($otherRecord, $high, true) && !in_array($otherRecord, $medium, true) && !in_array($otherRecord, $low, true) && !in_array($otherRecord, $userHigh, true) && !in_array($otherRecord, $userMedium, true) && !in_array($otherRecord, $userLow, true)){ if(isset($phoneLookup) && $otherRecord->id == $phoneLookup->modelId){ if($otherRecord->hasAttribute('assignedTo') && $otherRecord->assignedTo == Yii::app()->user->getName()) $userHigh[] = $otherRecord; else $high[] = $otherRecord; } } } } } } } } $records = array_merge($high, $medium); $records = array_merge($records, $low); $userRecords = array_merge($userHigh, $userMedium); $userRecords = array_merge($userRecords, $userLow); $records = array_merge($userRecords, $records); $records = Record::convert($records, false); if(count($records) == 1){ if(!empty($records[0]['#recordUrl'])) { $this->redirect($records[0]['#recordUrl']); } } $dataProvider = new CArrayDataProvider($records, array( 'id' => 'id', 'pagination' => array( 'pageSize' => Profile::getResultsPerPage(), ), )); $this->render('search', array( 'records' => $records, 'dataProvider' => $dataProvider, 'term' => $term, )); }else{ Yii::app()->user->setState('vcr-list', $term); $_COOKIE['vcr-list'] = $term; $criteria = new CDbCriteria(); $criteria->addCondition ('tag=:tag'); $criteria->params = array (':tag' => $term); $results = new CActiveDataProvider('Tags', array( 'criteria' => $criteria, 'pagination' => array( 'pageSize' => Profile::getResultsPerPage(), ), 'sort' => array( 'defaultOrder' => 'timestamp DESC', ) )); $this->render('searchTags', array( 'tags' => $results, 'term' => $term, )); } }",True,PHP,elseif,SearchController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function setParam1($param1) { $this->param1 = SecurityHelper::convertHtmlSpecialChars($param1); } 4922,"public function actionHideWidget() { if (isset($_POST['name'])) { $name = $_POST['name']; $layout = Yii::app()->params->profile->getLayout(); foreach ($layout as $b => &$block) { if (isset($block[$name])) { if ($b == 'right') { $layout['hiddenRight'][$name] = $block[$name]; } else { $layout['hidden'][$name] = $block[$name]; } unset($block[$name]); Yii::app()->params->profile->saveLayout($layout); break; } } $list = """"; foreach ($layout['hidden'] as $name => $widget) { $list .= ""
  • {$widget['title']}
    • ""; } foreach ($layout['hiddenRight'] as $name => $widget) { $list .= ""
  • {$widget['title']}
    • ""; } echo Yii::app()->params->profile->getWidgetMenu(); } }",True,PHP,actionHideWidget,SiteController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function getRel() { return SecurityHelper::sanitizeHtmlAttributes($this->data['rel']) ?? ''; } 4923,"public function actionHideWidget() { if (isset($_POST['name'])) { $name = $_POST['name']; $layout = Yii::app()->params->profile->getLayout(); foreach ($layout as $b => &$block) { if (isset($block[$name])) { if ($b == 'right') { $layout['hiddenRight'][$name] = $block[$name]; } else { $layout['hidden'][$name] = $block[$name]; } unset($block[$name]); Yii::app()->params->profile->saveLayout($layout); break; } } $list = """"; foreach ($layout['hidden'] as $name => $widget) { $list .= ""
  • {$widget['title']}
    • ""; } foreach ($layout['hiddenRight'] as $name => $widget) { $list .= ""
  • {$widget['title']}
    • ""; } echo Yii::app()->params->profile->getWidgetMenu(); } }",True,PHP,actionHideWidget,SiteController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getHref() { $this->updatePathFromInternal(); $url = $this->data['path'] ?? ''; if (strlen($this->data['parameters'] ?? '') > 0) { $url .= (strpos($url, '?') !== false ? '&' : '?') . str_replace('?', '', $this->getParameters()); } if (strlen($this->data['anchor'] ?? '') > 0) { $anchor = str_replace('""', urlencode('""'), $this->getAnchor()); $url .= '#' . str_replace('#', '', $anchor); } return $url; }" 4928,"public function actionAppendTag() { if (isset($_POST['Type'], $_POST['Id'], $_POST['Tag']) && preg_match('/^[\w\d_-]+$/', $_POST['Type'])) { if (!class_exists($_POST['Type'])) { echo 'false'; return; } $model = X2Model::model($_POST['Type'])->findByPk($_POST['Id']); echo $model->addTags($_POST['Tag']); exit; if ($model !== null && $model->addTags($_POST['Tag'])) { echo 'true'; return; } } echo 'false'; }",True,PHP,actionAppendTag,SiteController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function getClass() { return SecurityHelper::sanitizeHtmlAttributes($this->data['class']) ?? ''; } 4929,"public function actionAppendTag() { if (isset($_POST['Type'], $_POST['Id'], $_POST['Tag']) && preg_match('/^[\w\d_-]+$/', $_POST['Type'])) { if (!class_exists($_POST['Type'])) { echo 'false'; return; } $model = X2Model::model($_POST['Type'])->findByPk($_POST['Id']); echo $model->addTags($_POST['Tag']); exit; if ($model !== null && $model->addTags($_POST['Tag'])) { echo 'true'; return; } } echo 'false'; }",True,PHP,actionAppendTag,SiteController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function getTabindex() { return SecurityHelper::sanitizeHtmlAttributes($this->data['tabindex']) ?? ''; } 4930,"public function actionShowWidget() { if (isset($_POST['name']) && isset($_POST['block'])) { $name = $_POST['name']; $block = $_POST['block']; if (isset($_POST['moduleName'])) { $moduleName = $_POST['moduleName']; } else { $moduleName = ''; } if (isset($_POST['modelType']) && isset($_POST['modelId'])) { $modelType = $_POST['modelType']; $modelId = $_POST['modelId']; } $layout = Yii::app()->params->profile->getLayout(); if ($block == 'right') { foreach ($layout['hiddenRight'] as $key => $widget) { if ($key == $name) { $widget['minimize'] = false; $layout[$block][$key] = $widget; unset($layout['hiddenRight'][$key]); Yii::app()->params->profile->saveLayout($layout); Yii::app()->session['fullscreen'] = false; break; } } } else { foreach ($layout['hidden'] as $key => $widget) { if ($key == $name) { $widget['minimize'] = false; $layout[$block][$key] = $widget; unset($layout['hidden'][$key]); Yii::app()->params->profile->saveLayout($layout); Yii::app()->clientScript->scriptMap['*.js'] = false; $this->renderPartial('application.components.views.centerWidget', array( 'widget' => $widget, 'name' => $name, 'modelType' => $modelType, 'moduleName' => $moduleName, 'modelId' => $modelId), false, true); break; } } } } }",True,PHP,actionShowWidget,SiteController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function getParameters() { return SecurityHelper::sanitizeHtmlAttributes($this->data['parameters']) ?? ''; } 4931,"public function actionShowWidget() { if (isset($_POST['name']) && isset($_POST['block'])) { $name = $_POST['name']; $block = $_POST['block']; if (isset($_POST['moduleName'])) { $moduleName = $_POST['moduleName']; } else { $moduleName = ''; } if (isset($_POST['modelType']) && isset($_POST['modelId'])) { $modelType = $_POST['modelType']; $modelId = $_POST['modelId']; } $layout = Yii::app()->params->profile->getLayout(); if ($block == 'right') { foreach ($layout['hiddenRight'] as $key => $widget) { if ($key == $name) { $widget['minimize'] = false; $layout[$block][$key] = $widget; unset($layout['hiddenRight'][$key]); Yii::app()->params->profile->saveLayout($layout); Yii::app()->session['fullscreen'] = false; break; } } } else { foreach ($layout['hidden'] as $key => $widget) { if ($key == $name) { $widget['minimize'] = false; $layout[$block][$key] = $widget; unset($layout['hidden'][$key]); Yii::app()->params->profile->saveLayout($layout); Yii::app()->clientScript->scriptMap['*.js'] = false; $this->renderPartial('application.components.views.centerWidget', array( 'widget' => $widget, 'name' => $name, 'modelType' => $modelType, 'moduleName' => $moduleName, 'modelId' => $modelId), false, true); break; } } } } }",True,PHP,actionShowWidget,SiteController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function getAccesskey() { return SecurityHelper::sanitizeHtmlAttributes($this->data['accesskey']) ?? ''; } 4942,"$criteria->addCondition ( 'user IN (' . 'SELECT DISTINCT b.username ' . 'FROM x2_group_to_user a JOIN x2_group_to_user b ' . 'ON a.groupId=b.groupId ' . 'WHERE a.username=:getAccessCriteria_username' . ') OR (user = :getAccessCriteria_username)'); } else { $criteria->addCondition (""(user=:getAccessCriteria_username OR visibility=1)""); } } if ($profile) { $criteria->params[':getAccessCriteria_profileUsername'] = $profile->username; $criteria->addCondition (""user=:getAccessCriteria_profileUsername""); if (!Yii::app()->params->isAdmin) { $criteria->addCondition (""visibility=1""); } } return $criteria; }",True,PHP,addCondition,Events.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function getAnchor() { return SecurityHelper::sanitizeHtmlAttributes($this->data['anchor']) ?? ''; } 4943,"$criteria->addCondition ( 'user IN (' . 'SELECT DISTINCT b.username ' . 'FROM x2_group_to_user a JOIN x2_group_to_user b ' . 'ON a.groupId=b.groupId ' . 'WHERE a.username=:getAccessCriteria_username' . ') OR (user = :getAccessCriteria_username)'); } else { $criteria->addCondition (""(user=:getAccessCriteria_username OR visibility=1)""); } } if ($profile) { $criteria->params[':getAccessCriteria_profileUsername'] = $profile->username; $criteria->addCondition (""user=:getAccessCriteria_profileUsername""); if (!Yii::app()->params->isAdmin) { $criteria->addCondition (""visibility=1""); } } return $criteria; }",True,PHP,addCondition,Events.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function initLogger() { if (array_key_exists('pimcore_log', $_REQUEST) && self::inDebugMode()) { $requestLogName = date('Y-m-d_H-i-s'); if (!empty($_REQUEST['pimcore_log'])) { $requestLogName = str_replace(['/', '\\', '..'], '-', $_REQUEST['pimcore_log']); } $requestLogFile = resolvePath(PIMCORE_LOG_DIRECTORY . '/request-' . $requestLogName . '.log'); if (strpos($requestLogFile, PIMCORE_LOG_DIRECTORY) !== 0) { throw new \Exception('Not allowed'); } if (!file_exists($requestLogFile)) { File::put($requestLogFile, ''); } $requestDebugHandler = new \Monolog\Handler\StreamHandler($requestLogFile); $container = self::getContainer(); foreach ($container->getServiceIds() as $id) { if (strpos($id, 'monolog.logger.') === 0) { $logger = self::getContainer()->get($id); if ($logger->getName() != 'event') { $logger->setHandlers([$requestDebugHandler]); } } } } }" 4948,"public function beforeSave () { $valid = parent::beforeSave (); if ($valid) { $table = Yii::app()->db->schema->tables[$this->myTableName]; $existing = array_key_exists($this->fieldName, $table->columns) && $table->columns[$this->fieldName] instanceof CDbColumnSchema; if($existing){ $valid = $this->modifyColumn(); } } return $valid; }",True,PHP,beforeSave,Fields.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function showAction(Request $request, Connection $db) { $qb = $db->createQueryBuilder(); $qb ->select('*') ->from(ApplicationLoggerDb::TABLE_NAME) ->setFirstResult($request->get('start', 0)) ->setMaxResults($request->get('limit', 50)); $sortingSettings = QueryParams::extractSortingSettings(array_merge( $request->request->all(), $request->query->all() )); if ($sortingSettings['orderKey']) { $qb->orderBy($db->quoteIdentifier($sortingSettings['orderKey']), $sortingSettings['order']); } else { $qb->orderBy('id', 'DESC'); } $priority = $request->get('priority'); if(!empty($priority)) { $qb->andWhere($qb->expr()->eq('priority', ':priority')); $qb->setParameter('priority', $priority); } if ($fromDate = $this->parseDateObject($request->get('fromDate'), $request->get('fromTime'))) { $qb->andWhere('timestamp > :fromDate'); $qb->setParameter('fromDate', $fromDate, Types::DATETIME_MUTABLE); } if ($toDate = $this->parseDateObject($request->get('toDate'), $request->get('toTime'))) { $qb->andWhere('timestamp <= :toDate'); $qb->setParameter('toDate', $toDate, Types::DATETIME_MUTABLE); } if (!empty($component = $request->get('component'))) { $qb->andWhere('component = ' . $qb->createNamedParameter($component)); } if (!empty($relatedObject = $request->get('relatedobject'))) { $qb->andWhere('relatedobject = ' . $qb->createNamedParameter($relatedObject)); } if (!empty($message = $request->get('message'))) { $qb->andWhere('message LIKE ' . $qb->createNamedParameter('%' . $message . '%')); } if (!empty($pid = $request->get('pid'))) { $qb->andWhere('pid LIKE ' . $qb->createNamedParameter('%' . $pid . '%')); } $totalQb = clone $qb; $totalQb->setMaxResults(null) ->setFirstResult(0) ->select('COUNT(id) as count'); $total = $totalQb->execute()->fetch(); $total = (int) $total['count']; $stmt = $qb->execute(); $result = $stmt->fetchAllAssociative(); $logEntries = []; foreach ($result as $row) { $fileobject = null; if ($row['fileobject']) { $fileobject = str_replace(PIMCORE_PROJECT_ROOT, '', $row['fileobject']); } $logEntry = [ 'id' => $row['id'], 'pid' => $row['pid'], 'message' => $row['message'], 'timestamp' => $row['timestamp'], 'priority' => $row['priority'], 'fileobject' => $fileobject, 'relatedobject' => $row['relatedobject'], 'relatedobjecttype' => $row['relatedobjecttype'], 'component' => $row['component'], 'source' => $row['source'], ]; $logEntries[] = $logEntry; } return $this->adminJson([ 'p_totalCount' => $total, 'p_results' => $logEntries, ]); }" 4949,"public function beforeSave () { $valid = parent::beforeSave (); if ($valid) { $table = Yii::app()->db->schema->tables[$this->myTableName]; $existing = array_key_exists($this->fieldName, $table->columns) && $table->columns[$this->fieldName] instanceof CDbColumnSchema; if($existing){ $valid = $this->modifyColumn(); } } return $valid; }",True,PHP,beforeSave,Fields.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function lostpasswordAction(Request $request, BruteforceProtectionHandler $bruteforceProtectionHandler) { $view = $this->buildLoginPageViewModel(); $error = null; if ($request->getMethod() === 'POST' && $username = $request->get('username')) { $user = User::getByName($username); if ($user instanceof User) { if (!$user->isActive()) { $error = 'user inactive'; } if (!$user->getEmail()) { $error = 'user has no email address'; } if (!$user->getPassword()) { $error = 'user has no password'; } } else { $error = 'user unknown'; } if (!$error) { $token = Authentication::generateToken($username, $user->getPassword()); $loginUrl = $this->generateUrl('pimcore_admin_login_check', [ 'username' => $username, 'token' => $token, 'reset' => 'true' ], UrlGeneratorInterface::ABSOLUTE_URL); try { $event = new LostPasswordEvent($user, $loginUrl); $this->get('event_dispatcher')->dispatch(AdminEvents::LOGIN_LOSTPASSWORD, $event); if ($event->getSendMail()) { $mail = Tool::getMail([$user->getEmail()], 'Pimcore lost password service'); $mail->setIgnoreDebugMode(true); $mail->setBodyText(""Login to pimcore and change your password using the following link. This temporary login link will expire in 24 hours: \r\n\r\n"" . $loginUrl); $mail->send(); } if ($event->hasResponse()) { return $event->getResponse(); } } catch (\Exception $e) { $error = 'could not send email'; } } if ($error) { Logger::error('Lost password service: ' . $error); $bruteforceProtectionHandler->addEntry($request->get('username'), $request); } } return $view; }" 4956,"$name = ucfirst($module->name); if (in_array($name, $skipModules)) { continue; } if($name != 'Document'){ $controllerName = $name.'Controller'; if(file_exists('protected/modules/'.$module->name.'/controllers/'.$controllerName.'.php')){ Yii::import(""application.modules.$module->name.controllers.$controllerName""); $controller = new $controllerName($controllerName); $model = $controller->modelClass; if(class_exists($model)){ $moduleList[$model] = Yii::t('app', $module->title); } } } } return $moduleList; }",True,PHP,ucfirst,Modules.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function twoFactorAuthenticationAction(Request $request, BruteforceProtectionHandler $bruteforceProtectionHandler) { $view = $this->buildLoginPageViewModel(); if ($request->hasSession()) { $bruteforceProtectionHandler->checkProtection($this->getAdminUser()->getName(), $request); $session = $request->getSession(); $authException = $session->get(Security::AUTHENTICATION_ERROR); if ($authException instanceof AuthenticationException) { $session->remove(Security::AUTHENTICATION_ERROR); $view->error = $authException->getMessage(); $bruteforceProtectionHandler->addEntry($this->getAdminUser()->getName(), $request); } } else { $view->error = 'No session available, it either timed out or cookies are not enabled.'; } return $view; }" 4957,"$name = ucfirst($module->name); if (in_array($name, $skipModules)) { continue; } if($name != 'Document'){ $controllerName = $name.'Controller'; if(file_exists('protected/modules/'.$module->name.'/controllers/'.$controllerName.'.php')){ Yii::import(""application.modules.$module->name.controllers.$controllerName""); $controller = new $controllerName($controllerName); $model = $controller->modelClass; if(class_exists($model)){ $moduleList[$model] = Yii::t('app', $module->title); } } } } return $moduleList; }",True,PHP,ucfirst,Modules.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"return new Response($emailLog->getHtmlLog(), 200, [ 'Content-Security-Policy' => ""default-src 'self'; style-src 'self' 'unsafe-inline'"" ]); } elseif ($request->get('type') == 'params') {" 4958,"public function getLayout(){ $layout = $this->getAttribute('layout'); $initLayout = $this->initLayout(); if(!$layout){ $layout = $initLayout; $this->layout = json_encode($layout); $this->update(array('layout')); }else{ $layout = json_decode($layout, true); $this->addRemoveLayoutElements('center', $layout, $initLayout); $this->addRemoveLayoutElements('left', $layout, $initLayout); $this->addRemoveLayoutElements('right', $layout, $initLayout); } return $layout; }",True,PHP,getLayout,Profile.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function updateAmazonOrderTracking($order_id, $courier_id, $courier_from_list, $tracking_no) { $this->db->query("" UPDATE `"" . DB_PREFIX . ""amazon_order` SET `courier_id` = '"" . $this->db->escape($courier_id) . ""', `courier_other` = "" . (int)!$courier_from_list . "", `tracking_no` = '"" . $this->db->escape($tracking_no) . ""' WHERE `order_id` = "" . (int)$order_id . """");" 4959,"public function getLayout(){ $layout = $this->getAttribute('layout'); $initLayout = $this->initLayout(); if(!$layout){ $layout = $initLayout; $this->layout = json_encode($layout); $this->update(array('layout')); }else{ $layout = json_decode($layout, true); $this->addRemoveLayoutElements('center', $layout, $initLayout); $this->addRemoveLayoutElements('left', $layout, $initLayout); $this->addRemoveLayoutElements('right', $layout, $initLayout); } return $layout; }",True,PHP,getLayout,Profile.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"protected function validateForm() { if ((utf8_strlen(trim($this->request->post['firstname'])) < 1) || (utf8_strlen(trim($this->request->post['firstname'])) > 32)) { $this->error['firstname'] = $this->language->get('error_firstname'); } if ((utf8_strlen(trim($this->request->post['lastname'])) < 1) || (utf8_strlen(trim($this->request->post['lastname'])) > 32)) { $this->error['lastname'] = $this->language->get('error_lastname'); } if ((utf8_strlen(trim($this->request->post['address_1'])) < 3) || (utf8_strlen(trim($this->request->post['address_1'])) > 128)) { $this->error['address_1'] = $this->language->get('error_address_1'); } if ((utf8_strlen(trim($this->request->post['city'])) < 2) || (utf8_strlen(trim($this->request->post['city'])) > 128)) { $this->error['city'] = $this->language->get('error_city'); } $this->load->model('localisation/country'); $country_info = $this->model_localisation_country->getCountry($this->request->post['country_id']); if ($country_info && $country_info['postcode_required'] && (utf8_strlen(trim($this->request->post['postcode'])) < 2 || utf8_strlen(trim($this->request->post['postcode'])) > 10)) { $this->error['postcode'] = $this->language->get('error_postcode'); } if ($this->request->post['country_id'] == '' || !is_int($this->request->post['country_id'])) { $this->error['country'] = $this->language->get('error_country'); } if (!isset($this->request->post['zone_id']) || $this->request->post['zone_id'] == '' || !is_int($this->request->post['zone_id'])) { $this->error['zone'] = $this->language->get('error_zone'); } $this->load->model('account/custom_field'); $custom_fields = $this->model_account_custom_field->getCustomFields($this->config->get('config_customer_group_id')); foreach ($custom_fields as $custom_field) { if (($custom_field['location'] == 'address') && $custom_field['required'] && empty($this->request->post['custom_field'][$custom_field['custom_field_id']])) { $this->error['custom_field'][$custom_field['custom_field_id']] = sprintf($this->language->get('error_custom_field'), $custom_field['name']); } } return !$this->error; }" 4962,"$layout[$position] = array($elem => $initLayout[$position][$elem]) + $layout[$position]; $changed = true; } $arrayDiff = array_diff(array_keys($layoutWidgets), array_keys($initLayoutWidgets)); foreach($arrayDiff as $elem){ if(in_array ($elem, array_keys ($layout[$position]))) { unset($layout[$position][$elem]); $changed = true; } else if($position === 'center' && in_array ($elem, array_keys ($layout['hidden']))) { unset($layout['hidden'][$elem]); $changed = true; } } foreach($layout[$position] as $name=>$arr){ if (in_array ($name, array_keys ($initLayout[$position])) && $initLayout[$position][$name]['title'] !== $arr['title']) { $layout[$position][$name]['title'] = $initLayout[$position][$name]['title']; $changed = true; } } if ($position === 'center') { foreach($layout['hidden'] as $name=>$arr){ if (in_array ($name, array_keys ($initLayout[$position])) && $initLayout[$position][$name]['title'] !== $arr['title']) { $layout['hidden'][$name]['title'] = $initLayout[$position][$name]['title']; $changed = true; } } } if($changed){ $this->layout = json_encode($layout); $this->update(array('layout')); } }",True,PHP,array,Profile.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function testUserCredentials($email, $password, $server, $port, $security) { require_once( realpath(Yii::app()->basePath.'/components/phpMailer/PHPMailerAutoload.php')); $phpMail = new PHPMailer(true); $phpMail->isSMTP(); $phpMail->SMTPAuth = true; $phpMail->Username = $email; $phpMail->Password = $password; $phpMail->Host = $server; $phpMail->Port = $port; $phpMail->SMTPSecure = $security; try { $validCredentials = $phpMail->SmtpConnect(); } catch(phpmailerException $error) { $validCredentials = false; } return $validCredentials; }" 4963,"$layout[$position] = array($elem => $initLayout[$position][$elem]) + $layout[$position]; $changed = true; } $arrayDiff = array_diff(array_keys($layoutWidgets), array_keys($initLayoutWidgets)); foreach($arrayDiff as $elem){ if(in_array ($elem, array_keys ($layout[$position]))) { unset($layout[$position][$elem]); $changed = true; } else if($position === 'center' && in_array ($elem, array_keys ($layout['hidden']))) { unset($layout['hidden'][$elem]); $changed = true; } } foreach($layout[$position] as $name=>$arr){ if (in_array ($name, array_keys ($initLayout[$position])) && $initLayout[$position][$name]['title'] !== $arr['title']) { $layout[$position][$name]['title'] = $initLayout[$position][$name]['title']; $changed = true; } } if ($position === 'center') { foreach($layout['hidden'] as $name=>$arr){ if (in_array ($name, array_keys ($initLayout[$position])) && $initLayout[$position][$name]['title'] !== $arr['title']) { $layout['hidden'][$name]['title'] = $initLayout[$position][$name]['title']; $changed = true; } } } if($changed){ $this->layout = json_encode($layout); $this->update(array('layout')); } }",True,PHP,array,Profile.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function testUserCredentials($email, $password, $server, $port, $security) { require_once( realpath(Yii::app()->basePath.'/components/phpMailer/PHPMailerAutoload.php')); $phpMail = new PHPMailer(true); $phpMail->isSMTP(); $phpMail->SMTPAuth = true; $phpMail->Username = $email; $phpMail->Password = $password; $phpMail->Host = $server; $phpMail->Port = $port; $phpMail->SMTPSecure = $security; try { $validCredentials = $phpMail->SmtpConnect(); } catch(phpmailerException $error) { $validCredentials = false; } return $validCredentials; }" 4964,"$layout[$loc] = array_merge($layout[$loc],$data); } } } return $layout; }",True,PHP,array_merge,Profile.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function testUserCredentials($email, $password, $server, $port, $security) { require_once( realpath(Yii::app()->basePath.'/components/phpMailer/PHPMailerAutoload.php')); $phpMail = new PHPMailer(true); $phpMail->isSMTP(); $phpMail->SMTPAuth = true; $phpMail->Username = $email; $phpMail->Password = $password; $phpMail->Host = $server; $phpMail->Port = $port; $phpMail->SMTPSecure = $security; try { $validCredentials = $phpMail->SmtpConnect(); } catch(phpmailerException $error) { $validCredentials = false; } return $validCredentials; }" 4965,"$layout[$loc] = array_merge($layout[$loc],$data); } } } return $layout; }",True,PHP,array_merge,Profile.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function testUserCredentials($email, $password, $server, $port, $security) { require_once( realpath(Yii::app()->basePath.'/components/phpMailer/PHPMailerAutoload.php')); $phpMail = new PHPMailer(true); $phpMail->isSMTP(); $phpMail->SMTPAuth = true; $phpMail->Username = $email; $phpMail->Password = $password; $phpMail->Host = $server; $phpMail->Port = $port; $phpMail->SMTPSecure = $security; try { $validCredentials = $phpMail->SmtpConnect(); } catch(phpmailerException $error) { $validCredentials = false; } return $validCredentials; }" 4972,public function renderAttribute ($name) { switch ($name) { case 'name': echo $this->relatedModel->getLink (); break; case 'relatedModelName': echo $this->getRelatedModelName (); break; case 'assignedTo': echo $this->relatedModel->renderAttribute ('assignedTo'); break; case 'label': echo $this->getLabel (); break; case 'createDate': echo X2Html::dynamicDate ($this->relatedModel->createDate); break; } },True,PHP,renderAttribute,RelationshipsGridModel.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function safePath($filename = 'data.csv'){ return implode(DIRECTORY_SEPARATOR, array( Yii::app()->basePath, 'data', $filename )); }" 4973,public function renderAttribute ($name) { switch ($name) { case 'name': echo $this->relatedModel->getLink (); break; case 'relatedModelName': echo $this->getRelatedModelName (); break; case 'assignedTo': echo $this->relatedModel->renderAttribute ('assignedTo'); break; case 'label': echo $this->getLabel (); break; case 'createDate': echo X2Html::dynamicDate ($this->relatedModel->createDate); break; } },True,PHP,renderAttribute,RelationshipsGridModel.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function safePath($filename = 'data.csv'){ return implode(DIRECTORY_SEPARATOR, array( Yii::app()->basePath, 'data', $filename )); }" 4974,"public function beforeSave() { if(strpos($this->tag,self::DELIM) !== false) { $this->tag = strtr($this->tag,array(self::DELIM => '')); } return true; }",True,PHP,beforeSave,Tags.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function safePath($filename = 'data.csv'){ return implode(DIRECTORY_SEPARATOR, array( Yii::app()->basePath, 'data', $filename )); }" 4975,"public function beforeSave() { if(strpos($this->tag,self::DELIM) !== false) { $this->tag = strtr($this->tag,array(self::DELIM => '')); } return true; }",True,PHP,beforeSave,Tags.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function safePath($filename = 'data.csv'){ return implode(DIRECTORY_SEPARATOR, array( Yii::app()->basePath, 'data', $filename )); }" 4980,"$links[] = CHtml::link(CHtml::encode($tag->tag),array('/search/search','term'=>CHtml::encode($tag->tag)));",True,PHP,array,Tags.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function getViewActionMenuListItem ($modelId) { if (Yii::app()->controller->action->getId () === 'view') { return array( 'name'=>'view', 'label' => Yii::t('app', 'View').X2Html::minimizeButton (array ( 'class' => 'record-view-type-menu-toggle', ), '#record-view-type-menu', true, Yii::app()->params->profile->miscLayoutSettings['viewModeActionSubmenuOpen']), 'encodeLabel' => false, 'url' => array('view', 'id' => $modelId), 'linkOptions' => array ( 'onClick' => '$(this).find (""i:visible"").click ();', ), 'itemOptions' => array ( 'id' => 'view-record-action-menu-item', ), 'submenuOptions' => array ( 'id' => 'record-view-type-menu', 'style' => Yii::app()->params->profile->miscLayoutSettings ['viewModeActionSubmenuOpen'] ? '' : 'display: none;', ), 'items' => array ( array ( 'encodeLabel' => false, 'name'=>'journalView', 'label' => CHtml::checkBox ( 'journalView', Yii::app()->params->profile->miscLayoutSettings ['enableJournalView'], array ( 'class' => 'journal-view-checkbox', )).CHtml::label (Yii::t('app', 'Journal View'), 'journalView'), ), array ( 'encodeLabel' => false, 'name'=>'transactionalView', 'label' => CHtml::checkBox ( 'transactionalView', Yii::app()->params->profile->miscLayoutSettings[ 'enableTransactionalView'], array ( 'class' => 'transactional-view-checkbox', )).CHtml::label ( Yii::t('app', 'List View'), 'transactionalView'), ), ), ); } else { return array( 'name'=>'view', 'label' => Yii::t('app', 'View'), 'encodeLabel' => true, 'url' => array('view', 'id' => $modelId), ); } }" 4981,"$links[] = CHtml::link(CHtml::encode($tag->tag),array('/search/search','term'=>CHtml::encode($tag->tag)));",True,PHP,array,Tags.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function getViewActionMenuListItem ($modelId) { if (Yii::app()->controller->action->getId () === 'view') { return array( 'name'=>'view', 'label' => Yii::t('app', 'View').X2Html::minimizeButton (array ( 'class' => 'record-view-type-menu-toggle', ), '#record-view-type-menu', true, Yii::app()->params->profile->miscLayoutSettings['viewModeActionSubmenuOpen']), 'encodeLabel' => false, 'url' => array('view', 'id' => $modelId), 'linkOptions' => array ( 'onClick' => '$(this).find (""i:visible"").click ();', ), 'itemOptions' => array ( 'id' => 'view-record-action-menu-item', ), 'submenuOptions' => array ( 'id' => 'record-view-type-menu', 'style' => Yii::app()->params->profile->miscLayoutSettings ['viewModeActionSubmenuOpen'] ? '' : 'display: none;', ), 'items' => array ( array ( 'encodeLabel' => false, 'name'=>'journalView', 'label' => CHtml::checkBox ( 'journalView', Yii::app()->params->profile->miscLayoutSettings ['enableJournalView'], array ( 'class' => 'journal-view-checkbox', )).CHtml::label (Yii::t('app', 'Journal View'), 'journalView'), ), array ( 'encodeLabel' => false, 'name'=>'transactionalView', 'label' => CHtml::checkBox ( 'transactionalView', Yii::app()->params->profile->miscLayoutSettings[ 'enableTransactionalView'], array ( 'class' => 'transactional-view-checkbox', )).CHtml::label ( Yii::t('app', 'List View'), 'transactionalView'), ), ), ); } else { return array( 'name'=>'view', 'label' => Yii::t('app', 'View'), 'encodeLabel' => true, 'url' => array('view', 'id' => $modelId), ); } }" 4986,"public static function getModelTypes($assoc = false) { $modelTypes = Yii::app()->db->createCommand() ->selectDistinct('modelName') ->from('x2_fields') ->where('modelName!=""Calendar""') ->order('modelName ASC') ->queryColumn(); if ($assoc === true) { return array_combine($modelTypes, array_map(function($term) { return Yii::t('app', X2Model::getModelTitle($term)); }, $modelTypes)); } $modelTypes = array_map(function($term) { return Yii::t('app', $term); }, $modelTypes); return $modelTypes; }",True,PHP,getModelTypes,X2Model.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function getViewActionMenuListItem ($modelId) { if (Yii::app()->controller->action->getId () === 'view') { return array( 'name'=>'view', 'label' => Yii::t('app', 'View').X2Html::minimizeButton (array ( 'class' => 'record-view-type-menu-toggle', ), '#record-view-type-menu', true, Yii::app()->params->profile->miscLayoutSettings['viewModeActionSubmenuOpen']), 'encodeLabel' => false, 'url' => array('view', 'id' => $modelId), 'linkOptions' => array ( 'onClick' => '$(this).find (""i:visible"").click ();', ), 'itemOptions' => array ( 'id' => 'view-record-action-menu-item', ), 'submenuOptions' => array ( 'id' => 'record-view-type-menu', 'style' => Yii::app()->params->profile->miscLayoutSettings ['viewModeActionSubmenuOpen'] ? '' : 'display: none;', ), 'items' => array ( array ( 'encodeLabel' => false, 'name'=>'journalView', 'label' => CHtml::checkBox ( 'journalView', Yii::app()->params->profile->miscLayoutSettings ['enableJournalView'], array ( 'class' => 'journal-view-checkbox', )).CHtml::label (Yii::t('app', 'Journal View'), 'journalView'), ), array ( 'encodeLabel' => false, 'name'=>'transactionalView', 'label' => CHtml::checkBox ( 'transactionalView', Yii::app()->params->profile->miscLayoutSettings[ 'enableTransactionalView'], array ( 'class' => 'transactional-view-checkbox', )).CHtml::label ( Yii::t('app', 'List View'), 'transactionalView'), ), ), ); } else { return array( 'name'=>'view', 'label' => Yii::t('app', 'View'), 'encodeLabel' => true, 'url' => array('view', 'id' => $modelId), ); } }" 4987,"public static function getModelTypes($assoc = false) { $modelTypes = Yii::app()->db->createCommand() ->selectDistinct('modelName') ->from('x2_fields') ->where('modelName!=""Calendar""') ->order('modelName ASC') ->queryColumn(); if ($assoc === true) { return array_combine($modelTypes, array_map(function($term) { return Yii::t('app', X2Model::getModelTitle($term)); }, $modelTypes)); } $modelTypes = array_map(function($term) { return Yii::t('app', $term); }, $modelTypes); return $modelTypes; }",True,PHP,getModelTypes,X2Model.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function getViewActionMenuListItem ($modelId) { if (Yii::app()->controller->action->getId () === 'view') { return array( 'name'=>'view', 'label' => Yii::t('app', 'View').X2Html::minimizeButton (array ( 'class' => 'record-view-type-menu-toggle', ), '#record-view-type-menu', true, Yii::app()->params->profile->miscLayoutSettings['viewModeActionSubmenuOpen']), 'encodeLabel' => false, 'url' => array('view', 'id' => $modelId), 'linkOptions' => array ( 'onClick' => '$(this).find (""i:visible"").click ();', ), 'itemOptions' => array ( 'id' => 'view-record-action-menu-item', ), 'submenuOptions' => array ( 'id' => 'record-view-type-menu', 'style' => Yii::app()->params->profile->miscLayoutSettings ['viewModeActionSubmenuOpen'] ? '' : 'display: none;', ), 'items' => array ( array ( 'encodeLabel' => false, 'name'=>'journalView', 'label' => CHtml::checkBox ( 'journalView', Yii::app()->params->profile->miscLayoutSettings ['enableJournalView'], array ( 'class' => 'journal-view-checkbox', )).CHtml::label (Yii::t('app', 'Journal View'), 'journalView'), ), array ( 'encodeLabel' => false, 'name'=>'transactionalView', 'label' => CHtml::checkBox ( 'transactionalView', Yii::app()->params->profile->miscLayoutSettings[ 'enableTransactionalView'], array ( 'class' => 'transactional-view-checkbox', )).CHtml::label ( Yii::t('app', 'List View'), 'transactionalView'), ), ), ); } else { return array( 'name'=>'view', 'label' => Yii::t('app', 'View'), 'encodeLabel' => true, 'url' => array('view', 'id' => $modelId), ); } }" 4990,$modelNames[ucfirst($module->name)] = self::getModelTitle($modelName); } asort ($modelNames); if ($criteria !== null) { return $modelNames; } else { self::$_modelNames = $modelNames; } } return self::$_modelNames; },True,PHP,getModelTitle,X2Model.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function clearTags() { $this->_tags = array(); return (bool) CActiveRecord::model('Tags')->deleteAllByAttributes(array( 'type' => get_class($this->getOwner()), 'itemId' => $this->getOwner()->id) ); }" 4991,$modelNames[ucfirst($module->name)] = self::getModelTitle($modelName); } asort ($modelNames); if ($criteria !== null) { return $modelNames; } else { self::$_modelNames = $modelNames; } } return self::$_modelNames; },True,PHP,getModelTitle,X2Model.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function clearTags() { $this->_tags = array(); return (bool) CActiveRecord::model('Tags')->deleteAllByAttributes(array( 'type' => get_class($this->getOwner()), 'itemId' => $this->getOwner()->id) ); }" 4994,"public function getDisplayName ($plural=true) { $moduleName = X2Model::getModuleName (get_class ($this)); return Modules::displayName ($plural, $moduleName); }",True,PHP,getDisplayName,X2Model.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function clearTags() { $this->_tags = array(); return (bool) CActiveRecord::model('Tags')->deleteAllByAttributes(array( 'type' => get_class($this->getOwner()), 'itemId' => $this->getOwner()->id) ); }" 4995,"public function getDisplayName ($plural=true) { $moduleName = X2Model::getModuleName (get_class ($this)); return Modules::displayName ($plural, $moduleName); }",True,PHP,getDisplayName,X2Model.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function clearTags() { $this->_tags = array(); return (bool) CActiveRecord::model('Tags')->deleteAllByAttributes(array( 'type' => get_class($this->getOwner()), 'itemId' => $this->getOwner()->id) ); }" 4998,"public function actionGetItems() { $sql = 'SELECT id, name as value FROM x2_accounts WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'] . '%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,AccountsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$text = preg_replace($exp, '', $text); } $exp = '/(?:^|\s)( $matches = array(); preg_match_all($exp, $text, $matches); return $matches[1]; }" 4999,"public function actionGetItems() { $sql = 'SELECT id, name as value FROM x2_accounts WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'] . '%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,AccountsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$text = preg_replace($exp, '', $text); } $exp = '/(?:^|\s)( $matches = array(); preg_match_all($exp, $text, $matches); return $matches[1]; }" 5002,"public function actionGetItems(){ $model = X2Model::model ($this->modelClass); if (isset ($model)) { $tableName = $model->tableName (); $sql = 'SELECT id, subject as value FROM '.$tableName.' WHERE subject LIKE :qterm ORDER BY subject ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); } Yii::app()->end(); }",True,PHP,actionGetItems,ActionsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$text = preg_replace($exp, '', $text); } $exp = '/(?:^|\s)( $matches = array(); preg_match_all($exp, $text, $matches); return $matches[1]; }" 5003,"public function actionGetItems(){ $model = X2Model::model ($this->modelClass); if (isset ($model)) { $tableName = $model->tableName (); $sql = 'SELECT id, subject as value FROM '.$tableName.' WHERE subject LIKE :qterm ORDER BY subject ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); } Yii::app()->end(); }",True,PHP,actionGetItems,ActionsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$text = preg_replace($exp, '', $text); } $exp = '/(?:^|\s)( $matches = array(); preg_match_all($exp, $text, $matches); return $matches[1]; }" 5006,"public function attributeLabels() { return array( 'actionId' => Yii::t('actions','Action ID'), 'text' => Yii::t('actions','Action Text'), ); }",True,PHP,attributeLabels,ActionText.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$tags = array_merge($matches, $tags); } $tags = array_unique($tags); return $tags; }" 5007,"public function attributeLabels() { return array( 'actionId' => Yii::t('actions','Action ID'), 'text' => Yii::t('actions','Action Text'), ); }",True,PHP,attributeLabels,ActionText.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$tags = array_merge($matches, $tags); } $tags = array_unique($tags); return $tags; }" 5014,"public function actionGetItems(){ $sql = 'SELECT id, name as value, subject FROM x2_bug_reports WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,BugReportsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$tags = array_merge($matches, $tags); } $tags = array_unique($tags); return $tags; }" 5015,"public function actionGetItems(){ $sql = 'SELECT id, name as value, subject FROM x2_bug_reports WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,BugReportsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$tags = array_merge($matches, $tags); } $tags = array_unique($tags); return $tags; }" 5016,"public function getDisplayName ($plural=true) { return Yii::t('calendar', 'Calendar'); }",True,PHP,getDisplayName,X2Calendar.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function afterSave($event) { $oldTags = $this->getTags(); $newTags = array(); foreach ($this->scanForTags() as $tag) { if (!$this->hasTag ($tag, $oldTags)) { $tagModel = new Tags; $tagModel->tag = $tag; $tagModel->type = get_class($this->getOwner()); $tagModel->itemId = $this->getOwner()->id; $tagModel->itemName = $this->getOwner()->name; $tagModel->taggedBy = Yii::app()->getSuName(); $tagModel->timestamp = time(); if ($tagModel->save()) $newTags[] = $tag; } } $this->_tags = $newTags + $oldTags; if (!empty($newTags) && $this->flowTriggersEnabled) { X2Flow::trigger('RecordTagAddTrigger', array( 'model' => $this->getOwner(), 'tags' => $newTags, )); } }" 5017,"public function getDisplayName ($plural=true) { return Yii::t('calendar', 'Calendar'); }",True,PHP,getDisplayName,X2Calendar.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function afterSave($event) { $oldTags = $this->getTags(); $newTags = array(); foreach ($this->scanForTags() as $tag) { if (!$this->hasTag ($tag, $oldTags)) { $tagModel = new Tags; $tagModel->tag = $tag; $tagModel->type = get_class($this->getOwner()); $tagModel->itemId = $this->getOwner()->id; $tagModel->itemName = $this->getOwner()->name; $tagModel->taggedBy = Yii::app()->getSuName(); $tagModel->timestamp = time(); if ($tagModel->save()) $newTags[] = $tag; } } $this->_tags = $newTags + $oldTags; if (!empty($newTags) && $this->flowTriggersEnabled) { X2Flow::trigger('RecordTagAddTrigger', array( 'model' => $this->getOwner(), 'tags' => $newTags, )); } }" 5026,Contacts::model()->deleteAll($criteria); } } echo $model->id; } },True,PHP,deleteAll,ContactsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function afterSave($event) { $oldTags = $this->getTags(); $newTags = array(); foreach ($this->scanForTags() as $tag) { if (!$this->hasTag ($tag, $oldTags)) { $tagModel = new Tags; $tagModel->tag = $tag; $tagModel->type = get_class($this->getOwner()); $tagModel->itemId = $this->getOwner()->id; $tagModel->itemName = $this->getOwner()->name; $tagModel->taggedBy = Yii::app()->getSuName(); $tagModel->timestamp = time(); if ($tagModel->save()) $newTags[] = $tag; } } $this->_tags = $newTags + $oldTags; if (!empty($newTags) && $this->flowTriggersEnabled) { X2Flow::trigger('RecordTagAddTrigger', array( 'model' => $this->getOwner(), 'tags' => $newTags, )); } }" 5027,Contacts::model()->deleteAll($criteria); } } echo $model->id; } },True,PHP,deleteAll,ContactsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function afterSave($event) { $oldTags = $this->getTags(); $newTags = array(); foreach ($this->scanForTags() as $tag) { if (!$this->hasTag ($tag, $oldTags)) { $tagModel = new Tags; $tagModel->tag = $tag; $tagModel->type = get_class($this->getOwner()); $tagModel->itemId = $this->getOwner()->id; $tagModel->itemName = $this->getOwner()->name; $tagModel->taggedBy = Yii::app()->getSuName(); $tagModel->timestamp = time(); if ($tagModel->save()) $newTags[] = $tag; } } $this->_tags = $newTags + $oldTags; if (!empty($newTags) && $this->flowTriggersEnabled) { X2Flow::trigger('RecordTagAddTrigger', array( 'model' => $this->getOwner(), 'tags' => $newTags, )); } }" 5028,"public function actionGetLists() { if (!Yii::app()->user->checkAccess('ContactsAdminAccess')) { $condition = ' AND (visibility=""1"" OR assignedTo=""Anyone"" OR assignedTo=""' . Yii::app()->user->getName() . '""'; $groupLinks = Yii::app()->db->createCommand()->select('groupId')->from('x2_group_to_user')->where('userId=' . Yii::app()->user->getId())->queryColumn(); if (!empty($groupLinks)) $condition .= ' OR assignedTo IN (' . implode(',', $groupLinks) . ')'; $condition .= ' OR (visibility=2 AND assignedTo IN (SELECT username FROM x2_group_to_user WHERE groupId IN (SELECT groupId FROM x2_group_to_user WHERE userId=' . Yii::app()->user->getId() . '))))'; } else { $condition = ''; } $qterm = isset($_GET['term']) ? $_GET['term'] . '%' : ''; $result = Yii::app()->db->createCommand() ->select('id,name as value') ->from('x2_lists') ->where('modelName=""Contacts"" AND type!=""campaign"" AND name LIKE :qterm' . $condition, array(':qterm' => $qterm)) ->order('name ASC') ->queryAll(); echo CJSON::encode($result); }",True,PHP,actionGetLists,ContactsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function addTags($tags) { $result = false; $addedTags = array(); foreach ((array) $tags as $tagName) { if (empty($tagName)) continue; if (!$this->hasTag ($tagName)) { $tag = new Tags; $tag->tag = Tags::normalizeTag ($tagName); $tag->itemId = $this->getOwner()->id; $tag->type = get_class($this->getOwner()); $tag->taggedBy = Yii::app()->getSuName(); $tag->timestamp = time(); $tag->itemName = $this->getOwner()->name; if ($tag->save()) { $this->_tags[] = $tag->tag; $addedTags[] = $tagName; $result = true; } else { throw new CHttpException( 422, 'Failed saving tag due to errors: ' . json_encode($tag->errors)); } } } if ($this->flowTriggersEnabled) X2Flow::trigger('RecordTagAddTrigger', array( 'model' => $this->getOwner(), 'tags' => $addedTags, )); return $result; }" 5029,"public function actionGetLists() { if (!Yii::app()->user->checkAccess('ContactsAdminAccess')) { $condition = ' AND (visibility=""1"" OR assignedTo=""Anyone"" OR assignedTo=""' . Yii::app()->user->getName() . '""'; $groupLinks = Yii::app()->db->createCommand()->select('groupId')->from('x2_group_to_user')->where('userId=' . Yii::app()->user->getId())->queryColumn(); if (!empty($groupLinks)) $condition .= ' OR assignedTo IN (' . implode(',', $groupLinks) . ')'; $condition .= ' OR (visibility=2 AND assignedTo IN (SELECT username FROM x2_group_to_user WHERE groupId IN (SELECT groupId FROM x2_group_to_user WHERE userId=' . Yii::app()->user->getId() . '))))'; } else { $condition = ''; } $qterm = isset($_GET['term']) ? $_GET['term'] . '%' : ''; $result = Yii::app()->db->createCommand() ->select('id,name as value') ->from('x2_lists') ->where('modelName=""Contacts"" AND type!=""campaign"" AND name LIKE :qterm' . $condition, array(':qterm' => $qterm)) ->order('name ASC') ->queryAll(); echo CJSON::encode($result); }",True,PHP,actionGetLists,ContactsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function addTags($tags) { $result = false; $addedTags = array(); foreach ((array) $tags as $tagName) { if (empty($tagName)) continue; if (!$this->hasTag ($tagName)) { $tag = new Tags; $tag->tag = Tags::normalizeTag ($tagName); $tag->itemId = $this->getOwner()->id; $tag->type = get_class($this->getOwner()); $tag->taggedBy = Yii::app()->getSuName(); $tag->timestamp = time(); $tag->itemName = $this->getOwner()->name; if ($tag->save()) { $this->_tags[] = $tag->tag; $addedTags[] = $tagName; $result = true; } else { throw new CHttpException( 422, 'Failed saving tag due to errors: ' . json_encode($tag->errors)); } } } if ($this->flowTriggersEnabled) X2Flow::trigger('RecordTagAddTrigger', array( 'model' => $this->getOwner(), 'tags' => $addedTags, )); return $result; }" 5030,"public function rules() { $parentRules = parent::rules(); $parentRules[] = array( 'firstName,lastName', 'required', 'on' => 'webForm'); return $parentRules; }",True,PHP,rules,Contacts.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function addTags($tags) { $result = false; $addedTags = array(); foreach ((array) $tags as $tagName) { if (empty($tagName)) continue; if (!$this->hasTag ($tagName)) { $tag = new Tags; $tag->tag = Tags::normalizeTag ($tagName); $tag->itemId = $this->getOwner()->id; $tag->type = get_class($this->getOwner()); $tag->taggedBy = Yii::app()->getSuName(); $tag->timestamp = time(); $tag->itemName = $this->getOwner()->name; if ($tag->save()) { $this->_tags[] = $tag->tag; $addedTags[] = $tagName; $result = true; } else { throw new CHttpException( 422, 'Failed saving tag due to errors: ' . json_encode($tag->errors)); } } } if ($this->flowTriggersEnabled) X2Flow::trigger('RecordTagAddTrigger', array( 'model' => $this->getOwner(), 'tags' => $addedTags, )); return $result; }" 5031,"public function rules() { $parentRules = parent::rules(); $parentRules[] = array( 'firstName,lastName', 'required', 'on' => 'webForm'); return $parentRules; }",True,PHP,rules,Contacts.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function addTags($tags) { $result = false; $addedTags = array(); foreach ((array) $tags as $tagName) { if (empty($tagName)) continue; if (!$this->hasTag ($tagName)) { $tag = new Tags; $tag->tag = Tags::normalizeTag ($tagName); $tag->itemId = $this->getOwner()->id; $tag->type = get_class($this->getOwner()); $tag->taggedBy = Yii::app()->getSuName(); $tag->timestamp = time(); $tag->itemName = $this->getOwner()->name; if ($tag->save()) { $this->_tags[] = $tag->tag; $addedTags[] = $tagName; $result = true; } else { throw new CHttpException( 422, 'Failed saving tag due to errors: ' . json_encode($tag->errors)); } } } if ($this->flowTriggersEnabled) X2Flow::trigger('RecordTagAddTrigger', array( 'model' => $this->getOwner(), 'tags' => $addedTags, )); return $result; }" 5032,"public function getDisplayName ($plural=true) { return Yii::t('contacts', '{contact} List|{contact} Lists', array( (int) $plural, '{contact}' => Modules::displayName(false, 'Contacts'), )); }",True,PHP,getDisplayName,X2List.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"protected function renderText ($field, $makeLinks, $textOnly, $encode) { $fieldName = $field->fieldName; $value = $this->owner->$fieldName; if (is_string ($value)) { $value = preg_replace(""/(\
    )|\n/"","" "",$value); return Yii::app()->controller->convertUrls($this->render ($value, $encode)); } else { return ''; } }" 5033,"public function getDisplayName ($plural=true) { return Yii::t('contacts', '{contact} List|{contact} Lists', array( (int) $plural, '{contact}' => Modules::displayName(false, 'Contacts'), )); }",True,PHP,getDisplayName,X2List.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"protected function renderText ($field, $makeLinks, $textOnly, $encode) { $fieldName = $field->fieldName; $value = $this->owner->$fieldName; if (is_string ($value)) { $value = preg_replace(""/(\
    )|\n/"","" "",$value); return Yii::app()->controller->convertUrls($this->render ($value, $encode)); } else { return ''; } }" 5036,"public function actionView($id) { $model = CActiveRecord::model('Docs')->findByPk($id); if (!$this->checkPermissions($model, 'view')) $this->denied (); if(isset($model)){ $permissions=explode("", "",$model->editPermissions); if(in_array(Yii::app()->user->getName(),$permissions)) $editFlag=true; else $editFlag=false; } if (!isset($model) || !(($model->visibility==1 || ($model->visibility==0 && $model->createdBy==Yii::app()->user->getName())) || Yii::app()->params->isAdmin|| $editFlag)) $this->redirect(array('/docs/docs/index')); User::addRecentItem('d', $id, Yii::app()->user->getId()); X2Flow::trigger('RecordViewTrigger',array('model'=>$model)); $this->render('view', array( 'model' => $model, )); }",True,PHP,actionView,DocsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"protected function renderText ($field, $makeLinks, $textOnly, $encode) { $fieldName = $field->fieldName; $value = $this->owner->$fieldName; if (is_string ($value)) { $value = preg_replace(""/(\
    )|\n/"","" "",$value); return Yii::app()->controller->convertUrls($this->render ($value, $encode)); } else { return ''; } }" 5037,"public function actionView($id) { $model = CActiveRecord::model('Docs')->findByPk($id); if (!$this->checkPermissions($model, 'view')) $this->denied (); if(isset($model)){ $permissions=explode("", "",$model->editPermissions); if(in_array(Yii::app()->user->getName(),$permissions)) $editFlag=true; else $editFlag=false; } if (!isset($model) || !(($model->visibility==1 || ($model->visibility==0 && $model->createdBy==Yii::app()->user->getName())) || Yii::app()->params->isAdmin|| $editFlag)) $this->redirect(array('/docs/docs/index')); User::addRecentItem('d', $id, Yii::app()->user->getId()); X2Flow::trigger('RecordViewTrigger',array('model'=>$model)); $this->render('view', array( 'model' => $model, )); }",True,PHP,actionView,DocsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"protected function renderText ($field, $makeLinks, $textOnly, $encode) { $fieldName = $field->fieldName; $value = $this->owner->$fieldName; if (is_string ($value)) { $value = preg_replace(""/(\
    )|\n/"","" "",$value); return Yii::app()->controller->convertUrls($this->render ($value, $encode)); } else { return ''; } }" 5040,"public function actionGetItems(){ $sql = 'SELECT id, name as value FROM x2_docs WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = '%'.$_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,DocsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function getItems2 ( $prefix='', $page=0, $limit=20, $valueAttr='name', $nameAttr='name') { $modelClass = get_class ($this->owner); $model = CActiveRecord::model ($modelClass); $table = $model->tableName (); $offset = intval ($page) * intval ($limit); AuxLib::coerceToArray ($valueAttr); $modelClass::checkThrowAttrError (array_merge ($valueAttr, array ($nameAttr))); $params = array (); if ($prefix !== '') { $params[':prefix'] = $prefix . '%'; } if ($limit !== -1) { $offset = abs ((int) $offset); $limit = abs ((int) $limit); $limitClause = ""LIMIT $offset, $limit""; } if ($model->asa ('permissions')) { list ($accessCond, $permissionsParams) = $model->getAccessSQLCondition (); $params = array_merge ($params, $permissionsParams); } $command = Yii::app()->db->createCommand ("" SELECT "" . implode (',', $valueAttr) . "", $nameAttr as __name FROM $table as t WHERE "" . ($prefix === '' ? '1=1' : ($nameAttr . ' LIKE :prefix') ) . (isset ($accessCond) ? "" AND $accessCond"" : '') . """ 5041,"public function actionGetItems(){ $sql = 'SELECT id, name as value FROM x2_docs WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = '%'.$_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,DocsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getItems2 ( $prefix='', $page=0, $limit=20, $valueAttr='name', $nameAttr='name') { $modelClass = get_class ($this->owner); $model = CActiveRecord::model ($modelClass); $table = $model->tableName (); $offset = intval ($page) * intval ($limit); AuxLib::coerceToArray ($valueAttr); $modelClass::checkThrowAttrError (array_merge ($valueAttr, array ($nameAttr))); $params = array (); if ($prefix !== '') { $params[':prefix'] = $prefix . '%'; } if ($limit !== -1) { $offset = abs ((int) $offset); $limit = abs ((int) $limit); $limitClause = ""LIMIT $offset, $limit""; } if ($model->asa ('permissions')) { list ($accessCond, $permissionsParams) = $model->getAccessSQLCondition (); $params = array_merge ($params, $permissionsParams); } $command = Yii::app()->db->createCommand ("" SELECT "" . implode (',', $valueAttr) . "", $nameAttr as __name FROM $table as t WHERE "" . ($prefix === '' ? '1=1' : ($nameAttr . ' LIKE :prefix') ) . (isset ($accessCond) ? "" AND $accessCond"" : '') . """ 5046,"public function sendIndividualMail() { if(!$this->mailIsStillDeliverable()) { return; } $addresses = array(array('',$this->recipient->email)); list($subject,$message,$uniqueId) = self::prepareEmail($this->campaign,$this->recipient); $this->deliverEmail($addresses, $subject, $message); if($this->status['code'] == 200) { $this->markEmailSent($uniqueId); if(!$this->isNewsletter) self::recordEmailSent($this->campaign,$this->recipient); $this->status['message'] = Yii::t('marketing','Email sent successfully to {address}.',array('{address}' => $this->recipient->email)); } else if ($this->status['exception'] instanceof phpmailerException) { $this->status['message'] = Yii::t('marketing','Email could not be sent to {address}. The message given was: {message}',array( '{address}'=>$this->recipient->email, '{message}'=>$this->status['exception']->getMessage() )); if($this->status['exception']->getCode() != PHPMailer::STOP_CRITICAL){ $this->undeliverable = true; $this->markEmailSent(null); }else{ $this->fullStop = true; $this->markEmailSent(null,false); } } else if($this->status['exception'] instanceof phpmailerException && $this->status['exception']->getCode() == PHPMailer::STOP_CRITICAL) { } else { $this->listItem->sending = 0; $this->listItem->update(array('sending')); } Yii::app()->settings->countEmail(); $this->campaign->lastActivity = time(); if(count(self::deliverableItems($this->campaign->list->id, true)) == 0) { $this->status['message'] = Yii::t('marketing','All emails sent.'); $this->campaign->active = 0; $this->campaign->complete = 1; $this->campaign->update(array('lastActivity','active','complete')); } else { $this->campaign->update(array('lastActivity')); } }",True,PHP,sendIndividualMail,CampaignMailingBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function getItems2 ( $prefix='', $page=0, $limit=20, $valueAttr='name', $nameAttr='name') { $modelClass = get_class ($this->owner); $model = CActiveRecord::model ($modelClass); $table = $model->tableName (); $offset = intval ($page) * intval ($limit); AuxLib::coerceToArray ($valueAttr); $modelClass::checkThrowAttrError (array_merge ($valueAttr, array ($nameAttr))); $params = array (); if ($prefix !== '') { $params[':prefix'] = $prefix . '%'; } if ($limit !== -1) { $offset = abs ((int) $offset); $limit = abs ((int) $limit); $limitClause = ""LIMIT $offset, $limit""; } if ($model->asa ('permissions')) { list ($accessCond, $permissionsParams) = $model->getAccessSQLCondition (); $params = array_merge ($params, $permissionsParams); } $command = Yii::app()->db->createCommand ("" SELECT "" . implode (',', $valueAttr) . "", $nameAttr as __name FROM $table as t WHERE "" . ($prefix === '' ? '1=1' : ($nameAttr . ' LIKE :prefix') ) . (isset ($accessCond) ? "" AND $accessCond"" : '') . """ 5047,"public function sendIndividualMail() { if(!$this->mailIsStillDeliverable()) { return; } $addresses = array(array('',$this->recipient->email)); list($subject,$message,$uniqueId) = self::prepareEmail($this->campaign,$this->recipient); $this->deliverEmail($addresses, $subject, $message); if($this->status['code'] == 200) { $this->markEmailSent($uniqueId); if(!$this->isNewsletter) self::recordEmailSent($this->campaign,$this->recipient); $this->status['message'] = Yii::t('marketing','Email sent successfully to {address}.',array('{address}' => $this->recipient->email)); } else if ($this->status['exception'] instanceof phpmailerException) { $this->status['message'] = Yii::t('marketing','Email could not be sent to {address}. The message given was: {message}',array( '{address}'=>$this->recipient->email, '{message}'=>$this->status['exception']->getMessage() )); if($this->status['exception']->getCode() != PHPMailer::STOP_CRITICAL){ $this->undeliverable = true; $this->markEmailSent(null); }else{ $this->fullStop = true; $this->markEmailSent(null,false); } } else if($this->status['exception'] instanceof phpmailerException && $this->status['exception']->getCode() == PHPMailer::STOP_CRITICAL) { } else { $this->listItem->sending = 0; $this->listItem->update(array('sending')); } Yii::app()->settings->countEmail(); $this->campaign->lastActivity = time(); if(count(self::deliverableItems($this->campaign->list->id, true)) == 0) { $this->status['message'] = Yii::t('marketing','All emails sent.'); $this->campaign->active = 0; $this->campaign->complete = 1; $this->campaign->update(array('lastActivity','active','complete')); } else { $this->campaign->update(array('lastActivity')); } }",True,PHP,sendIndividualMail,CampaignMailingBehavior.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getItems2 ( $prefix='', $page=0, $limit=20, $valueAttr='name', $nameAttr='name') { $modelClass = get_class ($this->owner); $model = CActiveRecord::model ($modelClass); $table = $model->tableName (); $offset = intval ($page) * intval ($limit); AuxLib::coerceToArray ($valueAttr); $modelClass::checkThrowAttrError (array_merge ($valueAttr, array ($nameAttr))); $params = array (); if ($prefix !== '') { $params[':prefix'] = $prefix . '%'; } if ($limit !== -1) { $offset = abs ((int) $offset); $limit = abs ((int) $limit); $limitClause = ""LIMIT $offset, $limit""; } if ($model->asa ('permissions')) { list ($accessCond, $permissionsParams) = $model->getAccessSQLCondition (); $params = array_merge ($params, $permissionsParams); } $command = Yii::app()->db->createCommand ("" SELECT "" . implode (',', $valueAttr) . "", $nameAttr as __name FROM $table as t WHERE "" . ($prefix === '' ? '1=1' : ($nameAttr . ' LIKE :prefix') ) . (isset ($accessCond) ? "" AND $accessCond"" : '') . """ 5050,"public function actionGetItems($modelType){ $sql = 'SELECT id, name as value FROM x2_campaigns WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = '%'.$_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,MarketingController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function getItems($term, $valueAttr='name', $nameAttr='id', $modelClass=null) { if (!$modelClass) $modelClass = Yii::app()->controller->modelClass; $model = X2Model::model($modelClass); if (isset($model)) { $modelClass::checkThrowAttrError (array ($valueAttr, $nameAttr)); $tableName = $model->tableName(); $qterm = $term . '%'; $params = array ( ':qterm' => $qterm, ); $sql = "" SELECT $nameAttr as id, $valueAttr as value FROM "" . $tableName . "" as t WHERE $valueAttr LIKE :qterm""; if ($model->asa ('permissions')) { list ($accessCond, $permissionsParams) = $model->getAccessSQLCondition (); $sql .= ' AND '.$accessCond; $params = array_merge ($params, $permissionsParams); } $sql .= ""ORDER BY $valueAttr ASC""; $command = Yii::app()->db->createCommand($sql); $result = $command->queryAll(true, $params); echo CJSON::encode($result); } Yii::app()->end(); }" 5051,"public function actionGetItems($modelType){ $sql = 'SELECT id, name as value FROM x2_campaigns WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = '%'.$_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,MarketingController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function getItems($term, $valueAttr='name', $nameAttr='id', $modelClass=null) { if (!$modelClass) $modelClass = Yii::app()->controller->modelClass; $model = X2Model::model($modelClass); if (isset($model)) { $modelClass::checkThrowAttrError (array ($valueAttr, $nameAttr)); $tableName = $model->tableName(); $qterm = $term . '%'; $params = array ( ':qterm' => $qterm, ); $sql = "" SELECT $nameAttr as id, $valueAttr as value FROM "" . $tableName . "" as t WHERE $valueAttr LIKE :qterm""; if ($model->asa ('permissions')) { list ($accessCond, $permissionsParams) = $model->getAccessSQLCondition (); $sql .= ' AND '.$accessCond; $params = array_merge ($params, $permissionsParams); } $sql .= ""ORDER BY $valueAttr ASC""; $command = Yii::app()->db->createCommand($sql); $result = $command->queryAll(true, $params); echo CJSON::encode($result); } Yii::app()->end(); }" 5052,"public function behaviors() { return array_merge(parent::behaviors(),array( 'X2LinkableBehavior'=>array( 'class'=>'X2LinkableBehavior', 'module'=>'marketing' ), 'ERememberFiltersBehavior' => array( 'class'=>'application.components.ERememberFiltersBehavior', 'defaults'=>array(), 'defaultStickOnClear'=>false ) )); }",True,PHP,behaviors,Campaign.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public static function getItems($term, $valueAttr='name', $nameAttr='id', $modelClass=null) { if (!$modelClass) $modelClass = Yii::app()->controller->modelClass; $model = X2Model::model($modelClass); if (isset($model)) { $modelClass::checkThrowAttrError (array ($valueAttr, $nameAttr)); $tableName = $model->tableName(); $qterm = $term . '%'; $params = array ( ':qterm' => $qterm, ); $sql = "" SELECT $nameAttr as id, $valueAttr as value FROM "" . $tableName . "" as t WHERE $valueAttr LIKE :qterm""; if ($model->asa ('permissions')) { list ($accessCond, $permissionsParams) = $model->getAccessSQLCondition (); $sql .= ' AND '.$accessCond; $params = array_merge ($params, $permissionsParams); } $sql .= ""ORDER BY $valueAttr ASC""; $command = Yii::app()->db->createCommand($sql); $result = $command->queryAll(true, $params); echo CJSON::encode($result); } Yii::app()->end(); }" 5053,"public function behaviors() { return array_merge(parent::behaviors(),array( 'X2LinkableBehavior'=>array( 'class'=>'X2LinkableBehavior', 'module'=>'marketing' ), 'ERememberFiltersBehavior' => array( 'class'=>'application.components.ERememberFiltersBehavior', 'defaults'=>array(), 'defaultStickOnClear'=>false ) )); }",True,PHP,behaviors,Campaign.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public static function getItems($term, $valueAttr='name', $nameAttr='id', $modelClass=null) { if (!$modelClass) $modelClass = Yii::app()->controller->modelClass; $model = X2Model::model($modelClass); if (isset($model)) { $modelClass::checkThrowAttrError (array ($valueAttr, $nameAttr)); $tableName = $model->tableName(); $qterm = $term . '%'; $params = array ( ':qterm' => $qterm, ); $sql = "" SELECT $nameAttr as id, $valueAttr as value FROM "" . $tableName . "" as t WHERE $valueAttr LIKE :qterm""; if ($model->asa ('permissions')) { list ($accessCond, $permissionsParams) = $model->getAccessSQLCondition (); $sql .= ' AND '.$accessCond; $params = array_merge ($params, $permissionsParams); } $sql .= ""ORDER BY $valueAttr ASC""; $command = Yii::app()->db->createCommand($sql); $result = $command->queryAll(true, $params); echo CJSON::encode($result); } Yii::app()->end(); }" 5060,"public function getDisplayName ($plural=true) { return Yii::t('marketing', 'Web Form'); }",True,PHP,getDisplayName,WebForm.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"protected function edebug($str) { if ($this->SMTPDebug <= 0) { return; } if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) { call_user_func($this->Debugoutput, $str, $this->SMTPDebug); return; } switch ($this->Debugoutput) { case 'error_log': error_log($str); break; case 'html': echo htmlentities( preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' ) . ""
    \n""; break; case 'echo': default: $str = preg_replace('/(\r\n|\r|\n)/ms', ""\n"", $str); echo gmdate('Y-m-d H:i:s') . ""\t"" . str_replace( ""\n"", ""\n \t "", trim($str) ) . ""\n""; } }" 5061,"public function getDisplayName ($plural=true) { return Yii::t('marketing', 'Web Form'); }",True,PHP,getDisplayName,WebForm.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"protected function edebug($str) { if ($this->SMTPDebug <= 0) { return; } if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) { call_user_func($this->Debugoutput, $str, $this->SMTPDebug); return; } switch ($this->Debugoutput) { case 'error_log': error_log($str); break; case 'html': echo htmlentities( preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' ) . ""
    \n""; break; case 'echo': default: $str = preg_replace('/(\r\n|\r|\n)/ms', ""\n"", $str); echo gmdate('Y-m-d H:i:s') . ""\t"" . str_replace( ""\n"", ""\n \t "", trim($str) ) . ""\n""; } }" 5066,"public function actionGetItems(){ $model = X2Model::model ($this->modelClass); if (isset ($model)) { $tableName = $model->tableName (); $sql = 'SELECT id, fileName as value FROM '.$tableName.' WHERE associationType!=""theme"" and fileName LIKE :qterm ORDER BY fileName ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); } Yii::app()->end(); }",True,PHP,actionGetItems,MediaController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"protected function edebug($str) { if ($this->SMTPDebug <= 0) { return; } if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) { call_user_func($this->Debugoutput, $str, $this->SMTPDebug); return; } switch ($this->Debugoutput) { case 'error_log': error_log($str); break; case 'html': echo htmlentities( preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' ) . ""
    \n""; break; case 'echo': default: $str = preg_replace('/(\r\n|\r|\n)/ms', ""\n"", $str); echo gmdate('Y-m-d H:i:s') . ""\t"" . str_replace( ""\n"", ""\n \t "", trim($str) ) . ""\n""; } }" 5067,"public function actionGetItems(){ $model = X2Model::model ($this->modelClass); if (isset ($model)) { $tableName = $model->tableName (); $sql = 'SELECT id, fileName as value FROM '.$tableName.' WHERE associationType!=""theme"" and fileName LIKE :qterm ORDER BY fileName ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); } Yii::app()->end(); }",True,PHP,actionGetItems,MediaController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"protected function edebug($str) { if ($this->SMTPDebug <= 0) { return; } if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) { call_user_func($this->Debugoutput, $str, $this->SMTPDebug); return; } switch ($this->Debugoutput) { case 'error_log': error_log($str); break; case 'html': echo htmlentities( preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' ) . ""
    \n""; break; case 'echo': default: $str = preg_replace('/(\r\n|\r|\n)/ms', ""\n"", $str); echo gmdate('Y-m-d H:i:s') . ""\t"" . str_replace( ""\n"", ""\n \t "", trim($str) ) . ""\n""; } }" 5072,"public function actionView($id){ User::addRecentItem('m', $id, Yii::app()->user->getId()); $this->render('view', array( 'model' => $this->loadModel($id), )); }",True,PHP,actionView,MediaController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function __construct($exceptions = false) { $this->exceptions = (boolean)$exceptions; } 5073,"public function actionView($id){ User::addRecentItem('m', $id, Yii::app()->user->getId()); $this->render('view', array( 'model' => $this->loadModel($id), )); }",True,PHP,actionView,MediaController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function __construct($exceptions = false) { $this->exceptions = (boolean)$exceptions; } 5078,"public function search(){ $criteria = new CDbCriteria; $username = Yii::app()->user->name; $criteria->addCondition(""uploadedBy='$username' OR private=0 OR private=null""); $criteria->addCondition(""associationType != 'theme'""); return $this->searchBase($criteria); }",True,PHP,search,Media.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function __construct($exceptions = false) { $this->exceptions = (boolean)$exceptions; } 5079,"public function search(){ $criteria = new CDbCriteria; $username = Yii::app()->user->name; $criteria->addCondition(""uploadedBy='$username' OR private=0 OR private=null""); $criteria->addCondition(""associationType != 'theme'""); return $this->searchBase($criteria); }",True,PHP,search,Media.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function __construct($exceptions = false) { $this->exceptions = (boolean)$exceptions; } 5080,public function searchAdmin(){ $criteria = new CDbCriteria; return $this->searchBase($criteria); },True,PHP,searchAdmin,Media.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"private function checkResponse($string) { if (substr($string, 0, 3) !== '+OK') { $this->setError(array( 'error' => ""Server reported an error: $string"", 'errno' => 0, 'errstr' => '' )); return false; } else { return true; } }" 5081,public function searchAdmin(){ $criteria = new CDbCriteria; return $this->searchBase($criteria); },True,PHP,searchAdmin,Media.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"private function checkResponse($string) { if (substr($string, 0, 3) !== '+OK') { $this->setError(array( 'error' => ""Server reported an error: $string"", 'errno' => 0, 'errstr' => '' )); return false; } else { return true; } }" 5086,"public function actionGetItems(){ $sql = 'SELECT id, name as value FROM x2_opportunities WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); Yii::app()->end(); }",True,PHP,actionGetItems,OpportunitiesController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"private function checkResponse($string) { if (substr($string, 0, 3) !== '+OK') { $this->setError(array( 'error' => ""Server reported an error: $string"", 'errno' => 0, 'errstr' => '' )); return false; } else { return true; } }" 5087,"public function actionGetItems(){ $sql = 'SELECT id, name as value FROM x2_opportunities WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); Yii::app()->end(); }",True,PHP,actionGetItems,OpportunitiesController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"private function checkResponse($string) { if (substr($string, 0, 3) !== '+OK') { $this->setError(array( 'error' => ""Server reported an error: $string"", 'errno' => 0, 'errstr' => '' )); return false; } else { return true; } }" 5090,"public function actionGetItems(){ $sql = 'SELECT id, name as value FROM x2_products WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,ProductsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"private function sendString($string) { if ($this->pop_conn) { if ($this->do_debug >= 2) { echo ""Client -> Server: $string""; } return fwrite($this->pop_conn, $string, strlen($string)); } return 0; }" 5091,"public function actionGetItems(){ $sql = 'SELECT id, name as value FROM x2_products WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,ProductsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"private function sendString($string) { if ($this->pop_conn) { if ($this->do_debug >= 2) { echo ""Client -> Server: $string""; } return fwrite($this->pop_conn, $string, strlen($string)); } return 0; }" 5092,foreach($item->attributes as $name => $value) if ($name !== 'id' && $name !== 'listId') $copy->$name = $value; $lineItems[] = $copy; } return $lineItems; },True,PHP,foreach,QuotesController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"private function sendString($string) { if ($this->pop_conn) { if ($this->do_debug >= 2) { echo ""Client -> Server: $string""; } return fwrite($this->pop_conn, $string, strlen($string)); } return 0; }" 5093,foreach($item->attributes as $name => $value) if ($name !== 'id' && $name !== 'listId') $copy->$name = $value; $lineItems[] = $copy; } return $lineItems; },True,PHP,foreach,QuotesController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"private function sendString($string) { if ($this->pop_conn) { if ($this->do_debug >= 2) { echo ""Client -> Server: $string""; } return fwrite($this->pop_conn, $string, strlen($string)); } return 0; }" 5096,"public function actionCreate($quick=false,$duplicate = false){ $model = new Quote; if($duplicate) { $copiedModel = Quote::model()->findByPk($duplicate); if(!empty($copiedModel)) { foreach($copiedModel->attributes as $name => $value) if($name != 'id') $model->$name = $value; $model->lineItems = $this->duplicateLineItems($copiedModel); } } $users = User::getNames(); if($quick && !Yii::app()->request->isAjaxRequest) throw new CHttpException(400); $currency = Yii::app()->params->currency; if(isset($_POST['Quote'])){ $model->setX2Fields($_POST['Quote']); $model->currency = $currency; $model->createDate = time(); $model->lastUpdated = $model->createDate; $model->createdBy = Yii::app()->user->name; $model->updatedBy = $model->createdBy; if(empty($model->name)) $model->name = ''; if(isset($_POST['lineitem'])) $model->lineItems = $_POST['lineitem']; if(!$model->hasLineItemErrors){ if($model->save()){ $model->createEventRecord(); $model->createActionRecord(); $model->saveLineItems(); if(!$quick) { $this->redirect(array('view', 'id' => $model->id)); } else { if (isset ($_GET['recordId']) && isset ($_GET['recordType'])) { $recordId = $_GET['recordId']; $recordType = $_GET['recordType']; $relatedModel = X2Model::model ($_GET['recordType'])->findByPk ($recordId); if ($relatedModel) { $relate = new Relationships; $relate->firstId = $model->id; $relate->firstType = ""Quote""; $relate->secondId = $relatedModel->id; $relate->secondType = $recordType; $relate->save(); } } return; } } } } $products = Product::activeProducts(); $viewData = array( 'model' => $model, 'users' => $users, 'products' => $products, 'quick' => $quick, ); if(!$quick) $this->render('create', $viewData); else { if($model->hasErrors() || $model->hasLineItemErrors) { header('HTTP/1.1 400 Validation Error'); } $this->renderPartial('create', $viewData,false,true); } }",True,PHP,actionCreate,QuotesController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,print_r($error); } echo ''; } } 5097,"public function actionCreate($quick=false,$duplicate = false){ $model = new Quote; if($duplicate) { $copiedModel = Quote::model()->findByPk($duplicate); if(!empty($copiedModel)) { foreach($copiedModel->attributes as $name => $value) if($name != 'id') $model->$name = $value; $model->lineItems = $this->duplicateLineItems($copiedModel); } } $users = User::getNames(); if($quick && !Yii::app()->request->isAjaxRequest) throw new CHttpException(400); $currency = Yii::app()->params->currency; if(isset($_POST['Quote'])){ $model->setX2Fields($_POST['Quote']); $model->currency = $currency; $model->createDate = time(); $model->lastUpdated = $model->createDate; $model->createdBy = Yii::app()->user->name; $model->updatedBy = $model->createdBy; if(empty($model->name)) $model->name = ''; if(isset($_POST['lineitem'])) $model->lineItems = $_POST['lineitem']; if(!$model->hasLineItemErrors){ if($model->save()){ $model->createEventRecord(); $model->createActionRecord(); $model->saveLineItems(); if(!$quick) { $this->redirect(array('view', 'id' => $model->id)); } else { if (isset ($_GET['recordId']) && isset ($_GET['recordType'])) { $recordId = $_GET['recordId']; $recordType = $_GET['recordType']; $relatedModel = X2Model::model ($_GET['recordType'])->findByPk ($recordId); if ($relatedModel) { $relate = new Relationships; $relate->firstId = $model->id; $relate->firstType = ""Quote""; $relate->secondId = $relatedModel->id; $relate->secondType = $recordType; $relate->save(); } } return; } } } } $products = Product::activeProducts(); $viewData = array( 'model' => $model, 'users' => $users, 'products' => $products, 'quick' => $quick, ); if(!$quick) $this->render('create', $viewData); else { if($model->hasErrors() || $model->hasLineItemErrors) { header('HTTP/1.1 400 Validation Error'); } $this->renderPartial('create', $viewData,false,true); } }",True,PHP,actionCreate,QuotesController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,print_r($error); } echo ''; } } 5102,"$product = X2Model::model('Products')->findByAttributes(array('name'=>$lineItem->name)); if (isset($product)) $lineItem->productId = $product->id; if(empty($lineItem->currency)) $lineItem->currency = $defaultCurrency; if($lineItem->isPercentAdjustment) { $lineItem->adjustment = Fields::strToNumeric( $lineItem->adjustment,'percentage'); } else { $lineItem->adjustment = Fields::strToNumeric( $lineItem->adjustment,'currency',$curSym); } $lineItem->price = Fields::strToNumeric($lineItem->price,'currency',$curSym); $lineItem->total = Fields::strToNumeric($lineItem->total,'currency',$curSym); }",True,PHP,findByAttributes,Quote.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,print_r($error); } echo ''; } } 5103,"$product = X2Model::model('Products')->findByAttributes(array('name'=>$lineItem->name)); if (isset($product)) $lineItem->productId = $product->id; if(empty($lineItem->currency)) $lineItem->currency = $defaultCurrency; if($lineItem->isPercentAdjustment) { $lineItem->adjustment = Fields::strToNumeric( $lineItem->adjustment,'percentage'); } else { $lineItem->adjustment = Fields::strToNumeric( $lineItem->adjustment,'currency',$curSym); } $lineItem->price = Fields::strToNumeric($lineItem->price,'currency',$curSym); $lineItem->total = Fields::strToNumeric($lineItem->total,'currency',$curSym); }",True,PHP,findByAttributes,Quote.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,print_r($error); } echo ''; } } 5108,"public function actionGetItems(){ $sql = 'SELECT id, id as value FROM x2_services WHERE id LIKE :qterm ORDER BY id ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,ServicesController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"private function getResponse($size = 128) { $response = fgets($this->pop_conn, $size); if ($this->do_debug >= 1) { echo ""Server -> Client: $response""; } return $response; }" 5109,"public function actionGetItems(){ $sql = 'SELECT id, id as value FROM x2_services WHERE id LIKE :qterm ORDER BY id ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,ServicesController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"private function getResponse($size = 128) { $response = fgets($this->pop_conn, $size); if ($this->do_debug >= 1) { echo ""Server -> Client: $response""; } return $response; }" 5110,"public function actionGetItems(){ $sql = 'SELECT id, name as value FROM x2_templates WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,TemplatesController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"private function getResponse($size = 128) { $response = fgets($this->pop_conn, $size); if ($this->do_debug >= 1) { echo ""Server -> Client: $response""; } return $response; }" 5111,"public function actionGetItems(){ $sql = 'SELECT id, name as value FROM x2_templates WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); exit; }",True,PHP,actionGetItems,TemplatesController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"private function getResponse($size = 128) { $response = fgets($this->pop_conn, $size); if ($this->do_debug >= 1) { echo ""Server -> Client: $response""; } return $response; }" 5116,"public function getDisplayName ($plural=true) { return Yii::t('users', '{user}', array( '{user}' => Modules::displayName($plural, 'Users'), )); }",True,PHP,getDisplayName,User.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"private function catchWarning($errno, $errstr, $errfile, $errline) { $this->setError(array( 'error' => ""Connecting to the POP3 server raised a PHP warning: "", 'errno' => $errno, 'errstr' => $errstr, 'errfile' => $errfile, 'errline' => $errline )); }" 5117,"public function getDisplayName ($plural=true) { return Yii::t('users', '{user}', array( '{user}' => Modules::displayName($plural, 'Users'), )); }",True,PHP,getDisplayName,User.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"private function catchWarning($errno, $errstr, $errfile, $errline) { $this->setError(array( 'error' => ""Connecting to the POP3 server raised a PHP warning: "", 'errno' => $errno, 'errstr' => $errstr, 'errfile' => $errfile, 'errline' => $errline )); }" 5120,"public function getDisplayName ($plural=true) { return Yii::t('workflow', '{process}', array( '{process}' => Modules::displayName($plural, 'Process'), )); }",True,PHP,getDisplayName,Workflow.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"private function catchWarning($errno, $errstr, $errfile, $errline) { $this->setError(array( 'error' => ""Connecting to the POP3 server raised a PHP warning: "", 'errno' => $errno, 'errstr' => $errstr, 'errfile' => $errfile, 'errline' => $errline )); }" 5121,"public function getDisplayName ($plural=true) { return Yii::t('workflow', '{process}', array( '{process}' => Modules::displayName($plural, 'Process'), )); }",True,PHP,getDisplayName,Workflow.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"private function catchWarning($errno, $errstr, $errfile, $errline) { $this->setError(array( 'error' => ""Connecting to the POP3 server raised a PHP warning: "", 'errno' => $errno, 'errstr' => $errstr, 'errfile' => $errfile, 'errline' => $errline )); }" 5122,"public function actionGetItems(){ $sql = 'SELECT id, name as value FROM x2_x2leads WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); Yii::app()->end(); }",True,PHP,actionGetItems,X2LeadsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function getError() { return $this->error; } 5123,"public function actionGetItems(){ $sql = 'SELECT id, name as value FROM x2_x2leads WHERE name LIKE :qterm ORDER BY name ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $command->bindParam("":qterm"", $qterm, PDO::PARAM_STR); $result = $command->queryAll(); echo CJSON::encode($result); Yii::app()->end(); }",True,PHP,actionGetItems,X2LeadsController.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function getError() { return $this->error; } 5126,"public static function restoreX2AuthManager () { if (isset (self::$_oldAuthManagerComponent)) { Yii::app()->setComponent ('authManager', self::$_oldAuthManagerComponent); } else { throw new CException ('X2AuthManager component could not be restored'); } }",True,PHP,restoreX2AuthManager,TestingAuxLib.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,public function getError() { return $this->error; } 5127,"public static function restoreX2AuthManager () { if (isset (self::$_oldAuthManagerComponent)) { Yii::app()->setComponent ('authManager', self::$_oldAuthManagerComponent); } else { throw new CException ('X2AuthManager component could not be restored'); } }",True,PHP,restoreX2AuthManager,TestingAuxLib.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,public function getError() { return $this->error; } 5130,"public static function restoreX2WebUser () { if (isset (self::$_oldUserComponent)) { Yii::app()->setComponent ('user', self::$_oldUserComponent); } else { throw new CException ('X2WebUser component could not be restored'); } }",True,PHP,restoreX2WebUser,TestingAuxLib.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"protected function edebug($str, $level = 0) { if ($level > $this->do_debug) { return; } if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) { call_user_func($this->Debugoutput, $str, $this->do_debug); return; } switch ($this->Debugoutput) { case 'error_log': error_log($str); break; case 'html': echo htmlentities( preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' ) . ""
    \n""; break; case 'echo': default: $str = preg_replace('/(\r\n|\r|\n)/ms', ""\n"", $str); echo gmdate('Y-m-d H:i:s') . ""\t"" . str_replace( ""\n"", ""\n \t "", trim($str) ).""\n""; } }" 5131,"public static function restoreX2WebUser () { if (isset (self::$_oldUserComponent)) { Yii::app()->setComponent ('user', self::$_oldUserComponent); } else { throw new CException ('X2WebUser component could not be restored'); } }",True,PHP,restoreX2WebUser,TestingAuxLib.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"protected function edebug($str, $level = 0) { if ($level > $this->do_debug) { return; } if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) { call_user_func($this->Debugoutput, $str, $this->do_debug); return; } switch ($this->Debugoutput) { case 'error_log': error_log($str); break; case 'html': echo htmlentities( preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' ) . ""
    \n""; break; case 'echo': default: $str = preg_replace('/(\r\n|\r|\n)/ms', ""\n"", $str); echo gmdate('Y-m-d H:i:s') . ""\t"" . str_replace( ""\n"", ""\n \t "", trim($str) ).""\n""; } }" 5136,"public function session() { try { $this->assertElementPresent('css=ul } catch (PHPUnit_Framework_AssertionFailedError $e) { if (!$this->firstLogin) array_push($this->verificationErrors, $e->toString()); $this->firstLogin = false; $this->login(); return 0; } try { $this->assertCorrectUser(); } catch (PHPUnit_Framework_AssertionFailedError $e) { $this->logout(); $this->login(); $this->firstLogin = false; return 0; } return 1; }",True,PHP,session,X2WebTestCase.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"protected function edebug($str, $level = 0) { if ($level > $this->do_debug) { return; } if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) { call_user_func($this->Debugoutput, $str, $this->do_debug); return; } switch ($this->Debugoutput) { case 'error_log': error_log($str); break; case 'html': echo htmlentities( preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' ) . ""
    \n""; break; case 'echo': default: $str = preg_replace('/(\r\n|\r|\n)/ms', ""\n"", $str); echo gmdate('Y-m-d H:i:s') . ""\t"" . str_replace( ""\n"", ""\n \t "", trim($str) ).""\n""; } }" 5137,"public function session() { try { $this->assertElementPresent('css=ul } catch (PHPUnit_Framework_AssertionFailedError $e) { if (!$this->firstLogin) array_push($this->verificationErrors, $e->toString()); $this->firstLogin = false; $this->login(); return 0; } try { $this->assertCorrectUser(); } catch (PHPUnit_Framework_AssertionFailedError $e) { $this->logout(); $this->login(); $this->firstLogin = false; return 0; } return 1; }",True,PHP,session,X2WebTestCase.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"protected function edebug($str, $level = 0) { if ($level > $this->do_debug) { return; } if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) { call_user_func($this->Debugoutput, $str, $this->do_debug); return; } switch ($this->Debugoutput) { case 'error_log': error_log($str); break; case 'html': echo htmlentities( preg_replace('/[\r\n]+/', '', $str), ENT_QUOTES, 'UTF-8' ) . ""
    \n""; break; case 'echo': default: $str = preg_replace('/(\r\n|\r|\n)/ms', ""\n"", $str); echo gmdate('Y-m-d H:i:s') . ""\t"" . str_replace( ""\n"", ""\n \t "", trim($str) ).""\n""; } }" 5140,protected function assertNoPHPErrors () { $this->assertElementNotPresent('css=.xdebug-error'); $this->assertElementNotPresent('css= },True,PHP,assertNoPHPErrors,X2WebTestCase.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"protected function get_lines() { if (!is_resource($this->smtp_conn)) { return ''; } $data = ''; $endtime = 0; stream_set_timeout($this->smtp_conn, $this->Timeout); if ($this->Timelimit > 0) { $endtime = time() + $this->Timelimit; } while (is_resource($this->smtp_conn) && !feof($this->smtp_conn)) { $str = @fgets($this->smtp_conn, 515); $this->edebug(""SMTP -> get_lines(): \$data was \""$data\"""", self::DEBUG_LOWLEVEL); $this->edebug(""SMTP -> get_lines(): \$str is \""$str\"""", self::DEBUG_LOWLEVEL); $data .= $str; $this->edebug(""SMTP -> get_lines(): \$data is \""$data\"""", self::DEBUG_LOWLEVEL); if ((isset($str[3]) and $str[3] == ' ')) { break; } $info = stream_get_meta_data($this->smtp_conn); if ($info['timed_out']) { $this->edebug( 'SMTP -> get_lines(): timed-out (' . $this->Timeout . ' sec)', self::DEBUG_LOWLEVEL ); break; } if ($endtime and time() > $endtime) { $this->edebug( 'SMTP -> get_lines(): timelimit reached ('. $this->Timelimit . ' sec)', self::DEBUG_LOWLEVEL ); break; } } return $data; }" 5141,protected function assertNoPHPErrors () { $this->assertElementNotPresent('css=.xdebug-error'); $this->assertElementNotPresent('css= },True,PHP,assertNoPHPErrors,X2WebTestCase.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"protected function get_lines() { if (!is_resource($this->smtp_conn)) { return ''; } $data = ''; $endtime = 0; stream_set_timeout($this->smtp_conn, $this->Timeout); if ($this->Timelimit > 0) { $endtime = time() + $this->Timelimit; } while (is_resource($this->smtp_conn) && !feof($this->smtp_conn)) { $str = @fgets($this->smtp_conn, 515); $this->edebug(""SMTP -> get_lines(): \$data was \""$data\"""", self::DEBUG_LOWLEVEL); $this->edebug(""SMTP -> get_lines(): \$str is \""$str\"""", self::DEBUG_LOWLEVEL); $data .= $str; $this->edebug(""SMTP -> get_lines(): \$data is \""$data\"""", self::DEBUG_LOWLEVEL); if ((isset($str[3]) and $str[3] == ' ')) { break; } $info = stream_get_meta_data($this->smtp_conn); if ($info['timed_out']) { $this->edebug( 'SMTP -> get_lines(): timed-out (' . $this->Timeout . ' sec)', self::DEBUG_LOWLEVEL ); break; } if ($endtime and time() > $endtime) { $this->edebug( 'SMTP -> get_lines(): timelimit reached ('. $this->Timelimit . ' sec)', self::DEBUG_LOWLEVEL ); break; } } return $data; }" 5146,"public function newModel() { return new APIModel('testuser','5f4dcc3b5aa765d61d8327deb882cf99',rtrim(TEST_BASE_URL,'/')); }",True,PHP,newModel,APIModelTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"protected function get_lines() { if (!is_resource($this->smtp_conn)) { return ''; } $data = ''; $endtime = 0; stream_set_timeout($this->smtp_conn, $this->Timeout); if ($this->Timelimit > 0) { $endtime = time() + $this->Timelimit; } while (is_resource($this->smtp_conn) && !feof($this->smtp_conn)) { $str = @fgets($this->smtp_conn, 515); $this->edebug(""SMTP -> get_lines(): \$data was \""$data\"""", self::DEBUG_LOWLEVEL); $this->edebug(""SMTP -> get_lines(): \$str is \""$str\"""", self::DEBUG_LOWLEVEL); $data .= $str; $this->edebug(""SMTP -> get_lines(): \$data is \""$data\"""", self::DEBUG_LOWLEVEL); if ((isset($str[3]) and $str[3] == ' ')) { break; } $info = stream_get_meta_data($this->smtp_conn); if ($info['timed_out']) { $this->edebug( 'SMTP -> get_lines(): timed-out (' . $this->Timeout . ' sec)', self::DEBUG_LOWLEVEL ); break; } if ($endtime and time() > $endtime) { $this->edebug( 'SMTP -> get_lines(): timelimit reached ('. $this->Timelimit . ' sec)', self::DEBUG_LOWLEVEL ); break; } } return $data; }" 5147,"public function newModel() { return new APIModel('testuser','5f4dcc3b5aa765d61d8327deb882cf99',rtrim(TEST_BASE_URL,'/')); }",True,PHP,newModel,APIModelTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"protected function get_lines() { if (!is_resource($this->smtp_conn)) { return ''; } $data = ''; $endtime = 0; stream_set_timeout($this->smtp_conn, $this->Timeout); if ($this->Timelimit > 0) { $endtime = time() + $this->Timelimit; } while (is_resource($this->smtp_conn) && !feof($this->smtp_conn)) { $str = @fgets($this->smtp_conn, 515); $this->edebug(""SMTP -> get_lines(): \$data was \""$data\"""", self::DEBUG_LOWLEVEL); $this->edebug(""SMTP -> get_lines(): \$str is \""$str\"""", self::DEBUG_LOWLEVEL); $data .= $str; $this->edebug(""SMTP -> get_lines(): \$data is \""$data\"""", self::DEBUG_LOWLEVEL); if ((isset($str[3]) and $str[3] == ' ')) { break; } $info = stream_get_meta_data($this->smtp_conn); if ($info['timed_out']) { $this->edebug( 'SMTP -> get_lines(): timed-out (' . $this->Timeout . ' sec)', self::DEBUG_LOWLEVEL ); break; } if ($endtime and time() > $endtime) { $this->edebug( 'SMTP -> get_lines(): timelimit reached ('. $this->Timelimit . ' sec)', self::DEBUG_LOWLEVEL ); break; } } return $data; }" 5150,"protected function assertCsvUploaded($csv) { $uploadedPath = implode(DIRECTORY_SEPARATOR, array( Yii::app()->basePath, 'data', 'data.csv' )); $this->assertFileExists ($uploadedPath); $this->assertFileEquals ($csv, $uploadedPath); }",True,PHP,assertCsvUploaded,AdminControllerTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$modelName = ucfirst ($module->name); if ($module->name !== 'document' && class_exists ($modelName)) { $cache[$widgetType][$modelName.'::TemplatesGridViewProfileWidget'] = Yii::t( 'app', '{modelName} Summary', array ('{modelName}' => $modelName)); } } } } return $cache[$widgetType]; }" 5151,"protected function assertCsvUploaded($csv) { $uploadedPath = implode(DIRECTORY_SEPARATOR, array( Yii::app()->basePath, 'data', 'data.csv' )); $this->assertFileExists ($uploadedPath); $this->assertFileEquals ($csv, $uploadedPath); }",True,PHP,assertCsvUploaded,AdminControllerTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$modelName = ucfirst ($module->name); if ($module->name !== 'document' && class_exists ($modelName)) { $cache[$widgetType][$modelName.'::TemplatesGridViewProfileWidget'] = Yii::t( 'app', '{modelName} Summary', array ('{modelName}' => $modelName)); } } } } return $cache[$widgetType]; }" 5164,"protected function prepareImport($model, $csvName) { $this->openX2 ('/admin/importModels?model='.ucfirst($model)); $csv = implode(DIRECTORY_SEPARATOR, array( Yii::app()->basePath, 'tests', 'data', 'csvs', $csvName )); $this->type ('data', $csv); $this->clickAndWait (""dom=document.querySelector ('input[type=\""submit\""]')""); $this->assertCsvUploaded ($csv); }",True,PHP,prepareImport,AdminControllerTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"$modelName = ucfirst ($module->name); if ($module->name !== 'document' && class_exists ($modelName)) { $cache[$widgetType][$modelName.'::TemplatesGridViewProfileWidget'] = Yii::t( 'app', '{modelName} Summary', array ('{modelName}' => $modelName)); } } } } return $cache[$widgetType]; }" 5165,"protected function prepareImport($model, $csvName) { $this->openX2 ('/admin/importModels?model='.ucfirst($model)); $csv = implode(DIRECTORY_SEPARATOR, array( Yii::app()->basePath, 'tests', 'data', 'csvs', $csvName )); $this->type ('data', $csv); $this->clickAndWait (""dom=document.querySelector ('input[type=\""submit\""]')""); $this->assertCsvUploaded ($csv); }",True,PHP,prepareImport,AdminControllerTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"$modelName = ucfirst ($module->name); if ($module->name !== 'document' && class_exists ($modelName)) { $cache[$widgetType][$modelName.'::TemplatesGridViewProfileWidget'] = Yii::t( 'app', '{modelName} Summary', array ('{modelName}' => $modelName)); } } } } return $cache[$widgetType]; }" 5206,public function testPages () { $this->visitPages ( $this->allPages ); },True,PHP,testPages,VisitAllPagesTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function getViewFileParams () { if (!isset ($this->_viewFileParams)) { $this->_viewFileParams = array_merge ( parent::getViewFileParams (), array ( 'userNames' => User::getNames (), 'socialSubtypes' => Dropdowns::getSocialSubtypes (), 'visibilityFilters' => array ( '1'=>'Public', '0'=>'Private', ), 'chartSettingsDataProvider' => self::getChartSettingsProvider ( $this->chartType), 'suppressChartSettings' => false, 'metricTypes' => array ( 'any'=>Yii::t('app', 'All Events'), 'notif'=>Yii::t('app', 'Notifications'), 'feed'=>Yii::t('app', 'Feed Events'), 'comment'=>Yii::t('app', 'Comments'), 'record_create'=>Yii::t('app', 'Records Created'), 'record_deleted'=>Yii::t('app', 'Records Deleted'), 'weblead_create'=>Yii::t('app', 'Webleads Created'), 'workflow_start'=>Yii::t('app', '{Process} Started', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'workflow_complete'=>Yii::t('app', '{Process} Complete', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'workflow_revert'=>Yii::t('app', '{Process} Reverted', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'email_sent'=>Yii::t('app', 'Emails Sent'), 'email_opened'=>Yii::t('app', 'Emails Opened'), 'web_activity'=>Yii::t('app', 'Web Activity'), 'case_escalated'=>Yii::t('app', 'Cases Escalated'), 'calendar_event'=>Yii::t('app', '{Calendar} Events', array( '{Calendar}' => Modules::displayName(false, 'Calendar') )), 'action_reminder'=>Yii::t('app', '{Action} Reminders', array( '{Action}' => Modules::displayName(false, 'Actions') )), 'action_complete'=>Yii::t('app', '{Actions} Completed', array( '{Actions}' => Modules::displayName(true, 'Actions') )), 'doc_update'=>Yii::t('app', 'Doc Updates'), 'email_from'=>Yii::t('app', 'Email Received'), 'voip_calls'=>Yii::t('app', 'VOIP Calls'), 'media'=>Yii::t('app', '{Media}', array( '{Media}' => Modules::displayName(true, 'Media') )) ), 'chartType' => 'eventsChart', 'widgetUID' => $this->widgetUID, ) ); } return $this->_viewFileParams; }" 5207,public function testPages () { $this->visitPages ( $this->allPages ); },True,PHP,testPages,VisitAllPagesTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getViewFileParams () { if (!isset ($this->_viewFileParams)) { $this->_viewFileParams = array_merge ( parent::getViewFileParams (), array ( 'userNames' => User::getNames (), 'socialSubtypes' => Dropdowns::getSocialSubtypes (), 'visibilityFilters' => array ( '1'=>'Public', '0'=>'Private', ), 'chartSettingsDataProvider' => self::getChartSettingsProvider ( $this->chartType), 'suppressChartSettings' => false, 'metricTypes' => array ( 'any'=>Yii::t('app', 'All Events'), 'notif'=>Yii::t('app', 'Notifications'), 'feed'=>Yii::t('app', 'Feed Events'), 'comment'=>Yii::t('app', 'Comments'), 'record_create'=>Yii::t('app', 'Records Created'), 'record_deleted'=>Yii::t('app', 'Records Deleted'), 'weblead_create'=>Yii::t('app', 'Webleads Created'), 'workflow_start'=>Yii::t('app', '{Process} Started', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'workflow_complete'=>Yii::t('app', '{Process} Complete', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'workflow_revert'=>Yii::t('app', '{Process} Reverted', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'email_sent'=>Yii::t('app', 'Emails Sent'), 'email_opened'=>Yii::t('app', 'Emails Opened'), 'web_activity'=>Yii::t('app', 'Web Activity'), 'case_escalated'=>Yii::t('app', 'Cases Escalated'), 'calendar_event'=>Yii::t('app', '{Calendar} Events', array( '{Calendar}' => Modules::displayName(false, 'Calendar') )), 'action_reminder'=>Yii::t('app', '{Action} Reminders', array( '{Action}' => Modules::displayName(false, 'Actions') )), 'action_complete'=>Yii::t('app', '{Actions} Completed', array( '{Actions}' => Modules::displayName(true, 'Actions') )), 'doc_update'=>Yii::t('app', 'Doc Updates'), 'email_from'=>Yii::t('app', 'Email Received'), 'voip_calls'=>Yii::t('app', 'VOIP Calls'), 'media'=>Yii::t('app', '{Media}', array( '{Media}' => Modules::displayName(true, 'Media') )) ), 'chartType' => 'eventsChart', 'widgetUID' => $this->widgetUID, ) ); } return $this->_viewFileParams; }" 5210,"public function testReadAccessLevels () { $this->clearSessions (); $this->loginAs ('testUser2', 'password'); $user = $this->users ('user2'); $contactGroupmate = $this->contacts ('contactGroupmate'); $contactGroup = $this->contacts ('contactGroup'); $contactAnyone = $this->contacts ('contactAnyone'); $contactUserPrivate = $this->contacts ('contactUserPrivate'); $contactOtherPrivate = $this->contacts ('contactOtherPrivate'); $contactInvisible = $this->contacts ('contactInvisible'); $this->addAuthItemChild ('ContactsPrivateReadOnlyAccess'); Contacts::model ()->asa ('permissions')->clearCache (); $this->openX2 ('contacts/'.$contactGroupmate->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactGroup->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactAnyone->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactUserPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactOtherPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactInvisible->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->rmAuthItemChild ('ContactsPrivateReadOnlyAccess'); $this->addAuthItemChild ('ContactsReadOnlyAccess'); Contacts::model ()->asa ('permissions')->clearCache (); $this->openX2 ('contacts/'.$contactGroupmate->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactGroup->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactAnyone->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactUserPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactOtherPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactInvisible->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->rmAuthItemChild ('ContactsReadOnlyAccess'); Contacts::model ()->asa ('permissions')->clearCache (); $this->openX2 ('contacts/'.$contactGroupmate->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactGroup->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactAnyone->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactUserPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactOtherPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactInvisible->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->addAuthItemChild ('ContactsAdmin'); $this->addAuthItemChild ('ContactsReadOnlyAccess'); $this->addAuthItemChild ('ContactsFullAccess'); $this->addAuthItemChild ('ContactsUpdateAccess'); $this->addAuthItemChild ('ContactsBasicAccess'); Contacts::model ()->asa ('permissions')->clearCache (); $this->openX2 ('contacts/'.$contactGroupmate->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactGroup->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactAnyone->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactUserPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactOtherPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactInvisible->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); }",True,PHP,testReadAccessLevels,PermissionsTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function getViewFileParams () { if (!isset ($this->_viewFileParams)) { $this->_viewFileParams = array_merge ( parent::getViewFileParams (), array ( 'userNames' => User::getNames (), 'socialSubtypes' => Dropdowns::getSocialSubtypes (), 'visibilityFilters' => array ( '1'=>'Public', '0'=>'Private', ), 'chartSettingsDataProvider' => self::getChartSettingsProvider ( $this->chartType), 'suppressChartSettings' => false, 'metricTypes' => array ( 'any'=>Yii::t('app', 'All Events'), 'notif'=>Yii::t('app', 'Notifications'), 'feed'=>Yii::t('app', 'Feed Events'), 'comment'=>Yii::t('app', 'Comments'), 'record_create'=>Yii::t('app', 'Records Created'), 'record_deleted'=>Yii::t('app', 'Records Deleted'), 'weblead_create'=>Yii::t('app', 'Webleads Created'), 'workflow_start'=>Yii::t('app', '{Process} Started', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'workflow_complete'=>Yii::t('app', '{Process} Complete', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'workflow_revert'=>Yii::t('app', '{Process} Reverted', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'email_sent'=>Yii::t('app', 'Emails Sent'), 'email_opened'=>Yii::t('app', 'Emails Opened'), 'web_activity'=>Yii::t('app', 'Web Activity'), 'case_escalated'=>Yii::t('app', 'Cases Escalated'), 'calendar_event'=>Yii::t('app', '{Calendar} Events', array( '{Calendar}' => Modules::displayName(false, 'Calendar') )), 'action_reminder'=>Yii::t('app', '{Action} Reminders', array( '{Action}' => Modules::displayName(false, 'Actions') )), 'action_complete'=>Yii::t('app', '{Actions} Completed', array( '{Actions}' => Modules::displayName(true, 'Actions') )), 'doc_update'=>Yii::t('app', 'Doc Updates'), 'email_from'=>Yii::t('app', 'Email Received'), 'voip_calls'=>Yii::t('app', 'VOIP Calls'), 'media'=>Yii::t('app', '{Media}', array( '{Media}' => Modules::displayName(true, 'Media') )) ), 'chartType' => 'eventsChart', 'widgetUID' => $this->widgetUID, ) ); } return $this->_viewFileParams; }" 5211,"public function testReadAccessLevels () { $this->clearSessions (); $this->loginAs ('testUser2', 'password'); $user = $this->users ('user2'); $contactGroupmate = $this->contacts ('contactGroupmate'); $contactGroup = $this->contacts ('contactGroup'); $contactAnyone = $this->contacts ('contactAnyone'); $contactUserPrivate = $this->contacts ('contactUserPrivate'); $contactOtherPrivate = $this->contacts ('contactOtherPrivate'); $contactInvisible = $this->contacts ('contactInvisible'); $this->addAuthItemChild ('ContactsPrivateReadOnlyAccess'); Contacts::model ()->asa ('permissions')->clearCache (); $this->openX2 ('contacts/'.$contactGroupmate->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactGroup->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactAnyone->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactUserPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactOtherPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactInvisible->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->rmAuthItemChild ('ContactsPrivateReadOnlyAccess'); $this->addAuthItemChild ('ContactsReadOnlyAccess'); Contacts::model ()->asa ('permissions')->clearCache (); $this->openX2 ('contacts/'.$contactGroupmate->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactGroup->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactAnyone->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactUserPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactOtherPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactInvisible->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->rmAuthItemChild ('ContactsReadOnlyAccess'); Contacts::model ()->asa ('permissions')->clearCache (); $this->openX2 ('contacts/'.$contactGroupmate->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactGroup->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactAnyone->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactUserPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactOtherPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->openX2 ('contacts/'.$contactInvisible->id); $this->assertNoPHPErrors (); $this->assertHttpResponse (403); $this->addAuthItemChild ('ContactsAdmin'); $this->addAuthItemChild ('ContactsReadOnlyAccess'); $this->addAuthItemChild ('ContactsFullAccess'); $this->addAuthItemChild ('ContactsUpdateAccess'); $this->addAuthItemChild ('ContactsBasicAccess'); Contacts::model ()->asa ('permissions')->clearCache (); $this->openX2 ('contacts/'.$contactGroupmate->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactGroup->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactAnyone->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactUserPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactOtherPrivate->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); $this->openX2 ('contacts/'.$contactInvisible->id); $this->assertNoPHPErrors (); $this->assertHttpOK (); }",True,PHP,testReadAccessLevels,PermissionsTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getViewFileParams () { if (!isset ($this->_viewFileParams)) { $this->_viewFileParams = array_merge ( parent::getViewFileParams (), array ( 'userNames' => User::getNames (), 'socialSubtypes' => Dropdowns::getSocialSubtypes (), 'visibilityFilters' => array ( '1'=>'Public', '0'=>'Private', ), 'chartSettingsDataProvider' => self::getChartSettingsProvider ( $this->chartType), 'suppressChartSettings' => false, 'metricTypes' => array ( 'any'=>Yii::t('app', 'All Events'), 'notif'=>Yii::t('app', 'Notifications'), 'feed'=>Yii::t('app', 'Feed Events'), 'comment'=>Yii::t('app', 'Comments'), 'record_create'=>Yii::t('app', 'Records Created'), 'record_deleted'=>Yii::t('app', 'Records Deleted'), 'weblead_create'=>Yii::t('app', 'Webleads Created'), 'workflow_start'=>Yii::t('app', '{Process} Started', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'workflow_complete'=>Yii::t('app', '{Process} Complete', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'workflow_revert'=>Yii::t('app', '{Process} Reverted', array( '{Process}' => Modules::displayName(false, 'Workflow') )), 'email_sent'=>Yii::t('app', 'Emails Sent'), 'email_opened'=>Yii::t('app', 'Emails Opened'), 'web_activity'=>Yii::t('app', 'Web Activity'), 'case_escalated'=>Yii::t('app', 'Cases Escalated'), 'calendar_event'=>Yii::t('app', '{Calendar} Events', array( '{Calendar}' => Modules::displayName(false, 'Calendar') )), 'action_reminder'=>Yii::t('app', '{Action} Reminders', array( '{Action}' => Modules::displayName(false, 'Actions') )), 'action_complete'=>Yii::t('app', '{Actions} Completed', array( '{Actions}' => Modules::displayName(true, 'Actions') )), 'doc_update'=>Yii::t('app', 'Doc Updates'), 'email_from'=>Yii::t('app', 'Email Received'), 'voip_calls'=>Yii::t('app', 'VOIP Calls'), 'media'=>Yii::t('app', '{Media}', array( '{Media}' => Modules::displayName(true, 'Media') )) ), 'chartType' => 'eventsChart', 'widgetUID' => $this->widgetUID, ) ); } return $this->_viewFileParams; }" 5236,"public function testGetEvents(){ TestingAuxLib::loadX2NonWebUser (); TestingAuxLib::suLogin ('admin'); Yii::app()->settings->historyPrivacy = null; $lastEventId = 0; $lastTimestamp = 0; $events = Events::getEvents ($lastEventId, $lastTimestamp, 4); $this->assertEquals ( Yii::app()->db->createCommand ( ""select id from x2_events order by timestamp desc, id desc limit 4"") ->queryColumn (), array_map(function ($event) { return $event->id; }, $events['events']) ); TestingAuxLib::restoreX2WebUser (); }",True,PHP,testGetEvents,EventsTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function getSetupScript () { if (!isset ($this->_setupScript)) { $widgetClass = get_called_class (); $chartData = $this->getInitialChartData (); $userNames = User::getNames (); $socialSubtypes = Dropdowns::getSocialSubtypes (); $visibilityFilters = array ( '1'=>'Public', '0'=>'Private', ); $chartSettingsData = self::getChartSettingsProvider ($this->chartType)->data; $this->_setupScript = parent::getSetupScript ()."" $(function () { var chartUID = '$this->chartType$this->widgetUID'; x2[chartUID] = {}; x2[chartUID].chart = X2Chart.instantiateTemporarySubtype ( X2EventsChart, { "".(isset ($chartData) ? ""chartData :"".CJSON::encode ($chartData)."","" : '')."" actionParams: "".CJSON::encode (array ( 'widgetType' => get_called_class (), ))."", socialSubtypes:"".CJSON::encode (array_keys ($socialSubtypes))."", visibilityTypes:"".CJSON::encode (array_keys ($visibilityFilters))."", eventTypes:"".CJSON::encode (array_keys ($userNames))."", translations: "".CJSON::encode ($this->getTranslations ())."", getChartDataActionName: 'getEventsBetween', saveChartSetting: function (key, value, callback) { this.lastChartSettings[key] = value; x2.$widgetClass$this->widgetUID.setProperty ( 'chartSettings', this.lastChartSettings, callback); }, suppressDateRangeSelector: false, suppressChartSettings: false, lastChartSettings: "".CJSON::encode ($this->getChartSettings ())."", widgetUID: '$this->widgetUID', chartType: '$this->chartType', chartSubtype: '"".self::getJSONProperty ( $this->profile, 'chartSubtype', $this->widgetType, $this->widgetUID).""', chartSettings: "".CJSON::encode ( count ($chartSettingsData) ? array_combine ( array_map (function ($setting) { return $setting->name; }, $chartSettingsData), $chartSettingsData) : array ())."" }); $(document).trigger ('$this->chartType' + 'Ready'); }); ""; }" 5237,"public function testGetEvents(){ TestingAuxLib::loadX2NonWebUser (); TestingAuxLib::suLogin ('admin'); Yii::app()->settings->historyPrivacy = null; $lastEventId = 0; $lastTimestamp = 0; $events = Events::getEvents ($lastEventId, $lastTimestamp, 4); $this->assertEquals ( Yii::app()->db->createCommand ( ""select id from x2_events order by timestamp desc, id desc limit 4"") ->queryColumn (), array_map(function ($event) { return $event->id; }, $events['events']) ); TestingAuxLib::restoreX2WebUser (); }",True,PHP,testGetEvents,EventsTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getSetupScript () { if (!isset ($this->_setupScript)) { $widgetClass = get_called_class (); $chartData = $this->getInitialChartData (); $userNames = User::getNames (); $socialSubtypes = Dropdowns::getSocialSubtypes (); $visibilityFilters = array ( '1'=>'Public', '0'=>'Private', ); $chartSettingsData = self::getChartSettingsProvider ($this->chartType)->data; $this->_setupScript = parent::getSetupScript ()."" $(function () { var chartUID = '$this->chartType$this->widgetUID'; x2[chartUID] = {}; x2[chartUID].chart = X2Chart.instantiateTemporarySubtype ( X2EventsChart, { "".(isset ($chartData) ? ""chartData :"".CJSON::encode ($chartData)."","" : '')."" actionParams: "".CJSON::encode (array ( 'widgetType' => get_called_class (), ))."", socialSubtypes:"".CJSON::encode (array_keys ($socialSubtypes))."", visibilityTypes:"".CJSON::encode (array_keys ($visibilityFilters))."", eventTypes:"".CJSON::encode (array_keys ($userNames))."", translations: "".CJSON::encode ($this->getTranslations ())."", getChartDataActionName: 'getEventsBetween', saveChartSetting: function (key, value, callback) { this.lastChartSettings[key] = value; x2.$widgetClass$this->widgetUID.setProperty ( 'chartSettings', this.lastChartSettings, callback); }, suppressDateRangeSelector: false, suppressChartSettings: false, lastChartSettings: "".CJSON::encode ($this->getChartSettings ())."", widgetUID: '$this->widgetUID', chartType: '$this->chartType', chartSubtype: '"".self::getJSONProperty ( $this->profile, 'chartSubtype', $this->widgetType, $this->widgetUID).""', chartSettings: "".CJSON::encode ( count ($chartSettingsData) ? array_combine ( array_map (function ($setting) { return $setting->name; }, $chartSettingsData), $chartSettingsData) : array ())."" }); $(document).trigger ('$this->chartType' + 'Ready'); }); ""; }" 5240,"public function testGetFilteredEventsDataProvider () { TestingAuxLib::loadX2NonWebUser (); TestingAuxLib::suLogin ('testuser'); Yii::app()->settings->historyPrivacy = null; $profile = Profile::model()->findByAttributes(array('username' => 'testuser')); $retVal = Events::getFilteredEventsDataProvider ($profile, true, null, false); $dataProvider = $retVal['dataProvider']; $events = $dataProvider->getData (); $expectedEvents = Events::getEvents (0, 0, count ($events), $profile); $this->assertEquals ( Yii::app()->db->createCommand ("" select id from x2_events where user='testuser' or visibility order by timestamp desc, id desc "")->queryColumn (), array_map ( function ($event) { return $event->id; }, $expectedEvents['events'] ) ); $this->assertEquals ( array_map ( function ($event) { return $event->id; }, $expectedEvents['events'] ), array_map ( function ($event) { return $event->id; }, $events ) ); TestingAuxLib::restoreX2WebUser (); }",True,PHP,testGetFilteredEventsDataProvider,EventsTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function getSetupScript () { if (!isset ($this->_setupScript)) { $widgetClass = get_called_class (); $chartData = $this->getInitialChartData (); $userNames = User::getNames (); $socialSubtypes = Dropdowns::getSocialSubtypes (); $visibilityFilters = array ( '1'=>'Public', '0'=>'Private', ); $chartSettingsData = self::getChartSettingsProvider ($this->chartType)->data; $this->_setupScript = parent::getSetupScript ()."" $(function () { var chartUID = '$this->chartType$this->widgetUID'; x2[chartUID] = {}; x2[chartUID].chart = X2Chart.instantiateTemporarySubtype ( X2EventsChart, { "".(isset ($chartData) ? ""chartData :"".CJSON::encode ($chartData)."","" : '')."" actionParams: "".CJSON::encode (array ( 'widgetType' => get_called_class (), ))."", socialSubtypes:"".CJSON::encode (array_keys ($socialSubtypes))."", visibilityTypes:"".CJSON::encode (array_keys ($visibilityFilters))."", eventTypes:"".CJSON::encode (array_keys ($userNames))."", translations: "".CJSON::encode ($this->getTranslations ())."", getChartDataActionName: 'getEventsBetween', saveChartSetting: function (key, value, callback) { this.lastChartSettings[key] = value; x2.$widgetClass$this->widgetUID.setProperty ( 'chartSettings', this.lastChartSettings, callback); }, suppressDateRangeSelector: false, suppressChartSettings: false, lastChartSettings: "".CJSON::encode ($this->getChartSettings ())."", widgetUID: '$this->widgetUID', chartType: '$this->chartType', chartSubtype: '"".self::getJSONProperty ( $this->profile, 'chartSubtype', $this->widgetType, $this->widgetUID).""', chartSettings: "".CJSON::encode ( count ($chartSettingsData) ? array_combine ( array_map (function ($setting) { return $setting->name; }, $chartSettingsData), $chartSettingsData) : array ())."" }); $(document).trigger ('$this->chartType' + 'Ready'); }); ""; }" 5241,"public function testGetFilteredEventsDataProvider () { TestingAuxLib::loadX2NonWebUser (); TestingAuxLib::suLogin ('testuser'); Yii::app()->settings->historyPrivacy = null; $profile = Profile::model()->findByAttributes(array('username' => 'testuser')); $retVal = Events::getFilteredEventsDataProvider ($profile, true, null, false); $dataProvider = $retVal['dataProvider']; $events = $dataProvider->getData (); $expectedEvents = Events::getEvents (0, 0, count ($events), $profile); $this->assertEquals ( Yii::app()->db->createCommand ("" select id from x2_events where user='testuser' or visibility order by timestamp desc, id desc "")->queryColumn (), array_map ( function ($event) { return $event->id; }, $expectedEvents['events'] ) ); $this->assertEquals ( array_map ( function ($event) { return $event->id; }, $expectedEvents['events'] ), array_map ( function ($event) { return $event->id; }, $events ) ); TestingAuxLib::restoreX2WebUser (); }",True,PHP,testGetFilteredEventsDataProvider,EventsTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getSetupScript () { if (!isset ($this->_setupScript)) { $widgetClass = get_called_class (); $chartData = $this->getInitialChartData (); $userNames = User::getNames (); $socialSubtypes = Dropdowns::getSocialSubtypes (); $visibilityFilters = array ( '1'=>'Public', '0'=>'Private', ); $chartSettingsData = self::getChartSettingsProvider ($this->chartType)->data; $this->_setupScript = parent::getSetupScript ()."" $(function () { var chartUID = '$this->chartType$this->widgetUID'; x2[chartUID] = {}; x2[chartUID].chart = X2Chart.instantiateTemporarySubtype ( X2EventsChart, { "".(isset ($chartData) ? ""chartData :"".CJSON::encode ($chartData)."","" : '')."" actionParams: "".CJSON::encode (array ( 'widgetType' => get_called_class (), ))."", socialSubtypes:"".CJSON::encode (array_keys ($socialSubtypes))."", visibilityTypes:"".CJSON::encode (array_keys ($visibilityFilters))."", eventTypes:"".CJSON::encode (array_keys ($userNames))."", translations: "".CJSON::encode ($this->getTranslations ())."", getChartDataActionName: 'getEventsBetween', saveChartSetting: function (key, value, callback) { this.lastChartSettings[key] = value; x2.$widgetClass$this->widgetUID.setProperty ( 'chartSettings', this.lastChartSettings, callback); }, suppressDateRangeSelector: false, suppressChartSettings: false, lastChartSettings: "".CJSON::encode ($this->getChartSettings ())."", widgetUID: '$this->widgetUID', chartType: '$this->chartType', chartSubtype: '"".self::getJSONProperty ( $this->profile, 'chartSubtype', $this->widgetType, $this->widgetUID).""', chartSettings: "".CJSON::encode ( count ($chartSettingsData) ? array_combine ( array_map (function ($setting) { return $setting->name; }, $chartSettingsData), $chartSettingsData) : array ())."" }); $(document).trigger ('$this->chartType' + 'Ready'); }); ""; }" 5244,"public function testGetAccessCriteria () { TestingAuxLib::loadX2NonWebUser (); TestingAuxLib::suLogin ('admin'); $accessCriteria = Events::model ()->getAccessCriteria (); $this->assertEquals ('TRUE', $accessCriteria->condition); $this->assertEquals ( array_map (function ($event) { return $event->id; }, Events::model ()->findAll ($accessCriteria)), array_map (function ($event) { return $event->id; }, Events::model ()->findAll ())); $accessCriteria = Events::model ()->getAccessCriteria ( Profile::model ()->findByAttributes (array ( 'username' => 'testuser' ))); $this->assertEquals ( array_map (function ($event) { return $event->id; }, Events::model ()->findAll ($accessCriteria)), array_map (function ($event) { return $event->id; }, Events::model ()->findAll ('user=""testuser""'))); TestingAuxLib::suLogin ('testuser2'); Yii::app()->settings->historyPrivacy = null; $accessCriteria = Events::model ()->getAccessCriteria ( Profile::model ()->findByAttributes (array ( 'username' => 'testuser' ))); $this->assertEquals ( array_map (function ($event) { return $event->id; }, Events::model ()->findAll ($accessCriteria)), array_map (function ($event) { return $event->id; }, Events::model ()->findAll ('user=""testuser"" and visibility'))); TestingAuxLib::suLogin ('testuser2'); Yii::app()->settings->historyPrivacy = null; $accessCriteria = Events::model ()->getAccessCriteria (); $this->assertEquals ( array_map (function ($event) { return $event->id; }, Events::model ()->findAll ($accessCriteria)), array_map (function ($event) { return $event->id; }, Events::model ()->findAll ('user=""testuser2"" or visibility'))); TestingAuxLib::suLogin ('testuser2'); Yii::app()->settings->historyPrivacy = 'user'; $accessCriteria = Events::model ()->getAccessCriteria (); $this->assertEquals ( array_map (function ($event) { return $event->id; }, Events::model ()->findAll ($accessCriteria)), array_map (function ($event) { return $event->id; }, Events::model ()->findAll ('user=""testuser2""'))); Yii::app()->settings->historyPrivacy = 'group'; $accessCriteria = Events::model ()->getAccessCriteria (); $this->assertEquals ( array_map (function ($event) { return $event->id; }, Events::model ()->findAll ($accessCriteria)), array_map (function ($event) { return $event->id; }, Events::model ()->findAll ('user=""testuser2"" or user=""testuser3""'))); Yii::app()->settings->historyPrivacy = null; TestingAuxLib::restoreX2WebUser (); }",True,PHP,testGetAccessCriteria,EventsTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function getSetupScript () { if (!isset ($this->_setupScript)) { $widgetClass = get_called_class (); $chartData = $this->getInitialChartData (); $userNames = User::getNames (); $eventTypes = array ('all'=>Yii::t('app', 'All Events')) + Events::$eventLabels; $socialSubtypes = Dropdowns::getSocialSubtypes (); $visibilityFilters = array ( '1'=>'Public', '0'=>'Private', ); $chartSettingsData = self::getChartSettingsProvider ($this->chartType)->data; $this->_setupScript = parent::getSetupScript ()."" $(function () { var chartUID = '$this->chartType$this->widgetUID'; x2[chartUID] = {}; x2[chartUID].chart = X2Chart.instantiateTemporarySubtype ( X2UsersChart, { "".(isset ($chartData) ? ""chartData :"".CJSON::encode ($chartData)."","" : '')."" actionParams: "".CJSON::encode (array ( 'widgetType' => get_called_class (), ))."", socialSubtypes:"".CJSON::encode (array_keys ($socialSubtypes))."", visibilityTypes:"".CJSON::encode (array_keys ($visibilityFilters))."", eventTypes:"".CJSON::encode (array_keys ($eventTypes))."", translations: "".CJSON::encode ($this->getTranslations ())."", getChartDataActionName: 'getEventsBetween', saveChartSetting: function (key, value, callback) { this.lastChartSettings[key] = value; x2.$widgetClass$this->widgetUID.setProperty ( 'chartSettings', this.lastChartSettings, callback); }, suppressDateRangeSelector: false, suppressChartSettings: false, lastChartSettings: "".CJSON::encode ($this->getChartSettings ())."", widgetUID: '$this->widgetUID', chartType: '$this->chartType', chartSubtype: '"".self::getJSONProperty ( $this->profile, 'chartSubtype', $this->widgetType, $this->widgetUID).""', chartSettings: "".CJSON::encode ( count ($chartSettingsData) ? array_combine ( array_map (function ($setting) { return $setting->name; }, $chartSettingsData), $chartSettingsData) : array ())."" }); $(document).trigger ('$this->chartType' + 'Ready'); }); ""; }" 5245,"public function testGetAccessCriteria () { TestingAuxLib::loadX2NonWebUser (); TestingAuxLib::suLogin ('admin'); $accessCriteria = Events::model ()->getAccessCriteria (); $this->assertEquals ('TRUE', $accessCriteria->condition); $this->assertEquals ( array_map (function ($event) { return $event->id; }, Events::model ()->findAll ($accessCriteria)), array_map (function ($event) { return $event->id; }, Events::model ()->findAll ())); $accessCriteria = Events::model ()->getAccessCriteria ( Profile::model ()->findByAttributes (array ( 'username' => 'testuser' ))); $this->assertEquals ( array_map (function ($event) { return $event->id; }, Events::model ()->findAll ($accessCriteria)), array_map (function ($event) { return $event->id; }, Events::model ()->findAll ('user=""testuser""'))); TestingAuxLib::suLogin ('testuser2'); Yii::app()->settings->historyPrivacy = null; $accessCriteria = Events::model ()->getAccessCriteria ( Profile::model ()->findByAttributes (array ( 'username' => 'testuser' ))); $this->assertEquals ( array_map (function ($event) { return $event->id; }, Events::model ()->findAll ($accessCriteria)), array_map (function ($event) { return $event->id; }, Events::model ()->findAll ('user=""testuser"" and visibility'))); TestingAuxLib::suLogin ('testuser2'); Yii::app()->settings->historyPrivacy = null; $accessCriteria = Events::model ()->getAccessCriteria (); $this->assertEquals ( array_map (function ($event) { return $event->id; }, Events::model ()->findAll ($accessCriteria)), array_map (function ($event) { return $event->id; }, Events::model ()->findAll ('user=""testuser2"" or visibility'))); TestingAuxLib::suLogin ('testuser2'); Yii::app()->settings->historyPrivacy = 'user'; $accessCriteria = Events::model ()->getAccessCriteria (); $this->assertEquals ( array_map (function ($event) { return $event->id; }, Events::model ()->findAll ($accessCriteria)), array_map (function ($event) { return $event->id; }, Events::model ()->findAll ('user=""testuser2""'))); Yii::app()->settings->historyPrivacy = 'group'; $accessCriteria = Events::model ()->getAccessCriteria (); $this->assertEquals ( array_map (function ($event) { return $event->id; }, Events::model ()->findAll ($accessCriteria)), array_map (function ($event) { return $event->id; }, Events::model ()->findAll ('user=""testuser2"" or user=""testuser3""'))); Yii::app()->settings->historyPrivacy = null; TestingAuxLib::restoreX2WebUser (); }",True,PHP,testGetAccessCriteria,EventsTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getSetupScript () { if (!isset ($this->_setupScript)) { $widgetClass = get_called_class (); $chartData = $this->getInitialChartData (); $userNames = User::getNames (); $eventTypes = array ('all'=>Yii::t('app', 'All Events')) + Events::$eventLabels; $socialSubtypes = Dropdowns::getSocialSubtypes (); $visibilityFilters = array ( '1'=>'Public', '0'=>'Private', ); $chartSettingsData = self::getChartSettingsProvider ($this->chartType)->data; $this->_setupScript = parent::getSetupScript ()."" $(function () { var chartUID = '$this->chartType$this->widgetUID'; x2[chartUID] = {}; x2[chartUID].chart = X2Chart.instantiateTemporarySubtype ( X2UsersChart, { "".(isset ($chartData) ? ""chartData :"".CJSON::encode ($chartData)."","" : '')."" actionParams: "".CJSON::encode (array ( 'widgetType' => get_called_class (), ))."", socialSubtypes:"".CJSON::encode (array_keys ($socialSubtypes))."", visibilityTypes:"".CJSON::encode (array_keys ($visibilityFilters))."", eventTypes:"".CJSON::encode (array_keys ($eventTypes))."", translations: "".CJSON::encode ($this->getTranslations ())."", getChartDataActionName: 'getEventsBetween', saveChartSetting: function (key, value, callback) { this.lastChartSettings[key] = value; x2.$widgetClass$this->widgetUID.setProperty ( 'chartSettings', this.lastChartSettings, callback); }, suppressDateRangeSelector: false, suppressChartSettings: false, lastChartSettings: "".CJSON::encode ($this->getChartSettings ())."", widgetUID: '$this->widgetUID', chartType: '$this->chartType', chartSubtype: '"".self::getJSONProperty ( $this->profile, 'chartSubtype', $this->widgetType, $this->widgetUID).""', chartSettings: "".CJSON::encode ( count ($chartSettingsData) ? array_combine ( array_map (function ($setting) { return $setting->name; }, $chartSettingsData), $chartSettingsData) : array ())."" }); $(document).trigger ('$this->chartType' + 'Ready'); }); ""; }" 5246,"public function testGetEventsPublicProfile(){ TestingAuxLib::loadX2NonWebUser (); TestingAuxLib::suLogin ('testuser'); Yii::app()->settings->historyPrivacy = null; $lastEventId=0; $lastTimestamp=0; $myProfile = Profile::model()->findByAttributes(array('username' => 'testuser2')); $events=Events::getEvents( $lastEventId,$lastTimestamp,null,$myProfile, false); $this->assertEquals ( array_map ( function ($event) { return $event->id; }, Events::model ()->findAllByAttributes (array ( 'user' => 'testuser2', 'visibility' => 1 )) ), array_map (function ($event) { return $event->id; }, $events['events'])); TestingAuxLib::restoreX2WebUser (); }",True,PHP,testGetEventsPublicProfile,EventsTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function getSetupScript () { if (!isset ($this->_setupScript)) { $widgetClass = get_called_class (); $chartData = $this->getInitialChartData (); $userNames = User::getNames (); $eventTypes = array ('all'=>Yii::t('app', 'All Events')) + Events::$eventLabels; $socialSubtypes = Dropdowns::getSocialSubtypes (); $visibilityFilters = array ( '1'=>'Public', '0'=>'Private', ); $chartSettingsData = self::getChartSettingsProvider ($this->chartType)->data; $this->_setupScript = parent::getSetupScript ()."" $(function () { var chartUID = '$this->chartType$this->widgetUID'; x2[chartUID] = {}; x2[chartUID].chart = X2Chart.instantiateTemporarySubtype ( X2UsersChart, { "".(isset ($chartData) ? ""chartData :"".CJSON::encode ($chartData)."","" : '')."" actionParams: "".CJSON::encode (array ( 'widgetType' => get_called_class (), ))."", socialSubtypes:"".CJSON::encode (array_keys ($socialSubtypes))."", visibilityTypes:"".CJSON::encode (array_keys ($visibilityFilters))."", eventTypes:"".CJSON::encode (array_keys ($eventTypes))."", translations: "".CJSON::encode ($this->getTranslations ())."", getChartDataActionName: 'getEventsBetween', saveChartSetting: function (key, value, callback) { this.lastChartSettings[key] = value; x2.$widgetClass$this->widgetUID.setProperty ( 'chartSettings', this.lastChartSettings, callback); }, suppressDateRangeSelector: false, suppressChartSettings: false, lastChartSettings: "".CJSON::encode ($this->getChartSettings ())."", widgetUID: '$this->widgetUID', chartType: '$this->chartType', chartSubtype: '"".self::getJSONProperty ( $this->profile, 'chartSubtype', $this->widgetType, $this->widgetUID).""', chartSettings: "".CJSON::encode ( count ($chartSettingsData) ? array_combine ( array_map (function ($setting) { return $setting->name; }, $chartSettingsData), $chartSettingsData) : array ())."" }); $(document).trigger ('$this->chartType' + 'Ready'); }); ""; }" 5247,"public function testGetEventsPublicProfile(){ TestingAuxLib::loadX2NonWebUser (); TestingAuxLib::suLogin ('testuser'); Yii::app()->settings->historyPrivacy = null; $lastEventId=0; $lastTimestamp=0; $myProfile = Profile::model()->findByAttributes(array('username' => 'testuser2')); $events=Events::getEvents( $lastEventId,$lastTimestamp,null,$myProfile, false); $this->assertEquals ( array_map ( function ($event) { return $event->id; }, Events::model ()->findAllByAttributes (array ( 'user' => 'testuser2', 'visibility' => 1 )) ), array_map (function ($event) { return $event->id; }, $events['events'])); TestingAuxLib::restoreX2WebUser (); }",True,PHP,testGetEventsPublicProfile,EventsTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getSetupScript () { if (!isset ($this->_setupScript)) { $widgetClass = get_called_class (); $chartData = $this->getInitialChartData (); $userNames = User::getNames (); $eventTypes = array ('all'=>Yii::t('app', 'All Events')) + Events::$eventLabels; $socialSubtypes = Dropdowns::getSocialSubtypes (); $visibilityFilters = array ( '1'=>'Public', '0'=>'Private', ); $chartSettingsData = self::getChartSettingsProvider ($this->chartType)->data; $this->_setupScript = parent::getSetupScript ()."" $(function () { var chartUID = '$this->chartType$this->widgetUID'; x2[chartUID] = {}; x2[chartUID].chart = X2Chart.instantiateTemporarySubtype ( X2UsersChart, { "".(isset ($chartData) ? ""chartData :"".CJSON::encode ($chartData)."","" : '')."" actionParams: "".CJSON::encode (array ( 'widgetType' => get_called_class (), ))."", socialSubtypes:"".CJSON::encode (array_keys ($socialSubtypes))."", visibilityTypes:"".CJSON::encode (array_keys ($visibilityFilters))."", eventTypes:"".CJSON::encode (array_keys ($eventTypes))."", translations: "".CJSON::encode ($this->getTranslations ())."", getChartDataActionName: 'getEventsBetween', saveChartSetting: function (key, value, callback) { this.lastChartSettings[key] = value; x2.$widgetClass$this->widgetUID.setProperty ( 'chartSettings', this.lastChartSettings, callback); }, suppressDateRangeSelector: false, suppressChartSettings: false, lastChartSettings: "".CJSON::encode ($this->getChartSettings ())."", widgetUID: '$this->widgetUID', chartType: '$this->chartType', chartSubtype: '"".self::getJSONProperty ( $this->profile, 'chartSubtype', $this->widgetType, $this->widgetUID).""', chartSettings: "".CJSON::encode ( count ($chartSettingsData) ? array_combine ( array_map (function ($setting) { return $setting->name; }, $chartSettingsData), $chartSettingsData) : array ())."" }); $(document).trigger ('$this->chartType' + 'Ready'); }); ""; }" 5260,"public function testRedirectLinkGeneration () { Yii::app()->controller = new MarketingController ( 'campaign', new MarketingModule ('campaign', null)); $_SERVER['SERVER_NAME'] = 'localhost'; $cmb = $this->instantiate(); $contact = $this->contacts('testUser_unsent'); $campaign = $this->campaign('redirectLinkGeneration'); $url = preg_replace ('/^[^""]*""([^""]*)"".*$/', '$1', $campaign->content); list($subject,$message,$uniqueId) = $cmb->prepareEmail( $this->campaign('redirectLinkGeneration'), $contact,$this->listItem('testUser_unsent')->emailAddress); $this->assertRegExp ('/'.preg_quote (urlencode ($url)).'/', $message); }",True,PHP,testRedirectLinkGeneration,CampaignMailingBehaviorTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function getViewFileParams () { if (!isset ($this->_viewFileParams)) { $this->_viewFileParams = array_merge ( parent::getViewFileParams (), array ( 'chartType' => $this->chartType, 'chartSettingsDataProvider' => self::getChartSettingsProvider ( $this->chartType), 'eventTypes' => array ('all'=>Yii::t('app', 'All Events')) + Events::$eventLabels, 'socialSubtypes' => Dropdowns::getSocialSubtypes (), 'visibilityFilters' => array ( '1'=>'Public', '0'=>'Private', ), 'suppressChartSettings' => false, 'chartType' => 'usersChart', 'widgetUID' => $this->widgetUID, 'metricTypes' => User::getUserOptions (), ) ); } return $this->_viewFileParams; }" 5261,"public function testRedirectLinkGeneration () { Yii::app()->controller = new MarketingController ( 'campaign', new MarketingModule ('campaign', null)); $_SERVER['SERVER_NAME'] = 'localhost'; $cmb = $this->instantiate(); $contact = $this->contacts('testUser_unsent'); $campaign = $this->campaign('redirectLinkGeneration'); $url = preg_replace ('/^[^""]*""([^""]*)"".*$/', '$1', $campaign->content); list($subject,$message,$uniqueId) = $cmb->prepareEmail( $this->campaign('redirectLinkGeneration'), $contact,$this->listItem('testUser_unsent')->emailAddress); $this->assertRegExp ('/'.preg_quote (urlencode ($url)).'/', $message); }",True,PHP,testRedirectLinkGeneration,CampaignMailingBehaviorTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getViewFileParams () { if (!isset ($this->_viewFileParams)) { $this->_viewFileParams = array_merge ( parent::getViewFileParams (), array ( 'chartType' => $this->chartType, 'chartSettingsDataProvider' => self::getChartSettingsProvider ( $this->chartType), 'eventTypes' => array ('all'=>Yii::t('app', 'All Events')) + Events::$eventLabels, 'socialSubtypes' => Dropdowns::getSocialSubtypes (), 'visibilityFilters' => array ( '1'=>'Public', '0'=>'Private', ), 'suppressChartSettings' => false, 'chartType' => 'usersChart', 'widgetUID' => $this->widgetUID, 'metricTypes' => User::getUserOptions (), ) ); } return $this->_viewFileParams; }" 5262,"public function testPrepareEmail() { if(!Yii::app()->contEd('pro')) { $this->markTestSkipped(); } $cmb = $this->instantiate(); $contact = $this->contacts('testUser_unsent'); $recipientAddress = $contact->email; $admin = Yii::app()->settings; $admin->externalBaseUrl = 'http: $admin->externalBaseUri = '/X2Engine'; list($subject,$message,$uniqueId) = $cmb->prepareEmail( $this->campaign('testUser'),$contact,$this->listItem('testUser_unsent')->emailAddress); $email = $cmb->recipient->email; $this->assertEquals($recipientAddress,$email); $this->assertEquals( str_replace('{firstName}',$contact->firstName,$this->campaign('testUser')->subject), $subject); $replaceVars = array( '{firstName}' => $contact->firstName, '{signature}' => $this->users('testUser')->profile->signature, '{trackingKey}' => $uniqueId ); $this->assertRegExp( '/'.preg_quote(strtr($this->campaign('testUser')->content,$replaceVars),'/').'/', $message,'Variable replacement didn\'t take place'); $this->assertRegExp( '/'.preg_quote( 'externalBaseUrl.$admin->externalBaseUri. '/index.php/marketing/marketing/click?uid='.$uniqueId,'/').'/', $message,'Tracking image not inserted'); $this->assertRegExp( '/'.preg_quote( 'To stop receiving these messages, click here: '. ''. 'unsubscribe','/').'/', $message,'Unsubscribe link not inserted'); $this->assertRegExp( '/'.preg_quote('visit http: $message,'Tracking key not inserted!'); }",True,PHP,testPrepareEmail,CampaignMailingBehaviorTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"public function getViewFileParams () { if (!isset ($this->_viewFileParams)) { $this->_viewFileParams = array_merge ( parent::getViewFileParams (), array ( 'chartType' => $this->chartType, 'chartSettingsDataProvider' => self::getChartSettingsProvider ( $this->chartType), 'eventTypes' => array ('all'=>Yii::t('app', 'All Events')) + Events::$eventLabels, 'socialSubtypes' => Dropdowns::getSocialSubtypes (), 'visibilityFilters' => array ( '1'=>'Public', '0'=>'Private', ), 'suppressChartSettings' => false, 'chartType' => 'usersChart', 'widgetUID' => $this->widgetUID, 'metricTypes' => User::getUserOptions (), ) ); } return $this->_viewFileParams; }" 5263,"public function testPrepareEmail() { if(!Yii::app()->contEd('pro')) { $this->markTestSkipped(); } $cmb = $this->instantiate(); $contact = $this->contacts('testUser_unsent'); $recipientAddress = $contact->email; $admin = Yii::app()->settings; $admin->externalBaseUrl = 'http: $admin->externalBaseUri = '/X2Engine'; list($subject,$message,$uniqueId) = $cmb->prepareEmail( $this->campaign('testUser'),$contact,$this->listItem('testUser_unsent')->emailAddress); $email = $cmb->recipient->email; $this->assertEquals($recipientAddress,$email); $this->assertEquals( str_replace('{firstName}',$contact->firstName,$this->campaign('testUser')->subject), $subject); $replaceVars = array( '{firstName}' => $contact->firstName, '{signature}' => $this->users('testUser')->profile->signature, '{trackingKey}' => $uniqueId ); $this->assertRegExp( '/'.preg_quote(strtr($this->campaign('testUser')->content,$replaceVars),'/').'/', $message,'Variable replacement didn\'t take place'); $this->assertRegExp( '/'.preg_quote( 'externalBaseUrl.$admin->externalBaseUri. '/index.php/marketing/marketing/click?uid='.$uniqueId,'/').'/', $message,'Tracking image not inserted'); $this->assertRegExp( '/'.preg_quote( 'To stop receiving these messages, click here: '. ''. 'unsubscribe','/').'/', $message,'Unsubscribe link not inserted'); $this->assertRegExp( '/'.preg_quote('visit http: $message,'Tracking key not inserted!'); }",True,PHP,testPrepareEmail,CampaignMailingBehaviorTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"public function getViewFileParams () { if (!isset ($this->_viewFileParams)) { $this->_viewFileParams = array_merge ( parent::getViewFileParams (), array ( 'chartType' => $this->chartType, 'chartSettingsDataProvider' => self::getChartSettingsProvider ( $this->chartType), 'eventTypes' => array ('all'=>Yii::t('app', 'All Events')) + Events::$eventLabels, 'socialSubtypes' => Dropdowns::getSocialSubtypes (), 'visibilityFilters' => array ( '1'=>'Public', '0'=>'Private', ), 'suppressChartSettings' => false, 'chartType' => 'usersChart', 'widgetUID' => $this->widgetUID, 'metricTypes' => User::getUserOptions (), ) ); } return $this->_viewFileParams; }" 5276,"public static function referenceFixtures() { return array( 'campaign' => array ('Campaign', '.CampaignMailingBehaviorTest'), 'lists' => 'X2List', 'credentials' => 'Credentials', 'users' => 'User', 'profile' => array('Profile','.marketing') ); }",True,PHP,referenceFixtures,CampaignMailingBehaviorTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-5074,"function renderFields ($fieldList, $type, $form, $model, $contactFields=null) { foreach($fieldList as $field) { if(!isset($field['type']) || $field['type']==='normal'){ if(isset($field['label']) && $field['label'] != '') { $label = ''; } else { if($type === 'service' && in_array($field['fieldName'], $contactFields)){ $label = Contacts::model()->getAttributeLabel($field['fieldName']); }else{ $label = $form->labelEx($model,$field['fieldName']); } } $starred = strpos($label, '*') !== false; ?>
    *' : ''); ?>
    error($model, $field['fieldName']); if($type === 'service' && in_array($field['fieldName'], $contactFields)){ ?> ]"" value="""" /> renderInput($field['fieldName']); } ?>
    "" /> {$field['fieldName']}=$field['label']; echo $form->hiddenField($model, $field['fieldName']); } } }" 5277,"public static function referenceFixtures() { return array( 'campaign' => array ('Campaign', '.CampaignMailingBehaviorTest'), 'lists' => 'X2List', 'credentials' => 'Credentials', 'users' => 'User', 'profile' => array('Profile','.marketing') ); }",True,PHP,referenceFixtures,CampaignMailingBehaviorTest.php,https://github.com/X2Engine/X2CRM,X2Engine,Derek Mueller,2015-07-13 15:09:49-07:00,Release v5.0.9; see CHANGELOG for details.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-5076,"function renderFields ($fieldList, $type, $form, $model, $contactFields=null) { foreach($fieldList as $field) { if(!isset($field['type']) || $field['type']==='normal'){ if(isset($field['label']) && $field['label'] != '') { $label = ''; } else { if($type === 'service' && in_array($field['fieldName'], $contactFields)){ $label = Contacts::model()->getAttributeLabel($field['fieldName']); }else{ $label = $form->labelEx($model,$field['fieldName']); } } $starred = strpos($label, '*') !== false; ?>
    *' : ''); ?>
    error($model, $field['fieldName']); if($type === 'service' && in_array($field['fieldName'], $contactFields)){ ?> ]"" value="""" /> renderInput($field['fieldName']); } ?>
    "" /> {$field['fieldName']}=$field['label']; echo $form->hiddenField($model, $field['fieldName']); } } }" 5286,"$pos = strpos($line, $match); if ($pos !== false) { $var = getvarname(strtok($field, '#')); if ($var != '[]') eval('$r' . $var . '=$block;'); } } } return $r; }",True,PHP,strpos,whois.parser.php,https://github.com/Gemorroj/phpwhois,Gemorroj,Gemorroj,2018-02-10 20:40:14+03:00,remove eval-s,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2015-5243,"function renderFields ($fieldList, $type, $form, $model, $contactFields=null) { foreach($fieldList as $field) { if(!isset($field['type']) || $field['type']==='normal'){ if(isset($field['label']) && $field['label'] != '') { $label = ''; } else { if($type === 'service' && in_array($field['fieldName'], $contactFields)){ $label = Contacts::model()->getAttributeLabel($field['fieldName']); }else{ $label = $form->labelEx($model,$field['fieldName']); } } $starred = strpos($label, '*') !== false; ?>
    *' : ''); ?>
    error($model, $field['fieldName']); if($type === 'service' && in_array($field['fieldName'], $contactFields)){ ?> ]"" value="""" /> renderInput($field['fieldName']); } ?>
    "" /> {$field['fieldName']}=$field['label']; echo $form->hiddenField($model, $field['fieldName']); } } }" 5287,"$k = trim(strtok($val, ':')); $v = trim(substr(strstr($val, ':'), 1)); if ($v == '') continue; $hasdata = true; if (isset($translate[$k])) { $k = $translate[$k]; if ($k == '') continue; if (strstr($k, '.')) { eval(""\$block"" . getvarname($k) . ""=\$v;""); continue; } } else $k = strtolower($k); if ($k == 'handle') { $v = strtok($v, ' '); $gkey = strtoupper($v); } if (isset($block[$k]) && is_array($block[$k])) $block[$k][] = $v; else if (!isset($block[$k]) || $block[$k] == '') $block[$k] = $v; else { $x = $block[$k]; unset($block[$k]); $block[$k][] = $x; $block[$k][] = $v; } }",True,PHP,trim,whois.parser.php,https://github.com/Gemorroj/phpwhois,Gemorroj,Gemorroj,2018-02-10 20:40:14+03:00,remove eval-s,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2015-5243,"function renderFields ($fieldList, $type, $form, $model, $contactFields=null) { foreach($fieldList as $field) { if(!isset($field['type']) || $field['type']==='normal'){ if(isset($field['label']) && $field['label'] != '') { $label = ''; } else { if($type === 'service' && in_array($field['fieldName'], $contactFields)){ $label = Contacts::model()->getAttributeLabel($field['fieldName']); }else{ $label = $form->labelEx($model,$field['fieldName']); } } $starred = strpos($label, '*') !== false; ?>
    *' : ''); ?>
    error($model, $field['fieldName']); if($type === 'service' && in_array($field['fieldName'], $contactFields)){ ?> ]"" value="""" /> renderInput($field['fieldName']); } ?>
    "" /> {$field['fieldName']}=$field['label']; echo $form->hiddenField($model, $field['fieldName']); } } }" 5288,"$pos = strpos(strtolower($val), $match); if ($pos === false) continue; $itm = trim(substr($val, $pos + strlen($match))); if ($field != '' && $itm != '') { eval('$r' . getvarname($field) . '=$itm;'); } $val = trim(substr($val, 0, $pos)); if ($val == '') { unset($array[$key]); break; } else { $array[$key] = $val; $ok = true; } } if (preg_match(""/([+]*[-\(\)\. x0-9]){7,}/"", $val, $matches)) { $phone = trim(str_replace(' ', '', $matches[0])); if (strlen($phone) > 8 && !preg_match('/[0-9]{5}\-[0-9]{3}/', $phone)) { if (isset($r['phone'])) { if (isset($r['fax'])) continue; $r['fax'] = trim($matches[0]); } else { $r['phone'] = trim($matches[0]); } $val = str_replace($matches[0], '', $val); if ($val == '') { unset($array[$key]); continue; } else { $array[$key] = $val; $ok = true; } } } if (preg_match('/([-0-9a-zA-Z._+&\/=]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6})/', $val, $matches)) { $r['email'] = $matches[0]; $val = str_replace($matches[0], '', $val); $val = trim(str_replace('()', '', $val)); if ($val == '') { unset($array[$key]); continue; } else { if (!isset($r['name'])) { $r['name'] = $val; unset($array[$key]); } else $array[$key] = $val; $ok = true; } } } }",True,PHP,strpos,whois.parser.php,https://github.com/Gemorroj/phpwhois,Gemorroj,Gemorroj,2018-02-10 20:40:14+03:00,remove eval-s,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2015-5243,"public function setModelAttributes(&$model,&$attributeList,&$params) { $data = array (); foreach($attributeList as &$attr) { if(!isset($attr['name'],$attr['value'])) continue; if(null !== $field = $model->getField($attr['name'])) { $type = $field->type; $value = $attr['value']; if(is_string($value)){ if(strpos($value, '=') === 0){ $evald = X2FlowFormatter::parseFormula($value, $params); if(!$evald[0]) return false; $value = $evald[1]; } elseif($params !== null){ if(is_string($value) && isset($params['model'])){ $value = X2FlowFormatter::replaceVariables( $value, $params, $type); } } } $data[$attr['name']] = $value; } } if (!isset ($model->scenario)) $model->setScenario ('X2Flow'); $model->setX2Fields ($data); if ($model instanceof Actions && isset($data['complete'])) { switch($data['complete']) { case 'Yes': $model->complete(); break; case 'No': $model->uncomplete(); break; } } return true; }" 5289,"$pos = strpos($val, $match); if ($pos !== false) { if ($field != '') { $var = '$r' . getvarname($field); $itm = trim(substr($val, $pos + strlen($match))); if ($itm != '') eval($var . '=""' . str_replace('""', '\""', $itm) . '"";'); } if (!$scanall) break; } } } } if (empty($r)) { if ($hasreg) $r['registered'] = 'no'; } else { if ($hasreg) $r['registered'] = 'yes'; $r = format_dates($r, $dateformat); } return $r; }",True,PHP,strpos,whois.parser.php,https://github.com/Gemorroj/phpwhois,Gemorroj,Gemorroj,2018-02-10 20:40:14+03:00,remove eval-s,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2015-5243,"public function setModelAttributes(&$model,&$attributeList,&$params) { $data = array (); foreach($attributeList as &$attr) { if(!isset($attr['name'],$attr['value'])) continue; if(null !== $field = $model->getField($attr['name'])) { $type = $field->type; $value = $attr['value']; if(is_string($value)){ if(strpos($value, '=') === 0){ $evald = X2FlowFormatter::parseFormula($value, $params); if(!$evald[0]) return false; $value = $evald[1]; } elseif($params !== null){ if(is_string($value) && isset($params['model'])){ $value = X2FlowFormatter::replaceVariables( $value, $params, $type); } } } $data[$attr['name']] = $value; } } if (!isset ($model->scenario)) $model->setScenario ('X2Flow'); $model->setX2Fields ($data); if ($model instanceof Actions && isset($data['complete'])) { switch($data['complete']) { case 'Yes': $model->complete(); break; case 'No': $model->uncomplete(); break; } } return true; }" 5301,"protected function registerBackendPermissions() { BackendAuth::registerCallback(function ($manager) { $manager->registerPermissions('October.Backend', [ 'backend.access_dashboard' => [ 'label' => 'system::lang.permissions.view_the_dashboard', 'tab' => 'system::lang.permissions.name' ], 'backend.manage_default_dashboard' => [ 'label' => 'system::lang.permissions.manage_default_dashboard', 'tab' => 'system::lang.permissions.name', ], 'backend.manage_users' => [ 'label' => 'system::lang.permissions.manage_other_administrators', 'tab' => 'system::lang.permissions.name' ], 'backend.impersonate_users' => [ 'label' => 'system::lang.permissions.impersonate_users', 'tab' => 'system::lang.permissions.name', ], 'backend.manage_preferences' => [ 'label' => 'system::lang.permissions.manage_preferences', 'tab' => 'system::lang.permissions.name' ], 'backend.manage_editor' => [ 'label' => 'system::lang.permissions.manage_editor', 'tab' => 'system::lang.permissions.name' ], 'backend.manage_branding' => [ 'label' => 'system::lang.permissions.manage_branding', 'tab' => 'system::lang.permissions.name' ], 'media.manage_media' => [ 'label' => 'backend::lang.permissions.manage_media', 'tab' => 'system::lang.permissions.name', ], 'backend.allow_unsafe_markdown' => [ 'label' => 'backend::lang.permissions.allow_unsafe_markdown', 'tab' => 'system::lang.permissions.name', 'roles' => UserRole::CODE_DEVELOPER, ], ]); }); }",True,PHP,registerBackendPermissions,ServiceProvider.php,https://github.com/octobercms/october,octobercms,Luke Towers,2020-09-11 02:12:28-06:00,"Tightened up the default permissions granted to the ""Publisher"" system role out of the box (cherry picked from commit 8a785e439395aa901d2b9d7bcb6a343a071c7870)",CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2020-15248,"public function setModelAttributes(&$model,&$attributeList,&$params) { $data = array (); foreach($attributeList as &$attr) { if(!isset($attr['name'],$attr['value'])) continue; if(null !== $field = $model->getField($attr['name'])) { $type = $field->type; $value = $attr['value']; if(is_string($value)){ if(strpos($value, '=') === 0){ $evald = X2FlowFormatter::parseFormula($value, $params); if(!$evald[0]) return false; $value = $evald[1]; } elseif($params !== null){ if(is_string($value) && isset($params['model'])){ $value = X2FlowFormatter::replaceVariables( $value, $params, $type); } } } $data[$attr['name']] = $value; } } if (!isset ($model->scenario)) $model->setScenario ('X2Flow'); $model->setX2Fields ($data); if ($model instanceof Actions && isset($data['complete'])) { switch($data['complete']) { case 'Yes': $model->complete(); break; case 'No': $model->uncomplete(); break; } } return true; }" 5303,"protected function registerBackendPermissions() { BackendAuth::registerCallback(function ($manager) { $manager->registerPermissions('October.System', [ 'system.manage_updates' => [ 'label' => 'system::lang.permissions.manage_software_updates', 'tab' => 'system::lang.permissions.name' ], 'system.access_logs' => [ 'label' => 'system::lang.permissions.access_logs', 'tab' => 'system::lang.permissions.name' ], 'system.manage_mail_settings' => [ 'label' => 'system::lang.permissions.manage_mail_settings', 'tab' => 'system::lang.permissions.name' ], 'system.manage_mail_templates' => [ 'label' => 'system::lang.permissions.manage_mail_templates', 'tab' => 'system::lang.permissions.name' ] ]); }); }",True,PHP,registerBackendPermissions,ServiceProvider.php,https://github.com/octobercms/october,octobercms,Luke Towers,2020-09-11 02:12:28-06:00,"Tightened up the default permissions granted to the ""Publisher"" system role out of the box (cherry picked from commit 8a785e439395aa901d2b9d7bcb6a343a071c7870)",CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2020-15248,"public function setModelAttributes(&$model,&$attributeList,&$params) { $data = array (); foreach($attributeList as &$attr) { if(!isset($attr['name'],$attr['value'])) continue; if(null !== $field = $model->getField($attr['name'])) { $type = $field->type; $value = $attr['value']; if(is_string($value)){ if(strpos($value, '=') === 0){ $evald = X2FlowFormatter::parseFormula($value, $params); if(!$evald[0]) return false; $value = $evald[1]; } elseif($params !== null){ if(is_string($value) && isset($params['model'])){ $value = X2FlowFormatter::replaceVariables( $value, $params, $type); } } } $data[$attr['name']] = $value; } } if (!isset ($model->scenario)) $model->setScenario ('X2Flow'); $model->setX2Fields ($data); if ($model instanceof Actions && isset($data['complete'])) { switch($data['complete']) { case 'Yes': $model->complete(); break; case 'No': $model->uncomplete(); break; } } return true; }" 5306,public function getFilePath($fileName = null) { if ($fileName === null) { $fileName = $this->fileName; } return $this->theme->getPath().'/'.$this->dirName.'/'.$fileName; },True,PHP,getFilePath,Asset.php,https://github.com/octobercms/october,octobercms,Luke Towers,2020-03-31 03:37:31-06:00,Improve asset file path handling,CWE-829,Inclusion of Functionality from Untrusted Control Sphere,"The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.",https://cwe.mitre.org/data/definitions/829.html,CVE-2020-5295,"public function execute(&$params) { $options = $this->config['options']; $action = new Actions; $action->subject = $this->parseOption('subject',$params); $action->dueDate = $this->parseOption('dueDate',$params); $action->actionDescription = $this->parseOption('description',$params); $action->priority = $this->parseOption('priority',$params); $action->visibility = $this->parseOption('visibility',$params); if(isset($params['model'])) $action->assignedTo = $this->parseOption('assignedTo',$params); if ($action->save()) { return array ( true, Yii::t('studio', ""View created action: "").$action->getLink ()); } else { $errors = $action->getErrors (); return array(false, array_shift($errors)); } }" 5307,public function getFilePath($fileName = null) { if ($fileName === null) { $fileName = $this->fileName; } return $this->theme->getPath().'/'.$this->dirName.'/'.$fileName; },True,PHP,getFilePath,Asset.php,https://github.com/octobercms/october,octobercms,Luke Towers,2020-03-31 03:37:31-06:00,Improve asset file path handling,CWE-610,Externally Controlled Reference to a Resource in Another Sphere,The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.,https://cwe.mitre.org/data/definitions/610.html,CVE-2020-5296,"public function execute(&$params) { $options = $this->config['options']; $action = new Actions; $action->subject = $this->parseOption('subject',$params); $action->dueDate = $this->parseOption('dueDate',$params); $action->actionDescription = $this->parseOption('description',$params); $action->priority = $this->parseOption('priority',$params); $action->visibility = $this->parseOption('visibility',$params); if(isset($params['model'])) $action->assignedTo = $this->parseOption('assignedTo',$params); if ($action->save()) { return array ( true, Yii::t('studio', ""View created action: "").$action->getLink ()); } else { $errors = $action->getErrors (); return array(false, array_shift($errors)); } }" 5310,"protected function registerBackendPermissions() { BackendAuth::registerCallback(function ($manager) { $manager->registerPermissions('October.Backend', [ 'backend.access_dashboard' => [ 'label' => 'system::lang.permissions.view_the_dashboard', 'tab' => 'system::lang.permissions.name' ], 'backend.manage_default_dashboard' => [ 'label' => 'system::lang.permissions.manage_default_dashboard', 'tab' => 'system::lang.permissions.name', ], 'backend.manage_users' => [ 'label' => 'system::lang.permissions.manage_other_administrators', 'tab' => 'system::lang.permissions.name' ], 'backend.impersonate_users' => [ 'label' => 'system::lang.permissions.impersonate_users', 'tab' => 'system::lang.permissions.name', ], 'backend.manage_preferences' => [ 'label' => 'system::lang.permissions.manage_preferences', 'tab' => 'system::lang.permissions.name' ], 'backend.manage_editor' => [ 'label' => 'system::lang.permissions.manage_editor', 'tab' => 'system::lang.permissions.name' ], 'backend.manage_branding' => [ 'label' => 'system::lang.permissions.manage_branding', 'tab' => 'system::lang.permissions.name' ], 'media.manage_media' => [ 'label' => 'backend::lang.permissions.manage_media', 'tab' => 'system::lang.permissions.name', ] ]); }); }",True,PHP,registerBackendPermissions,ServiceProvider.php,https://github.com/octobercms/october,octobercms,Luke Towers,2020-05-25 18:02:20-06:00,Add new backend.allow_unsafe_markdown permission,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-11083,"public function execute(&$params) { $options = $this->config['options']; $action = new Actions; $action->subject = $this->parseOption('subject',$params); $action->dueDate = $this->parseOption('dueDate',$params); $action->actionDescription = $this->parseOption('description',$params); $action->priority = $this->parseOption('priority',$params); $action->visibility = $this->parseOption('visibility',$params); if(isset($params['model'])) $action->assignedTo = $this->parseOption('assignedTo',$params); if ($action->save()) { return array ( true, Yii::t('studio', ""View created action: "").$action->getLink ()); } else { $errors = $action->getErrors (); return array(false, array_shift($errors)); } }" 5318,"function wp_http_validate_url( $url ) { $original_url = $url; $url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) ); if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) ) { return false; } $parsed_url = @parse_url( $url ); if ( ! $parsed_url || empty( $parsed_url['host'] ) ) { return false; } if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) ) { return false; } if ( false !== strpbrk( $parsed_url['host'], ': return false; } $parsed_home = @parse_url( get_option( 'home' ) ); if ( isset( $parsed_home['host'] ) ) { $same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ); } else { $same_host = false; } if ( ! $same_host ) { $host = trim( $parsed_url['host'], '.' ); if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$ $ip = $host; } else { $ip = gethostbyname( $host ); if ( $ip === $host ) { $ip = false; } } if ( $ip ) { $parts = array_map( 'intval', explode( '.', $ip ) ); if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0] || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) || ( 192 === $parts[0] && 168 === $parts[1] ) ) { if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) ) { return false; } } } } if ( empty( $parsed_url['port'] ) ) { return $url; } $port = $parsed_url['port']; if ( 80 === $port || 443 === $port || 8080 === $port ) { return $url; } if ( $parsed_home && $same_host && isset( $parsed_home['port'] ) && $parsed_home['port'] === $port ) { return $url; } return false; }",True,PHP,wp_http_validate_url,http.php,https://github.com/WordPress/WordPress,WordPress,whyisjake,2019-10-14 15:27:04+00:00,"HTTP API: Protect against hex interpretation. Return earlier from wp_http_validate_url(). Props: iandunn, xknown, voldemortensen, whyisjake. Built from https://develop.svn.wordpress.org/trunk@46475 git-svn-id: http://core.svn.wordpress.org/trunk@46273 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2019-17669,"public function execute(&$params) { $options = $this->config['options']; $action = new Actions; $action->subject = $this->parseOption('subject',$params); $action->dueDate = $this->parseOption('dueDate',$params); $action->actionDescription = $this->parseOption('description',$params); $action->priority = $this->parseOption('priority',$params); $action->visibility = $this->parseOption('visibility',$params); if(isset($params['model'])) $action->assignedTo = $this->parseOption('assignedTo',$params); if ($action->save()) { return array ( true, Yii::t('studio', ""View created action: "").$action->getLink ()); } else { $errors = $action->getErrors (); return array(false, array_shift($errors)); } }" 5322,"function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { if ( -1 == $action ) { _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' ); } $adminurl = strtolower( admin_url() ); $referer = strtolower( wp_get_referer() ); $result = isset( $_REQUEST[ $query_arg ] ) ? wp_verify_nonce( $_REQUEST[ $query_arg ], $action ) : false; do_action( 'check_admin_referer', $action, $result ); if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) { wp_nonce_ays( $action ); die(); } return $result; }",True,PHP,check_admin_referer,pluggable.php,https://github.com/WordPress/WordPress,WordPress,whyisjake,2019-10-14 15:40:04+00:00,"Administration: Ensure that admin referer nonce is valid. Coding standards, ensure that nonce is valid with identical, rather then equal operator. Props vortfu, xknown, whyisjake. Built from https://develop.svn.wordpress.org/trunk@46477 git-svn-id: http://core.svn.wordpress.org/trunk@46275 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2019-17675,"public function execute(&$params){ $options = &$this->config['options']; $event = new Events; $notif = new Notification; $user = $this->parseOption('feed', $params); $author = $this->parseOption('user', $params); $type = $this->parseOption('type', $params); $visibility = $this->parseOption('visibility', $params); $text = $this->parseOption('text', $params); $notif->type = 'custom'; $notif->text = $text; $event->type = 'feed'; $event->subtype = $type; $event->text = $text; $event->visibility = $visibility; if ($author == 'auto' && isset($params['model']) && $params['model']->hasAttribute('assignedTo') && !empty($params['model']->assignedTo)) { $event->user = $params['model']->assignedTo; } else { $event->user = $author; } if (!empty ($user)) { if ($user == 'auto' && isset($params['model']) && $params['model']->hasAttribute('assignedTo') && !empty($params['model']->assignedTo)) { $associatedUser = $params['model']->assignedTo; } else { $associatedUser = $user; } $associatedUser = User::model ()->findByAttributes (array ( 'username' => $associatedUser )); if ($associatedUser) { $event->associationType = 'User'; $event->associationId = $associatedUser->id; $notif->modelType = 'Profile'; $notif->modelId = $event->associationId; $notif->type = 'social_post'; $notif->createdBy = $event->user; $notif->user = $associatedUser->username; } } if(!$this->parseOption('createNotif', $params)) { if (!$notif->save()) { $errors = $notif->getErrors (); return array(false, array_shift($errors)); } } if ($event->save()) { return array (true, """"); } else { $errors = $event->getErrors (); return array(false, array_shift($errors)); } }" 5323,"function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { if ( -1 == $action ) { _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' ); } $adminurl = strtolower( admin_url() ); $referer = strtolower( wp_get_referer() ); $result = isset( $_REQUEST[ $query_arg ] ) ? wp_verify_nonce( $_REQUEST[ $query_arg ], $action ) : false; do_action( 'check_admin_referer', $action, $result ); if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) { wp_nonce_ays( $action ); die(); } return $result; }",True,PHP,check_admin_referer,pluggable.php,https://github.com/WordPress/WordPress,WordPress,whyisjake,2019-10-14 15:40:04+00:00,"Administration: Ensure that admin referer nonce is valid. Coding standards, ensure that nonce is valid with identical, rather then equal operator. Props vortfu, xknown, whyisjake. Built from https://develop.svn.wordpress.org/trunk@46477 git-svn-id: http://core.svn.wordpress.org/trunk@46275 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-843,Access of Resource Using Incompatible Type ('Type Confusion'),"The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.",https://cwe.mitre.org/data/definitions/843.html,CVE-2019-17675,"public function execute(&$params){ $options = &$this->config['options']; $event = new Events; $notif = new Notification; $user = $this->parseOption('feed', $params); $author = $this->parseOption('user', $params); $type = $this->parseOption('type', $params); $visibility = $this->parseOption('visibility', $params); $text = $this->parseOption('text', $params); $notif->type = 'custom'; $notif->text = $text; $event->type = 'feed'; $event->subtype = $type; $event->text = $text; $event->visibility = $visibility; if ($author == 'auto' && isset($params['model']) && $params['model']->hasAttribute('assignedTo') && !empty($params['model']->assignedTo)) { $event->user = $params['model']->assignedTo; } else { $event->user = $author; } if (!empty ($user)) { if ($user == 'auto' && isset($params['model']) && $params['model']->hasAttribute('assignedTo') && !empty($params['model']->assignedTo)) { $associatedUser = $params['model']->assignedTo; } else { $associatedUser = $user; } $associatedUser = User::model ()->findByAttributes (array ( 'username' => $associatedUser )); if ($associatedUser) { $event->associationType = 'User'; $event->associationId = $associatedUser->id; $notif->modelType = 'Profile'; $notif->modelId = $event->associationId; $notif->type = 'social_post'; $notif->createdBy = $event->user; $notif->user = $associatedUser->username; } } if(!$this->parseOption('createNotif', $params)) { if (!$notif->save()) { $errors = $notif->getErrors (); return array(false, array_shift($errors)); } } if ($event->save()) { return array (true, """"); } else { $errors = $event->getErrors (); return array(false, array_shift($errors)); } }" 5325,"function compression_test() { ?> config['options']; $event = new Events; $notif = new Notification; $user = $this->parseOption('feed', $params); $author = $this->parseOption('user', $params); $type = $this->parseOption('type', $params); $visibility = $this->parseOption('visibility', $params); $text = $this->parseOption('text', $params); $notif->type = 'custom'; $notif->text = $text; $event->type = 'feed'; $event->subtype = $type; $event->text = $text; $event->visibility = $visibility; if ($author == 'auto' && isset($params['model']) && $params['model']->hasAttribute('assignedTo') && !empty($params['model']->assignedTo)) { $event->user = $params['model']->assignedTo; } else { $event->user = $author; } if (!empty ($user)) { if ($user == 'auto' && isset($params['model']) && $params['model']->hasAttribute('assignedTo') && !empty($params['model']->assignedTo)) { $associatedUser = $params['model']->assignedTo; } else { $associatedUser = $user; } $associatedUser = User::model ()->findByAttributes (array ( 'username' => $associatedUser )); if ($associatedUser) { $event->associationType = 'User'; $event->associationId = $associatedUser->id; $notif->modelType = 'Profile'; $notif->modelId = $event->associationId; $notif->type = 'social_post'; $notif->createdBy = $event->user; $notif->user = $associatedUser->username; } } if(!$this->parseOption('createNotif', $params)) { if (!$notif->save()) { $errors = $notif->getErrors (); return array(false, array_shift($errors)); } } if ($event->save()) { return array (true, """"); } else { $errors = $event->getErrors (); return array(false, array_shift($errors)); } }" 5330,"function wp_ajax_update_plugin() { global $wp_filesystem; $plugin = urldecode( $_POST['plugin'] ); $status = array( 'update' => 'plugin', 'plugin' => $plugin, 'slug' => sanitize_key( $_POST['slug'] ), 'oldVersion' => '', 'newVersion' => '', ); $plugin_data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin ); if ( $plugin_data['Version'] ) { $status['oldVersion'] = sprintf( __( 'Version %s' ), $plugin_data['Version'] ); } if ( ! current_user_can( 'update_plugins' ) ) { $status['error'] = __( 'You do not have sufficient permissions to update plugins for this site.' ); wp_send_json_error( $status ); } check_ajax_referer( 'updates' ); include_once( ABSPATH . 'wp-admin/includes/class-wp-upgrader.php' ); wp_update_plugins(); $skin = new Automatic_Upgrader_Skin(); $upgrader = new Plugin_Upgrader( $skin ); $result = $upgrader->bulk_upgrade( array( $plugin ) ); if ( is_array( $result ) && empty( $result[$plugin] ) && is_wp_error( $skin->result ) ) { $result = $skin->result; } if ( is_array( $result ) && !empty( $result[ $plugin ] ) ) { $plugin_update_data = current( $result ); if ( $plugin_update_data === true ) { $status['error'] = __( 'Plugin update failed.' ); wp_send_json_error( $status ); } $plugin_data = get_plugins( '/' . $result[ $plugin ]['destination_name'] ); $plugin_data = reset( $plugin_data ); if ( $plugin_data['Version'] ) { $status['newVersion'] = sprintf( __( 'Version %s' ), $plugin_data['Version'] ); } wp_send_json_success( $status ); } else if ( is_wp_error( $result ) ) { $status['error'] = $result->get_error_message(); wp_send_json_error( $status ); } else if ( is_bool( $result ) && ! $result ) { $status['errorCode'] = 'unable_to_connect_to_filesystem'; $status['error'] = __( 'Unable to connect to the filesystem. Please confirm your credentials.' ); if ( is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->get_error_code() ) { $status['error'] = $wp_filesystem->errors->get_error_message(); } wp_send_json_error( $status ); } else { $status['error'] = __( 'Plugin update failed.' ); wp_send_json_error( $status ); } }",True,PHP,wp_ajax_update_plugin,ajax-actions.php,https://github.com/WordPress/WordPress,WordPress,Konstantin Obenland,2016-06-15 16:37:29+00:00,"Update/Install: Shiny Updates v2. Gone are the days of isolation and feelings of ""meh"", brought on by The Bleak Screen of Sadness. For a shiny knight has arrived to usher our plugins and themes along their arduous journey of installation, updates, and the inevitable fate of ultimate deletion. Props swissspidy, adamsilverstein, mapk, afragen, ocean90, ryelle, j-falk, michael-arestad, melchoyce, DrewAPicture, AdamSoucie, ethitter, pento, dd32, kraftbj, Ipstenu, jorbin, afercia, stephdau, paulwilde, jipmoors, khag7, svovaf, jipmoors, obenland. Fixes #22029, #25828, #31002, #31529, #31530, #31773, #33637, #35032. Built from https://develop.svn.wordpress.org/trunk@37714 git-svn-id: http://core.svn.wordpress.org/trunk@37680 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2016-6897,"public function execute(&$params){ $options = &$this->config['options']; $event = new Events; $notif = new Notification; $user = $this->parseOption('feed', $params); $author = $this->parseOption('user', $params); $type = $this->parseOption('type', $params); $visibility = $this->parseOption('visibility', $params); $text = $this->parseOption('text', $params); $notif->type = 'custom'; $notif->text = $text; $event->type = 'feed'; $event->subtype = $type; $event->text = $text; $event->visibility = $visibility; if ($author == 'auto' && isset($params['model']) && $params['model']->hasAttribute('assignedTo') && !empty($params['model']->assignedTo)) { $event->user = $params['model']->assignedTo; } else { $event->user = $author; } if (!empty ($user)) { if ($user == 'auto' && isset($params['model']) && $params['model']->hasAttribute('assignedTo') && !empty($params['model']->assignedTo)) { $associatedUser = $params['model']->assignedTo; } else { $associatedUser = $user; } $associatedUser = User::model ()->findByAttributes (array ( 'username' => $associatedUser )); if ($associatedUser) { $event->associationType = 'User'; $event->associationId = $associatedUser->id; $notif->modelType = 'Profile'; $notif->modelId = $event->associationId; $notif->type = 'social_post'; $notif->createdBy = $event->user; $notif->user = $associatedUser->username; } } if(!$this->parseOption('createNotif', $params)) { if (!$notif->save()) { $errors = $notif->getErrors (); return array(false, array_shift($errors)); } } if ($event->save()) { return array (true, """"); } else { $errors = $event->getErrors (); return array(false, array_shift($errors)); } }" 5333,"esc_attr( sprintf( __( 'View %1$s version %2$s details' ), $plugin_name, $r->new_version ) ), $r->new_version );",True,PHP,esc_attr,update.php,https://github.com/WordPress/WordPress,WordPress,Konstantin Obenland,2016-06-15 16:37:29+00:00,"Update/Install: Shiny Updates v2. Gone are the days of isolation and feelings of ""meh"", brought on by The Bleak Screen of Sadness. For a shiny knight has arrived to usher our plugins and themes along their arduous journey of installation, updates, and the inevitable fate of ultimate deletion. Props swissspidy, adamsilverstein, mapk, afragen, ocean90, ryelle, j-falk, michael-arestad, melchoyce, DrewAPicture, AdamSoucie, ethitter, pento, dd32, kraftbj, Ipstenu, jorbin, afercia, stephdau, paulwilde, jipmoors, khag7, svovaf, jipmoors, obenland. Fixes #22029, #25828, #31002, #31529, #31530, #31773, #33637, #35032. Built from https://develop.svn.wordpress.org/trunk@37714 git-svn-id: http://core.svn.wordpress.org/trunk@37680 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2016-6897,"public function execute(&$params){ $options = &$this->config['options']; $notif = new Notification; $notif->user = $this->parseOption('user', $params); $notif->createdBy = 'API'; $notif->createDate = time(); $notif->type = 'custom'; $notif->text = $this->parseOption('text', $params); if ($notif->save()) { return array (true, """"); } else { $errors = $notif->getErrors (); return array(false, array_shift($errors)); } }" 5337,"public function column_title( $post ) { list( $mime ) = explode( '/', $post->post_mime_type ); $title = _draft_or_post_title(); $thumb = wp_get_attachment_image( $post->ID, array( 60, 60 ), true, array( 'alt' => '' ) ); $link_start = $link_end = ''; if ( current_user_can( 'edit_post', $post->ID ) && ! $this->is_trash ) { $link_start = sprintf( '', get_edit_post_link( $post->ID ), esc_attr( sprintf( __( '& ); $link_end = ''; } $class = $thumb ? ' class=""has-media-icon""' : ''; ?> > "">

    ID ); echo wp_basename( $file ); ?>

    config['options']; $notif = new Notification; $notif->user = $this->parseOption('user', $params); $notif->createdBy = 'API'; $notif->createDate = time(); $notif->type = 'custom'; $notif->text = $this->parseOption('text', $params); if ($notif->save()) { return array (true, """"); } else { $errors = $notif->getErrors (); return array(false, array_shift($errors)); } }" 5338,"public function column_title( $post ) { list( $mime ) = explode( '/', $post->post_mime_type ); $title = _draft_or_post_title(); $thumb = wp_get_attachment_image( $post->ID, array( 60, 60 ), true, array( 'alt' => '' ) ); $link_start = $link_end = ''; if ( current_user_can( 'edit_post', $post->ID ) && ! $this->is_trash ) { $link_start = sprintf( '', get_edit_post_link( $post->ID ), esc_attr( sprintf( __( '& ); $link_end = ''; } $class = $thumb ? ' class=""has-media-icon""' : ''; ?> > "">

    ID ); echo wp_basename( $file ); ?>

    config['options']; $notif = new Notification; $notif->user = $this->parseOption('user', $params); $notif->createdBy = 'API'; $notif->createDate = time(); $notif->type = 'custom'; $notif->text = $this->parseOption('text', $params); if ($notif->save()) { return array (true, """"); } else { $errors = $notif->getErrors (); return array(false, array_shift($errors)); } }" 5343,"$link_text = wp_get_attachment_image( $_post->ID, $size, $icon, $attr ); } else { $link_text = ''; } if ( trim( $link_text ) == '' ) $link_text = $_post->post_title; return apply_filters( 'wp_get_attachment_link', ""$link_text"", $id, $size, $permalink, $icon, $text ); }",True,PHP,wp_get_attachment_image,post-template.php,https://github.com/WordPress/WordPress,WordPress,Nikolay Bachiyski,2016-06-21 14:20:55+00:00,"Admin: Escape attachment name in case it contains special characters Built from https://develop.svn.wordpress.org/trunk@37774 git-svn-id: http://core.svn.wordpress.org/trunk@37739 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2016-5833,"public function execute(&$params){ $options = &$this->config['options']; $notif = new Notification; $notif->user = $this->parseOption('user', $params); $notif->createdBy = 'API'; $notif->createDate = time(); $notif->type = 'custom'; $notif->text = $this->parseOption('text', $params); if ($notif->save()) { return array (true, """"); } else { $errors = $notif->getErrors (); return array(false, array_shift($errors)); } }" 5344,"$link_text = wp_get_attachment_image( $_post->ID, $size, $icon, $attr ); } else { $link_text = ''; } if ( trim( $link_text ) == '' ) $link_text = $_post->post_title; return apply_filters( 'wp_get_attachment_link', ""$link_text"", $id, $size, $permalink, $icon, $text ); }",True,PHP,wp_get_attachment_image,post-template.php,https://github.com/WordPress/WordPress,WordPress,Nikolay Bachiyski,2016-06-21 14:20:55+00:00,"Admin: Escape attachment name in case it contains special characters Built from https://develop.svn.wordpress.org/trunk@37774 git-svn-id: http://core.svn.wordpress.org/trunk@37739 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2016-5834,"$prepared = $eml->prepareBody(); } if (!$prepared) { $errors = $eml->getErrors (); return array (false, array_shift ($errors)); } list ($success, $message) = $this->checkDoNotEmailFields ($eml); if (!$success) { return array ($success, $message); } $result = $eml->send($historyFlag); if (isset($result['code']) && $result['code'] == 200) { if (YII_UNIT_TESTING) { return array(true, $eml->message); } else { return array(true, """"); } } else { return array (false, Yii::t('app', ""Email could not be sent"")); } }" 5345,"public function show_screen_options() { global $wp_meta_boxes; if ( is_bool( $this->_show_screen_options ) ) return $this->_show_screen_options; $columns = get_column_headers( $this ); $show_screen = ! empty( $wp_meta_boxes[ $this->id ] ) || $columns || $this->get_option( 'per_page' ); switch ( $this->base ) { case 'widgets': $this->_screen_settings = '

    ' . __('Enable accessibility mode') . '' . __('Disable accessibility mode') . ""

    \n""; break; case 'post' : $expand = '
    ' . __( 'Additional settings' ) . '
    '; $this->_screen_settings = $expand; break; default: $this->_screen_settings = ''; break; } $this->_screen_settings = apply_filters( 'screen_settings', $this->_screen_settings, $this ); if ( $this->_screen_settings || $this->_options ) $show_screen = true; $this->_show_screen_options = apply_filters( 'screen_options_show_screen', $show_screen, $this ); return $this->_show_screen_options; }",True,PHP,show_screen_options,class-wp-screen.php,https://github.com/WordPress/WordPress,WordPress,Aaron Campbell,2017-01-11 01:32:41+00:00,"Add nonce for widget accessibility mode. Props vortfu. See #23328. Built from https://develop.svn.wordpress.org/trunk@39760 git-svn-id: http://core.svn.wordpress.org/trunk@39698 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2017-5492,"$prepared = $eml->prepareBody(); } if (!$prepared) { $errors = $eml->getErrors (); return array (false, array_shift ($errors)); } list ($success, $message) = $this->checkDoNotEmailFields ($eml); if (!$success) { return array ($success, $message); } $result = $eml->send($historyFlag); if (isset($result['code']) && $result['code'] == 200) { if (YII_UNIT_TESTING) { return array(true, $eml->message); } else { return array(true, """"); } } else { return array (false, Yii::t('app', ""Email could not be sent"")); } }" 5348,"public function delete_item_permissions_check( $request ) { $id = (int) $request['id']; $comment = get_comment( $id ); if ( ! $comment ) { return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) ); } if ( ! $this->check_edit_permission( $comment ) ) { return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this comment.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; }",True,PHP,delete_item_permissions_check,class-wp-rest-comments-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"$prepared = $eml->prepareBody(); } if (!$prepared) { $errors = $eml->getErrors (); return array (false, array_shift ($errors)); } list ($success, $message) = $this->checkDoNotEmailFields ($eml); if (!$success) { return array ($success, $message); } $result = $eml->send($historyFlag); if (isset($result['code']) && $result['code'] == 200) { if (YII_UNIT_TESTING) { return array(true, $eml->message); } else { return array(true, """"); } } else { return array (false, Yii::t('app', ""Email could not be sent"")); } }" 5351,"public function get_item_permissions_check( $request ) { $id = (int) $request['id']; $comment = get_comment( $id ); if ( ! $comment ) { return true; } if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) { return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit comments.' ), array( 'status' => rest_authorization_required_code() ) ); } $post = get_post( $comment->comment_post_ID ); if ( ! $this->check_read_permission( $comment, $request ) ) { return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to read this comment.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( $post && ! $this->check_read_post_permission( $post, $request ) ) { return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; }",True,PHP,get_item_permissions_check,class-wp-rest-comments-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"$prepared = $eml->prepareBody(); } if (!$prepared) { $errors = $eml->getErrors (); return array (false, array_shift ($errors)); } list ($success, $message) = $this->checkDoNotEmailFields ($eml); if (!$success) { return array ($success, $message); } $result = $eml->send($historyFlag); if (isset($result['code']) && $result['code'] == 200) { if (YII_UNIT_TESTING) { return array(true, $eml->message); } else { return array(true, """"); } } else { return array (false, Yii::t('app', ""Email could not be sent"")); } }" 5352,"public function update_item_permissions_check( $request ) { $id = (int) $request['id']; $comment = get_comment( $id ); if ( $comment && ! $this->check_edit_permission( $comment ) ) { return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this comment.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; }",True,PHP,update_item_permissions_check,class-wp-rest-comments-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function execute(&$params){ $model = new Actions; $model->type = 'note'; $model->complete = 'Yes'; $model->associationId = $params['model']->id; $model->associationType = $params['model']->module; $model->actionDescription = $this->parseOption('comment', $params); $model->assignedTo = $this->parseOption('assignedTo', $params); $model->completedBy = $this->parseOption('assignedTo', $params); if(empty($model->assignedTo) && $params['model']->hasAttribute('assignedTo')){ $model->assignedTo = $params['model']->assignedTo; $model->completedBy = $params['model']->assignedTo; } if($params['model']->hasAttribute('visibility')) $model->visibility = $params['model']->visibility; $model->createDate = time(); $model->completeDate = time(); if($model->save()){ return array( true, Yii::t('studio', 'View created action: ').$model->getLink()); }else{ $errors = $model->getErrors (); return array(false, array_shift($errors)); } }" 5355,"public function get_item( $request ) { $id = (int) $request['id']; $comment = get_comment( $id ); if ( empty( $comment ) ) { return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) ); } if ( ! empty( $comment->comment_post_ID ) ) { $post = get_post( $comment->comment_post_ID ); if ( empty( $post ) ) { return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); } } $data = $this->prepare_item_for_response( $comment, $request ); $response = rest_ensure_response( $data ); return $response; }",True,PHP,get_item,class-wp-rest-comments-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function execute(&$params){ $model = new Actions; $model->type = 'note'; $model->complete = 'Yes'; $model->associationId = $params['model']->id; $model->associationType = $params['model']->module; $model->actionDescription = $this->parseOption('comment', $params); $model->assignedTo = $this->parseOption('assignedTo', $params); $model->completedBy = $this->parseOption('assignedTo', $params); if(empty($model->assignedTo) && $params['model']->hasAttribute('assignedTo')){ $model->assignedTo = $params['model']->assignedTo; $model->completedBy = $params['model']->assignedTo; } if($params['model']->hasAttribute('visibility')) $model->visibility = $params['model']->visibility; $model->createDate = time(); $model->completeDate = time(); if($model->save()){ return array( true, Yii::t('studio', 'View created action: ').$model->getLink()); }else{ $errors = $model->getErrors (); return array(false, array_shift($errors)); } }" 5360,"public function update_item( $request ) { $id = (int) $request['id']; $post = get_post( $id ); if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) { return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); } $post = $this->prepare_item_for_database( $request ); if ( is_wp_error( $post ) ) { return $post; } $post_id = wp_update_post( wp_slash( (array) $post ), true ); if ( is_wp_error( $post_id ) ) { if ( 'db_update_error' === $post_id->get_error_code() ) { $post_id->add_data( array( 'status' => 500 ) ); } else { $post_id->add_data( array( 'status' => 400 ) ); } return $post_id; } $post = get_post( $post_id ); do_action( ""rest_insert_{$this->post_type}"", $post, $request, false ); $schema = $this->get_item_schema(); if ( ! empty( $schema['properties']['format'] ) && ! empty( $request['format'] ) ) { set_post_format( $post, $request['format'] ); } if ( ! empty( $schema['properties']['featured_media'] ) && isset( $request['featured_media'] ) ) { $this->handle_featured_media( $request['featured_media'], $post_id ); } if ( ! empty( $schema['properties']['sticky'] ) && isset( $request['sticky'] ) ) { if ( ! empty( $request['sticky'] ) ) { stick_post( $post_id ); } else { unstick_post( $post_id ); } } if ( ! empty( $schema['properties']['template'] ) && isset( $request['template'] ) ) { $this->handle_template( $request['template'], $post->ID ); } $terms_update = $this->handle_terms( $post->ID, $request ); if ( is_wp_error( $terms_update ) ) { return $terms_update; } if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { $meta_update = $this->meta->update_value( $request['meta'], $post->ID ); if ( is_wp_error( $meta_update ) ) { return $meta_update; } } $post = get_post( $post_id ); $fields_update = $this->update_additional_fields_for_object( $post, $request ); if ( is_wp_error( $fields_update ) ) { return $fields_update; } $request->set_param( 'context', 'edit' ); $response = $this->prepare_item_for_response( $post, $request ); return rest_ensure_response( $response ); }",True,PHP,update_item,class-wp-rest-posts-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function execute(&$params){ $model = new Actions; $model->type = 'note'; $model->complete = 'Yes'; $model->associationId = $params['model']->id; $model->associationType = $params['model']->module; $model->actionDescription = $this->parseOption('comment', $params); $model->assignedTo = $this->parseOption('assignedTo', $params); $model->completedBy = $this->parseOption('assignedTo', $params); if(empty($model->assignedTo) && $params['model']->hasAttribute('assignedTo')){ $model->assignedTo = $params['model']->assignedTo; $model->completedBy = $params['model']->assignedTo; } if($params['model']->hasAttribute('visibility')) $model->visibility = $params['model']->visibility; $model->createDate = time(); $model->completeDate = time(); if($model->save()){ return array( true, Yii::t('studio', 'View created action: ').$model->getLink()); }else{ $errors = $model->getErrors (); return array(false, array_shift($errors)); } }" 5363,"public function update_item_permissions_check( $request ) { $post = get_post( $request['id'] ); $post_type = get_post_type_object( $this->post_type ); if ( $post && ! $this->check_update_permission( $post ) ) { return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this post.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( ! empty( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( $post_type->cap->edit_others_posts ) ) { return new WP_Error( 'rest_cannot_edit_others', __( 'Sorry, you are not allowed to update posts as this user.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) ) { return new WP_Error( 'rest_cannot_assign_sticky', __( 'Sorry, you are not allowed to make posts sticky.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( ! $this->check_assign_terms_permission( $request ) ) { return new WP_Error( 'rest_cannot_assign_term', __( 'Sorry, you are not allowed to assign the provided terms.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; }",True,PHP,update_item_permissions_check,class-wp-rest-posts-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function execute(&$params){ $model = new Actions; $model->type = 'note'; $model->complete = 'Yes'; $model->associationId = $params['model']->id; $model->associationType = $params['model']->module; $model->actionDescription = $this->parseOption('comment', $params); $model->assignedTo = $this->parseOption('assignedTo', $params); $model->completedBy = $this->parseOption('assignedTo', $params); if(empty($model->assignedTo) && $params['model']->hasAttribute('assignedTo')){ $model->assignedTo = $params['model']->assignedTo; $model->completedBy = $params['model']->assignedTo; } if($params['model']->hasAttribute('visibility')) $model->visibility = $params['model']->visibility; $model->createDate = time(); $model->completeDate = time(); if($model->save()){ return array( true, Yii::t('studio', 'View created action: ').$model->getLink()); }else{ $errors = $model->getErrors (); return array(false, array_shift($errors)); } }" 5365,"public function get_item( $request ) { $id = (int) $request['id']; $post = get_post( $id ); if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) { return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); } $data = $this->prepare_item_for_response( $post, $request ); $response = rest_ensure_response( $data ); if ( is_post_type_viewable( get_post_type_object( $post->post_type ) ) ) { $response->link_header( 'alternate', get_permalink( $id ), array( 'type' => 'text/html' ) ); } return $response; }",True,PHP,get_item,class-wp-rest-posts-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function execute(&$params){ $action = new Actions; $action->associationType = lcfirst(get_class($params['model'])); $action->associationId = $params['model']->id; $action->subject = $this->parseOption('subject', $params); $action->actionDescription = $this->parseOption('description', $params); if($params['model']->hasAttribute('assignedTo')) $action->assignedTo = $params['model']->assignedTo; if($params['model']->hasAttribute('priority')) $action->priority = $params['model']->priority; if($params['model']->hasAttribute('visibility')) $action->visibility = $params['model']->visibility; if ($action->save()) { return array ( true, Yii::t('studio', ""View created action: "").$action->getLink () ); } else { $errors = $action->getErrors (); return array(false, array_shift($errors)); } }" 5367,"public function delete_item_permissions_check( $request ) { $post = get_post( $request['id'] ); if ( $post && ! $this->check_delete_permission( $post ) ) { return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this post.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; }",True,PHP,delete_item_permissions_check,class-wp-rest-posts-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function execute(&$params){ $action = new Actions; $action->associationType = lcfirst(get_class($params['model'])); $action->associationId = $params['model']->id; $action->subject = $this->parseOption('subject', $params); $action->actionDescription = $this->parseOption('description', $params); if($params['model']->hasAttribute('assignedTo')) $action->assignedTo = $params['model']->assignedTo; if($params['model']->hasAttribute('priority')) $action->priority = $params['model']->priority; if($params['model']->hasAttribute('visibility')) $action->visibility = $params['model']->visibility; if ($action->save()) { return array ( true, Yii::t('studio', ""View created action: "").$action->getLink () ); } else { $errors = $action->getErrors (); return array(false, array_shift($errors)); } }" 5369,"public function get_item_permissions_check( $request ) { $post = get_post( (int) $request['id'] ); if ( 'edit' === $request['context'] && $post && ! $this->check_update_permission( $post ) ) { return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this post.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( $post && ! empty( $request['password'] ) ) { if ( ! hash_equals( $post->post_password, $request['password'] ) ) { return new WP_Error( 'rest_post_incorrect_password', __( 'Incorrect post password.' ), array( 'status' => 403 ) ); } } if ( 'edit' === $request['context'] ) { add_filter( 'post_password_required', '__return_false' ); } if ( $post ) { return $this->check_read_permission( $post ); } return true; }",True,PHP,get_item_permissions_check,class-wp-rest-posts-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function execute(&$params){ $action = new Actions; $action->associationType = lcfirst(get_class($params['model'])); $action->associationId = $params['model']->id; $action->subject = $this->parseOption('subject', $params); $action->actionDescription = $this->parseOption('description', $params); if($params['model']->hasAttribute('assignedTo')) $action->assignedTo = $params['model']->assignedTo; if($params['model']->hasAttribute('priority')) $action->priority = $params['model']->priority; if($params['model']->hasAttribute('visibility')) $action->visibility = $params['model']->visibility; if ($action->save()) { return array ( true, Yii::t('studio', ""View created action: "").$action->getLink () ); } else { $errors = $action->getErrors (); return array(false, array_shift($errors)); } }" 5372,"public function get_item( $request ) { $parent = get_post( $request['parent'] ); if ( ! $request['parent'] || ! $parent || $this->parent_post_type !== $parent->post_type ) { return new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) ); } $revision = get_post( $request['id'] ); if ( ! $revision || 'revision' !== $revision->post_type ) { return new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) ); } $response = $this->prepare_item_for_response( $revision, $request ); return rest_ensure_response( $response ); }",True,PHP,get_item,class-wp-rest-revisions-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function execute(&$params){ $action = new Actions; $action->associationType = lcfirst(get_class($params['model'])); $action->associationId = $params['model']->id; $action->subject = $this->parseOption('subject', $params); $action->actionDescription = $this->parseOption('description', $params); if($params['model']->hasAttribute('assignedTo')) $action->assignedTo = $params['model']->assignedTo; if($params['model']->hasAttribute('priority')) $action->priority = $params['model']->priority; if($params['model']->hasAttribute('visibility')) $action->visibility = $params['model']->visibility; if ($action->save()) { return array ( true, Yii::t('studio', ""View created action: "").$action->getLink () ); } else { $errors = $action->getErrors (); return array(false, array_shift($errors)); } }" 5373,"public function delete_item_permissions_check( $request ) { $response = $this->get_items_permissions_check( $request ); if ( ! $response || is_wp_error( $response ) ) { return $response; } $post = get_post( $request['id'] ); if ( ! $post ) { return new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) ); } $post_type = get_post_type_object( 'revision' ); return current_user_can( $post_type->cap->delete_post, $post->ID ); }",True,PHP,delete_item_permissions_check,class-wp-rest-revisions-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function paramRules() { return array( 'title' => Yii::t('studio',$this->title), 'info' => Yii::t('studio',$this->info), 'modelRequired' => 'Contacts', 'options' => array( array( 'name'=>'listId', 'label'=>Yii::t('studio','List'), 'type'=>'link', 'linkType'=>'X2List', 'linkSource'=>Yii::app()->controller->createUrl( CActiveRecord::model('X2List')->autoCompleteSource, array ( 'static' => 1 ) ) ), )); }" 5380,"public function get_items_permissions_check( $request ) { $parent = get_post( $request['parent'] ); if ( ! $parent ) { return true; } $parent_post_type_obj = get_post_type_object( $parent->post_type ); if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) { return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to view revisions of this post.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; }",True,PHP,get_items_permissions_check,class-wp-rest-revisions-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function paramRules() { return array( 'title' => Yii::t('studio',$this->title), 'info' => Yii::t('studio',$this->info), 'modelRequired' => 'Contacts', 'options' => array( array( 'name'=>'listId', 'label'=>Yii::t('studio','List'), 'type'=>'link', 'linkType'=>'X2List', 'linkSource'=>Yii::app()->controller->createUrl( CActiveRecord::model('X2List')->autoCompleteSource, array ( 'static' => 1 ) ) ), )); }" 5384,"public function update_item( $request ) { if ( isset( $request['parent'] ) ) { if ( ! is_taxonomy_hierarchical( $this->taxonomy ) ) { return new WP_Error( 'rest_taxonomy_not_hierarchical', __( 'Can not set parent term, taxonomy is not hierarchical.' ), array( 'status' => 400 ) ); } $parent = get_term( (int) $request['parent'], $this->taxonomy ); if ( ! $parent ) { return new WP_Error( 'rest_term_invalid', __( 'Parent term does not exist.' ), array( 'status' => 400 ) ); } } $prepared_term = $this->prepare_item_for_database( $request ); $term = get_term( (int) $request['id'], $this->taxonomy ); if ( ! empty( $prepared_term ) ) { $update = wp_update_term( $term->term_id, $term->taxonomy, wp_slash( (array) $prepared_term ) ); if ( is_wp_error( $update ) ) { return $update; } } $term = get_term( (int) $request['id'], $this->taxonomy ); do_action( ""rest_insert_{$this->taxonomy}"", $term, $request, false ); $schema = $this->get_item_schema(); if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { $meta_update = $this->meta->update_value( $request['meta'], (int) $request['id'] ); if ( is_wp_error( $meta_update ) ) { return $meta_update; } } $fields_update = $this->update_additional_fields_for_object( $term, $request ); if ( is_wp_error( $fields_update ) ) { return $fields_update; } $request->set_param( 'context', 'view' ); $response = $this->prepare_item_for_response( $term, $request ); return rest_ensure_response( $response ); }",True,PHP,update_item,class-wp-rest-terms-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function paramRules() { return array( 'title' => Yii::t('studio',$this->title), 'info' => Yii::t('studio',$this->info), 'modelRequired' => 'Contacts', 'options' => array( array( 'name'=>'listId', 'label'=>Yii::t('studio','List'), 'type'=>'link', 'linkType'=>'X2List', 'linkSource'=>Yii::app()->controller->createUrl( CActiveRecord::model('X2List')->autoCompleteSource, array ( 'static' => 1 ) ) ), )); }" 5385,"public function update_item_permissions_check( $request ) { if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { return false; } $term = get_term( (int) $request['id'], $this->taxonomy ); if ( ! $term ) { return new WP_Error( 'rest_term_invalid', __( 'Term does not exist.' ), array( 'status' => 404 ) ); } if ( ! current_user_can( 'edit_term', $term->term_id ) ) { return new WP_Error( 'rest_cannot_update', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; }",True,PHP,update_item_permissions_check,class-wp-rest-terms-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function paramRules() { return array( 'title' => Yii::t('studio',$this->title), 'info' => Yii::t('studio',$this->info), 'modelRequired' => 'Contacts', 'options' => array( array( 'name'=>'listId', 'label'=>Yii::t('studio','List'), 'type'=>'link', 'linkType'=>'X2List', 'linkSource'=>Yii::app()->controller->createUrl( CActiveRecord::model('X2List')->autoCompleteSource, array ( 'static' => 1 ) ) ), )); }" 5390,"public function delete_item_permissions_check( $request ) { if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { return false; } $term = get_term( (int) $request['id'], $this->taxonomy ); if ( ! $term ) { return new WP_Error( 'rest_term_invalid', __( 'Term does not exist.' ), array( 'status' => 404 ) ); } if ( ! current_user_can( 'delete_term', $term->term_id ) ) { return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete this term.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; }",True,PHP,delete_item_permissions_check,class-wp-rest-terms-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function check(&$params){ $tags = $this->config['options']['tags']['value']; $tags = is_array($tags) ? $tags : Tags::parseTags($tags, true); if(!empty($tags) && isset($params['tags'])){ if(!is_array($params['tags'])){ $params['tags'] = explode(',', $params['tags']); } $params['tags'] = array_map(function($item){ return preg_replace('/^ }, $params['tags']); if(count(array_intersect($params['tags'], $tags)) > 0){ return $this->checkConditions($params); }else{ return array( false, Yii::t( 'studio', 'No tags on the record matched those in the tag trigger criteria.')); } }else{ return array( false, empty($tags) ? Yii::t('studio','No tags in the trigger criteria!') : Yii::t('studio','Tags parameter missing!')); } }" 5391,"public function get_item_permissions_check( $request ) { $tax_obj = get_taxonomy( $this->taxonomy ); if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { return false; } if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', (int) $request['id'] ) ) { return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; }",True,PHP,get_item_permissions_check,class-wp-rest-terms-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function check(&$params){ $tags = $this->config['options']['tags']['value']; $tags = is_array($tags) ? $tags : Tags::parseTags($tags, true); if(!empty($tags) && isset($params['tags'])){ if(!is_array($params['tags'])){ $params['tags'] = explode(',', $params['tags']); } $params['tags'] = array_map(function($item){ return preg_replace('/^ }, $params['tags']); if(count(array_intersect($params['tags'], $tags)) > 0){ return $this->checkConditions($params); }else{ return array( false, Yii::t( 'studio', 'No tags on the record matched those in the tag trigger criteria.')); } }else{ return array( false, empty($tags) ? Yii::t('studio','No tags in the trigger criteria!') : Yii::t('studio','Tags parameter missing!')); } }" 5393,"public function register_routes() { register_rest_route( $this->namespace, '/' . $this->rest_base, array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_items' ), 'permission_callback' => array( $this, 'get_items_permissions_check' ), 'args' => $this->get_collection_params(), ), array( 'methods' => WP_REST_Server::CREATABLE, 'callback' => array( $this, 'create_item' ), 'permission_callback' => array( $this, 'create_item_permissions_check' ), 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ), ), 'schema' => array( $this, 'get_public_item_schema' ), ) ); register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P[\d]+)', array( array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_item' ), 'permission_callback' => array( $this, 'get_item_permissions_check' ), 'args' => array( 'context' => $this->get_context_param( array( 'default' => 'view' ) ), ), ), array( 'methods' => WP_REST_Server::EDITABLE, 'callback' => array( $this, 'update_item' ), 'permission_callback' => array( $this, 'update_item_permissions_check' ), 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), ), array( 'methods' => WP_REST_Server::DELETABLE, 'callback' => array( $this, 'delete_item' ), 'permission_callback' => array( $this, 'delete_item_permissions_check' ), 'args' => array( 'force' => array( 'type' => 'boolean', 'default' => false, 'description' => __( 'Required to be true, as terms do not support trashing.' ), ), ), ), 'schema' => array( $this, 'get_public_item_schema' ), ) ); }",True,PHP,register_routes,class-wp-rest-terms-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function check(&$params){ $tags = $this->config['options']['tags']['value']; $tags = is_array($tags) ? $tags : Tags::parseTags($tags, true); if(!empty($tags) && isset($params['tags'])){ if(!is_array($params['tags'])){ $params['tags'] = explode(',', $params['tags']); } $params['tags'] = array_map(function($item){ return preg_replace('/^ }, $params['tags']); if(count(array_intersect($params['tags'], $tags)) > 0){ return $this->checkConditions($params); }else{ return array( false, Yii::t( 'studio', 'No tags on the record matched those in the tag trigger criteria.')); } }else{ return array( false, empty($tags) ? Yii::t('studio','No tags in the trigger criteria!') : Yii::t('studio','Tags parameter missing!')); } }" 5394,"public function get_item( $request ) { $term = get_term( (int) $request['id'], $this->taxonomy ); if ( ! $term || $term->taxonomy !== $this->taxonomy ) { return new WP_Error( 'rest_term_invalid', __( 'Term does not exist.' ), array( 'status' => 404 ) ); } if ( is_wp_error( $term ) ) { return $term; } $response = $this->prepare_item_for_response( $term, $request ); return rest_ensure_response( $response ); }",True,PHP,get_item,class-wp-rest-terms-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"public function check(&$params){ $tags = $this->config['options']['tags']['value']; $tags = is_array($tags) ? $tags : Tags::parseTags($tags, true); if(!empty($tags) && isset($params['tags'])){ if(!is_array($params['tags'])){ $params['tags'] = explode(',', $params['tags']); } $params['tags'] = array_map(function($item){ return preg_replace('/^ }, $params['tags']); if(count(array_intersect($params['tags'], $tags)) > 0){ return $this->checkConditions($params); }else{ return array( false, Yii::t( 'studio', 'No tags on the record matched those in the tag trigger criteria.')); } }else{ return array( false, empty($tags) ? Yii::t('studio','No tags in the trigger criteria!') : Yii::t('studio','Tags parameter missing!')); } }" 5399,"public function update_item_permissions_check( $request ) { $id = (int) $request['id']; if ( ! current_user_can( 'edit_user', $id ) ) { return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) ); } if ( ! empty( $request['roles'] ) && ! current_user_can( 'edit_users' ) ) { return new WP_Error( 'rest_cannot_edit_roles', __( 'Sorry, you are not allowed to edit roles of this user.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; }",True,PHP,update_item_permissions_check,class-wp-rest-users-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"foreach ($fields as $field) { $fieldName = $field->fieldName; if ($field->type == 'date' || $field->type == 'dateTime') { if (is_numeric($record->$fieldName)) $record->$fieldName = Formatter::formatLongDateTime($record->$fieldName); }elseif ($field->type == 'link') { $name = $record->$fieldName; if (!empty($field->linkType)) { list($name, $id) = Fields::nameAndId($name); } if (!empty($name)) $record->$fieldName = $name; }elseif ($fieldName == 'visibility') { switch ($record->$fieldName) { case 0: $record->$fieldName = 'Private'; break; case 1: $record->$fieldName = 'Public'; break; case 2: $record->$fieldName = 'User\'s Groups'; break; default: $record->$fieldName = 'Private'; } } }" 5400,"public function delete_item_permissions_check( $request ) { $id = (int) $request['id']; if ( ! current_user_can( 'delete_user', $id ) ) { return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) ); } return true; }",True,PHP,delete_item_permissions_check,class-wp-rest-users-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"foreach ($fields as $field) { $fieldName = $field->fieldName; if ($field->type == 'date' || $field->type == 'dateTime') { if (is_numeric($record->$fieldName)) $record->$fieldName = Formatter::formatLongDateTime($record->$fieldName); }elseif ($field->type == 'link') { $name = $record->$fieldName; if (!empty($field->linkType)) { list($name, $id) = Fields::nameAndId($name); } if (!empty($name)) $record->$fieldName = $name; }elseif ($fieldName == 'visibility') { switch ($record->$fieldName) { case 0: $record->$fieldName = 'Private'; break; case 1: $record->$fieldName = 'Public'; break; case 2: $record->$fieldName = 'User\'s Groups'; break; default: $record->$fieldName = 'Private'; } } }" 5402,"public function get_item( $request ) { $id = (int) $request['id']; $user = get_userdata( $id ); if ( empty( $id ) || empty( $user->ID ) ) { return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); } $user = $this->prepare_item_for_response( $user, $request ); $response = rest_ensure_response( $user ); return $response; }",True,PHP,get_item,class-wp-rest-users-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"foreach ($fields as $field) { $fieldName = $field->fieldName; if ($field->type == 'date' || $field->type == 'dateTime') { if (is_numeric($record->$fieldName)) $record->$fieldName = Formatter::formatLongDateTime($record->$fieldName); }elseif ($field->type == 'link') { $name = $record->$fieldName; if (!empty($field->linkType)) { list($name, $id) = Fields::nameAndId($name); } if (!empty($name)) $record->$fieldName = $name; }elseif ($fieldName == 'visibility') { switch ($record->$fieldName) { case 0: $record->$fieldName = 'Private'; break; case 1: $record->$fieldName = 'Public'; break; case 2: $record->$fieldName = 'User\'s Groups'; break; default: $record->$fieldName = 'Private'; } } }" 5404,"public function update_item( $request ) { $id = (int) $request['id']; $user = get_userdata( $id ); if ( ! $user ) { return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); } if ( email_exists( $request['email'] ) && $request['email'] !== $user->user_email ) { return new WP_Error( 'rest_user_invalid_email', __( 'Invalid email address.' ), array( 'status' => 400 ) ); } if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) { return new WP_Error( 'rest_user_invalid_argument', __( ""Username isn't editable."" ), array( 'status' => 400 ) ); } if ( ! empty( $request['slug'] ) && $request['slug'] !== $user->user_nicename && get_user_by( 'slug', $request['slug'] ) ) { return new WP_Error( 'rest_user_invalid_slug', __( 'Invalid slug.' ), array( 'status' => 400 ) ); } if ( ! empty( $request['roles'] ) ) { $check_permission = $this->check_role_update( $id, $request['roles'] ); if ( is_wp_error( $check_permission ) ) { return $check_permission; } } $user = $this->prepare_item_for_database( $request ); $user->ID = $id; $user_id = wp_update_user( wp_slash( (array) $user ) ); if ( is_wp_error( $user_id ) ) { return $user_id; } $user = get_user_by( 'id', $user_id ); do_action( 'rest_insert_user', $user, $request, false ); if ( is_multisite() && ! is_user_member_of_blog( $id ) ) { add_user_to_blog( get_current_blog_id(), $id, '' ); } if ( ! empty( $request['roles'] ) ) { array_map( array( $user, 'add_role' ), $request['roles'] ); } $schema = $this->get_item_schema(); if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { $meta_update = $this->meta->update_value( $request['meta'], $id ); if ( is_wp_error( $meta_update ) ) { return $meta_update; } } $user = get_user_by( 'id', $user_id ); $fields_update = $this->update_additional_fields_for_object( $user, $request ); if ( is_wp_error( $fields_update ) ) { return $fields_update; } $request->set_param( 'context', 'edit' ); $response = $this->prepare_item_for_response( $user, $request ); $response = rest_ensure_response( $response ); return $response; }",True,PHP,update_item,class-wp-rest-users-controller.php,https://github.com/WordPress/WordPress,WordPress,Joe Hoyle,2017-01-26 13:39:41+00:00,"REST API: Unify object access handling for simplicity. Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters. See #38792. Built from https://develop.svn.wordpress.org/trunk@39954 git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2017-1001000,"foreach ($fields as $field) { $fieldName = $field->fieldName; if ($field->type == 'date' || $field->type == 'dateTime') { if (is_numeric($record->$fieldName)) $record->$fieldName = Formatter::formatLongDateTime($record->$fieldName); }elseif ($field->type == 'link') { $name = $record->$fieldName; if (!empty($field->linkType)) { list($name, $id) = Fields::nameAndId($name); } if (!empty($name)) $record->$fieldName = $name; }elseif ($fieldName == 'visibility') { switch ($record->$fieldName) { case 0: $record->$fieldName = 'Private'; break; case 1: $record->$fieldName = 'Public'; break; case 2: $record->$fieldName = 'User\'s Groups'; break; default: $record->$fieldName = 'Private'; } } }" 5405,"public function column_title( $post ) { global $mode; if ( $this->hierarchical_display ) { if ( 0 === $this->current_level && (int) $post->post_parent > 0 ) { $find_main_page = (int) $post->post_parent; while ( $find_main_page > 0 ) { $parent = get_post( $find_main_page ); if ( is_null( $parent ) ) { break; } $this->current_level++; $find_main_page = (int) $parent->post_parent; if ( ! isset( $parent_name ) ) { $parent_name = apply_filters( 'the_title', $parent->post_title, $parent->ID ); } } } } $can_edit_post = current_user_can( 'edit_post', $post->ID ); if ( $can_edit_post && $post->post_status != 'trash' ) { $lock_holder = wp_check_post_lock( $post->ID ); if ( $lock_holder ) { $lock_holder = get_userdata( $lock_holder ); $locked_avatar = get_avatar( $lock_holder->ID, 18 ); $locked_text = esc_html( sprintf( __( '%s is currently editing' ), $lock_holder->display_name ) ); } else { $locked_avatar = $locked_text = ''; } echo '
    ' . $locked_avatar . ' ' . $locked_text . ""
    \n""; } $pad = str_repeat( '& echo """"; $format = get_post_format( $post->ID ); if ( $format ) { $label = get_post_format_string( $format ); $format_class = 'post-state-format post-format-icon post-format-' . $format; $format_args = array( 'post_format' => $format, 'post_type' => $post->post_type ); echo $this->get_edit_link( $format_args, $label . ':', $format_class ); } $title = _draft_or_post_title(); if ( $can_edit_post && $post->post_status != 'trash' ) { printf( '%s%s', get_edit_post_link( $post->ID ), esc_attr( sprintf( __( '& $pad, $title ); } else { echo $pad . $title; } _post_states( $post ); if ( isset( $parent_name ) ) { $post_type_object = get_post_type_object( $post->post_type ); echo ' | ' . $post_type_object->labels->parent_item_colon . ' ' . esc_html( $parent_name ); } echo ""\n""; if ( ! is_post_type_hierarchical( $this->screen->post_type ) && 'excerpt' === $mode && current_user_can( 'read_post', $post->ID ) ) { the_excerpt(); } get_inline_data( $post ); }",True,PHP,column_title,class-wp-posts-list-table.php,https://github.com/WordPress/WordPress,WordPress,John Blackbourn,2017-01-26 13:41:44+00:00,"Posts, Post Types: When using Excerpt mode on the Posts list table, ensure the excerpt output matches what was manually entered into the Excerpt field. Built from https://develop.svn.wordpress.org/trunk@39956 git-svn-id: http://core.svn.wordpress.org/trunk@39893 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-5612,"public function actionDeleteDropdown() { $dropdowns = Dropdowns::model()->findAll('id>=1000'); if (isset($_POST['dropdown'])) { if ($_POST['dropdown'] != Actions::COLORS_DROPDOWN_ID) { $model = Dropdowns::model()->findByPk($_POST['dropdown']); $model->delete(); $this->redirect('manageDropDowns'); } } $this->render('deleteDropdowns', array( 'dropdowns' => $dropdowns, )); }" 5412,"function wp_embed_handler_youtube( $matches, $attr, $url, $rawattr ) { global $wp_embed; $embed = $wp_embed->autoembed( ""https: return apply_filters( 'wp_embed_handler_youtube', $embed, $attr, $url, $rawattr ); }",True,PHP,wp_embed_handler_youtube,embed.php,https://github.com/WordPress/WordPress,WordPress,Dominik Schilling,2017-03-06 11:42:40+00:00,"Embeds: URL encode YouTube video IDs for broader compatibility. Built from https://develop.svn.wordpress.org/trunk@40160 git-svn-id: http://core.svn.wordpress.org/trunk@40099 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-6817,"public function actionDeleteDropdown() { $dropdowns = Dropdowns::model()->findAll('id>=1000'); if (isset($_POST['dropdown'])) { if ($_POST['dropdown'] != Actions::COLORS_DROPDOWN_ID) { $model = Dropdowns::model()->findByPk($_POST['dropdown']); $model->delete(); $this->redirect('manageDropDowns'); } } $this->render('deleteDropdowns', array( 'dropdowns' => $dropdowns, )); }" 5413,"function wp_validate_redirect($location, $default = '') { $location = trim( $location ); if ( substr($location, 0, 2) == '//' ) $location = 'http:' . $location; $test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location; $lp = @parse_url($test); if ( false === $lp ) return $default; if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) ) return $default; if ( ! isset( $lp['host'] ) && ( isset( $lp['scheme'] ) || isset( $lp['user'] ) || isset( $lp['pass'] ) || isset( $lp['port'] ) ) ) { return $default; } foreach ( array( 'user', 'pass', 'host' ) as $component ) { if ( isset( $lp[ $component ] ) && strpbrk( $lp[ $component ], ':/? return $default; } } $wpp = parse_url(home_url()); $allowed_hosts = (array) apply_filters( 'allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '' ); if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) ) $location = $default; return $location; }",True,PHP,wp_validate_redirect,pluggable.php,https://github.com/WordPress/WordPress,WordPress,Aaron Campbell,2017-03-06 13:38:41+00:00,"Strip control characters before validating redirect. Built from https://develop.svn.wordpress.org/trunk@40183 git-svn-id: http://core.svn.wordpress.org/trunk@40122 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2017-6815,"public function actionDeleteDropdown() { $dropdowns = Dropdowns::model()->findAll('id>=1000'); if (isset($_POST['dropdown'])) { if ($_POST['dropdown'] != Actions::COLORS_DROPDOWN_ID) { $model = Dropdowns::model()->findByPk($_POST['dropdown']); $model->delete(); $this->redirect('manageDropDowns'); } } $this->render('deleteDropdowns', array( 'dropdowns' => $dropdowns, )); }" 5420,"echo ''; }",True,PHP,"'fixupImportedContactName ($model); if ($modelName === 'Actions' && isset($model->associationType)) $this->reconstructImportedActionAssoc($model); if ($model->hasAttribute('visibility') && is_null($model->visibility)) $model->visibility = 1; if (!empty($model->createDate) || !empty($model->lastUpdated) || !empty($model->lastActivity)) { $now = time(); if (empty($model->createDate)) $model->createDate = $now; if (empty($model->lastUpdated)) $model->lastUpdated = $now; if ($model->hasAttribute('lastActivity') && empty($model->lastActivity)) $model->lastActivity = $now; } if($_SESSION['leadRouting'] == 1){ $assignee = $this->getNextAssignee(); if($assignee == ""Anyone"") $assignee = """"; $model->assignedTo = $assignee; } foreach($_SESSION['override'] as $attr => $val){ $model->$attr = $val; } }" 5421,"public function prepare( $query, $args ) { if ( is_null( $query ) ) return; if ( strpos( $query, '%' ) === false ) { _doing_it_wrong( 'wpdb::prepare', sprintf( __( 'The query argument of %s must have a placeholder.' ), 'wpdb::prepare()' ), '3.9.0' ); } $args = func_get_args(); array_shift( $args ); if ( isset( $args[0] ) && is_array($args[0]) ) $args = $args[0]; $query = str_replace( ""'%s'"", '%s', $query ); $query = str_replace( '""%s""', '%s', $query ); $query = preg_replace( '|(?fixupImportedContactName ($model); if ($modelName === 'Actions' && isset($model->associationType)) $this->reconstructImportedActionAssoc($model); if ($model->hasAttribute('visibility') && is_null($model->visibility)) $model->visibility = 1; if (!empty($model->createDate) || !empty($model->lastUpdated) || !empty($model->lastActivity)) { $now = time(); if (empty($model->createDate)) $model->createDate = $now; if (empty($model->lastUpdated)) $model->lastUpdated = $now; if ($model->hasAttribute('lastActivity') && empty($model->lastActivity)) $model->lastActivity = $now; } if($_SESSION['leadRouting'] == 1){ $assignee = $this->getNextAssignee(); if($assignee == ""Anyone"") $assignee = """"; $model->assignedTo = $assignee; } foreach($_SESSION['override'] as $attr => $val){ $model->$attr = $val; } }" 5426,"function get_page_by_path( $page_path, $output = OBJECT, $post_type = 'page' ) { global $wpdb; $last_changed = wp_cache_get_last_changed( 'posts' ); $hash = md5( $page_path . serialize( $post_type ) ); $cache_key = ""get_page_by_path:$hash:$last_changed""; $cached = wp_cache_get( $cache_key, 'posts' ); if ( false !== $cached ) { if ( '0' === $cached || 0 === $cached ) { return; } else { return get_post( $cached, $output ); } } $page_path = rawurlencode(urldecode($page_path)); $page_path = str_replace('%2F', '/', $page_path); $page_path = str_replace('%20', ' ', $page_path); $parts = explode( '/', trim( $page_path, '/' ) ); $parts = esc_sql( $parts ); $parts = array_map( 'sanitize_title_for_query', $parts ); $in_string = ""'"" . implode( ""','"", $parts ) . ""'""; if ( is_array( $post_type ) ) { $post_types = $post_type; } else { $post_types = array( $post_type, 'attachment' ); } $post_types = esc_sql( $post_types ); $post_type_in_string = ""'"" . implode( ""','"", $post_types ) . ""'""; $sql = "" SELECT ID, post_name, post_parent, post_type FROM $wpdb->posts WHERE post_name IN ($in_string) AND post_type IN ($post_type_in_string) ""; $pages = $wpdb->get_results( $sql, OBJECT_K ); $revparts = array_reverse( $parts ); $foundid = 0; foreach ( (array) $pages as $page ) { if ( $page->post_name == $revparts[0] ) { $count = 0; $p = $page; while ( $p->post_parent != 0 && isset( $pages[ $p->post_parent ] ) ) { $count++; $parent = $pages[ $p->post_parent ]; if ( ! isset( $revparts[ $count ] ) || $parent->post_name != $revparts[ $count ] ) break; $p = $parent; } if ( $p->post_parent == 0 && $count+1 == count( $revparts ) && $p->post_name == $revparts[ $count ] ) { $foundid = $page->ID; if ( $page->post_type == $post_type ) break; } } } wp_cache_set( $cache_key, $foundid, 'posts' ); if ( $foundid ) { return get_post( $foundid, $output ); } }",True,PHP,get_page_by_path,post.php,https://github.com/WordPress/WordPress,WordPress,Gary Pendergast,2017-10-31 12:00:49+00:00,"Database: Restore numbered placeholders in `wpdb::prepare()`. [41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used. This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders. See #41925. Built from https://develop.svn.wordpress.org/trunk@42056 git-svn-id: http://core.svn.wordpress.org/trunk@41885 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2017-16510,"public function actionEditDropdown() { $model = new Dropdowns; if (isset($_POST['Dropdowns']['id']) && ctype_digit ($_POST['Dropdowns']['id'])) { $model = Dropdowns::model()->findByPk( $_POST['Dropdowns']['id']); if (!isset ($model)) { throw new CHttpException (404, Yii::t('app', 'Dropdown could not be found')); } if ($model->id == Actions::COLORS_DROPDOWN_ID) { if (AuxLib::issetIsArray($_POST['Dropdowns']['values']) && AuxLib::issetIsArray($_POST['Dropdowns']['labels']) && count($_POST['Dropdowns']['values']) === count($_POST['Dropdowns']['labels'])) { if (AuxLib::issetIsArray($_POST['Admin']) && isset($_POST['Admin']['enableColorDropdownLegend'])) { Yii::app()->settings->enableColorDropdownLegend = $_POST['Admin']['enableColorDropdownLegend']; Yii::app()->settings->save(); } $options = array_combine( $_POST['Dropdowns']['values'], $_POST['Dropdowns']['labels']); $temp = array(); foreach ($options as $value => $label) { if ($value != """") $temp[$value] = $label; } $model->options = json_encode($temp); $model->save(); } } else { $model->attributes = $_POST['Dropdowns']; $temp = array(); if (is_array($model->options) && count($model->options) > 0) { foreach ($model->options as $option) { if ($option != """") $temp[$option] = $option; } $model->options = json_encode($temp); if ($model->save()) { } } } } $this->redirect( 'manageDropDowns' ); }" 5430,"function _real_escape( $string ) { if ( $this->dbh ) { if ( $this->use_mysqli ) { return mysqli_real_escape_string( $this->dbh, $string ); } else { return mysql_real_escape_string( $string, $this->dbh ); } } $class = get_class( $this ); if ( function_exists( '__' ) ) { _doing_it_wrong( $class, sprintf( __( '%s must set a database connection for use with escaping.' ), $class ), '3.6.0' ); } else { _doing_it_wrong( $class, sprintf( '%s must set a database connection for use with escaping.', $class ), '3.6.0' ); } return addslashes( $string ); }",True,PHP,_real_escape,wp-db.php,https://github.com/WordPress/WordPress,WordPress,Gary Pendergast,2017-10-31 12:00:49+00:00,"Database: Restore numbered placeholders in `wpdb::prepare()`. [41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used. This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders. See #41925. Built from https://develop.svn.wordpress.org/trunk@42056 git-svn-id: http://core.svn.wordpress.org/trunk@41885 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2017-16510,"public function actionEditDropdown() { $model = new Dropdowns; if (isset($_POST['Dropdowns']['id']) && ctype_digit ($_POST['Dropdowns']['id'])) { $model = Dropdowns::model()->findByPk( $_POST['Dropdowns']['id']); if (!isset ($model)) { throw new CHttpException (404, Yii::t('app', 'Dropdown could not be found')); } if ($model->id == Actions::COLORS_DROPDOWN_ID) { if (AuxLib::issetIsArray($_POST['Dropdowns']['values']) && AuxLib::issetIsArray($_POST['Dropdowns']['labels']) && count($_POST['Dropdowns']['values']) === count($_POST['Dropdowns']['labels'])) { if (AuxLib::issetIsArray($_POST['Admin']) && isset($_POST['Admin']['enableColorDropdownLegend'])) { Yii::app()->settings->enableColorDropdownLegend = $_POST['Admin']['enableColorDropdownLegend']; Yii::app()->settings->save(); } $options = array_combine( $_POST['Dropdowns']['values'], $_POST['Dropdowns']['labels']); $temp = array(); foreach ($options as $value => $label) { if ($value != """") $temp[$value] = $label; } $model->options = json_encode($temp); $model->save(); } } else { $model->attributes = $_POST['Dropdowns']; $temp = array(); if (is_array($model->options) && count($model->options) > 0) { foreach ($model->options as $option) { if ($option != """") $temp[$option] = $option; } $model->options = json_encode($temp); if ($model->save()) { } } } } $this->redirect( 'manageDropDowns' ); }" 5433,"public function update( $table, $data, $where, $format = null, $where_format = null ) { if ( ! is_array( $data ) || ! is_array( $where ) ) { return false; } $data = $this->process_fields( $table, $data, $format ); if ( false === $data ) { return false; } $where = $this->process_fields( $table, $where, $where_format ); if ( false === $where ) { return false; } $fields = $conditions = $values = array(); foreach ( $data as $field => $value ) { if ( is_null( $value['value'] ) ) { $fields[] = ""`$field` = NULL""; continue; } $fields[] = ""`$field` = "" . $value['format']; $values[] = $value['value']; } foreach ( $where as $field => $value ) { if ( is_null( $value['value'] ) ) { $conditions[] = ""`$field` IS NULL""; continue; } $conditions[] = ""`$field` = "" . $value['format']; $values[] = $value['value']; } $fields = implode( ', ', $fields ); $conditions = implode( ' AND ', $conditions ); $sql = ""UPDATE `$table` SET $fields WHERE $conditions""; $this->check_current_query = false; return $this->query( $this->prepare( $sql, $values ) ); }",True,PHP,update,wp-db.php,https://github.com/WordPress/WordPress,WordPress,Gary Pendergast,2017-10-31 12:00:49+00:00,"Database: Restore numbered placeholders in `wpdb::prepare()`. [41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used. This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders. See #41925. Built from https://develop.svn.wordpress.org/trunk@42056 git-svn-id: http://core.svn.wordpress.org/trunk@41885 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2017-16510,"public function actionEditDropdown() { $model = new Dropdowns; if (isset($_POST['Dropdowns']['id']) && ctype_digit ($_POST['Dropdowns']['id'])) { $model = Dropdowns::model()->findByPk( $_POST['Dropdowns']['id']); if (!isset ($model)) { throw new CHttpException (404, Yii::t('app', 'Dropdown could not be found')); } if ($model->id == Actions::COLORS_DROPDOWN_ID) { if (AuxLib::issetIsArray($_POST['Dropdowns']['values']) && AuxLib::issetIsArray($_POST['Dropdowns']['labels']) && count($_POST['Dropdowns']['values']) === count($_POST['Dropdowns']['labels'])) { if (AuxLib::issetIsArray($_POST['Admin']) && isset($_POST['Admin']['enableColorDropdownLegend'])) { Yii::app()->settings->enableColorDropdownLegend = $_POST['Admin']['enableColorDropdownLegend']; Yii::app()->settings->save(); } $options = array_combine( $_POST['Dropdowns']['values'], $_POST['Dropdowns']['labels']); $temp = array(); foreach ($options as $value => $label) { if ($value != """") $temp[$value] = $label; } $model->options = json_encode($temp); $model->save(); } } else { $model->attributes = $_POST['Dropdowns']; $temp = array(); if (is_array($model->options) && count($model->options) > 0) { foreach ($model->options as $option) { if ($option != """") $temp[$option] = $option; } $model->options = json_encode($temp); if ($model->save()) { } } } } $this->redirect( 'manageDropDowns' ); }" 5436,"public function prepare( $query, $args ) { if ( is_null( $query ) ) return; if ( strpos( $query, '%' ) === false ) { wp_load_translations_early(); _doing_it_wrong( 'wpdb::prepare', sprintf( __( 'The query argument of %s must have a placeholder.' ), 'wpdb::prepare()' ), '3.9.0' ); } $args = func_get_args(); array_shift( $args ); if ( is_array( $args[0] ) && count( $args ) == 1 ) { $args = $args[0]; } foreach ( $args as $arg ) { if ( ! is_scalar( $arg ) && ! is_null( $arg ) ) { wp_load_translations_early(); _doing_it_wrong( 'wpdb::prepare', sprintf( __( 'Unsupported value type (%s).' ), gettype( $arg ) ), '4.8.2' ); } } $query = str_replace( ""'%s'"", '%s', $query ); $query = str_replace( '""%s""', '%s', $query ); $query = preg_replace( '|(?findByPk( $_POST['Dropdowns']['id']); if (!isset ($model)) { throw new CHttpException (404, Yii::t('app', 'Dropdown could not be found')); } if ($model->id == Actions::COLORS_DROPDOWN_ID) { if (AuxLib::issetIsArray($_POST['Dropdowns']['values']) && AuxLib::issetIsArray($_POST['Dropdowns']['labels']) && count($_POST['Dropdowns']['values']) === count($_POST['Dropdowns']['labels'])) { if (AuxLib::issetIsArray($_POST['Admin']) && isset($_POST['Admin']['enableColorDropdownLegend'])) { Yii::app()->settings->enableColorDropdownLegend = $_POST['Admin']['enableColorDropdownLegend']; Yii::app()->settings->save(); } $options = array_combine( $_POST['Dropdowns']['values'], $_POST['Dropdowns']['labels']); $temp = array(); foreach ($options as $value => $label) { if ($value != """") $temp[$value] = $label; } $model->options = json_encode($temp); $model->save(); } } else { $model->attributes = $_POST['Dropdowns']; $temp = array(); if (is_array($model->options) && count($model->options) > 0) { foreach ($model->options as $option) { if ($option != """") $temp[$option] = $option; } $model->options = json_encode($temp); if ($model->save()) { } } } } $this->redirect( 'manageDropDowns' ); }" 5437,"function get_language_attributes( $doctype = 'html' ) { $attributes = array(); if ( function_exists( 'is_rtl' ) && is_rtl() ) $attributes[] = 'dir=""rtl""'; if ( $lang = get_bloginfo('language') ) { if ( get_option('html_type') == 'text/html' || $doctype == 'html' ) $attributes[] = ""lang=\""$lang\""""; if ( get_option('html_type') != 'text/html' || $doctype == 'xhtml' ) $attributes[] = ""xml:lang=\""$lang\""""; } $output = implode(' ', $attributes); return apply_filters( 'language_attributes', $output, $doctype ); }",True,PHP,get_language_attributes,general-template.php,https://github.com/WordPress/WordPress,WordPress,John Blackbourn,2017-11-29 15:55:47+00:00,"Hardening: Add escaping to the language attributes used on `html` elements. Built from https://develop.svn.wordpress.org/trunk@42259 git-svn-id: http://core.svn.wordpress.org/trunk@42088 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-17093,"public function actionAddPost($id, $redirect) { $post = new Events; if (isset($_POST['Events']) && $_POST['Events']['text'] != Yii::t('app', 'Enter text here...')) { $post->text = $_POST['Events']['text']; $post->visibility = $_POST['Events']['visibility']; if (isset($_POST['Events']['associationId'])) { $post->associationId = $_POST['Events']['associationId']; $post->associationType = 'User'; } $post->user = Yii::app()->user->getName(); $post->type = 'feed'; $post->subtype = $_POST['Events']['subtype']; $post->lastUpdated = time(); $post->timestamp = time(); if (!isset($post->associationId) || $post->associationId == 0) $post->associationId = $id; if ($post->save()) { if ($post->associationId != Yii::app()->user->getId()) { $notif = new Notification; $notif->type = 'social_post'; $notif->createdBy = $post->user; $notif->modelType = 'Profile'; $notif->modelId = $post->associationId; $notif->user = Yii::app()->db->createCommand() ->select('username') ->from('x2_users') ->where('id=:id', array(':id' => $post->associationId)) ->queryScalar(); $notif->createDate = time(); $notif->save(); } } } if ($redirect == ""view"") $this->redirect(array('view', 'id' => $id)); else $this->redirect(array('/profile/profile')); }" 5439,"$t = preg_split('/[ \t]/', trim($enclosure[2]) ); $type = $t[0]; echo apply_filters( 'rss_enclosure', '' . ""\n"" ); } } }",True,PHP,preg_split,feed.php,https://github.com/WordPress/WordPress,WordPress,John Blackbourn,2017-11-29 15:56:48+00:00,"Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. Built from https://develop.svn.wordpress.org/trunk@42260 git-svn-id: http://core.svn.wordpress.org/trunk@42089 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-17094,"public function actionAddPost($id, $redirect) { $post = new Events; if (isset($_POST['Events']) && $_POST['Events']['text'] != Yii::t('app', 'Enter text here...')) { $post->text = $_POST['Events']['text']; $post->visibility = $_POST['Events']['visibility']; if (isset($_POST['Events']['associationId'])) { $post->associationId = $_POST['Events']['associationId']; $post->associationType = 'User'; } $post->user = Yii::app()->user->getName(); $post->type = 'feed'; $post->subtype = $_POST['Events']['subtype']; $post->lastUpdated = time(); $post->timestamp = time(); if (!isset($post->associationId) || $post->associationId == 0) $post->associationId = $id; if ($post->save()) { if ($post->associationId != Yii::app()->user->getId()) { $notif = new Notification; $notif->type = 'social_post'; $notif->createdBy = $post->user; $notif->modelType = 'Profile'; $notif->modelId = $post->associationId; $notif->user = Yii::app()->db->createCommand() ->select('username') ->from('x2_users') ->where('id=:id', array(':id' => $post->associationId)) ->queryScalar(); $notif->createDate = time(); $notif->save(); } } } if ($redirect == ""view"") $this->redirect(array('view', 'id' => $id)); else $this->redirect(array('/profile/profile')); }" 5442,"echo apply_filters( 'atom_enclosure', '' . ""\n"" ); } }",True,PHP,apply_filters,feed.php,https://github.com/WordPress/WordPress,WordPress,John Blackbourn,2017-11-29 15:56:48+00:00,"Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. Built from https://develop.svn.wordpress.org/trunk@42260 git-svn-id: http://core.svn.wordpress.org/trunk@42089 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-17094,"public function actionAddPost($id, $redirect) { $post = new Events; if (isset($_POST['Events']) && $_POST['Events']['text'] != Yii::t('app', 'Enter text here...')) { $post->text = $_POST['Events']['text']; $post->visibility = $_POST['Events']['visibility']; if (isset($_POST['Events']['associationId'])) { $post->associationId = $_POST['Events']['associationId']; $post->associationType = 'User'; } $post->user = Yii::app()->user->getName(); $post->type = 'feed'; $post->subtype = $_POST['Events']['subtype']; $post->lastUpdated = time(); $post->timestamp = time(); if (!isset($post->associationId) || $post->associationId == 0) $post->associationId = $id; if ($post->save()) { if ($post->associationId != Yii::app()->user->getId()) { $notif = new Notification; $notif->type = 'social_post'; $notif->createdBy = $post->user; $notif->modelType = 'Profile'; $notif->modelId = $post->associationId; $notif->user = Yii::app()->db->createCommand() ->select('username') ->from('x2_users') ->where('id=:id', array(':id' => $post->associationId)) ->queryScalar(); $notif->createDate = time(); $notif->save(); } } } if ($redirect == ""view"") $this->redirect(array('view', 'id' => $id)); else $this->redirect(array('/profile/profile')); }" 5444,"function get_allowed_mime_types( $user = null ) { $t = wp_get_mime_types(); unset( $t['swf'], $t['exe'] ); if ( function_exists( 'current_user_can' ) ) $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' ); if ( empty( $unfiltered ) ) unset( $t['htm|html'] ); return apply_filters( 'upload_mimes', $t, $user ); }",True,PHP,get_allowed_mime_types,functions.php,https://github.com/WordPress/WordPress,WordPress,John Blackbourn,2017-11-29 16:00:48+00:00,"Hardening: Remove the ability to upload JavaScript files for users who do not have the `unfiltered_html` capability. Built from https://develop.svn.wordpress.org/trunk@42261 git-svn-id: http://core.svn.wordpress.org/trunk@42090 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-17092,"public function actionAddPost($id, $redirect) { $post = new Events; if (isset($_POST['Events']) && $_POST['Events']['text'] != Yii::t('app', 'Enter text here...')) { $post->text = $_POST['Events']['text']; $post->visibility = $_POST['Events']['visibility']; if (isset($_POST['Events']['associationId'])) { $post->associationId = $_POST['Events']['associationId']; $post->associationType = 'User'; } $post->user = Yii::app()->user->getName(); $post->type = 'feed'; $post->subtype = $_POST['Events']['subtype']; $post->lastUpdated = time(); $post->timestamp = time(); if (!isset($post->associationId) || $post->associationId == 0) $post->associationId = $id; if ($post->save()) { if ($post->associationId != Yii::app()->user->getId()) { $notif = new Notification; $notif->type = 'social_post'; $notif->createdBy = $post->user; $notif->modelType = 'Profile'; $notif->modelId = $post->associationId; $notif->user = Yii::app()->db->createCommand() ->select('username') ->from('x2_users') ->where('id=:id', array(':id' => $post->associationId)) ->queryScalar(); $notif->createDate = time(); $notif->save(); } } } if ($redirect == ""view"") $this->redirect(array('view', 'id' => $id)); else $this->redirect(array('/profile/profile')); }" 5446,"function get_the_generator( $type = '' ) { if ( empty( $type ) ) { $current_filter = current_filter(); if ( empty( $current_filter ) ) { return; } switch ( $current_filter ) { case 'rss2_head': case 'commentsrss2_head': $type = 'rss2'; break; case 'rss_head': case 'opml_head': $type = 'comment'; break; case 'rdf_header': $type = 'rdf'; break; case 'atom_head': case 'comments_atom_head': case 'app_head': $type = 'atom'; break; } } switch ( $type ) { case 'html': $gen = ''; break; case 'xhtml': $gen = ''; break; case 'atom': $gen = ''; break; case 'export': $gen = ''; break; } return apply_filters( ""get_the_generator_{$type}"", $gen, $type ); }",True,PHP,get_the_generator,general-template.php,https://github.com/WordPress/WordPress,WordPress,Dominik Schilling,2018-04-03 14:59:31+00:00,"Template: Make sure the version string is correctly escaped for use in attributes. Built from https://develop.svn.wordpress.org/trunk@42893 git-svn-id: http://core.svn.wordpress.org/trunk@42723 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-10102,"public function actionPublishPost() { $post = new Events; if (isset($_POST['text']) && $_POST['text'] != """") { $post->text = $_POST['text']; $post->visibility = $_POST['visibility']; if (isset($_POST['associationId'])) { $post->associationId = $_POST['associationId']; $post->associationType = 'User'; } $post->user = Yii::app()->user->getName(); $post->type = 'feed'; $post->subtype = $_POST['subtype']; $post->lastUpdated = time(); $post->timestamp = time(); if ($post->save()) { if (!empty($post->associationId) && $post->associationId != Yii::app()->user->getId() && $post->isVisibleTo (User::model ()->findByPk ($post->associationId))) { $notif = new Notification; $notif->type = 'social_post'; $notif->createdBy = $post->user; $notif->modelType = 'Profile'; $notif->modelId = $post->associationId; $notif->user = Yii::app()->db->createCommand() ->select('username') ->from('x2_users') ->where('id=:id', array(':id' => $post->associationId)) ->queryScalar(); $notif->createDate = time(); $notif->save(); } } } }" 5447,"function wp_http_validate_url( $url ) { $original_url = $url; $url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) ); if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) ) { return false; } $parsed_url = @parse_url( $url ); if ( ! $parsed_url || empty( $parsed_url['host'] ) ) { return false; } if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) ) { return false; } if ( false !== strpbrk( $parsed_url['host'], ': return false; } $parsed_home = @parse_url( get_option( 'home' ) ); if ( isset( $parsed_home['host'] ) ) { $same_host = ( strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ) || 'localhost' === strtolower( $parsed_url['host'] ) ); } else { $same_host = false; } if ( ! $same_host ) { $host = trim( $parsed_url['host'], '.' ); if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$ $ip = $host; } else { $ip = gethostbyname( $host ); if ( $ip === $host ) { $ip = false; } } if ( $ip ) { $parts = array_map( 'intval', explode( '.', $ip ) ); if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0] || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) || ( 192 === $parts[0] && 168 === $parts[1] ) ) { if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) ) { return false; } } } } if ( empty( $parsed_url['port'] ) ) { return $url; } $port = $parsed_url['port']; if ( 80 === $port || 443 === $port || 8080 === $port ) { return $url; } if ( $parsed_home && $same_host && isset( $parsed_home['port'] ) && $parsed_home['port'] === $port ) { return $url; } return false; }",True,PHP,wp_http_validate_url,http.php,https://github.com/WordPress/WordPress,WordPress,Dominik Schilling,2018-04-03 15:00:31+00:00,"HTTP: Don't treat `localhost` as same host by default. Built from https://develop.svn.wordpress.org/trunk@42894 git-svn-id: http://core.svn.wordpress.org/trunk@42724 1a063a9b-81f0-0310-95a4-ce76da25c4cd",CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2018-10101,"public function actionPublishPost() { $post = new Events; if (isset($_POST['text']) && $_POST['text'] != """") { $post->text = $_POST['text']; $post->visibility = $_POST['visibility']; if (isset($_POST['associationId'])) { $post->associationId = $_POST['associationId']; $post->associationType = 'User'; } $post->user = Yii::app()->user->getName(); $post->type = 'feed'; $post->subtype = $_POST['subtype']; $post->lastUpdated = time(); $post->timestamp = time(); if ($post->save()) { if (!empty($post->associationId) && $post->associationId != Yii::app()->user->getId() && $post->isVisibleTo (User::model ()->findByPk ($post->associationId))) { $notif = new Notification; $notif->type = 'social_post'; $notif->createdBy = $post->user; $notif->modelType = 'Profile'; $notif->modelId = $post->associationId; $notif->user = Yii::app()->db->createCommand() ->select('username') ->from('x2_users') ->where('id=:id', array(':id' => $post->associationId)) ->queryScalar(); $notif->createDate = time(); $notif->save(); } } } }" 5450,"public function index($id) { $template = $this->TemplateElement->Template->checkAuthorisation($id, $this->Auth->user(), false); if (!$this->_isSiteAdmin() && !$template) { throw new MethodNotAllowedException('No template with the provided ID exists, or you are not authorised to see it.'); } $templateElements = $this->TemplateElement->find('all', array( 'conditions' => array( 'template_id' => $id, ), 'contain' => array( 'TemplateElementAttribute', 'TemplateElementText', 'TemplateElementFile' ), 'order' => array('TemplateElement.position ASC') )); $this->loadModel('Attribute'); $this->set('validTypeGroups', $this->Attribute->validTypeGroups); $this->set('id', $id); $this->layout = 'ajaxTemplate'; $this->set('elements', $templateElements); $mayModify = false; if ($this->_isSiteAdmin() || $template['Template']['org'] == $this->Auth->user('Organisation')['name']) { $mayModify = true; } $this->set('mayModify', $mayModify); $this->render('ajax/ajaxIndex'); }",True,PHP,index,TemplateElementsController.php,https://github.com/MISP/MISP,MISP,mokaddem,2020-11-18 06:29:55+01:00,"fix: [security] XSS in the template element index view - As reported by Rubin Azad",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-28947,"public function actionPublishPost() { $post = new Events; if (isset($_POST['text']) && $_POST['text'] != """") { $post->text = $_POST['text']; $post->visibility = $_POST['visibility']; if (isset($_POST['associationId'])) { $post->associationId = $_POST['associationId']; $post->associationType = 'User'; } $post->user = Yii::app()->user->getName(); $post->type = 'feed'; $post->subtype = $_POST['subtype']; $post->lastUpdated = time(); $post->timestamp = time(); if ($post->save()) { if (!empty($post->associationId) && $post->associationId != Yii::app()->user->getId() && $post->isVisibleTo (User::model ()->findByPk ($post->associationId))) { $notif = new Notification; $notif->type = 'social_post'; $notif->createdBy = $post->user; $notif->modelType = 'Profile'; $notif->modelId = $post->associationId; $notif->user = Yii::app()->db->createCommand() ->select('username') ->from('x2_users') ->where('id=:id', array(':id' => $post->associationId)) ->queryScalar(); $notif->createDate = time(); $notif->save(); } } } }" 5452,"public function checkAuthorisation($id, $user, $write) { $template = $this->find('first', array( 'conditions' => array('id' => $id), 'recursive' => -1, )); if (empty($template)) { return false; } if ($user['Role']['perm_site_admin']) { return $template; } if ($write) { if ($user['Organisation']['name'] == $template['Template']['org'] && $user['Role']['perm_template']) { return $template; } return false; } else { if ($user['Organisation']['name'] == $template['Template']['org'] || $template['Template']['share']) { return $template; } return false; } }",True,PHP,checkAuthorisation,Template.php,https://github.com/MISP/MISP,MISP,mokaddem,2020-11-18 06:29:55+01:00,"fix: [security] XSS in the template element index view - As reported by Rubin Azad",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-28947,"public function actionPublishPost() { $post = new Events; if (isset($_POST['text']) && $_POST['text'] != """") { $post->text = $_POST['text']; $post->visibility = $_POST['visibility']; if (isset($_POST['associationId'])) { $post->associationId = $_POST['associationId']; $post->associationType = 'User'; } $post->user = Yii::app()->user->getName(); $post->type = 'feed'; $post->subtype = $_POST['subtype']; $post->lastUpdated = time(); $post->timestamp = time(); if ($post->save()) { if (!empty($post->associationId) && $post->associationId != Yii::app()->user->getId() && $post->isVisibleTo (User::model ()->findByPk ($post->associationId))) { $notif = new Notification; $notif->type = 'social_post'; $notif->createdBy = $post->user; $notif->modelType = 'Profile'; $notif->modelId = $post->associationId; $notif->user = Yii::app()->db->createCommand() ->select('username') ->from('x2_users') ->where('id=:id', array(':id' => $post->associationId)) ->queryScalar(); $notif->createDate = time(); $notif->save(); } } } }" 5453,"public function index($id) { $this->paginate['conditions'] = array('GalaxyElement.galaxy_cluster_id' => $id); $clusters = $this->paginate(); $this->set('list', $clusters); if ($this->request->is('ajax')) { $this->layout = 'ajax'; $this->render('ajax/index'); } }",True,PHP,index,GalaxyElementsController.php,https://github.com/MISP/MISP,MISP,mokaddem,2020-11-24 12:15:42+01:00,fix: [security] Make cluster's elements adhere to ACL,CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-29006,"}elseif($fieldRecord->type == 'phone'){ $tempPhone = preg_replace('/\D/', '', $term); if(strlen($tempPhone) == 10){ $phoneLookup = PhoneNumber::model()->findByAttributes(array('modelType' => $fieldRecord->modelName, 'number' => $tempPhone, 'fieldName' => $fieldName)); if(!in_array($otherRecord, $high, true) && !in_array($otherRecord, $medium, true) && !in_array($otherRecord, $low, true) && !in_array($otherRecord, $userHigh, true) && !in_array($otherRecord, $userMedium, true) && !in_array($otherRecord, $userLow, true)){ if(isset($phoneLookup) && $otherRecord->id == $phoneLookup->modelId){ if($otherRecord->hasAttribute('assignedTo') && $otherRecord->assignedTo == Yii::app()->user->getName()) $userHigh[] = $otherRecord; else $high[] = $otherRecord; } } } } } } } } $records = array_merge($high, $medium); $records = array_merge($records, $low); $userRecords = array_merge($userHigh, $userMedium); $userRecords = array_merge($userRecords, $userLow); $records = array_merge($userRecords, $records); $records = Record::convert($records, false); if(count($records) == 1){ if(!empty($records[0]['#recordUrl'])) { $this->redirect($records[0]['#recordUrl']); } } $dataProvider = new CArrayDataProvider($records, array( 'id' => 'id', 'pagination' => array( 'pageSize' => Profile::getResultsPerPage(), ), )); $this->render('search', array( 'records' => $records, 'dataProvider' => $dataProvider, 'term' => $term, )); }else{ Yii::app()->user->setState('vcr-list', $term); $_COOKIE['vcr-list'] = $term; $tagQuery = "" SELECT * FROM x2_tags WHERE tag=:tag group BY tag, type, itemId""; $params = array (':tag' => $term); $sql = Yii::app()->db->createCommand ($tagQuery); $totalItemCount = Yii::app()->db->createCommand ("" SELECT count(*) FROM ($tagQuery) as t1; "")->queryScalar ($params); $results = new CSqlDataProvider ($sql, array ( 'totalItemCount' => $totalItemCount, 'sort' => array( 'defaultOrder' => 'timestamp DESC', ), 'pagination' => array( 'pageSize' => Profile::getResultsPerPage(), ), 'params' => $params, )); $this->render('searchTags', array( 'tags' => $results, 'term' => $term, )); } }" 5462,"$data[$k][$k2] = trim($data[$k][$k2]); } } } } $this->Controller->set('passedArgs', json_encode($this->Controller->passedArgs)); return $data; }",True,PHP,trim,IndexFilterComponent.php,https://github.com/MISP/MISP,MISP,iglocska,2022-12-22 13:11:57+01:00,chg: [cleanup] indexfilter unused leftover functionality reworked,CWE-755,Improper Handling of Exceptional Conditions,The product does not handle or incorrectly handles an exceptional condition.,https://cwe.mitre.org/data/definitions/755.html,CVE-2022-48328,"}elseif($fieldRecord->type == 'phone'){ $tempPhone = preg_replace('/\D/', '', $term); if(strlen($tempPhone) == 10){ $phoneLookup = PhoneNumber::model()->findByAttributes(array('modelType' => $fieldRecord->modelName, 'number' => $tempPhone, 'fieldName' => $fieldName)); if(!in_array($otherRecord, $high, true) && !in_array($otherRecord, $medium, true) && !in_array($otherRecord, $low, true) && !in_array($otherRecord, $userHigh, true) && !in_array($otherRecord, $userMedium, true) && !in_array($otherRecord, $userLow, true)){ if(isset($phoneLookup) && $otherRecord->id == $phoneLookup->modelId){ if($otherRecord->hasAttribute('assignedTo') && $otherRecord->assignedTo == Yii::app()->user->getName()) $userHigh[] = $otherRecord; else $high[] = $otherRecord; } } } } } } } } $records = array_merge($high, $medium); $records = array_merge($records, $low); $userRecords = array_merge($userHigh, $userMedium); $userRecords = array_merge($userRecords, $userLow); $records = array_merge($userRecords, $records); $records = Record::convert($records, false); if(count($records) == 1){ if(!empty($records[0]['#recordUrl'])) { $this->redirect($records[0]['#recordUrl']); } } $dataProvider = new CArrayDataProvider($records, array( 'id' => 'id', 'pagination' => array( 'pageSize' => Profile::getResultsPerPage(), ), )); $this->render('search', array( 'records' => $records, 'dataProvider' => $dataProvider, 'term' => $term, )); }else{ Yii::app()->user->setState('vcr-list', $term); $_COOKIE['vcr-list'] = $term; $tagQuery = "" SELECT * FROM x2_tags WHERE tag=:tag group BY tag, type, itemId""; $params = array (':tag' => $term); $sql = Yii::app()->db->createCommand ($tagQuery); $totalItemCount = Yii::app()->db->createCommand ("" SELECT count(*) FROM ($tagQuery) as t1; "")->queryScalar ($params); $results = new CSqlDataProvider ($sql, array ( 'totalItemCount' => $totalItemCount, 'sort' => array( 'defaultOrder' => 'timestamp DESC', ), 'pagination' => array( 'pageSize' => Profile::getResultsPerPage(), ), 'params' => $params, )); $this->render('searchTags', array( 'tags' => $results, 'term' => $term, )); } }" 5464,"foreach ($options['additional_delimiters'] as $delim) { if (strpos($v, $delim) !== false) { $found = true; break; } }",True,PHP,foreach,IndexFilterComponent.php,https://github.com/MISP/MISP,MISP,iglocska,2022-12-22 13:11:57+01:00,chg: [cleanup] indexfilter unused leftover functionality reworked,CWE-755,Improper Handling of Exceptional Conditions,The product does not handle or incorrectly handles an exceptional condition.,https://cwe.mitre.org/data/definitions/755.html,CVE-2022-48328,"}elseif($fieldRecord->type == 'phone'){ $tempPhone = preg_replace('/\D/', '', $term); if(strlen($tempPhone) == 10){ $phoneLookup = PhoneNumber::model()->findByAttributes(array('modelType' => $fieldRecord->modelName, 'number' => $tempPhone, 'fieldName' => $fieldName)); if(!in_array($otherRecord, $high, true) && !in_array($otherRecord, $medium, true) && !in_array($otherRecord, $low, true) && !in_array($otherRecord, $userHigh, true) && !in_array($otherRecord, $userMedium, true) && !in_array($otherRecord, $userLow, true)){ if(isset($phoneLookup) && $otherRecord->id == $phoneLookup->modelId){ if($otherRecord->hasAttribute('assignedTo') && $otherRecord->assignedTo == Yii::app()->user->getName()) $userHigh[] = $otherRecord; else $high[] = $otherRecord; } } } } } } } } $records = array_merge($high, $medium); $records = array_merge($records, $low); $userRecords = array_merge($userHigh, $userMedium); $userRecords = array_merge($userRecords, $userLow); $records = array_merge($userRecords, $records); $records = Record::convert($records, false); if(count($records) == 1){ if(!empty($records[0]['#recordUrl'])) { $this->redirect($records[0]['#recordUrl']); } } $dataProvider = new CArrayDataProvider($records, array( 'id' => 'id', 'pagination' => array( 'pageSize' => Profile::getResultsPerPage(), ), )); $this->render('search', array( 'records' => $records, 'dataProvider' => $dataProvider, 'term' => $term, )); }else{ Yii::app()->user->setState('vcr-list', $term); $_COOKIE['vcr-list'] = $term; $tagQuery = "" SELECT * FROM x2_tags WHERE tag=:tag group BY tag, type, itemId""; $params = array (':tag' => $term); $sql = Yii::app()->db->createCommand ($tagQuery); $totalItemCount = Yii::app()->db->createCommand ("" SELECT count(*) FROM ($tagQuery) as t1; "")->queryScalar ($params); $results = new CSqlDataProvider ($sql, array ( 'totalItemCount' => $totalItemCount, 'sort' => array( 'defaultOrder' => 'timestamp DESC', ), 'pagination' => array( 'pageSize' => Profile::getResultsPerPage(), ), 'params' => $params, )); $this->render('searchTags', array( 'tags' => $results, 'term' => $term, )); } }" 5467,"return !empty($paramArray[$paramName]); }, ARRAY_FILTER_USE_KEY); $this->Controller->set('passedArgs', json_encode($this->Controller->passedArgs)); return $data; }",True,PHP,empty,IndexFilterComponent.php,https://github.com/MISP/MISP,MISP,iglocska,2022-12-22 15:35:30+01:00,chg: [runaway function] split into easier to comprehend ones,CWE-755,Improper Handling of Exceptional Conditions,The product does not handle or incorrectly handles an exceptional condition.,https://cwe.mitre.org/data/definitions/755.html,CVE-2022-48328,public function actionHideWidget() { if (isset($_POST['name']) && isset ($_POST['position'])) { $name = $_POST['name']; $position = $_POST['position']; $layout = Yii::app()->params->profile->getLayout(); if (isset ($layout[$position][$name])) { $layout['hiddenRight'][$name] = $layout[$position][$name]; unset ($layout[$position][$name]); Yii::app()->params->profile->saveLayout($layout); } echo Yii::app()->params->profile->getWidgetMenu(); } } 5469,"public function add(array $params = []) { $modelName = $this->Controller->modelClass; $data = []; if ($this->Controller->request->is('post')) { $input = $this->Controller->request->data; if (empty($input[$modelName])) { $input = [$modelName => $input]; } if (!empty($params['override'])) { foreach ($params['override'] as $field => $value) { $input[$modelName][$field] = $value; } } unset($input[$modelName]['id']); if (!empty($params['fields'])) { $data = []; foreach ($params['fields'] as $field) { $data[$field] = $input[$modelName][$field]; } } else { $data = $input; } if (isset($params['beforeSave'])) { $data = $params['beforeSave']($data); } $model = $this->Controller->{$modelName}; $savedData = $model->save($data); if ($savedData) { if (isset($params['afterSave'])) { $params['afterSave']($data); } $data = $model->find('first', [ 'recursive' => -1, 'conditions' => [ 'id' => $model->id ] ]); if (empty($data)) { throw new Exception(""Something went wrong, saved data not found in database.""); } if (isset($params['afterFind'])) { $data = $params['afterFind']($data, $savedData); } $message = __('%s added.', $modelName); if ($this->Controller->IndexFilter->isRest()) { $this->Controller->restResponsePayload = $this->Controller->RestResponse->viewData($data, 'json'); } else { $this->Controller->Flash->success($message); if (!empty($params['displayOnSuccess'])) { $this->Controller->set('entity', $data); $this->Controller->set('referer', $this->Controller->referer()); $this->Controller->render($params['displayOnSuccess']); return; } $redirect = isset($params['redirect']) ? $params['redirect'] : ['action' => 'index']; if (!empty($params['redirect_controller'])) { if (is_array($redirect)) { $redirect['controller'] = $params['redirect_controller']; } else { $redirect = '/' . $params['redirect_controller'] . '/' . $redirect; } } if ($this->Controller->request->is('ajax')) { $redirect = Router::url($redirect); $this->Controller->restResponsePayload = $this->Controller->RestResponse->viewData(['redirect' => $redirect], 'json'); } else { $this->Controller->redirect($redirect); } } } else { $message = __('%s could not be added.', $modelName); if ($this->Controller->IndexFilter->isRest()) { $controllerName = $this->Controller->params['controller']; $actionName = $this->Controller->params['action']; $this->Controller->restResponsePayload = $this->Controller->RestResponse->saveFailResponse($controllerName, $actionName, false, $model->validationErrors, 'json'); } else { $this->Controller->Flash->error($message); } } } $this->Controller->set('entity', $data); }",True,PHP,add,CRUDComponent.php,https://github.com/MISP/MISP,MISP,Sami Mokaddem,2023-01-10 10:05:22+01:00,"fix: [security] XSS in authkey add - as reported by Dawid Czarnecki from Zigrin Security",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-24070,public function actionHideWidget() { if (isset($_POST['name']) && isset ($_POST['position'])) { $name = $_POST['name']; $position = $_POST['position']; $layout = Yii::app()->params->profile->getLayout(); if (isset ($layout[$position][$name])) { $layout['hiddenRight'][$name] = $layout[$position][$name]; unset ($layout[$position][$name]); Yii::app()->params->profile->saveLayout($layout); } echo Yii::app()->params->profile->getWidgetMenu(); } } 5472,"private function __saveCert($server, $id, $client = false, $delete = false) { if ($client) { $subm = 'submitted_client_cert'; $attr = 'client_cert_file'; $ins = '_client'; } else { $subm = 'submitted_cert'; $attr = 'cert_file'; $ins = ''; } if (!$delete) { $ext = ''; App::uses('File', 'Utility'); App::uses('Folder', 'Utility'); App::uses('FileAccessTool', 'Tools'); if (isset($server['Server'][$subm]['name'])) { if ($this->request->data['Server'][$subm]['size'] != 0) { if (!$this->Server->checkFilename($server['Server'][$subm]['name'])) { throw new Exception(__('Filename not allowed')); } $file = new File($server['Server'][$subm]['name']); $ext = $file->ext(); if (!$server['Server'][$subm]['size'] > 0) { $this->Flash->error(__('Incorrect extension or empty file.')); $this->redirect(array('action' => 'index')); } $pemData = FileAccessTool::readFromFile($server['Server'][$subm]['tmp_name'], $server['Server'][$subm]['size']); } else { return true; } } else { $pemData = base64_decode($server['Server'][$subm]); } $destpath = APP . ""files"" . DS . ""certs"" . DS; $dir = new Folder(APP . ""files"" . DS . ""certs"", true); $pemfile = new File($destpath . $id . $ins . '.' . $ext); $result = $pemfile->write($pemData); $s = $this->Server->read(null, $id); $s['Server'][$attr] = $s['Server']['id'] . $ins . '.' . $ext; if ($result) { $this->Server->save($s); } } else { $s = $this->Server->read(null, $id); $s['Server'][$attr] = ''; $this->Server->save($s); } return true; }",True,PHP,__saveCert,ServersController.php,https://github.com/MISP/MISP,MISP,Luciano Righetti,2023-06-28 09:42:12+02:00,fix: properly handle different cert file extensions in server sync. #9084,CWE-209,Generation of Error Message Containing Sensitive Information,"The product generates an error message that includes sensitive information about its environment, users, or associated data.",https://cwe.mitre.org/data/definitions/209.html,CVE-2023-37306,public function actionHideWidget() { if (isset($_POST['name']) && isset ($_POST['position'])) { $name = $_POST['name']; $position = $_POST['position']; $layout = Yii::app()->params->profile->getLayout(); if (isset ($layout[$position][$name])) { $layout['hiddenRight'][$name] = $layout[$position][$name]; unset ($layout[$position][$name]); Yii::app()->params->profile->saveLayout($layout); } echo Yii::app()->params->profile->getWidgetMenu(); } } 5473,"public function setupHttpSocket($server = null, $timeout = false, $model = 'Server') { $params = ['compress' => true]; if (!empty($server)) { if (!empty($server[$model]['cert_file'])) { $params['ssl_cafile'] = APP . ""files"" . DS . ""certs"" . DS . $server[$model]['id'] . '.pem'; } if (!empty($server[$model]['client_cert_file'])) { $params['ssl_local_cert'] = APP . ""files"" . DS . ""certs"" . DS . $server[$model]['id'] . '_client.pem'; } if (!empty($server[$model]['self_signed'])) { $params['ssl_allow_self_signed'] = true; $params['ssl_verify_peer_name'] = false; if (!isset($server[$model]['cert_file'])) { $params['ssl_verify_peer'] = false; } } if (!empty($server[$model]['skip_proxy'])) { $params['skip_proxy'] = 1; } if (!empty($timeout)) { $params['timeout'] = $timeout; } } return $this->createHttpSocket($params); }",True,PHP,setupHttpSocket,SyncTool.php,https://github.com/MISP/MISP,MISP,Luciano Righetti,2023-06-28 09:42:12+02:00,fix: properly handle different cert file extensions in server sync. #9084,CWE-209,Generation of Error Message Containing Sensitive Information,"The product generates an error message that includes sensitive information about its environment, users, or associated data.",https://cwe.mitre.org/data/definitions/209.html,CVE-2023-37306,public function actionHideWidget() { if (isset($_POST['name']) && isset ($_POST['position'])) { $name = $_POST['name']; $position = $_POST['position']; $layout = Yii::app()->params->profile->getLayout(); if (isset ($layout[$position][$name])) { $layout['hiddenRight'][$name] = $layout[$position][$name]; unset ($layout[$position][$name]); Yii::app()->params->profile->saveLayout($layout); } echo Yii::app()->params->profile->getWidgetMenu(); } } 5478,"public function downloadAttachment($key='download', $id) { if ($key != null && $key != 'download') { $user = $this->checkAuthUser($key); } else { if (!$this->Auth->user()) { throw new UnauthorizedException(__('You are not authorized. Please send the Authorization header with your auth key along with an Accept header for application/xml.')); } $user = $this->checkAuthUser($this->Auth->user('authkey')); } if (!$user) { throw new UnauthorizedException(__('This authentication key is not authorized to be used for exports. Contact your administrator.')); } $this->Attribute->id = $id; if (!$this->Attribute->exists()) { throw new NotFoundException(__('Invalid attribute or no authorisation to view it.')); } $this->Attribute->read(null, $id); if (!$user['User']['siteAdmin'] && $user['User']['org_id'] != $this->Attribute->data['Event']['org_id'] && ( $this->Attribute->data['Event']['distribution'] == 0 || $this->Attribute->data['Attribute']['distribution'] == 0 )) { throw new NotFoundException(__('Invalid attribute or no authorisation to view it.')); } $this->__downloadAttachment($this->Attribute->data['Attribute']); }",True,PHP,downloadAttachment,AttributesController.php,https://github.com/MISP/MISP,MISP,mokaddem,2020-06-29 14:10:23+02:00,"fix: [security] Insufficient ACL checks in the attachment downloader fixed - Thanks to Jakub Onderka for reporting it",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2020-15411,"public function actionAppendTag() { if (isset($_POST['Type'], $_POST['Id'], $_POST['Tag']) && preg_match('/^[\w\d_-]+$/', $_POST['Type'])) { if (!class_exists($_POST['Type'])) { echo 'false'; return; } $model = X2Model::model($_POST['Type'])->findByPk($_POST['Id']); if ($model === null || !Yii::app()->controller->checkPermissions ($model, 'view')) { $this->denied (); } echo $model->addTags($_POST['Tag']); Yii::app()->end (); } echo 'false'; }" 5479,public function download($id = null) { $this->Attribute->id = $id; if (!$this->Attribute->exists()) { throw new NotFoundException(__('Invalid attribute')); } $this->Attribute->read(); if (!$this->_isSiteAdmin() && $this->Auth->user('org_id') != $this->Attribute->data['Event']['org_id'] && ( $this->Attribute->data['Event']['distribution'] == 0 || $this->Attribute->data['Attribute']['distribution'] == 0 )) { throw new UnauthorizedException(__('You do not have the permission to view this event.')); } $this->__downloadAttachment($this->Attribute->data['Attribute']); },True,PHP,download,AttributesController.php,https://github.com/MISP/MISP,MISP,mokaddem,2020-06-29 14:10:23+02:00,"fix: [security] Insufficient ACL checks in the attachment downloader fixed - Thanks to Jakub Onderka for reporting it",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2020-15411,"public function actionAppendTag() { if (isset($_POST['Type'], $_POST['Id'], $_POST['Tag']) && preg_match('/^[\w\d_-]+$/', $_POST['Type'])) { if (!class_exists($_POST['Type'])) { echo 'false'; return; } $model = X2Model::model($_POST['Type'])->findByPk($_POST['Id']); if ($model === null || !Yii::app()->controller->checkPermissions ($model, 'view')) { $this->denied (); } echo $model->addTags($_POST['Tag']); Yii::app()->end (); } echo 'false'; }" 5481,"public function contact($id = null) { $id = $this->Toolbox->findIdByUuid($this->Event, $id); $this->Event->id = $id; if (!$this->Event->exists()) { throw new NotFoundException(__('Invalid event')); } if ($this->request->is('post') || $this->request->is('put')) { if (!isset($this->request->data['Event'])) { $this->request->data = array('Event' => $this->request->data); } $message = $this->request->data['Event']['message']; if (empty($message)) { $error = __('You must specify a message.'); if ($this->_isRest()) { throw new MethodNotAllowedException($error); } else { $this->Flash->error($error); $this->redirect(array('action' => 'contact', $id)); } } $creator_only = false; if (isset($this->request->data['Event']['person'])) { $creator_only = $this->request->data['Event']['person']; } $user = $this->Auth->user(); $user['gpgkey'] = $this->Event->User->getPGP($user['id']); $user['certif_public'] = $this->Event->User->getCertificate($user['id']); $success = $this->Event->sendContactEmailRouter($id, $message, $creator_only, $user, $this->_isSiteAdmin()); if ($success) { $return_message = __('Email sent to the reporter.'); if ($this->_isRest()) { return $this->RestResponse->saveSuccessResponse('Events', 'contact', $id, $this->response->type(), $return_message); } else { $this->Flash->success($return_message); $this->redirect(array('action' => 'view', $id)); } } else { $return_message = __('Sending of email failed.'); if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Events', 'contact', $id, $return_message, $this->response->type()); } else { $this->Flash->error($return_message, 'default', array(), 'error'); $this->redirect(array('action' => 'view', $id)); } } } if (empty($this->data)) { $this->data = $this->Event->read(null, $id); } }",True,PHP,contact,EventsController.php,https://github.com/MISP/MISP,MISP,Jakub Onderka,2020-06-30 09:01:55+02:00,fix: [security] Check event ACL before allowing user to send event contact form,CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-15412,"public function actionAppendTag() { if (isset($_POST['Type'], $_POST['Id'], $_POST['Tag']) && preg_match('/^[\w\d_-]+$/', $_POST['Type'])) { if (!class_exists($_POST['Type'])) { echo 'false'; return; } $model = X2Model::model($_POST['Type'])->findByPk($_POST['Id']); if ($model === null || !Yii::app()->controller->checkPermissions ($model, 'view')) { $this->denied (); } echo $model->addTags($_POST['Tag']); Yii::app()->end (); } echo 'false'; }" 5483,"public function beforeFilter() { parent::beforeFilter(); $this->Security->unlockedActions = array_merge($this->Security->unlockedActions, array('setHomePage')); }",True,PHP,beforeFilter,UserSettingsController.php,https://github.com/MISP/MISP,MISP,iglocska,2020-07-14 14:26:11+02:00,"fix: [security] xss fix missing part of solution - the previous fix to the xss in the homepage setter was lacking the controller changes due to a partial commit (#bf4610c947c7dc372c4078f363d2dff6ae0703a8) - as originally discovered by Mislav Božičević - persistence of the vulnerability after the lacking fix reported by DIEGO JURADO PALLARES from Ciberinteligencia",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-24085,"public function actionAppendTag() { if (isset($_POST['Type'], $_POST['Id'], $_POST['Tag']) && preg_match('/^[\w\d_-]+$/', $_POST['Type'])) { if (!class_exists($_POST['Type'])) { echo 'false'; return; } $model = X2Model::model($_POST['Type'])->findByPk($_POST['Id']); if ($model === null || !Yii::app()->controller->checkPermissions ($model, 'view')) { $this->denied (); } echo $model->addTags($_POST['Tag']); Yii::app()->end (); } echo 'false'; }" 5484,"public function setHomePage() { if (!$this->request->is('post')) { throw new MethodNotAllowedException(__('This endpoint only aaccepts POST requests.')); } if (empty($this->request->data['path'])) { $this->request->data = array('path' => $this->request->data); } if (empty($this->request->data['path'])) { throw new InvalidArgumentException(__('No path POSTed.')); } $setting = array( 'UserSetting' => array( 'user_id' => $this->Auth->user('id'), 'setting' => 'homepage', 'value' => json_encode(array('path' => $this->request->data['path'])) ) ); $result = $this->UserSetting->setSetting($this->Auth->user(), $setting); return $this->RestResponse->saveSuccessResponse('UserSettings', 'setHomePage', false, $this->response->type(), 'Homepage set to ' . $this->request->data['path']); }",True,PHP,setHomePage,UserSettingsController.php,https://github.com/MISP/MISP,MISP,iglocska,2020-07-14 14:26:11+02:00,"fix: [security] xss fix missing part of solution - the previous fix to the xss in the homepage setter was lacking the controller changes due to a partial commit (#bf4610c947c7dc372c4078f363d2dff6ae0703a8) - as originally discovered by Mislav Božičević - persistence of the vulnerability after the lacking fix reported by DIEGO JURADO PALLARES from Ciberinteligencia",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-24085,"$criteria->addCondition ("" $userCondition OR user IN ( SELECT DISTINCT b.username FROM x2_group_to_user a JOIN x2_group_to_user b ON a.groupId=b.groupId WHERE a.username=:getAccessCriteria_username ) OR ( associationType='User' AND associationId in ( SELECT DISTINCT b.id FROM x2_group_to_user a JOIN x2_group_to_user b ON a.groupId=b.groupId WHERE a.userId=:getAccessCriteria_userId ) )""); } else { $criteria->addCondition ("" $userCondition OR visibility=1 ""); } } if ($profile) { $criteria->params[':getAccessCriteria_profileUsername'] = $profile->username; $criteria->addCondition (""user=:getAccessCriteria_profileUsername""); if (!Yii::app()->params->isAdmin) { $criteria->addCondition (""visibility=1""); } } return $criteria; }" 5492,"$description = ""User ("" . $this->User->id . ""): "" . $this->Auth->user('email'); $fieldsResult = ""Password changed.""; } $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $this->Log->save(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => $model, 'model_id' => $modelId, 'email' => $this->Auth->user('email'), 'action' => $action, 'title' => $description, 'change' => isset($fieldsResult) ? $fieldsResult : '')); App::import('Lib', 'SysLog.SysLog'); $syslog = new SysLog(); if (isset($fieldsResult) && $fieldsResult) { $syslog->write('notice', $description . ' -- ' . $action . ' -- ' . $fieldsResult); } else { $syslog->write('notice', $description . ' -- ' . $action); } }",True,PHP,user,UsersController.php,https://github.com/MISP/MISP,MISP,iglocska,2019-09-09 13:00:21+02:00,"fix: [security] Fix to a vulnerability related to the server index - along with various support tools - more information coming soon",CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2019-16202,"$criteria->addCondition ("" $userCondition OR user IN ( SELECT DISTINCT b.username FROM x2_group_to_user a JOIN x2_group_to_user b ON a.groupId=b.groupId WHERE a.username=:getAccessCriteria_username ) OR ( associationType='User' AND associationId in ( SELECT DISTINCT b.id FROM x2_group_to_user a JOIN x2_group_to_user b ON a.groupId=b.groupId WHERE a.userId=:getAccessCriteria_userId ) )""); } else { $criteria->addCondition ("" $userCondition OR visibility=1 ""); } } if ($profile) { $criteria->params[':getAccessCriteria_profileUsername'] = $profile->username; $criteria->addCondition (""user=:getAccessCriteria_profileUsername""); if (!Yii::app()->params->isAdmin) { $criteria->addCondition (""visibility=1""); } } return $criteria; }" 5495,"public function logout() { if ($this->Session->check('Auth.User')) { $this->__extralog(""logout""); } $this->Flash->info(__('Good-Bye')); $user = $this->User->find('first', array( 'conditions' => array( 'User.id' => $this->Auth->user('id') ), 'recursive' => -1 )); unset($user['User']['password']); $user['User']['action'] = 'logout'; $this->User->save($user['User'], true, array('id')); $this->redirect($this->Auth->logout()); }",True,PHP,logout,UsersController.php,https://github.com/MISP/MISP,MISP,iglocska,2019-09-09 13:00:21+02:00,"fix: [security] Fix to a vulnerability related to the server index - along with various support tools - more information coming soon",CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2019-16202,"$criteria->addCondition ("" $userCondition OR user IN ( SELECT DISTINCT b.username FROM x2_group_to_user a JOIN x2_group_to_user b ON a.groupId=b.groupId WHERE a.username=:getAccessCriteria_username ) OR ( associationType='User' AND associationId in ( SELECT DISTINCT b.id FROM x2_group_to_user a JOIN x2_group_to_user b ON a.groupId=b.groupId WHERE a.userId=:getAccessCriteria_userId ) )""); } else { $criteria->addCondition ("" $userCondition OR visibility=1 ""); } } if ($profile) { $criteria->params[':getAccessCriteria_profileUsername'] = $profile->username; $criteria->addCondition (""user=:getAccessCriteria_profileUsername""); if (!Yii::app()->params->isAdmin) { $criteria->addCondition (""visibility=1""); } } return $criteria; }" 5496,"public function admin_delete($id = null) { if (!$this->request->is('post') && !$this->request->is('delete')) { throw new MethodNotAllowedException(__('Action not allowed, post or delete request expected.')); } if (!$this->_isAdmin()) { throw new Exception('Administrators only.'); } $this->User->id = $id; $conditions = array('User.id' => $id); if (!$this->_isSiteAdmin()) { $conditions['org_id'] = $this->Auth->user('org_id'); } $user = $this->User->find('first', array( 'conditions' => $conditions, 'recursive' => -1 )); if (empty($user)) { throw new NotFoundException(__('Invalid user')); } $fieldsDescrStr = 'User (' . $id . '): ' . $user['User']['email']; if ($this->User->delete($id)) { $this->__extralog(""delete"", $fieldsDescrStr, ''); if ($this->_isRest()) { return $this->RestResponse->saveSuccessResponse('User', 'admin_delete', $id, $this->response->type(), 'User deleted.'); } else { $this->Flash->success(__('User deleted')); $this->redirect(array('action' => 'index')); } } $this->Flash->error(__('User was not deleted')); $this->redirect(array('action' => 'index')); }",True,PHP,admin_delete,UsersController.php,https://github.com/MISP/MISP,MISP,iglocska,2019-09-09 13:00:21+02:00,"fix: [security] Fix to a vulnerability related to the server index - along with various support tools - more information coming soon",CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2019-16202,"$criteria->addCondition ("" $userCondition OR user IN ( SELECT DISTINCT b.username FROM x2_group_to_user a JOIN x2_group_to_user b ON a.groupId=b.groupId WHERE a.username=:getAccessCriteria_username ) OR ( associationType='User' AND associationId in ( SELECT DISTINCT b.id FROM x2_group_to_user a JOIN x2_group_to_user b ON a.groupId=b.groupId WHERE a.userId=:getAccessCriteria_userId ) )""); } else { $criteria->addCondition ("" $userCondition OR visibility=1 ""); } } if ($profile) { $criteria->params[':getAccessCriteria_profileUsername'] = $profile->username; $criteria->addCondition (""user=:getAccessCriteria_profileUsername""); if (!Yii::app()->params->isAdmin) { $criteria->addCondition (""visibility=1""); } } return $criteria; }" 5497,"public function resetauthkey($id = null) { if (!$this->_isAdmin() && Configure::read('MISP.disableUserSelfManagement')) { throw new MethodNotAllowedException('User self-management has been disabled on this instance.'); } if ($id == 'me') { $id = $this->Auth->user('id'); } if (!$this->userRole['perm_auth']) { throw new MethodNotAllowedException('Invalid action.'); } $this->User->id = $id; if (!$id || !$this->User->exists($id)) { throw new MethodNotAllowedException('Invalid user.'); } $user = $this->User->read(); $oldKey = $this->User->data['User']['authkey']; if (!$this->_isSiteAdmin() && !($this->_isAdmin() && $this->Auth->user('org_id') == $this->User->data['User']['org_id']) && ($this->Auth->user('id') != $id)) { throw new MethodNotAllowedException('Invalid user.'); } $newkey = $this->User->generateAuthKey(); $this->User->saveField('authkey', $newkey); $this->__extralog( 'reset_auth_key', 'Authentication key for user ' . $user['User']['id'] . ' (' . $user['User']['email'] . ')', $fieldsResult = 'authkey(' . $oldKey . ') => (' . $newkey . ')' ); if (!$this->_isRest()) { $this->Flash->success(__('New authkey generated.', true)); $this->_refreshAuth(); $this->redirect($this->referer()); } else { return $this->RestResponse->saveSuccessResponse('User', 'resetauthkey', $id, $this->response->type(), 'Authkey updated: ' . $newkey); } }",True,PHP,resetauthkey,UsersController.php,https://github.com/MISP/MISP,MISP,iglocska,2019-09-09 13:00:21+02:00,"fix: [security] Fix to a vulnerability related to the server index - along with various support tools - more information coming soon",CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2019-16202,"public function beforeSave () { $valid = parent::beforeSave (); if ($valid && $this->_typeChanged) { $table = Yii::app()->db->schema->tables[$this->myTableName]; $existing = array_key_exists($this->fieldName, $table->columns) && $table->columns[$this->fieldName] instanceof CDbColumnSchema; if($existing){ $valid = $this->modifyColumn(); } } return $valid; }" 5499,"public function change_pw() { if (!$this->_isAdmin() && Configure::read('MISP.disableUserSelfManagement')) { throw new MethodNotAllowedException('User self-management has been disabled on this instance.'); } $id = $this->Auth->user('id'); $user = $this->User->find('first', array( 'conditions' => array('User.id' => $id), 'recursive' => -1 )); if ($this->request->is('post') || $this->request->is('put')) { if (!isset($this->request->data['User'])) { $this->request->data = array('User' => $this->request->data); } $abortPost = false; if (Configure::read('Security.require_password_confirmation')) { if (!empty($this->request->data['User']['current_password'])) { $hashed = $this->User->verifyPassword($this->Auth->user('id'), $this->request->data['User']['current_password']); if (!$hashed) { $message = __('Invalid password. Please enter your current password to continue.'); if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type()); } $abortPost = true; $this->Flash->error($message); } unset($this->request->data['User']['current_password']); } else if (!$this->_isRest()) { $message = __('Please enter your current password to continue.'); if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type()); } $abortPost = true; $this->Flash->info($message); } } if (!$abortPost) { $user['User']['change_pw'] = 0; $user['User']['password'] = $this->request->data['User']['password']; if ($this->_isRest()) { $user['User']['confirm_password'] = $this->request->data['User']['password']; } else { $user['User']['confirm_password'] = $this->request->data['User']['confirm_password']; } $temp = $user['User']['password']; if ($this->User->save($user)) { $message = __('Password Changed.'); $this->__extralog(""change_pw""); if ($this->_isRest()) { return $this->RestResponse->saveSuccessResponse('User', 'change_pw', false, $this->response->type(), $message); } $this->Flash->success($message); $this->_refreshAuth(); $this->redirect(array('action' => 'view', $id)); } else { $message = __('The password could not be updated. Make sure you meet the minimum password length / complexity requirements.'); if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type()); } $this->Flash->error($message); } } } if ($this->_isRest()) { return $this->RestResponse->describe('Users', 'change_pw', false, $this->response->type()); } $this->loadModel('Server'); $this->set('complexity', !empty(Configure::read('Security.password_policy_complexity')) ? Configure::read('Security.password_policy_complexity') : $this->Server->serverSettings['Security']['password_policy_complexity']['value']); $this->set('length', !empty(Configure::read('Security.password_policy_length')) ? Configure::read('Security.password_policy_length') : $this->Server->serverSettings['Security']['password_policy_length']['value']); $this->User->recursive = 0; $this->User->read(null, $id); $this->User->set('password', ''); $this->request->data = $this->User->data; $roles = $this->User->Role->find('list'); $this->set(compact('roles')); }",True,PHP,change_pw,UsersController.php,https://github.com/MISP/MISP,MISP,iglocska,2019-09-09 13:00:21+02:00,"fix: [security] Fix to a vulnerability related to the server index - along with various support tools - more information coming soon",CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2019-16202,"public function beforeSave () { $valid = parent::beforeSave (); if ($valid && $this->_typeChanged) { $table = Yii::app()->db->schema->tables[$this->myTableName]; $existing = array_key_exists($this->fieldName, $table->columns) && $table->columns[$this->fieldName] instanceof CDbColumnSchema; if($existing){ $valid = $this->modifyColumn(); } } return $valid; }" 5503,"private function __pullEvent($eventId, &$successes, &$fails, $eventModel, $server, $user, $jobId) { $event = $eventModel->downloadEventFromServer( $eventId, $server ); if (!empty($event)) { if ($this->__checkIfEventIsBlockedBeforePull($event)) { return false; } $event = $this->__updatePulledEventBeforeInsert($event, $server, $user); if (!$this->__checkIfEventSaveAble($event)) { $fails[$eventId] = __('Empty event detected.'); } else { $this->__checkIfPulledEventExistsAndAddOrUpdate($event, $eventId, $successes, $fails, $eventModel, $server, $user, $jobId); } } else { $fails[$eventId] = __('failed downloading the event') . ': ' . json_encode($event); } return true; }",True,PHP,__pullEvent,Server.php,https://github.com/MISP/MISP,MISP,iglocska,2019-09-09 13:00:21+02:00,"fix: [security] Fix to a vulnerability related to the server index - along with various support tools - more information coming soon",CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2019-16202,"public function beforeSave () { $valid = parent::beforeSave (); if ($valid && $this->_typeChanged) { $table = Yii::app()->db->schema->tables[$this->myTableName]; $existing = array_key_exists($this->fieldName, $table->columns) && $table->columns[$this->fieldName] instanceof CDbColumnSchema; if($existing){ $valid = $this->modifyColumn(); } } return $valid; }" 5505,"private function __checkIfPulledEventExistsAndAddOrUpdate($event, $eventId, &$successes, &$fails, $eventModel, $server, $user, $jobId) { $existingEvent = $eventModel->find('first', array('conditions' => array('Event.uuid' => $event['Event']['uuid']))); $passAlong = $server['Server']['id']; if (!$existingEvent) { $result = $eventModel->_add($event, true, $user, $server['Server']['org_id'], $passAlong, true, $jobId); if ($result === true) { $successes[] = $eventId; } else { $fails[$eventId] = __('Failed (partially?) because of errors: ') . $result; } } else { if (!$existingEvent['Event']['locked'] && !$server['Server']['internal']) { $fails[$eventId] = __('Blocked an edit to an event that was created locally. This can happen if a synchronised event that was created on this instance was modified by an administrator on the remote side.'); } else { $result = $eventModel->_edit($event, $user, $existingEvent['Event']['id'], $jobId, $passAlong); if ($result === true) { $successes[] = $eventId; } elseif (isset($result['error'])) { $fails[$eventId] = $result['error']; } else { $fails[$eventId] = json_encode($result); } } } }",True,PHP,__checkIfPulledEventExistsAndAddOrUpdate,Server.php,https://github.com/MISP/MISP,MISP,iglocska,2019-09-09 13:00:21+02:00,"fix: [security] Fix to a vulnerability related to the server index - along with various support tools - more information coming soon",CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2019-16202,"public function beforeSave () { $valid = parent::beforeSave (); if ($valid && $this->_typeChanged) { $table = Yii::app()->db->schema->tables[$this->myTableName]; $existing = array_key_exists($this->fieldName, $table->columns) && $table->columns[$this->fieldName] instanceof CDbColumnSchema; if($existing){ $valid = $this->modifyColumn(); } } return $valid; }" 5510,"private function __findObjectByUuid($object_uuid, &$type) { $this->loadModel('Event'); $object = $this->Event->find('first', array( 'conditions' => array( 'Event.uuid' => $object_uuid, ), 'fields' => array('Event.orgc_id', 'Event.id'), 'recursive' => -1 )); $type = 'Event'; if (!empty($object)) { if ( !$this->_isSiteAdmin() && !$this->userRole['perm_tagger'] && $object['Event']['orgc_id'] != $this->Auth->user('org_id') ) { throw new MethodNotAllowedException('Invalid Target.'); } } else { $type = 'Attribute'; $object = $this->Event->Attribute->find('first', array( 'conditions' => array( 'Attribute.uuid' => $object_uuid, ), 'fields' => array('Attribute.id'), 'recursive' => -1, 'contain' => array('Event.orgc_id') )); if (!empty($object)) { if (!$this->_isSiteAdmin() && !$this->userRole['perm_tagger'] && $object['Event']['orgc_id'] != $this->Auth->user('org_id')) { throw new MethodNotAllowedException('Invalid Target.'); } } else { throw new MethodNotAllowedException('Invalid Target.'); } } return $object; }",True,PHP,__findObjectByUuid,TagsController.php,https://github.com/MISP/MISP,MISP,iglocska,2019-11-26 11:36:49+01:00,"fix: [security] tightened checks for restricting users from tagging data they shouldn't be allowed to tag As reported by Christophe Vandeplas",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2019-19379,"$name = ucfirst($module->name); if (in_array($name, $skipModules)) { continue; } if($name != 'Document'){ $controllerName = $name.'Controller'; if(file_exists( 'protected/modules/'.$module->name.'/controllers/'.$controllerName.'.php')){ Yii::import(""application.modules.$module->name.controllers.$controllerName""); $controller = new $controllerName($controllerName); $model = $controller->modelClass; if(class_exists($model)){ $moduleList[$model] = Yii::t('app', $module->title); } } } } return $moduleList; }" 5512,"public function isBlacklisted($ip, $username) { $this->clean(); $params = array('conditions' => array( 'Bruteforce.ip' => $ip, 'Bruteforce.username' => $username),); $count = $this->find('count', $params); if ($count >= Configure::read('SecureAuth.amount')) { return true; } else { return false; } }",True,PHP,isBlacklisted,Bruteforce.php,https://github.com/MISP/MISP,MISP,iglocska,2020-02-08 09:35:37+01:00,"fix: [security] brutefoce protection rules tightened - as reported by Dawid Czarnecki",CWE-367,Time-of-check Time-of-use (TOCTOU) Race Condition,"The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.",https://cwe.mitre.org/data/definitions/367.html,CVE-2020-8890,"$name = ucfirst($module->name); if (in_array($name, $skipModules)) { continue; } if($name != 'Document'){ $controllerName = $name.'Controller'; if(file_exists( 'protected/modules/'.$module->name.'/controllers/'.$controllerName.'.php')){ Yii::import(""application.modules.$module->name.controllers.$controllerName""); $controller = new $controllerName($controllerName); $model = $controller->modelClass; if(class_exists($model)){ $moduleList[$model] = Yii::t('app', $module->title); } } } } return $moduleList; }" 5513,"public function isBlacklisted($ip, $username) { $this->clean(); $params = array('conditions' => array( 'Bruteforce.ip' => $ip, 'Bruteforce.username' => $username),); $count = $this->find('count', $params); if ($count >= Configure::read('SecureAuth.amount')) { return true; } else { return false; } }",True,PHP,isBlacklisted,Bruteforce.php,https://github.com/MISP/MISP,MISP,iglocska,2020-02-08 09:35:37+01:00,"fix: [security] brutefoce protection rules tightened - as reported by Dawid Czarnecki",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2020-8891,"$name = ucfirst($module->name); if (in_array($name, $skipModules)) { continue; } if($name != 'Document'){ $controllerName = $name.'Controller'; if(file_exists( 'protected/modules/'.$module->name.'/controllers/'.$controllerName.'.php')){ Yii::import(""application.modules.$module->name.controllers.$controllerName""); $controller = new $controllerName($controllerName); $model = $controller->modelClass; if(class_exists($model)){ $moduleList[$model] = Yii::t('app', $module->title); } } } } return $moduleList; }" 5514,"public function isBlacklisted($ip, $username) { $this->clean(); $params = array('conditions' => array( 'Bruteforce.ip' => $ip, 'Bruteforce.username' => $username),); $count = $this->find('count', $params); if ($count >= Configure::read('SecureAuth.amount')) { return true; } else { return false; } }",True,PHP,isBlacklisted,Bruteforce.php,https://github.com/MISP/MISP,MISP,iglocska,2020-02-08 09:35:37+01:00,"fix: [security] brutefoce protection rules tightened - as reported by Dawid Czarnecki",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2020-8892,"$name = ucfirst($module->name); if (in_array($name, $skipModules)) { continue; } if($name != 'Document'){ $controllerName = $name.'Controller'; if(file_exists( 'protected/modules/'.$module->name.'/controllers/'.$controllerName.'.php')){ Yii::import(""application.modules.$module->name.controllers.$controllerName""); $controller = new $controllerName($controllerName); $model = $controller->modelClass; if(class_exists($model)){ $moduleList[$model] = Yii::t('app', $module->title); } } } } return $moduleList; }" 5525,public function clean() { $dataSourceConfig = ConnectionManager::getDataSource('default')->config; $dataSource = $dataSourceConfig['datasource']; if ($dataSource == 'Database/Mysql') { $sql = 'DELETE FROM bruteforces WHERE `expire` <= NOW();'; } elseif ($dataSource == 'Database/Postgres') { $sql = 'DELETE FROM bruteforces WHERE expire <= NOW();'; } $this->query($sql); },True,PHP,clean,Bruteforce.php,https://github.com/MISP/MISP,MISP,iglocska,2020-02-10 11:41:54+01:00,"fix: [security] Further fixes to the bruteforce handling - resolved a potential failure of the subsystem when the MySQL and the webserver time settings are diverged - as reported by Dawid Czarnecki - several tightenings of the checks to avoid potential foul play",CWE-367,Time-of-check Time-of-use (TOCTOU) Race Condition,"The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.",https://cwe.mitre.org/data/definitions/367.html,CVE-2020-8890,"public function getLayout(){ $layout = $this->getAttribute('layout'); $initLayout = $this->initLayout(); if(!$layout){ $layout = $initLayout; $this->layout = json_encode($layout); $this->update(array('layout')); }else{ $layout = json_decode($layout, true); if (!is_array ($layout)) $layout = array (); $this->addRemoveLayoutElements('left', $layout, $initLayout); $this->addRemoveLayoutElements('right', $layout, $initLayout); } return $layout; }" 5526,public function clean() { $dataSourceConfig = ConnectionManager::getDataSource('default')->config; $dataSource = $dataSourceConfig['datasource']; if ($dataSource == 'Database/Mysql') { $sql = 'DELETE FROM bruteforces WHERE `expire` <= NOW();'; } elseif ($dataSource == 'Database/Postgres') { $sql = 'DELETE FROM bruteforces WHERE expire <= NOW();'; } $this->query($sql); },True,PHP,clean,Bruteforce.php,https://github.com/MISP/MISP,MISP,iglocska,2020-02-10 11:41:54+01:00,"fix: [security] Further fixes to the bruteforce handling - resolved a potential failure of the subsystem when the MySQL and the webserver time settings are diverged - as reported by Dawid Czarnecki - several tightenings of the checks to avoid potential foul play",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2020-8891,"public function getLayout(){ $layout = $this->getAttribute('layout'); $initLayout = $this->initLayout(); if(!$layout){ $layout = $initLayout; $this->layout = json_encode($layout); $this->update(array('layout')); }else{ $layout = json_decode($layout, true); if (!is_array ($layout)) $layout = array (); $this->addRemoveLayoutElements('left', $layout, $initLayout); $this->addRemoveLayoutElements('right', $layout, $initLayout); } return $layout; }" 5527,public function clean() { $dataSourceConfig = ConnectionManager::getDataSource('default')->config; $dataSource = $dataSourceConfig['datasource']; if ($dataSource == 'Database/Mysql') { $sql = 'DELETE FROM bruteforces WHERE `expire` <= NOW();'; } elseif ($dataSource == 'Database/Postgres') { $sql = 'DELETE FROM bruteforces WHERE expire <= NOW();'; } $this->query($sql); },True,PHP,clean,Bruteforce.php,https://github.com/MISP/MISP,MISP,iglocska,2020-02-10 11:41:54+01:00,"fix: [security] Further fixes to the bruteforce handling - resolved a potential failure of the subsystem when the MySQL and the webserver time settings are diverged - as reported by Dawid Czarnecki - several tightenings of the checks to avoid potential foul play",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2020-8892,"public function getLayout(){ $layout = $this->getAttribute('layout'); $initLayout = $this->initLayout(); if(!$layout){ $layout = $initLayout; $this->layout = json_encode($layout); $this->update(array('layout')); }else{ $layout = json_decode($layout, true); if (!is_array ($layout)) $layout = array (); $this->addRemoveLayoutElements('left', $layout, $initLayout); $this->addRemoveLayoutElements('right', $layout, $initLayout); } return $layout; }" 5528,"public function insert($ip, $username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $expire = time() + Configure::read('SecureAuth.expire'); $expire = date('Y-m-d H:i:s', $expire); $bruteforceEntry = array( 'ip' => $ip, 'username' => $username, 'expire' => $expire ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; if ($this->isBlacklisted($ip, $username)) { $title .= 'This has tripped the bruteforce protection after ' . Configure::read('SecureAuth.amount') . ' failed attempts. The user is now blacklisted for ' . Configure::read('SecureAuth.expire') . ' seconds.'; } $log = array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', 'title' => $title ); $this->Log->save($log); }",True,PHP,insert,Bruteforce.php,https://github.com/MISP/MISP,MISP,iglocska,2020-02-10 11:41:54+01:00,"fix: [security] Further fixes to the bruteforce handling - resolved a potential failure of the subsystem when the MySQL and the webserver time settings are diverged - as reported by Dawid Czarnecki - several tightenings of the checks to avoid potential foul play",CWE-367,Time-of-check Time-of-use (TOCTOU) Race Condition,"The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.",https://cwe.mitre.org/data/definitions/367.html,CVE-2020-8890,"public function getLayout(){ $layout = $this->getAttribute('layout'); $initLayout = $this->initLayout(); if(!$layout){ $layout = $initLayout; $this->layout = json_encode($layout); $this->update(array('layout')); }else{ $layout = json_decode($layout, true); if (!is_array ($layout)) $layout = array (); $this->addRemoveLayoutElements('left', $layout, $initLayout); $this->addRemoveLayoutElements('right', $layout, $initLayout); } return $layout; }" 5529,"public function insert($ip, $username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $expire = time() + Configure::read('SecureAuth.expire'); $expire = date('Y-m-d H:i:s', $expire); $bruteforceEntry = array( 'ip' => $ip, 'username' => $username, 'expire' => $expire ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; if ($this->isBlacklisted($ip, $username)) { $title .= 'This has tripped the bruteforce protection after ' . Configure::read('SecureAuth.amount') . ' failed attempts. The user is now blacklisted for ' . Configure::read('SecureAuth.expire') . ' seconds.'; } $log = array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', 'title' => $title ); $this->Log->save($log); }",True,PHP,insert,Bruteforce.php,https://github.com/MISP/MISP,MISP,iglocska,2020-02-10 11:41:54+01:00,"fix: [security] Further fixes to the bruteforce handling - resolved a potential failure of the subsystem when the MySQL and the webserver time settings are diverged - as reported by Dawid Czarnecki - several tightenings of the checks to avoid potential foul play",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2020-8891,"$layout[$position] = array($elem => $initLayout[$position][$elem]) + $layout[$position]; $changed = true; } $arrayDiff = array_diff(array_keys($layoutWidgets), array_keys($initLayoutWidgets)); foreach($arrayDiff as $elem){ if(in_array ($elem, array_keys ($layout[$position]))) { unset($layout[$position][$elem]); $changed = true; } else if($position === 'right' && in_array ($elem, array_keys ($layout['hiddenRight']))) { unset($layout['hiddenRight'][$elem]); $changed = true; } } foreach($layout[$position] as $name=>$arr){ if (in_array ($name, array_keys ($initLayoutWidgets)) && $initLayoutWidgets[$name]['title'] !== $arr['title']) { $layout[$position][$name]['title'] = $initLayoutWidgets[$name]['title']; $changed = true; } } if ($position === 'right') { foreach($layout['hiddenRight'] as $name=>$arr){ if (in_array ($name, array_keys ($initLayoutWidgets)) && $initLayoutWidgets[$name]['title'] !== $arr['title']) { $layout['hiddenRight'][$name]['title'] = $initLayoutWidgets[$name]['title']; $changed = true; } } } if($changed){ $this->layout = json_encode($layout); $this->update(array('layout')); } }" 5530,"public function insert($ip, $username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $expire = time() + Configure::read('SecureAuth.expire'); $expire = date('Y-m-d H:i:s', $expire); $bruteforceEntry = array( 'ip' => $ip, 'username' => $username, 'expire' => $expire ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; if ($this->isBlacklisted($ip, $username)) { $title .= 'This has tripped the bruteforce protection after ' . Configure::read('SecureAuth.amount') . ' failed attempts. The user is now blacklisted for ' . Configure::read('SecureAuth.expire') . ' seconds.'; } $log = array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', 'title' => $title ); $this->Log->save($log); }",True,PHP,insert,Bruteforce.php,https://github.com/MISP/MISP,MISP,iglocska,2020-02-10 11:41:54+01:00,"fix: [security] Further fixes to the bruteforce handling - resolved a potential failure of the subsystem when the MySQL and the webserver time settings are diverged - as reported by Dawid Czarnecki - several tightenings of the checks to avoid potential foul play",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2020-8892,"$layout[$position] = array($elem => $initLayout[$position][$elem]) + $layout[$position]; $changed = true; } $arrayDiff = array_diff(array_keys($layoutWidgets), array_keys($initLayoutWidgets)); foreach($arrayDiff as $elem){ if(in_array ($elem, array_keys ($layout[$position]))) { unset($layout[$position][$elem]); $changed = true; } else if($position === 'right' && in_array ($elem, array_keys ($layout['hiddenRight']))) { unset($layout['hiddenRight'][$elem]); $changed = true; } } foreach($layout[$position] as $name=>$arr){ if (in_array ($name, array_keys ($initLayoutWidgets)) && $initLayoutWidgets[$name]['title'] !== $arr['title']) { $layout[$position][$name]['title'] = $initLayoutWidgets[$name]['title']; $changed = true; } } if ($position === 'right') { foreach($layout['hiddenRight'] as $name=>$arr){ if (in_array ($name, array_keys ($initLayoutWidgets)) && $initLayoutWidgets[$name]['title'] !== $arr['title']) { $layout['hiddenRight'][$name]['title'] = $initLayoutWidgets[$name]['title']; $changed = true; } } } if($changed){ $this->layout = json_encode($layout); $this->update(array('layout')); } }" 5533,private function __add_query($cmd) { unset($this->__default_filters['returnFormat']); $body = json_encode($this->__default_filters); $bodyFilename = $this->__generateSetupFile($body); $bodyParam = ' --body ' . $bodyFilename; $levelParam = ' --level ' . strtolower($this->__scope) . 's'; $setup = json_encode($this->__setup); $setupFilename = $this->__generateSetupFile($setup); $setupParam = ' --setup ' . $setupFilename; $urlParam = ' --misp_url ' . $this->__url; $cmd .= $bodyParam . $setupParam . $levelParam . $urlParam; $results = shell_exec($cmd); unlink($bodyFilename); unlink($setupFilename); return $results; },True,PHP,__add_query,OpendataExport.php,https://github.com/MISP/MISP,MISP,iglocska,2021-07-30 15:53:36+02:00,chg: [opendata] updated and changed parameter handling,NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2021-41326,"$layout[$position] = array($elem => $initLayout[$position][$elem]) + $layout[$position]; $changed = true; } $arrayDiff = array_diff(array_keys($layoutWidgets), array_keys($initLayoutWidgets)); foreach($arrayDiff as $elem){ if(in_array ($elem, array_keys ($layout[$position]))) { unset($layout[$position][$elem]); $changed = true; } else if($position === 'right' && in_array ($elem, array_keys ($layout['hiddenRight']))) { unset($layout['hiddenRight'][$elem]); $changed = true; } } foreach($layout[$position] as $name=>$arr){ if (in_array ($name, array_keys ($initLayoutWidgets)) && $initLayoutWidgets[$name]['title'] !== $arr['title']) { $layout[$position][$name]['title'] = $initLayoutWidgets[$name]['title']; $changed = true; } } if ($position === 'right') { foreach($layout['hiddenRight'] as $name=>$arr){ if (in_array ($name, array_keys ($initLayoutWidgets)) && $initLayoutWidgets[$name]['title'] !== $arr['title']) { $layout['hiddenRight'][$name]['title'] = $initLayoutWidgets[$name]['title']; $changed = true; } } } if($changed){ $this->layout = json_encode($layout); $this->update(array('layout')); } }" 5535,"private function __simple_query($cmd) { if (!empty($this->__setup['resources'])) { if (is_array($this->__setup['resources'])) { foreach ($this->__setup['resources'] as $resource) { $cmd .= "" '"" . $resource . ""'""; } } else { $cmd .= "" '"" . $this->__setup['resources'] . ""'""; } } return shell_exec($cmd); }",True,PHP,__simple_query,OpendataExport.php,https://github.com/MISP/MISP,MISP,iglocska,2021-07-30 15:53:36+02:00,chg: [opendata] updated and changed parameter handling,NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2021-41326,"$layout[$position] = array($elem => $initLayout[$position][$elem]) + $layout[$position]; $changed = true; } $arrayDiff = array_diff(array_keys($layoutWidgets), array_keys($initLayoutWidgets)); foreach($arrayDiff as $elem){ if(in_array ($elem, array_keys ($layout[$position]))) { unset($layout[$position][$elem]); $changed = true; } else if($position === 'right' && in_array ($elem, array_keys ($layout['hiddenRight']))) { unset($layout['hiddenRight'][$elem]); $changed = true; } } foreach($layout[$position] as $name=>$arr){ if (in_array ($name, array_keys ($initLayoutWidgets)) && $initLayoutWidgets[$name]['title'] !== $arr['title']) { $layout[$position][$name]['title'] = $initLayoutWidgets[$name]['title']; $changed = true; } } if ($position === 'right') { foreach($layout['hiddenRight'] as $name=>$arr){ if (in_array ($name, array_keys ($initLayoutWidgets)) && $initLayoutWidgets[$name]['title'] !== $arr['title']) { $layout['hiddenRight'][$name]['title'] = $initLayoutWidgets[$name]['title']; $changed = true; } } } if($changed){ $this->layout = json_encode($layout); $this->update(array('layout')); } }" 5537,"private function __delete_query($cmd) { $cmd .= $this->__url . "" -d '"" . $this->__setup['dataset'] . ""'""; return $this->__simple_query($cmd); }",True,PHP,__delete_query,OpendataExport.php,https://github.com/MISP/MISP,MISP,iglocska,2021-07-30 15:53:36+02:00,chg: [opendata] updated and changed parameter handling,NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2021-41326,"$layout[$loc] = array_merge($layout[$loc],$data); } } } return $layout; }" 5538,public function footer() { $my_server = ClassRegistry::init('Server'); $cmd = $my_server->getPythonVersion() . ' ' . $this->__scripts_dir . $this->__script_name; if (!empty($this->__auth)) { $cmd .= ' --auth ' . $this->__auth; } if ($this->__search){ return $this->__search_query($cmd); } return $this->__delete ? $this->__delete_query($cmd) : $this->__add_query($cmd); },True,PHP,footer,OpendataExport.php,https://github.com/MISP/MISP,MISP,iglocska,2021-07-30 15:53:36+02:00,chg: [opendata] updated and changed parameter handling,NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2021-41326,"$layout[$loc] = array_merge($layout[$loc],$data); } } } return $layout; }" 5539,"private function __search_query($cmd) { $cmd .= $this->__url . "" -s '"" . $this->__setup['dataset'] . ""'""; return $this->__simple_query($cmd); }",True,PHP,__search_query,OpendataExport.php,https://github.com/MISP/MISP,MISP,iglocska,2021-07-30 15:53:36+02:00,chg: [opendata] updated and changed parameter handling,NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2021-41326,"$layout[$loc] = array_merge($layout[$loc],$data); } } } return $layout; }" 5545,"public function urlOrExistingFilepath($fields) { if ($this->isFeedLocal($this->data)) { if ($this->data['Feed']['source_format'] == 'misp') { if (!is_dir($this->data['Feed']['url'])) { return 'For MISP type local feeds, please specify the containing directory.'; } } else { if (!file_exists($this->data['Feed']['url'])) { return 'Invalid path or file not found. Make sure that the path points to an existing file that is readable and watch out for typos.'; } } } else { if (!filter_var($this->data['Feed']['url'], FILTER_VALIDATE_URL)) { return false; } } return true; }",True,PHP,urlOrExistingFilepath,Feed.php,https://github.com/MISP/MISP,MISP,iglocska,2022-04-17 18:25:51+02:00,"fix: [security] Sanitise paths for several file interactions - remove :// anywhere we don't expect a protocol to be supplied - remove phar:// in certauth plugin's fetcher - as reported by Dawid Czarnecki of Zigrin Security",CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-29528,"$layout[$loc] = array_merge($layout[$loc],$data); } } } return $layout; }" 5548,"unset($k, $v); } } return self::$user; }",True,PHP,unset,CertificateAuthenticate.php,https://github.com/MISP/MISP,MISP,iglocska,2022-04-17 18:25:51+02:00,"fix: [security] Sanitise paths for several file interactions - remove :// anywhere we don't expect a protocol to be supplied - remove phar:// in certauth plugin's fetcher - as reported by Dawid Czarnecki of Zigrin Security",CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-29528,public function renderAttribute ($name) { switch ($name) { case 'name': echo $this->relatedModel->getLink (); break; case 'relatedModelName': echo $this->getRelatedModelName (); break; case 'assignedTo': echo $this->relatedModel->renderAttribute ('assignedTo'); break; case 'label': echo $this->getLabel (); break; case 'createDate': echo isset ($this->relatedModel->createDate) ? X2Html::dynamicDate ($this->relatedModel->createDate) : ''; break; } } 5550,public static function ca() { if (is_null(self::$ca)) new CertificateAuthenticate(); return self::$ca; },True,PHP,ca,CertificateAuthenticate.php,https://github.com/MISP/MISP,MISP,iglocska,2022-04-17 18:25:51+02:00,"fix: [security] Sanitise paths for several file interactions - remove :// anywhere we don't expect a protocol to be supplied - remove phar:// in certauth plugin's fetcher - as reported by Dawid Czarnecki of Zigrin Security",CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-29528,public function renderAttribute ($name) { switch ($name) { case 'name': echo $this->relatedModel->getLink (); break; case 'relatedModelName': echo $this->getRelatedModelName (); break; case 'assignedTo': echo $this->relatedModel->renderAttribute ('assignedTo'); break; case 'label': echo $this->getLabel (); break; case 'createDate': echo isset ($this->relatedModel->createDate) ? X2Html::dynamicDate ($this->relatedModel->createDate) : ''; break; } } 5552,"public function getUser(CakeRequest $request) { if (empty(self::$user)) { if (self::$client) { self::$user = self::$client; $sync = Configure::read('CertAuth.syncUser'); $url = Configure::read('CertAuth.restApi.url'); if ($sync && $url) { if (!self::getRestUser()) return false; } $userModelKey = empty(Configure::read('CertAuth.userModelKey')) ? 'email' : Configure::read('CertAuth.userModelKey'); $userDefaults = Configure::read('CertAuth.userDefaults'); $this->User = ClassRegistry::init('User'); if (!empty(self::$user[$userModelKey])) { $existingUser = $this->User->find('first', array( 'conditions' => array($userModelKey => self::$user[$userModelKey]), 'recursive' => false )); } if ($existingUser) { if ($sync) { if (!isset(self::$user['org_id']) && isset(self::$user['org'])) { self::$user['org_id'] = $this->User->Organisation->createOrgFromName(self::$user['org'], $existingUser['User']['id'], true); if (self::$user['org_id'] && $existingUser['User']['org_id'] != self::$user['org_id']) { if ($userDefaults && is_array($userDefaults)) { self::$user = array_merge($userDefaults + self::$user); } } unset(self::$user['org']); } $write = array(); foreach (self::$user as $k => $v) { if (isset($existingUser['User'][$k]) && trim($existingUser['User'][$k]) != trim($v)) { $write[] = $k; $existingUser['User'][$k] = trim($v); } } if (!empty($write) && !$this->User->save($existingUser['User'], true, $write)) { CakeLog::write('alert', 'Could not update model at database with RestAPI data.'); } } self::$user = $this->User->getAuthUser($existingUser['User']['id']); if (isset(self::$user['gpgkey'])) unset(self::$user['gpgkey']); } else if ($sync && !empty(self::$user)) { $org = isset(self::$client['org']) ? self::$client['org'] : null; if ($org == null) return false; if (!isset(self::$user['org_id']) && isset(self::$user['org'])) { self::$user['org_id'] = $this->User->Organisation->createOrgFromName($org, 0, true); unset(self::$user['org']); } if ($userDefaults && is_array($userDefaults)) { self::$user = array_merge(self::$user, $userDefaults); } $this->User->create(); if ($this->User->save(self::$user)) { $id = $this->User->id; self::$user = $this->User->getAuthUser($id); if (isset(self::$user['gpgkey'])) unset(self::$user['gpgkey']); } else { CakeLog::write('alert', 'Could not insert model at database from RestAPI data. Reason: ' . json_encode($this->User->validationErrors)); } } else { self::$user = false; } } } return self::$user; }",True,PHP,getUser,CertificateAuthenticate.php,https://github.com/MISP/MISP,MISP,iglocska,2022-04-17 18:25:51+02:00,"fix: [security] Sanitise paths for several file interactions - remove :// anywhere we don't expect a protocol to be supplied - remove phar:// in certauth plugin's fetcher - as reported by Dawid Czarnecki of Zigrin Security",CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-29528,public function renderAttribute ($name) { switch ($name) { case 'name': echo $this->relatedModel->getLink (); break; case 'relatedModelName': echo $this->getRelatedModelName (); break; case 'assignedTo': echo $this->relatedModel->renderAttribute ('assignedTo'); break; case 'label': echo $this->getLabel (); break; case 'createDate': echo isset ($this->relatedModel->createDate) ? X2Html::dynamicDate ($this->relatedModel->createDate) : ''; break; } } 5553,"unset($map[$n], $n, $d); } unset($map); if(!self::$client) { self::$client = false; } } }",True,PHP,unset,CertificateAuthenticate.php,https://github.com/MISP/MISP,MISP,iglocska,2022-04-17 18:25:51+02:00,"fix: [security] Sanitise paths for several file interactions - remove :// anywhere we don't expect a protocol to be supplied - remove phar:// in certauth plugin's fetcher - as reported by Dawid Czarnecki of Zigrin Security",CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-29528,public function renderAttribute ($name) { switch ($name) { case 'name': echo $this->relatedModel->getLink (); break; case 'relatedModelName': echo $this->getRelatedModelName (); break; case 'assignedTo': echo $this->relatedModel->renderAttribute ('assignedTo'); break; case 'label': echo $this->getLabel (); break; case 'createDate': echo isset ($this->relatedModel->createDate) ? X2Html::dynamicDate ($this->relatedModel->createDate) : ''; break; } } 5554,public static function client() { if (is_null(self::$client)) new CertificateAuthenticate(); return self::$client; },True,PHP,client,CertificateAuthenticate.php,https://github.com/MISP/MISP,MISP,iglocska,2022-04-17 18:25:51+02:00,"fix: [security] Sanitise paths for several file interactions - remove :// anywhere we don't expect a protocol to be supplied - remove phar:// in certauth plugin's fetcher - as reported by Dawid Czarnecki of Zigrin Security",CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-29528,"CHtml::encode($tag->tag),array('/search/search','term'=>CHtml::encode($tag->tag)));" 5560,"unset($m[0][$i], $m[1][$i], $m[2][$i], $m[3][$i], $k, $v, $i); } } return $r; }",True,PHP,unset,CertificateAuthenticate.php,https://github.com/MISP/MISP,MISP,iglocska,2022-04-17 18:25:51+02:00,"fix: [security] Sanitise paths for several file interactions - remove :// anywhere we don't expect a protocol to be supplied - remove phar:// in certauth plugin's fetcher - as reported by Dawid Czarnecki of Zigrin Security",CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-29528,"CHtml::encode($tag->tag),array('/search/search','term'=>CHtml::encode($tag->tag)));" 5561,"public function authenticate(CakeRequest $request, CakeResponse $response) { return self::getUser($request); }",True,PHP,authenticate,CertificateAuthenticate.php,https://github.com/MISP/MISP,MISP,iglocska,2022-04-17 18:25:51+02:00,"fix: [security] Sanitise paths for several file interactions - remove :// anywhere we don't expect a protocol to be supplied - remove phar:// in certauth plugin's fetcher - as reported by Dawid Czarnecki of Zigrin Security",CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-29528,"CHtml::encode($tag->tag),array('/search/search','term'=>CHtml::encode($tag->tag)));" 5563,"public function fetchSGOrgRow($id, $removable = false, $extend = false) { $this->layout = false; $this->autoRender = false; $this->set('id', $id); $this->set('removable', $removable); $this->set('extend', $extend); $this->render('ajax/sg_org_row_empty'); }",True,PHP,fetchSGOrgRow,OrganisationsController.php,https://github.com/MISP/MISP,MISP,iglocska,2022-04-18 01:05:10+02:00,"fix: [security] low probability reflected XSS fixed - User would need to navigate to a url that contains the payload - user needs to click on a checkbox in a weird single checkbox page to trigger the exploit - as reported by Dawid Czarnecki of Zigrin Security on behalf of the Luxembourg Army",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-29533,"CHtml::encode($tag->tag),array('/search/search','term'=>CHtml::encode($tag->tag)));" 5564,"public function edit() { $currentUser = $this->User->find('first', array( 'conditions' => array('User.id' => $this->Auth->user('id')), 'recursive' => -1 )); if (empty($currentUser)) { throw new NotFoundException('Something went wrong. Your user account could not be accessed.'); } $id = $currentUser['User']['id']; if ($this->request->is('post') || $this->request->is('put')) { if (empty($this->request->data['User'])) { $this->request->data = array('User' => $this->request->data); } $abortPost = false; if (!empty($this->request->data['User']['email']) && !$this->_isSiteAdmin()) { $organisation = $this->User->Organisation->find('first', array( 'conditions' => array('Organisation.id' => $this->Auth->user('org_id')), 'recursive' => -1 )); if (!empty($organisation['Organisation']['restricted_to_domain'])) { $abortPost = true; foreach ($organisation['Organisation']['restricted_to_domain'] as $restriction) { if ( strlen($this->request->data['User']['email']) > strlen($restriction) && substr($this->request->data['User']['email'], (-1 * strlen($restriction))) === $restriction && in_array($this->request->data['User']['email'][strlen($this->request->data['User']['email']) - strlen($restriction) -1], array('@', '.')) ) { $abortPost = false; } } if ($abortPost) { $message = __('Invalid e-mail domain. Your user is restricted to creating users for the following domain(s): ') . implode(', ', $organisation['Organisation']['restricted_to_domain']); } } } if (!$abortPost && !$this->_isRest()) { if (Configure::read('Security.require_password_confirmation')) { if (!empty($this->request->data['User']['current_password'])) { $hashed = $this->User->verifyPassword($this->Auth->user('id'), $this->request->data['User']['current_password']); if (!$hashed) { $abortPost = true; $this->Flash->error('Invalid password. Please enter your current password to continue.'); } unset($this->request->data['User']['current_password']); } else { $abortPost = true; $this->Flash->info('Please enter your current password to continue.'); } } } if (!$abortPost) { $fieldList = array('autoalert', 'gpgkey', 'certif_public', 'nids_sid', 'contactalert', 'disabled', 'date_modified'); if ($this->__canChangeLogin()) { $fieldList[] = 'email'; } if ($this->__canChangePassword() && !empty($this->request->data['User']['password'])) { $fieldList[] = 'password'; $fieldList[] = 'confirm_password'; } foreach ($this->request->data['User'] as $k => $v) { $currentUser['User'][$k] = $v; } if ($this->_isRest()) { if (!empty($this->request->data['User']['password'])) { if ($this->request->data['User']['password'] === '*****') { unset($this->request->data['User']['password']); } else { $currentUser['User']['confirm_password'] = $this->request->data['User']['password']; } } } if ($this->User->save($currentUser, true, $fieldList)) { if ($this->_isRest()) { $user = $this->User->find('first', array( 'conditions' => array('User.id' => $id), 'recursive' => -1, 'contain' => array( 'Organisation', 'Role', 'UserSetting' ) )); return $this->RestResponse->viewData($this->__massageUserObject($user), $this->response->type()); } else { $this->Flash->success(__('The profile has been updated')); $this->redirect(array('action' => 'view', $id)); } } else { $message = __('The profile could not be updated. Please, try again.'); $abortPost = true; } } if ($abortPost) { $this->request->data['User']['password'] = ''; $this->request->data['User']['confirm_password'] = ''; if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Users', 'edit', $id, $message, $this->response->type()); } else { $this->Flash->error($message); } } } else { $this->User->data = $currentUser; $this->User->set('password', ''); $this->request->data = $this->User->data; } $this->loadModel('Server'); $this->set('complexity', !empty(Configure::read('Security.password_policy_complexity')) ? Configure::read('Security.password_policy_complexity') : $this->Server->serverSettings['Security']['password_policy_complexity']['value']); $this->set('length', !empty(Configure::read('Security.password_policy_length')) ? Configure::read('Security.password_policy_length') : $this->Server->serverSettings['Security']['password_policy_length']['value']); $roles = $this->User->Role->find('list'); $this->set('roles', $roles); $this->set('id', $id); $this->set('canChangePassword', $this->__canChangePassword()); $this->set('canChangeLogin', $this->__canChangeLogin()); }",True,PHP,edit,UsersController.php,https://github.com/MISP/MISP,MISP,iglocska,2022-04-18 02:00:13+02:00,"fix: [security] Password confirmation bypass in user edit - optional password confirmation can be potentially circumvented - fooling the user edit via a request that sets accept:application/json whilst posting form content - as reported by Dawid Czarnecki of Zigrin Security on behalf of the Luxembourg Army",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-29534,"public static function getModelTypes($assoc = false) { $modelTypes = Yii::app()->db->createCommand() ->selectDistinct('modelName') ->from('x2_fields') ->where('modelName!=""Calendar""') ->order('modelName ASC') ->queryColumn(); if ($assoc === true) { $modelTypes = array_combine($modelTypes, array_map(function($type) { return X2Model::model ($type)->getDisplayName (true, false); }, $modelTypes)); asort ($modelTypes); return $modelTypes; } $modelTypes = array_map(function($term) { return Yii::t('app', $term); }, $modelTypes); return $modelTypes; }" 5567,public function fetchFormFromTemplate($id) { },True,PHP,fetchFormFromTemplate,TemplatesController.php,https://github.com/MISP/MISP,MISP,Iglocska,2015-07-01 08:38:40+02:00,"Security fix: Fix to a possible PHP Object injection - unserialized user input replaced with json_decode",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2015-5721,"public static function getModelTypes($assoc = false) { $modelTypes = Yii::app()->db->createCommand() ->selectDistinct('modelName') ->from('x2_fields') ->where('modelName!=""Calendar""') ->order('modelName ASC') ->queryColumn(); if ($assoc === true) { $modelTypes = array_combine($modelTypes, array_map(function($type) { return X2Model::model ($type)->getDisplayName (true, false); }, $modelTypes)); asort ($modelTypes); return $modelTypes; } $modelTypes = array_map(function($term) { return Yii::t('app', $term); }, $modelTypes); return $modelTypes; }" 5568,"public function beforeFilter() { parent::beforeFilter(); $this->Security->unlockedActions = array('saveElementSorting', 'populateEventFromTemplate', 'uploadFile', 'deleteTemporaryFile'); }",True,PHP,beforeFilter,TemplatesController.php,https://github.com/MISP/MISP,MISP,Iglocska,2015-07-01 08:38:40+02:00,"Security fix: Fix to a possible PHP Object injection - unserialized user input replaced with json_decode",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2015-5721,"public static function getModelTypes($assoc = false) { $modelTypes = Yii::app()->db->createCommand() ->selectDistinct('modelName') ->from('x2_fields') ->where('modelName!=""Calendar""') ->order('modelName ASC') ->queryColumn(); if ($assoc === true) { $modelTypes = array_combine($modelTypes, array_map(function($type) { return X2Model::model ($type)->getDisplayName (true, false); }, $modelTypes)); asort ($modelTypes); return $modelTypes; } $modelTypes = array_map(function($term) { return Yii::t('app', $term); }, $modelTypes); return $modelTypes; }" 5570,"public function convertQuotes($string) { $string = str_ireplace('[QUOTE]', '
    ', $string); $string = str_ireplace('[/QUOTE]', '
    ', $string); $string = preg_replace('%\[event\]\s*(\d*)\s*\[/event\]%isU', ' Event $1', $string); $string = preg_replace('%\[thread\]\s*(\d*)\s*\[/thread\]%isU', ' Thread $1', $string); $string = preg_replace('%\[link\]\s*(http|https|ftp|git|ftps)(.*)\s*\[/link\]%isU', '$1$2', $string); $string = preg_replace('%\[code\](.*)\[/code\]%isU', '
    $1
    ', $string); return $string; }",True,PHP,convertQuotes,CommandHelper.php,https://github.com/MISP/MISP,MISP,iglocska,2017-08-24 16:34:48+02:00,"fix: Fixed a potential persistent cross site scripting in the comments - new tag parser for the comments implemented - Parser now cleanly pre-constructs the replacement items after finding tag pairs - This only impacts users of the same instance, as comments are not synchronised - as reported by Jurgen Jans and Cedric Van Bockhaven from Deloitte",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-13671,"public static function getModelTypes($assoc = false) { $modelTypes = Yii::app()->db->createCommand() ->selectDistinct('modelName') ->from('x2_fields') ->where('modelName!=""Calendar""') ->order('modelName ASC') ->queryColumn(); if ($assoc === true) { $modelTypes = array_combine($modelTypes, array_map(function($type) { return X2Model::model ($type)->getDisplayName (true, false); }, $modelTypes)); asort ($modelTypes); return $modelTypes; } $modelTypes = array_map(function($term) { return Yii::t('app', $term); }, $modelTypes); return $modelTypes; }" 5574,"public function getUser(CakeRequest $request) { if (empty(self::$user)) { if (self::$client) { self::$user = self::$client; $sync = Configure::read('CertAuth.syncUser'); if ($sync) { self::getRestUser(); } $userModelKey = empty(Configure::read('CertAuth.userModelKey')) ? 'email' : Configure::read('CertAuth.userModelKey'); $userDefaults = Configure::read('CertAuth.userDefaults'); $this->User = ClassRegistry::init('User'); $existingUser = $this->User->find('first', array( 'conditions' => array($userModelKey => self::$user[$userModelKey]), 'recursive' => false )); if ($existingUser) { if ($sync) { if (!isset(self::$user['org_id']) && isset(self::$user['org'])) { self::$user['org_id'] = $this->User->Organisation->createOrgFromName(self::$user['org'], $existingUser['User']['id'], true); if (self::$user['org_id'] && $existingUser['User']['org_id'] != self::$user['org_id']) { if ($userDefaults && is_array($userDefaults)) { self::$user = array_merge($userDefaults + self::$user); } } unset(self::$user['org']); } $write = array(); foreach (self::$user as $k => $v) { if (isset($existingUser['User'][$k]) && trim($existingUser['User'][$k]) != trim($v)) { $write[] = $k; $existingUser['User'][$k] = trim($v); } } if (!empty($write) && !$this->User->save($existingUser['User'], true, $write)) { CakeLog::write('alert', 'Could not update model at database with RestAPI data.'); } } self::$user = $this->User->getAuthUser($existingUser['User']['id']); if (isset(self::$user['gpgkey'])) unset(self::$user['gpgkey']); } else if ($sync && !empty(self::$user)) { $org = isset(self::$client['org']) ? self::$client['org'] : null; if ($org == null) return false; if (!isset(self::$user['org_id']) && isset(self::$user['org'])) { self::$user['org_id'] = $this->User->Organisation->createOrgFromName($org, 0, true); unset(self::$user['org']); } if ($userDefaults && is_array($userDefaults)) { self::$user = array_merge(self::$user, $userDefaults); } $this->User->create(); if ($this->User->save(self::$user)) { $id = $this->User->id; self::$user = $this->User->getAuthUser($id); if (isset(self::$user['gpgkey'])) unset(self::$user['gpgkey']); } else { CakeLog::write('alert', 'Could not insert model at database from RestAPI data. Reason: ' . json_encode($this->User->validationErrors)); } } else { self::$user = false; } } } return self::$user; }",True,PHP,getUser,CertificateAuthenticate.php,https://github.com/MISP/MISP,MISP,iglocska,2017-09-08 14:25:36+02:00,fix: Fix to certauth pains,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2017-14337,"public function getDisplayName ($plural=true, $ofModule=true) { $moduleName = X2Model::getModuleName (get_class ($this)); return Modules::displayName ($plural, $moduleName); }" 5576,"if ($field != 'confirm_password') array_push($fieldsOldValues, $this->User->field($field)); else array_push($fieldsOldValues, $this->User->field('password')); } if ( isset($this->request->data['User']['enable_password']) && $this->request->data['User']['enable_password'] != '0' && isset($this->request->data['User']['password']) && """" != $this->request->data['User']['password'] ) { $fields[] = 'password'; if ($this->_isRest() && !isset($this->request->data['User']['confirm_password'])) { $this->request->data['User']['confirm_password'] = $this->request->data['User']['password']; $fields[] = 'confirm_password'; } } if (!$this->_isRest()) { $fields[] = 'role_id'; } if (!$this->_isSiteAdmin()) { $this->loadModel('Role'); $this->Role->recursive = -1; $chosenRole = $this->Role->findById($this->request->data['User']['role_id']); if (empty($chosenRole) || (($chosenRole['Role']['id'] != $allowedRole) && ($chosenRole['Role']['perm_site_admin'] == 1 || $chosenRole['Role']['perm_regexp_access'] == 1 || $chosenRole['Role']['perm_sync'] == 1))) { throw new Exception('You are not authorised to assign that role to a user.'); } } if ($this->User->save($this->request->data, true, $fields)) { $fieldsNewValues = array(); foreach ($fields as $field) { if ($field != 'confirm_password') { $newValue = $this->data['User'][$field]; if (gettype($newValue) == 'array') { $newValueStr = ''; $cP = 0; foreach ($newValue as $newValuePart) { if ($cP < 2) $newValueStr .= '-' . $newValuePart; else $newValueStr = $newValuePart . $newValueStr; $cP++; } array_push($fieldsNewValues, $newValueStr); } else { array_push($fieldsNewValues, $newValue); } } else { array_push($fieldsNewValues, $this->data['User']['password']); } } $fieldsResultStr = ''; $c = 0; foreach ($fields as $field) { if (isset($fieldsOldValues[$c]) && $fieldsOldValues[$c] != $fieldsNewValues[$c]) { if ($field != 'confirm_password') { $fieldsResultStr = $fieldsResultStr . ', ' . $field . ' (' . $fieldsOldValues[$c] . ') => (' . $fieldsNewValues[$c] . ')'; } } $c++; } $fieldsResultStr = substr($fieldsResultStr, 2); $this->__extralog(""edit"", ""user"", $fieldsResultStr); if ($this->_isRest()) { $user = $this->User->find('first', array( 'conditions' => array('User.id' => $this->User->id), 'recursive' => -1 )); $user['User']['password'] = '******'; return $this->RestResponse->viewData($user, $this->response->type()); } else { $this->Session->setFlash(__('The user has been saved')); $this->_refreshAuth(); $this->redirect(array('action' => 'index')); } } else { if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Users', 'admin_edit', $id, $this->User->validationErrors, $this->response->type()); } else { $this->Session->setFlash(__('The user could not be saved. Please, try again.')); } } } } else {",True,PHP,array_push,UsersController.php,https://github.com/MISP/MISP,MISP,iglocska,2017-11-24 11:55:16+01:00,"fix: Leaking of hashed passwords in the audit logs fixed - Scope was limited due to the audit log access restrictions to site/org admins",CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2017-16946,"public function getDisplayName ($plural=true, $ofModule=true) { $moduleName = X2Model::getModuleName (get_class ($this)); return Modules::displayName ($plural, $moduleName); }" 5577,public function offset($offset) { $this->ar_offset = $offset; return $this; },True,PHP,offset,DB_active_rec.php,https://github.com/bcit-ci/CodeIgniter,bcit-ci,Andrey Andreev,2015-08-20 13:26:13+03:00,fixes potential SQL injection vector in Active Record offset(),CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2015-5725,"public function getDisplayName ($plural=true, $ofModule=true) { $moduleName = X2Model::getModuleName (get_class ($this)); return Modules::displayName ($plural, $moduleName); }" 5587,"function cleanCSV($string) { $check = '/^[=@]/'; if (!is_numeric($string)) { $check = '/^[=@+-]/'; } return preg_replace($check, """", $string); }",True,PHP,cleanCSV,utils.php,https://github.com/salesagility/SuiteCRM,salesagility,Ashley Nicolson,2021-08-20 09:38:07+01:00,"SuiteCRM 7.11.21 Release Signed-off-by: Dillon-Brown ",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2021-25960,"public function getDisplayName ($plural=true, $ofModule=true) { $moduleName = X2Model::getModuleName (get_class ($this)); return Modules::displayName ($plural, $moduleName); }" 5588,"function cleanCSV($string) { $check = '/^[=@]/'; if (!is_numeric($string)) { $check = '/^[=@+-]/'; } return preg_replace($check, """", $string); }",True,PHP,cleanCSV,utils.php,https://github.com/salesagility/SuiteCRM,salesagility,Ashley Nicolson,2021-08-20 09:38:07+01:00,"SuiteCRM 7.11.21 Release Signed-off-by: Dillon-Brown ",CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2021-25961,public function actionGetItems($term) { X2LinkableBehavior::getItems ($term); } 5591,"private function encloseForCSV($field) { return '""' . cleanCSV($field) . '""'; }",True,PHP,encloseForCSV,AOR_Report.php,https://github.com/salesagility/SuiteCRM,salesagility,Ashley Nicolson,2021-08-20 09:38:07+01:00,"SuiteCRM 7.11.21 Release Signed-off-by: Dillon-Brown ",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2021-25960,public function actionGetItems($term) { X2LinkableBehavior::getItems ($term); } 5592,"private function encloseForCSV($field) { return '""' . cleanCSV($field) . '""'; }",True,PHP,encloseForCSV,AOR_Report.php,https://github.com/salesagility/SuiteCRM,salesagility,Ashley Nicolson,2021-08-20 09:38:07+01:00,"SuiteCRM 7.11.21 Release Signed-off-by: Dillon-Brown ",CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2021-25961,public function actionGetItems($term) { X2LinkableBehavior::getItems ($term); } 5593,"public function testCreateRelationshipMeta() { $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), null); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), 'Contacts'); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), 'Contacts', true); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', null, null, array(), 'Contacts'); self::assertCount(6, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', $this->db, null, array(), 'Contacts'); self::assertNotTrue(isset($GLOBALS['log']->calls['fatal'])); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('Nonexists1', $this->db, null, array(), 'Nonexists2'); self::assertCount(1, $GLOBALS['log']->calls['debug']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', null, null, array(), 'Contacts'); self::assertCount(6, $GLOBALS['log']->calls['fatal']); }",True,PHP,testCreateRelationshipMeta,SugarBeanTest.php,https://github.com/salesagility/SuiteCRM,salesagility,Ashley Nicolson,2021-08-20 09:38:07+01:00,"SuiteCRM 7.11.21 Release Signed-off-by: Dillon-Brown ",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2021-25960,public function actionGetItems($term) { X2LinkableBehavior::getItems ($term); } 5594,"public function testCreateRelationshipMeta() { $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), null); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), 'Contacts'); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta(null, null, null, array(), 'Contacts', true); self::assertCount(1, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', null, null, array(), 'Contacts'); self::assertCount(6, $GLOBALS['log']->calls['fatal']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', $this->db, null, array(), 'Contacts'); self::assertNotTrue(isset($GLOBALS['log']->calls['fatal'])); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('Nonexists1', $this->db, null, array(), 'Nonexists2'); self::assertCount(1, $GLOBALS['log']->calls['debug']); $GLOBALS['log']->reset(); SugarBean::createRelationshipMeta('User', null, null, array(), 'Contacts'); self::assertCount(6, $GLOBALS['log']->calls['fatal']); }",True,PHP,testCreateRelationshipMeta,SugarBeanTest.php,https://github.com/salesagility/SuiteCRM,salesagility,Ashley Nicolson,2021-08-20 09:38:07+01:00,"SuiteCRM 7.11.21 Release Signed-off-by: Dillon-Brown ",CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2021-25961,"public function actionGetItems($term){ X2LinkableBehavior::getItems ($term, 'subject'); }" 5605,"public function createDatabase($dbname = null) { Database::query(""CREATE DATABASE `"" . $dbname . ""`""); }",True,PHP,createDatabase,DbManagerMySQL.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2021-10-11 18:33:48+02:00,"use prepared statement for creating databases to avoid sql injections in custom db-names Signed-off-by: Michael Kaufmann ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-42325,"public function actionGetItems($term){ X2LinkableBehavior::getItems ($term, 'subject'); }" 5607,"public function sendMail($customerid = - 1, $template_subject = null, $default_subject = null, $template_body = null, $default_body = null) { global $mail, $theme; if ($customerid != - 1) { $usr_stmt = Database::prepare(' SELECT `name`, `firstname`, `company`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . '` WHERE `customerid` = :customerid' ); $usr = Database::pexecute_first($usr_stmt, array('customerid' => $customerid)); $replace_arr = array( 'FIRSTNAME' => $usr['firstname'], 'NAME' => $usr['name'], 'COMPANY' => $usr['company'], 'SALUTATION' => getCorrectUserSalutation($usr), 'SUBJECT' => $this->Get('subject', true) ); } else { $replace_arr = array( 'SUBJECT' => $this->Get('subject', true) ); } $tpl_seldata = array( 'adminid' => $this->userinfo['adminid'], 'lang' => $this->userinfo['def_language'], 'tplsubject' => $template_subject ); $result_stmt = Database::prepare("" SELECT `value` FROM `"" . TABLE_PANEL_TEMPLATES . ""` WHERE `adminid`= :adminid AND `language`= :lang AND `templategroup`= 'mails' AND `varname`= :tplsubject"" ); $result = Database::pexecute_first($result_stmt, $tpl_seldata); $mail_subject = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_subject), $replace_arr)); unset($tpl_seldata['tplsubject']); $tpl_seldata['tplmailbody'] = $template_body; $result_stmt = Database::prepare("" SELECT `value` FROM `"" . TABLE_PANEL_TEMPLATES . ""` WHERE `adminid`= :adminid AND `language`= :lang AND `templategroup`= 'mails' AND `varname`= :tplmailbody"" ); $result = Database::pexecute_first($result_stmt, $tpl_seldata); $mail_body = html_entity_decode(replace_variables((($result['value'] != '') ? $result['value'] : $default_body), $replace_arr)); if ($customerid != - 1) { $_mailerror = false; try { $mail->SetFrom(Settings::Get('ticket.noreply_email'), Settings::Get('ticket.noreply_name')); $mail->Subject = $mail_subject; $mail->AltBody = $mail_body; $mail->MsgHTML(str_replace(""\n"", ""
    "", $mail_body)); $mail->AddAddress($usr['email'], $usr['firstname'] . ' ' . $usr['name']); $mail->Send(); } catch(phpmailerException $e) { $mailerr_msg = $e->errorMessage(); $_mailerror = true; } catch (Exception $e) { $mailerr_msg = $e->getMessage(); $_mailerror = true; } if ($_mailerror) { $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'ticket_class')); $rstlog->logAction(ADM_ACTION, LOG_ERR, ""Error sending mail: "" . $mailerr_msg); standard_error('errorsendingmail', $usr['email']); } $mail->ClearAddresses(); } else { $admin_stmt = Database::prepare("" SELECT `name`, `email` FROM `"" . TABLE_PANEL_ADMINS . ""` WHERE `adminid` = :adminid"" ); $admin = Database::pexecute_first($admin_stmt, array('adminid' => $this->userinfo['adminid'])); $_mailerror = false; try { $mail->SetFrom(Settings::Get('ticket.noreply_email'), Settings::Get('ticket.noreply_name')); $mail->Subject = $mail_subject; $mail->AltBody = $mail_body; $mail->MsgHTML(str_replace(""\n"", ""
    "", $mail_body)); $mail->AddAddress($admin['email'], $admin['name']); $mail->Send(); } catch(phpmailerException $e) { $mailerr_msg = $e->errorMessage(); $_mailerror = true; } catch (Exception $e) { $mailerr_msg = $e->getMessage(); $_mailerror = true; } if ($_mailerror) { $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'ticket_class')); $rstlog->logAction(ADM_ACTION, LOG_ERR, ""Error sending mail: "" . $mailerr_msg); standard_error('errorsendingmail', $admin['email']); } $mail->ClearAddresses(); } }",True,PHP,sendMail,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,"public function actionGetItems($term){ X2LinkableBehavior::getItems ($term, 'subject'); }" 5610,"static public function getPriorityText($_lng, $_priority = 0) { switch($_priority) { case 1: return $_lng['ticket']['high']; break; case 2: return $_lng['ticket']['normal']; break; default: return $_lng['ticket']['low']; break; } }",True,PHP,getPriorityText,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,"public function actionGetItems($term){ X2LinkableBehavior::getItems ($term, 'subject'); }" 5612,"static public function getLastArchived($_num = 10, $_admin = 1) { if ($_num > 0) { $archived = array(); $counter = 0; $result_stmt = Database::prepare("" SELECT *, ( SELECT COUNT(`sub`.`id`) FROM `"" . TABLE_PANEL_TICKETS . ""` `sub` WHERE `sub`.`answerto` = `main`.`id` ) as `ticket_answers` FROM `"" . TABLE_PANEL_TICKETS . ""` `main` WHERE `main`.`answerto` = '0' AND `main`.`archived` = '1' AND `main`.`adminid` = :adminid ORDER BY `main`.`lastchange` DESC LIMIT 0, "".(int)$_num ); Database::pexecute($result_stmt, array('adminid' => $_admin)); while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { $archived[$counter]['id'] = $row['id']; $archived[$counter]['customerid'] = $row['customerid']; $archived[$counter]['adminid'] = $row['adminid']; $archived[$counter]['lastreplier'] = $row['lastreplier']; $archived[$counter]['ticket_answers'] = $row['ticket_answers']; $archived[$counter]['category'] = $row['category']; $archived[$counter]['priority'] = $row['priority']; $archived[$counter]['subject'] = $row['subject']; $archived[$counter]['message'] = $row['message']; $archived[$counter]['dt'] = $row['dt']; $archived[$counter]['lastchange'] = $row['lastchange']; $archived[$counter]['status'] = $row['status']; $archived[$counter]['by'] = $row['by']; $counter++; } if (isset($archived[0]['id'])) { return $archived; } else { return false; } }",True,PHP,getLastArchived,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,"public function attributeLabels() { return array( 'actionId' => Yii::t('actions','Action ID'), 'text' => Yii::t('actions','Description'), ); }" 5614,"static public function getCategoryName($_id = 0) { if ($_id != 0) { $stmt = Database::prepare("" SELECT `name` FROM `"" . TABLE_PANEL_TICKET_CATS . ""` WHERE `id` = :id"" ); $category = Database::pexecute_first($stmt, array('id' => $_id)); return $category['name']; } return null; }",True,PHP,getCategoryName,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,"public function attributeLabels() { return array( 'actionId' => Yii::t('actions','Action ID'), 'text' => Yii::t('actions','Description'), ); }" 5615,"static public function addCategory($_category = null, $_admin = 1, $_order = 1) { if ($_category != null && $_category != '' ) { if ($_order < 1) { $_order = 1; } $ins_stmt = Database::prepare("" INSERT INTO `"" . TABLE_PANEL_TICKET_CATS . ""` SET `name` = :name, `adminid` = :adminid, `logicalorder` = :lo"" ); $ins_data = array( 'name' => $_category, 'adminid' => $_admin, 'lo' => $_order ); Database::pexecute($ins_stmt, $ins_data); return true; } return false; }",True,PHP,addCategory,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,"public function attributeLabels() { return array( 'actionId' => Yii::t('actions','Action ID'), 'text' => Yii::t('actions','Description'), ); }" 5620,"public function Set($_var = '', $_value = '', $_vartrusted = false, $_valuetrusted = false) { if ($_var != '' && $_value != '' ) { if (!$_vartrusted) { $_var = strip_tags($_var); } if (!$_valuetrusted) { $_value = strip_tags($_value, '
    '); } if (strtolower($_var) == 'message' || strtolower($_var) == 'subject' ) { $_value = $this->convertLatin1ToHtml($_value); } $this->t_data[$_var] = $_value; } }",True,PHP,Set,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,"public function attributeLabels() { return array( 'actionId' => Yii::t('actions','Action ID'), 'text' => Yii::t('actions','Description'), ); }" 5621,"private function initData() { $this->Set('customer', 0, true, true); $this->Set('admin', 1, true, true); $this->Set('subject', '', true, true); $this->Set('category', '0', true, true); $this->Set('priority', '2', true, true); $this->Set('message', '', true, true); $this->Set('dt', 0, true, true); $this->Set('lastchange', 0, true, true); $this->Set('ip', '', true, true); $this->Set('status', '0', true, true); $this->Set('lastreplier', '0', true, true); $this->Set('by', '0', true, true); $this->Set('answerto', '0', true, true); $this->Set('archived', '0', true, true); }",True,PHP,initData,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,public function actionGetItems($term){ X2LinkableBehavior::getItems ($term); } 5622,"public function Archive() { $upd_stmt = Database::prepare(' UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = ""1"" WHERE `id` = :tid' ); Database::pexecute($upd_stmt, array('tid' => $this->tid)); $upd_stmt = Database::prepare(' UPDATE `' . TABLE_PANEL_TICKETS . '` SET `archived` = ""1"" WHERE `answerto` = :tid' ); Database::pexecute($upd_stmt, array('tid' => $this->tid)); return true; }",True,PHP,Archive,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,public function actionGetItems($term){ X2LinkableBehavior::getItems ($term); } 5623,"static public function deleteCategory($_id = 0) { if ($_id != 0) { $result_stmt = Database::prepare("" SELECT COUNT(`id`) as `numtickets` FROM `"" . TABLE_PANEL_TICKETS . ""` WHERE `category` = :cat"" ); $result = Database::pexecute_first($result_stmt, array('cat' => $_id)); if ($result['numtickets'] == ""0"") { $del_stmt = Database::prepare("" DELETE FROM `"" . TABLE_PANEL_TICKET_CATS . ""` WHERE `id` = :id"" ); Database::pexecute($del_stmt, array('id' => $_id)); return true; } else { return false; } } return false; }",True,PHP,deleteCategory,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,public function actionGetItems($term){ X2LinkableBehavior::getItems ($term); } 5626,"private function readData() { if (isset($this->tid) && $this->tid != - 1 ) { $_ticket_stmt = Database::prepare(' SELECT * FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid' ); $_ticket = Database::pexecute_first($_ticket_stmt, array('tid' => $this->tid)); $this->Set('customer', $_ticket['customerid'], true, false); $this->Set('admin', $_ticket['adminid'], true, false); $this->Set('subject', $_ticket['subject'], true, false); $this->Set('category', $_ticket['category'], true, false); $this->Set('priority', $_ticket['priority'], true, false); $this->Set('message', $_ticket['message'], true, false); $this->Set('dt', $_ticket['dt'], true, false); $this->Set('lastchange', $_ticket['lastchange'], true, false); $this->Set('ip', $_ticket['ip'], true, false); $this->Set('status', $_ticket['status'], true, false); $this->Set('lastreplier', $_ticket['lastreplier'], true, false); $this->Set('by', $_ticket['by'], true, false); $this->Set('answerto', $_ticket['answerto'], true, false); $this->Set('archived', $_ticket['archived'], true, false); } }",True,PHP,readData,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,public function actionGetItems($term){ X2LinkableBehavior::getItems ($term); } 5627,"static public function getHighestOrderNumber($_uid = 0) { $where = ''; $sel_data = array(); if ($_uid > 0) { $where = "" WHERE `adminid` = :adminid""; $sel_data['adminid'] = $_uid; } $sql = ""SELECT MAX(`logicalorder`) as `highestorder` FROM `"" . TABLE_PANEL_TICKET_CATS . ""`"".$where."";""; $result_stmt = Database::prepare($sql); $result = Database::pexecute_first($result_stmt, $sel_data); return (isset($result['highestorder']) ? (int)$result['highestorder'] : 0); }",True,PHP,getHighestOrderNumber,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,"public function getDisplayName ($plural=true, $ofModule=true) { return Yii::t('calendar', 'Calendar'); }" 5630,"public function Delete() { $del_stmt = Database::prepare(' DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `id` = :tid' ); Database::pexecute($del_stmt, array('tid' => $this->tid)); $del_stmt = Database::prepare(' DELETE FROM `' . TABLE_PANEL_TICKETS . '` WHERE `answerto` = :tid' ); Database::pexecute($del_stmt, array('tid' => $this->tid)); return true; }",True,PHP,Delete,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,"public function getDisplayName ($plural=true, $ofModule=true) { return Yii::t('calendar', 'Calendar'); }" 5632,"public function Update() { $upd_stmt = Database::prepare(' UPDATE `' . TABLE_PANEL_TICKETS . '` SET `priority` = :priority, `lastchange` = :lastchange, `status` = :status, `lastreplier` = :lastreplier WHERE `id` = :tid' ); $upd_data = array( 'priority' => $this->Get('priority'), 'lastchange' => $this->Get('lastchange'), 'status' => $this->Get('status'), 'lastreplier' => $this->Get('lastreplier'), 'tid' => $this->tid ); Database::pexecute($upd_stmt, $upd_data); return true; }",True,PHP,Update,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,"public function getDisplayName ($plural=true, $ofModule=true) { return Yii::t('calendar', 'Calendar'); }" 5633,"private function __construct($userinfo, $tid = - 1) { $this->userinfo = $userinfo; $this->tid = $tid; $this->initData(); $this->readData(); }",True,PHP,__construct,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,"public function getDisplayName ($plural=true, $ofModule=true) { return Yii::t('calendar', 'Calendar'); }" 5636,"static public function customerHasTickets($_cid = 0) { if ($_cid != 0) { $result_stmt = Database::prepare("" SELECT `id` FROM `"" . TABLE_PANEL_TICKETS . ""` WHERE `customerid` = :cid"" ); Database::pexecute($result_stmt, array('cid' => $_cid)); $tickets = array(); while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { $tickets[] = $row['id']; } return $tickets; } return false; }",True,PHP,customerHasTickets,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,Contacts::model()->deleteAll($criteria); } } echo CHtml::encode ($model->id); } } 5638,"public function Insert() { $ins_stmt = Database::prepare("" INSERT INTO `"" . TABLE_PANEL_TICKETS . ""` SET `customerid` = :customerid, `adminid` = :adminid, `category` = :category, `priority` = :priority, `subject` = :subject, `message` = :message, `dt` = :dt, `lastchange` = :lastchange, `ip` = :ip, `status` = :status, `lastreplier` = :lastreplier, `by` = :by, `answerto` = :answerto"" ); $ins_data = array( 'customerid' => $this->Get('customer'), 'adminid' => $this->Get('admin'), 'category' => $this->Get('category'), 'priority' => $this->Get('priority'), 'subject' => $this->Get('subject'), 'message' => $this->Get('message'), 'dt' => time(), 'lastchange' => time(), 'ip' => $this->Get('ip'), 'status' => $this->Get('status'), 'lastreplier' => $this->Get('lastreplier'), 'by' => $this->Get('by'), 'answerto' => $this->Get('answerto') ); Database::pexecute($ins_stmt, $ins_data); $this->tid = Database::lastInsertId(); return true; }",True,PHP,Insert,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,Contacts::model()->deleteAll($criteria); } } echo CHtml::encode ($model->id); } } 5640,"static public function getStatusText($_lng, $_status = 0) { switch($_status) { case 0: return $_lng['ticket']['open']; break; case 1: return $_lng['ticket']['wait_reply']; break; case 2: return $_lng['ticket']['replied']; break; default: return $_lng['ticket']['closed']; break; } }",True,PHP,getStatusText,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,Contacts::model()->deleteAll($criteria); } } echo CHtml::encode ($model->id); } } 5641,"static public function getInstanceOf($_usernfo, $_tid) { if (!isset(self::$tickets[$_tid])) { self::$tickets[$_tid] = new ticket($_usernfo, $_tid); } return self::$tickets[$_tid]; }",True,PHP,getInstanceOf,class.ticket.php,https://github.com/Froxlor/Froxlor,Froxlor,Michael Kaufmann,2018-06-19 21:46:11+02:00,"deny access to tickets not owned by current user, thx to chbi Signed-off-by: Michael Kaufmann ",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-12642,Contacts::model()->deleteAll($criteria); } } echo CHtml::encode ($model->id); } } 5647,"@$listener = DevblocksPlatform::importGPC($_POST['a']); } if(!empty($listener)) $parts[] = DevblocksPlatform::strAlphaNum($listener, '\_'); } if(isset($parts[0])) { $parts[0] = DevblocksPlatform::strAlphaNum($parts[0], '\_\-\.'); } $path = $parts; switch(array_shift($path)) { case ""resource"": $plugin_id = array_shift($path); if(null == ($plugin = DevblocksPlatform::getPlugin($plugin_id))) break; $file = implode(DIRECTORY_SEPARATOR, $path); $dir = $plugin->getStoragePath() . '/' . 'resources'; if(!is_dir($dir)) die(""""); $resource = $dir . '/' . $file; if(0 != strstr($dir,$resource)) die(""""); $ext = @array_pop(explode('.', $resource)); if(!is_file($resource) || 'php' == $ext) die(""""); switch($ext) { case 'css': case 'gif': case 'jpg': case 'js': case 'png': case 'ttf': case 'woff': header('Cache-control: max-age=604800', true); header('Expires: ' . gmdate('D, d M Y H:i:s',time()+604800) . ' GMT'); break; } switch($ext) { case 'css': header('Content-type: text/css'); break; case 'gif': header('Content-type: image/gif'); break; case 'jpeg': case 'jpg': header('Content-type: image/jpeg'); break; case 'js': header('Content-type: text/javascript'); break; case 'pdf': header('Content-type: application/pdf'); break; case 'png': header('Content-type: image/png'); break; case 'ttf': header('Content-type: application/x-font-ttf'); break; case 'woff': header('Content-type: application/font-woff'); break; case 'xml': header('Content-type: text/xml'); break; } $out = file_get_contents($resource, false); if($out) { header('Content-Length: '. strlen($out)); echo $out; } exit; break; default: break; } $request = new DevblocksHttpRequest($parts,$queryArgs); DevblocksPlatform::setHttpRequest($request); return $request; }",True,PHP,importGPC,Engine.php,https://github.com/wgm/cerb,wgm,Jeff Standen,2015-08-13 03:59:32-07:00,"* [Security/CSRF] Fixed a medium risk CSRF (cross-site request forgery) vulnerability reported by High-Tech Bridge (HTB23269). We don't have any evidence of this having taken place in the wild, but we were able to reproduce the results with the proof-of-concept in the advisory. A logged in worker could be tricked into visiting a URL that could perform certain actions in their browser session. Cerb now uses the Synchronizer pattern: a session-based token included with every HTML FORM and Ajax request that is compared to the active session. This verifies that such requests are coming from an existing Cerb page rather than an external source. When a potential CSRF attack is detected, the event is now logged in the PHP log as a warning.",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2015-6545,"public function actionGetLists() { if (!Yii::app()->user->checkAccess('ContactsAdminAccess')) { $condition = ' AND (visibility=""1"" OR assignedTo=""Anyone"" OR assignedTo=""' . Yii::app()->user->getName() . '""'; $groupLinks = Yii::app()->db->createCommand()->select('groupId')->from('x2_group_to_user')->where('userId=' . Yii::app()->user->getId())->queryColumn(); if (!empty($groupLinks)) $condition .= ' OR assignedTo IN (' . implode(',', $groupLinks) . ')'; $condition .= ' OR (visibility=2 AND assignedTo IN (SELECT username FROM x2_group_to_user WHERE groupId IN (SELECT groupId FROM x2_group_to_user WHERE userId=' . Yii::app()->user->getId() . '))))'; } else { $condition = ''; } $qterm = isset($_GET['term']) ? $_GET['term'] . '%' : ''; $static = isset($_GET['static']) && $_GET['static']; $result = Yii::app()->db->createCommand() ->select('id,name as value') ->from('x2_lists') ->where( ($static ? 'type=""static"" AND ' : ''). 'modelName=""Contacts"" AND type!=""campaign"" AND name LIKE :qterm' . $condition, array(':qterm' => $qterm)) ->order('name ASC') ->queryAll(); echo CJSON::encode($result); }" 5651,"public function view() { $params = func_get_args(); $content = ''; $filename = urldecode(join('/', $params)); if (strpos($filename, '..') !== false) { } $filename = str_replace('..', '', $filename); $filename = str_replace('//', '', $filename); $filename = preg_replace('/^\ $filename .= (isset($_GET['has_url_suffix']) && $_GET['has_url_suffix']==='1') ? URL_SUFFIX : ''; $file = FILES_DIR . '/' . $filename; if (!$this->_isImage($file) && file_exists($file)) { $content = file_get_contents($file); } $this->display('file_manager/views/view', array( 'csrf_token' => SecureToken::generateToken(BASE_URL.'plugin/file_manager/save/'.$filename), 'is_image' => $this->_isImage($file), 'filename' => $filename, 'content' => $content )); }",True,PHP,view,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6567,"public function actionGetLists() { if (!Yii::app()->user->checkAccess('ContactsAdminAccess')) { $condition = ' AND (visibility=""1"" OR assignedTo=""Anyone"" OR assignedTo=""' . Yii::app()->user->getName() . '""'; $groupLinks = Yii::app()->db->createCommand()->select('groupId')->from('x2_group_to_user')->where('userId=' . Yii::app()->user->getId())->queryColumn(); if (!empty($groupLinks)) $condition .= ' OR assignedTo IN (' . implode(',', $groupLinks) . ')'; $condition .= ' OR (visibility=2 AND assignedTo IN (SELECT username FROM x2_group_to_user WHERE groupId IN (SELECT groupId FROM x2_group_to_user WHERE userId=' . Yii::app()->user->getId() . '))))'; } else { $condition = ''; } $qterm = isset($_GET['term']) ? $_GET['term'] . '%' : ''; $static = isset($_GET['static']) && $_GET['static']; $result = Yii::app()->db->createCommand() ->select('id,name as value') ->from('x2_lists') ->where( ($static ? 'type=""static"" AND ' : ''). 'modelName=""Contacts"" AND type!=""campaign"" AND name LIKE :qterm' . $condition, array(':qterm' => $qterm)) ->order('name ASC') ->queryAll(); echo CJSON::encode($result); }" 5652,"public function view() { $params = func_get_args(); $content = ''; $filename = urldecode(join('/', $params)); if (strpos($filename, '..') !== false) { } $filename = str_replace('..', '', $filename); $filename = str_replace('//', '', $filename); $filename = preg_replace('/^\ $filename .= (isset($_GET['has_url_suffix']) && $_GET['has_url_suffix']==='1') ? URL_SUFFIX : ''; $file = FILES_DIR . '/' . $filename; if (!$this->_isImage($file) && file_exists($file)) { $content = file_get_contents($file); } $this->display('file_manager/views/view', array( 'csrf_token' => SecureToken::generateToken(BASE_URL.'plugin/file_manager/save/'.$filename), 'is_image' => $this->_isImage($file), 'filename' => $filename, 'content' => $content )); }",True,PHP,view,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6568,"public function actionGetLists() { if (!Yii::app()->user->checkAccess('ContactsAdminAccess')) { $condition = ' AND (visibility=""1"" OR assignedTo=""Anyone"" OR assignedTo=""' . Yii::app()->user->getName() . '""'; $groupLinks = Yii::app()->db->createCommand()->select('groupId')->from('x2_group_to_user')->where('userId=' . Yii::app()->user->getId())->queryColumn(); if (!empty($groupLinks)) $condition .= ' OR assignedTo IN (' . implode(',', $groupLinks) . ')'; $condition .= ' OR (visibility=2 AND assignedTo IN (SELECT username FROM x2_group_to_user WHERE groupId IN (SELECT groupId FROM x2_group_to_user WHERE userId=' . Yii::app()->user->getId() . '))))'; } else { $condition = ''; } $qterm = isset($_GET['term']) ? $_GET['term'] . '%' : ''; $static = isset($_GET['static']) && $_GET['static']; $result = Yii::app()->db->createCommand() ->select('id,name as value') ->from('x2_lists') ->where( ($static ? 'type=""static"" AND ' : ''). 'modelName=""Contacts"" AND type!=""campaign"" AND name LIKE :qterm' . $condition, array(':qterm' => $qterm)) ->order('name ASC') ->queryAll(); echo CJSON::encode($result); }" 5659,"public function settings_save() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else if (!AuthUser::hasPermission('admin_edit')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } if (!isset($_POST['settings'])) { Flash::set('error', 'File Manager - ' . __('form was not posted.')); redirect(get_url('plugin/file_manager/settings')); } else { $settings = $_POST['settings']; if ($settings['umask'] == 0) $settings['umask'] = 0; elseif (!preg_match('/^0?[0-7]{3}$/', $settings['umask'])) $settings['umask'] = 0; if (strlen($settings['umask']) === 3) $settings['umask'] = '0' . $settings['umask']; elseif (strlen($settings['umask']) !== 4 && $settings['umask'] != 0) $settings['umask'] = 0; if (!preg_match('/^0?[0-7]{3}$/', $settings['dirmode'])) $settings['dirmode'] = '0755'; if (strlen($settings['dirmode']) === 3) $settings['dirmode'] = '0' . $settings['dirmode']; if (!preg_match('/^0?[0-7]{3}$/', $settings['filemode'])) $settings['filemode'] = '0755'; if (strlen($settings['filemode']) === 3) $settings['filemode'] = '0' . $settings['filemode']; } if (Plugin::setAllSettings($settings, 'file_manager')) Flash::setNow('success', 'File Manager - ' . __('plugin settings saved.')); else Flash::setNow('error', 'File Manager - ' . __('plugin settings not saved!')); $this->display('file_manager/views/settings', array('settings' => $settings)); }",True,PHP,settings_save,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6567,"public function actionGetLists() { if (!Yii::app()->user->checkAccess('ContactsAdminAccess')) { $condition = ' AND (visibility=""1"" OR assignedTo=""Anyone"" OR assignedTo=""' . Yii::app()->user->getName() . '""'; $groupLinks = Yii::app()->db->createCommand()->select('groupId')->from('x2_group_to_user')->where('userId=' . Yii::app()->user->getId())->queryColumn(); if (!empty($groupLinks)) $condition .= ' OR assignedTo IN (' . implode(',', $groupLinks) . ')'; $condition .= ' OR (visibility=2 AND assignedTo IN (SELECT username FROM x2_group_to_user WHERE groupId IN (SELECT groupId FROM x2_group_to_user WHERE userId=' . Yii::app()->user->getId() . '))))'; } else { $condition = ''; } $qterm = isset($_GET['term']) ? $_GET['term'] . '%' : ''; $static = isset($_GET['static']) && $_GET['static']; $result = Yii::app()->db->createCommand() ->select('id,name as value') ->from('x2_lists') ->where( ($static ? 'type=""static"" AND ' : ''). 'modelName=""Contacts"" AND type!=""campaign"" AND name LIKE :qterm' . $condition, array(':qterm' => $qterm)) ->order('name ASC') ->queryAll(); echo CJSON::encode($result); }" 5660,"public function settings_save() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else if (!AuthUser::hasPermission('admin_edit')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } if (!isset($_POST['settings'])) { Flash::set('error', 'File Manager - ' . __('form was not posted.')); redirect(get_url('plugin/file_manager/settings')); } else { $settings = $_POST['settings']; if ($settings['umask'] == 0) $settings['umask'] = 0; elseif (!preg_match('/^0?[0-7]{3}$/', $settings['umask'])) $settings['umask'] = 0; if (strlen($settings['umask']) === 3) $settings['umask'] = '0' . $settings['umask']; elseif (strlen($settings['umask']) !== 4 && $settings['umask'] != 0) $settings['umask'] = 0; if (!preg_match('/^0?[0-7]{3}$/', $settings['dirmode'])) $settings['dirmode'] = '0755'; if (strlen($settings['dirmode']) === 3) $settings['dirmode'] = '0' . $settings['dirmode']; if (!preg_match('/^0?[0-7]{3}$/', $settings['filemode'])) $settings['filemode'] = '0755'; if (strlen($settings['filemode']) === 3) $settings['filemode'] = '0' . $settings['filemode']; } if (Plugin::setAllSettings($settings, 'file_manager')) Flash::setNow('success', 'File Manager - ' . __('plugin settings saved.')); else Flash::setNow('error', 'File Manager - ' . __('plugin settings not saved!')); $this->display('file_manager/views/settings', array('settings' => $settings)); }",True,PHP,settings_save,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6568,"public function getDisplayName ($plural=true, $ofModule=true) { return Yii::t('contacts', '{contact} Lists|{contact} List', array( (int) $plural, '{contact}' => Modules::displayName(false, 'Contacts'), )); }" 5661,"public function chmod() { if (!AuthUser::hasPermission('file_manager_chmod')) { Flash::set('error', __('You do not have sufficient permissions to change the permissions on a file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/chmod')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['name'] = str_replace('..', '', $data['name']); $file = FILES_DIR . '/' . $data['name']; if (file_exists($file)) { if (@!chmod($file, octdec($data['mode']))) Flash::set('error', __('Permission denied!')); } else { Flash::set('error', __('File or directory not found!')); } $path = substr($data['name'], 0, strrpos($data['name'], '/')); redirect(get_url('plugin/file_manager/browse/' . $path)); }",True,PHP,chmod,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6567,"public function getDisplayName ($plural=true, $ofModule=true) { return Yii::t('contacts', '{contact} Lists|{contact} List', array( (int) $plural, '{contact}' => Modules::displayName(false, 'Contacts'), )); }" 5662,"public function chmod() { if (!AuthUser::hasPermission('file_manager_chmod')) { Flash::set('error', __('You do not have sufficient permissions to change the permissions on a file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/chmod')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['name'] = str_replace('..', '', $data['name']); $file = FILES_DIR . '/' . $data['name']; if (file_exists($file)) { if (@!chmod($file, octdec($data['mode']))) Flash::set('error', __('Permission denied!')); } else { Flash::set('error', __('File or directory not found!')); } $path = substr($data['name'], 0, strrpos($data['name'], '/')); redirect(get_url('plugin/file_manager/browse/' . $path)); }",True,PHP,chmod,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6568,"public function getDisplayName ($plural=true, $ofModule=true) { return Yii::t('contacts', '{contact} Lists|{contact} List', array( (int) $plural, '{contact}' => Modules::displayName(false, 'Contacts'), )); }" 5663,"public function browse() { $params = func_get_args(); $this->path = join('/', $params); if (substr($this->path, -1, 1) != '/') $this->path .= '/'; if (strpos($this->path, '..') !== false) { } $this->path = str_replace('..', '', $this->path); $this->path = str_replace('//', '', $this->path); $this->path = preg_replace('/^\ $this->fullpath = FILES_DIR . '/' . $this->path; $this->fullpath = preg_replace('/\/\ $this->display('file_manager/views/index', array( 'dir' => $this->path, 'files' => $this->_listFiles() )); }",True,PHP,browse,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6567,"public function getDisplayName ($plural=true, $ofModule=true) { return Yii::t('contacts', '{contact} Lists|{contact} List', array( (int) $plural, '{contact}' => Modules::displayName(false, 'Contacts'), )); }" 5664,"public function browse() { $params = func_get_args(); $this->path = join('/', $params); if (substr($this->path, -1, 1) != '/') $this->path .= '/'; if (strpos($this->path, '..') !== false) { } $this->path = str_replace('..', '', $this->path); $this->path = str_replace('//', '', $this->path); $this->path = preg_replace('/^\ $this->fullpath = FILES_DIR . '/' . $this->path; $this->fullpath = preg_replace('/\/\ $this->display('file_manager/views/index', array( 'dir' => $this->path, 'files' => $this->_listFiles() )); }",True,PHP,browse,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6568,"public function actionView($id) { $model = CActiveRecord::model('Docs')->findByPk($id); if (!$this->checkPermissions($model, 'view')) $this->denied (); if(isset($model)){ $permissions=explode("", "",$model->editPermissions); if(in_array(Yii::app()->user->getName(),$permissions)) $editFlag=true; else $editFlag=false; } if (!isset($model) || ($model->visibility == 0 && $model->createdBy != Yii::app()->user->getName()) && !Yii::app()->params->isAdmin && !$editFlag) $this->redirect(array('/docs/docs/index')); User::addRecentItem('d', $id, Yii::app()->user->getId()); X2Flow::trigger('RecordViewTrigger',array('model'=>$model)); $this->render('view', array( 'model' => $model, )); }" 5667,"public function delete() { if (!AuthUser::hasPermission('file_manager_delete')) { Flash::set('error', __('You do not have sufficient permissions to delete a file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } $paths = func_get_args(); $file = urldecode(join('/', $paths)); if (isset($_GET['csrf_token'])) { $csrf_token = $_GET['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/delete/'.$file)) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $file = FILES_DIR . '/' . str_replace('..', '', $file); $filename = array_pop($paths); $paths = join('/', $paths); if (is_file($file)) { if (!unlink($file)) Flash::set('error', __('Permission denied!')); } else { if (!$this->_rrmdir($file)) Flash::set('error', __('Permission denied!')); } redirect(get_url('plugin/file_manager/browse/' . $paths)); }",True,PHP,delete,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6567,"public function actionView($id) { $model = CActiveRecord::model('Docs')->findByPk($id); if (!$this->checkPermissions($model, 'view')) $this->denied (); if(isset($model)){ $permissions=explode("", "",$model->editPermissions); if(in_array(Yii::app()->user->getName(),$permissions)) $editFlag=true; else $editFlag=false; } if (!isset($model) || ($model->visibility == 0 && $model->createdBy != Yii::app()->user->getName()) && !Yii::app()->params->isAdmin && !$editFlag) $this->redirect(array('/docs/docs/index')); User::addRecentItem('d', $id, Yii::app()->user->getId()); X2Flow::trigger('RecordViewTrigger',array('model'=>$model)); $this->render('view', array( 'model' => $model, )); }" 5668,"public function delete() { if (!AuthUser::hasPermission('file_manager_delete')) { Flash::set('error', __('You do not have sufficient permissions to delete a file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } $paths = func_get_args(); $file = urldecode(join('/', $paths)); if (isset($_GET['csrf_token'])) { $csrf_token = $_GET['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/delete/'.$file)) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $file = FILES_DIR . '/' . str_replace('..', '', $file); $filename = array_pop($paths); $paths = join('/', $paths); if (is_file($file)) { if (!unlink($file)) Flash::set('error', __('Permission denied!')); } else { if (!$this->_rrmdir($file)) Flash::set('error', __('Permission denied!')); } redirect(get_url('plugin/file_manager/browse/' . $paths)); }",True,PHP,delete,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6568,"public function actionView($id) { $model = CActiveRecord::model('Docs')->findByPk($id); if (!$this->checkPermissions($model, 'view')) $this->denied (); if(isset($model)){ $permissions=explode("", "",$model->editPermissions); if(in_array(Yii::app()->user->getName(),$permissions)) $editFlag=true; else $editFlag=false; } if (!isset($model) || ($model->visibility == 0 && $model->createdBy != Yii::app()->user->getName()) && !Yii::app()->params->isAdmin && !$editFlag) $this->redirect(array('/docs/docs/index')); User::addRecentItem('d', $id, Yii::app()->user->getId()); X2Flow::trigger('RecordViewTrigger',array('model'=>$model)); $this->render('view', array( 'model' => $model, )); }" 5671,"public function rename() { if (!AuthUser::hasPermission('file_manager_rename')) { Flash::set('error', __('You do not have sufficient permissions to rename this file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/rename')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['current_name'] = str_replace('..', '', $data['current_name']); $data['new_name'] = str_replace('..', '', $data['new_name']); $data['new_name'] = preg_replace('/ /', '_', $data['new_name']); $data['new_name'] = preg_replace('/[^a-z0-9_\-\.]/i', '', $data['new_name']); $path = substr($data['current_name'], 0, strrpos($data['current_name'], '/')); $file = FILES_DIR . '/' . $data['current_name']; if (file_exists(FILES_DIR . '/' . $path . '/' . $data['new_name'])) { Flash::set('error', __('A file or directory with that name already exists!')); redirect(get_url('plugin/file_manager/browse/' . $path)); } if (file_exists($file)) { if (!rename($file, FILES_DIR . '/' . $path . '/' . $data['new_name'])) Flash::set('error', __('Permission denied!')); } else { Flash::set('error', __('File or directory not found!' . $file)); } redirect(get_url('plugin/file_manager/browse/' . $path)); }",True,PHP,rename,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6567,"public function actionView($id) { $model = CActiveRecord::model('Docs')->findByPk($id); if (!$this->checkPermissions($model, 'view')) $this->denied (); if(isset($model)){ $permissions=explode("", "",$model->editPermissions); if(in_array(Yii::app()->user->getName(),$permissions)) $editFlag=true; else $editFlag=false; } if (!isset($model) || ($model->visibility == 0 && $model->createdBy != Yii::app()->user->getName()) && !Yii::app()->params->isAdmin && !$editFlag) $this->redirect(array('/docs/docs/index')); User::addRecentItem('d', $id, Yii::app()->user->getId()); X2Flow::trigger('RecordViewTrigger',array('model'=>$model)); $this->render('view', array( 'model' => $model, )); }" 5672,"public function rename() { if (!AuthUser::hasPermission('file_manager_rename')) { Flash::set('error', __('You do not have sufficient permissions to rename this file or directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/rename')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $data['current_name'] = str_replace('..', '', $data['current_name']); $data['new_name'] = str_replace('..', '', $data['new_name']); $data['new_name'] = preg_replace('/ /', '_', $data['new_name']); $data['new_name'] = preg_replace('/[^a-z0-9_\-\.]/i', '', $data['new_name']); $path = substr($data['current_name'], 0, strrpos($data['current_name'], '/')); $file = FILES_DIR . '/' . $data['current_name']; if (file_exists(FILES_DIR . '/' . $path . '/' . $data['new_name'])) { Flash::set('error', __('A file or directory with that name already exists!')); redirect(get_url('plugin/file_manager/browse/' . $path)); } if (file_exists($file)) { if (!rename($file, FILES_DIR . '/' . $path . '/' . $data['new_name'])) Flash::set('error', __('Permission denied!')); } else { Flash::set('error', __('File or directory not found!' . $file)); } redirect(get_url('plugin/file_manager/browse/' . $path)); }",True,PHP,rename,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6568,public function actionGetItems($term){ X2LinkableBehavior::getItems ($term); } 5675,"public function save() { $data = $_POST['file']; $data['name'] = str_replace('..', '', $data['name']); $file = FILES_DIR . DS . $data['name']; if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/save/'.$data['name'])) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/view/'.$data['name'])); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/view/'.$data['name'])); } if (file_exists($file)) { if (file_put_contents($file, $data['content']) !== false) { Flash::set('success', __('File has been saved with success!')); } else { Flash::set('error', __('File is not writable! File has not been saved!')); } } else { if (file_put_contents($file, $data['content'])) { Flash::set('success', __('File :name has been created with success!', array(':name' => $data['name']))); } else { Flash::set('error', __('Directory is not writable! File has not been saved!')); } } if (isset($_POST['commit'])) { redirect(get_url('plugin/file_manager/browse/' . substr($data['name'], 0, strrpos($data['name'], '/')))); } else { redirect(get_url('plugin/file_manager/view/' . $data['name'] . (endsWith($data['name'], URL_SUFFIX) ? '?has_url_suffix=1' : ''))); }",True,PHP,save,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6567,public function actionGetItems($term){ X2LinkableBehavior::getItems ($term); } 5676,"public function save() { $data = $_POST['file']; $data['name'] = str_replace('..', '', $data['name']); $file = FILES_DIR . DS . $data['name']; if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/save/'.$data['name'])) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/view/'.$data['name'])); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/view/'.$data['name'])); } if (file_exists($file)) { if (file_put_contents($file, $data['content']) !== false) { Flash::set('success', __('File has been saved with success!')); } else { Flash::set('error', __('File is not writable! File has not been saved!')); } } else { if (file_put_contents($file, $data['content'])) { Flash::set('success', __('File :name has been created with success!', array(':name' => $data['name']))); } else { Flash::set('error', __('Directory is not writable! File has not been saved!')); } } if (isset($_POST['commit'])) { redirect(get_url('plugin/file_manager/browse/' . substr($data['name'], 0, strrpos($data['name'], '/')))); } else { redirect(get_url('plugin/file_manager/view/' . $data['name'] . (endsWith($data['name'], URL_SUFFIX) ? '?has_url_suffix=1' : ''))); }",True,PHP,save,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6568,public function actionGetItems($term){ X2LinkableBehavior::getItems ($term); } 5679,"public function settings() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else if (!AuthUser::hasPermission('admin_edit')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } $settings = Plugin::getAllSettings('file_manager'); if (!$settings) { Flash::set('error', 'Files - ' . __('unable to retrieve plugin settings.')); return; } $this->display('file_manager/views/settings', array('settings' => $settings)); }",True,PHP,settings,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6567,public function actionGetItems($term){ X2LinkableBehavior::getItems ($term); } 5680,"public function settings() { AuthUser::load(); if (!AuthUser::isLoggedIn()) { redirect(get_url('login')); } else if (!AuthUser::hasPermission('admin_edit')) { Flash::set('error', __('You do not have permission to access the requested page!')); redirect(get_url()); } $settings = Plugin::getAllSettings('file_manager'); if (!$settings) { Flash::set('error', 'Files - ' . __('unable to retrieve plugin settings.')); return; } $this->display('file_manager/views/settings', array('settings' => $settings)); }",True,PHP,settings,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6568,"public function sendIndividualMail() { if(!$this->mailIsStillDeliverable()) { return; } $addresses = array(array('',$this->recipient->email)); $deliver = true; try { list($subject,$message,$uniqueId) = self::prepareEmail( $this->campaign,$this->recipient); } catch (StringUtilException $e) { $this->fullStop = true; $this->status['code'] = 500; $this->status['exception'] = $e; if ($e->getCode () === StringUtilException::PREG_REPLACE_CALLBACK_ERROR) { $this->status['message'] = Yii::t('app', 'Email redirect link insertion failed'); } else { $this->status['message'] = Yii::t('app', 'Failed to prepare email contents'); } $deliver = false; } if ($deliver) $this->deliverEmail($addresses, $subject, $message); if($this->status['code'] == 200) { $this->markEmailSent($uniqueId); if(!$this->isNewsletter) self::recordEmailSent($this->campaign,$this->recipient); $this->status['message'] = Yii::t('marketing','Email sent successfully to {address}.',array('{address}' => $this->recipient->email)); } else if ($this->status['exception'] instanceof phpmailerException) { $this->status['message'] = Yii::t('marketing','Email could not be sent to {address}. The message given was: {message}',array( '{address}'=>$this->recipient->email, '{message}'=>$this->status['exception']->getMessage() )); if($this->status['exception']->getCode() != PHPMailer::STOP_CRITICAL){ $this->undeliverable = true; $this->markEmailSent(null, false); }else{ $this->fullStop = true; } } else if($this->status['exception'] instanceof phpmailerException && $this->status['exception']->getCode() == PHPMailer::STOP_CRITICAL) { } else { $this->listItem->sending = 0; $this->listItem->update(array('sending')); } Yii::app()->settings->countEmail(); $this->campaign->lastActivity = time(); if(count(self::deliverableItems($this->campaign->list->id, true)) == 0) { $this->status['message'] = Yii::t('marketing','All emails sent.'); $this->campaign->active = 0; $this->campaign->complete = 1; $this->campaign->update(array('lastActivity','active','complete')); } else { $this->campaign->update(array('lastActivity')); } }" 5687,"$object->size = convert_size($cur->getSize()); $object->mtime = date('D, j M, Y', $cur->getMTime()); list($object->perms, $object->chmod) = $this->_getPermissions($cur->getPerms()); $object->type = $this->_getFileType($cur); if ($cur->isDir()) { $object->link = 'path . $object->name) . '"">' . $object->name . ''; } else { $object->link = 'path . $object->name . (endsWith($object->name, URL_SUFFIX) ? '?has_url_suffix=1' : '')) . '"">' . $object->name . ''; } $files[$object->name] = $object; }",True,PHP,convert_size,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6567,"public function sendIndividualMail() { if(!$this->mailIsStillDeliverable()) { return; } $addresses = array(array('',$this->recipient->email)); $deliver = true; try { list($subject,$message,$uniqueId) = self::prepareEmail( $this->campaign,$this->recipient); } catch (StringUtilException $e) { $this->fullStop = true; $this->status['code'] = 500; $this->status['exception'] = $e; if ($e->getCode () === StringUtilException::PREG_REPLACE_CALLBACK_ERROR) { $this->status['message'] = Yii::t('app', 'Email redirect link insertion failed'); } else { $this->status['message'] = Yii::t('app', 'Failed to prepare email contents'); } $deliver = false; } if ($deliver) $this->deliverEmail($addresses, $subject, $message); if($this->status['code'] == 200) { $this->markEmailSent($uniqueId); if(!$this->isNewsletter) self::recordEmailSent($this->campaign,$this->recipient); $this->status['message'] = Yii::t('marketing','Email sent successfully to {address}.',array('{address}' => $this->recipient->email)); } else if ($this->status['exception'] instanceof phpmailerException) { $this->status['message'] = Yii::t('marketing','Email could not be sent to {address}. The message given was: {message}',array( '{address}'=>$this->recipient->email, '{message}'=>$this->status['exception']->getMessage() )); if($this->status['exception']->getCode() != PHPMailer::STOP_CRITICAL){ $this->undeliverable = true; $this->markEmailSent(null, false); }else{ $this->fullStop = true; } } else if($this->status['exception'] instanceof phpmailerException && $this->status['exception']->getCode() == PHPMailer::STOP_CRITICAL) { } else { $this->listItem->sending = 0; $this->listItem->update(array('sending')); } Yii::app()->settings->countEmail(); $this->campaign->lastActivity = time(); if(count(self::deliverableItems($this->campaign->list->id, true)) == 0) { $this->status['message'] = Yii::t('marketing','All emails sent.'); $this->campaign->active = 0; $this->campaign->complete = 1; $this->campaign->update(array('lastActivity','active','complete')); } else { $this->campaign->update(array('lastActivity')); } }" 5688,"$object->size = convert_size($cur->getSize()); $object->mtime = date('D, j M, Y', $cur->getMTime()); list($object->perms, $object->chmod) = $this->_getPermissions($cur->getPerms()); $object->type = $this->_getFileType($cur); if ($cur->isDir()) { $object->link = 'path . $object->name) . '"">' . $object->name . ''; } else { $object->link = 'path . $object->name . (endsWith($object->name, URL_SUFFIX) ? '?has_url_suffix=1' : '')) . '"">' . $object->name . ''; } $files[$object->name] = $object; }",True,PHP,convert_size,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6568,"public function sendIndividualMail() { if(!$this->mailIsStillDeliverable()) { return; } $addresses = array(array('',$this->recipient->email)); $deliver = true; try { list($subject,$message,$uniqueId) = self::prepareEmail( $this->campaign,$this->recipient); } catch (StringUtilException $e) { $this->fullStop = true; $this->status['code'] = 500; $this->status['exception'] = $e; if ($e->getCode () === StringUtilException::PREG_REPLACE_CALLBACK_ERROR) { $this->status['message'] = Yii::t('app', 'Email redirect link insertion failed'); } else { $this->status['message'] = Yii::t('app', 'Failed to prepare email contents'); } $deliver = false; } if ($deliver) $this->deliverEmail($addresses, $subject, $message); if($this->status['code'] == 200) { $this->markEmailSent($uniqueId); if(!$this->isNewsletter) self::recordEmailSent($this->campaign,$this->recipient); $this->status['message'] = Yii::t('marketing','Email sent successfully to {address}.',array('{address}' => $this->recipient->email)); } else if ($this->status['exception'] instanceof phpmailerException) { $this->status['message'] = Yii::t('marketing','Email could not be sent to {address}. The message given was: {message}',array( '{address}'=>$this->recipient->email, '{message}'=>$this->status['exception']->getMessage() )); if($this->status['exception']->getCode() != PHPMailer::STOP_CRITICAL){ $this->undeliverable = true; $this->markEmailSent(null, false); }else{ $this->fullStop = true; } } else if($this->status['exception'] instanceof phpmailerException && $this->status['exception']->getCode() == PHPMailer::STOP_CRITICAL) { } else { $this->listItem->sending = 0; $this->listItem->update(array('sending')); } Yii::app()->settings->countEmail(); $this->campaign->lastActivity = time(); if(count(self::deliverableItems($this->campaign->list->id, true)) == 0) { $this->status['message'] = Yii::t('marketing','All emails sent.'); $this->campaign->active = 0; $this->campaign->complete = 1; $this->campaign->update(array('lastActivity','active','complete')); } else { $this->campaign->update(array('lastActivity')); } }" 5691,"public function upload() { if (!AuthUser::hasPermission('file_manager_upload')) { Flash::set('error', __('You do not have sufficient permissions to upload a file.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/upload')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $mask = Plugin::getSetting('umask', 'file_manager'); umask(octdec($mask)); $data = $_POST['upload']; $path = str_replace('..', '', $data['path']); $overwrite = isset($data['overwrite']) ? true : false; $filename = preg_replace('/ /', '_', $_FILES['upload_file']['name']); $filename = preg_replace('/[^a-z0-9_\-\.]/i', '', $filename); if (isset($_FILES)) { $file = $this->_upload_file($filename, FILES_DIR . '/' . $path . '/', $_FILES['upload_file']['tmp_name'], $overwrite); if ($file === false) Flash::set('error', __('File has not been uploaded!')); } redirect(get_url('plugin/file_manager/browse/' . $path)); }",True,PHP,upload,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6567,"public function sendIndividualMail() { if(!$this->mailIsStillDeliverable()) { return; } $addresses = array(array('',$this->recipient->email)); $deliver = true; try { list($subject,$message,$uniqueId) = self::prepareEmail( $this->campaign,$this->recipient); } catch (StringUtilException $e) { $this->fullStop = true; $this->status['code'] = 500; $this->status['exception'] = $e; if ($e->getCode () === StringUtilException::PREG_REPLACE_CALLBACK_ERROR) { $this->status['message'] = Yii::t('app', 'Email redirect link insertion failed'); } else { $this->status['message'] = Yii::t('app', 'Failed to prepare email contents'); } $deliver = false; } if ($deliver) $this->deliverEmail($addresses, $subject, $message); if($this->status['code'] == 200) { $this->markEmailSent($uniqueId); if(!$this->isNewsletter) self::recordEmailSent($this->campaign,$this->recipient); $this->status['message'] = Yii::t('marketing','Email sent successfully to {address}.',array('{address}' => $this->recipient->email)); } else if ($this->status['exception'] instanceof phpmailerException) { $this->status['message'] = Yii::t('marketing','Email could not be sent to {address}. The message given was: {message}',array( '{address}'=>$this->recipient->email, '{message}'=>$this->status['exception']->getMessage() )); if($this->status['exception']->getCode() != PHPMailer::STOP_CRITICAL){ $this->undeliverable = true; $this->markEmailSent(null, false); }else{ $this->fullStop = true; } } else if($this->status['exception'] instanceof phpmailerException && $this->status['exception']->getCode() == PHPMailer::STOP_CRITICAL) { } else { $this->listItem->sending = 0; $this->listItem->update(array('sending')); } Yii::app()->settings->countEmail(); $this->campaign->lastActivity = time(); if(count(self::deliverableItems($this->campaign->list->id, true)) == 0) { $this->status['message'] = Yii::t('marketing','All emails sent.'); $this->campaign->active = 0; $this->campaign->complete = 1; $this->campaign->update(array('lastActivity','active','complete')); } else { $this->campaign->update(array('lastActivity')); } }" 5692,"public function upload() { if (!AuthUser::hasPermission('file_manager_upload')) { Flash::set('error', __('You do not have sufficient permissions to upload a file.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/upload')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $mask = Plugin::getSetting('umask', 'file_manager'); umask(octdec($mask)); $data = $_POST['upload']; $path = str_replace('..', '', $data['path']); $overwrite = isset($data['overwrite']) ? true : false; $filename = preg_replace('/ /', '_', $_FILES['upload_file']['name']); $filename = preg_replace('/[^a-z0-9_\-\.]/i', '', $filename); if (isset($_FILES)) { $file = $this->_upload_file($filename, FILES_DIR . '/' . $path . '/', $_FILES['upload_file']['tmp_name'], $overwrite); if ($file === false) Flash::set('error', __('File has not been uploaded!')); } redirect(get_url('plugin/file_manager/browse/' . $path)); }",True,PHP,upload,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6568,public function actionGetItems($modelType){ $term = $_GET['term'].'%'; X2LinkableBehavior::getItems ($term); } 5695,"public function create_file() { if (!AuthUser::hasPermission('file_manager_mkfile')) { Flash::set('error', __('You do not have sufficient permissions to create a file.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/create_file')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $path = str_replace('..', '', $data['path']); $filename = str_replace('..', '', $data['name']); $file = FILES_DIR . DS . $path . DS . $filename; if (file_put_contents($file, '') !== false) { $mode = Plugin::getSetting('filemode', 'file_manager'); chmod($file, octdec($mode)); } else { Flash::set('error', __('File :name has not been created!', array(':name' => $filename))); } redirect(get_url('plugin/file_manager/browse/' . $path)); }",True,PHP,create_file,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6567,public function actionGetItems($modelType){ $term = $_GET['term'].'%'; X2LinkableBehavior::getItems ($term); } 5696,"public function create_file() { if (!AuthUser::hasPermission('file_manager_mkfile')) { Flash::set('error', __('You do not have sufficient permissions to create a file.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/create_file')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['file']; $path = str_replace('..', '', $data['path']); $filename = str_replace('..', '', $data['name']); $file = FILES_DIR . DS . $path . DS . $filename; if (file_put_contents($file, '') !== false) { $mode = Plugin::getSetting('filemode', 'file_manager'); chmod($file, octdec($mode)); } else { Flash::set('error', __('File :name has not been created!', array(':name' => $filename))); } redirect(get_url('plugin/file_manager/browse/' . $path)); }",True,PHP,create_file,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6568,public function actionGetItems($modelType){ $term = $_GET['term'].'%'; X2LinkableBehavior::getItems ($term); } 5697,"public function create_directory() { if (!AuthUser::hasPermission('file_manager_mkdir')) { Flash::set('error', __('You do not have sufficient permissions to create a directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/create_directory')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['directory']; $path = str_replace('..', '', $data['path']); $dirname = str_replace('..', '', $data['name']); $dir = FILES_DIR . ""/{$path}/{$dirname}""; if (mkdir($dir)) { $mode = Plugin::getSetting('dirmode', 'file_manager'); chmod($dir, octdec($mode)); } else { Flash::set('error', __('Directory :name has not been created!', array(':name' => $dirname))); } redirect(get_url('plugin/file_manager/browse/' . $path)); }",True,PHP,create_directory,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6567,public function actionGetItems($modelType){ $term = $_GET['term'].'%'; X2LinkableBehavior::getItems ($term); } 5698,"public function create_directory() { if (!AuthUser::hasPermission('file_manager_mkdir')) { Flash::set('error', __('You do not have sufficient permissions to create a directory.')); redirect(get_url('plugin/file_manager/browse/')); } if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL.'plugin/file_manager/create_directory')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('plugin/file_manager/browse/')); } $data = $_POST['directory']; $path = str_replace('..', '', $data['path']); $dirname = str_replace('..', '', $data['name']); $dir = FILES_DIR . ""/{$path}/{$dirname}""; if (mkdir($dir)) { $mode = Plugin::getSetting('dirmode', 'file_manager'); chmod($dir, octdec($mode)); } else { Flash::set('error', __('Directory :name has not been created!', array(':name' => $dirname))); } redirect(get_url('plugin/file_manager/browse/' . $path)); }",True,PHP,create_directory,FileManagerController.php,https://github.com/wolfcms/wolfcms,wolfcms,Martijn,2015-08-10 16:01:40+02:00,Fix #619 and #625,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2015-6568,"public function behaviors() { return array_merge(parent::behaviors(),array( 'X2LinkableBehavior'=>array( 'class'=>'X2LinkableBehavior', 'module'=>'marketing' ), 'ERememberFiltersBehavior' => array( 'class'=>'application.components.ERememberFiltersBehavior', 'defaults'=>array(), 'defaultStickOnClear'=>false ), 'tags' => array( 'class' => 'TagBehavior', 'disableTagScanning' => true, ), )); }" 5705,"protected function connect() { $user = $this->getUser(); $workgroup = null; if (strpos($user, '/')) { list($workgroup, $user) = explode('/', $user); } $this->state->init($workgroup, $user, $this->getPassword()); }",True,PHP,connect,NativeServer.php,https://github.com/icewind1991/SMB,icewind1991,Robin Appelman,2015-08-13 16:19:03+02:00,improve support for workgroups/domains,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2015-7698,"public function behaviors() { return array_merge(parent::behaviors(),array( 'X2LinkableBehavior'=>array( 'class'=>'X2LinkableBehavior', 'module'=>'marketing' ), 'ERememberFiltersBehavior' => array( 'class'=>'application.components.ERememberFiltersBehavior', 'defaults'=>array(), 'defaultStickOnClear'=>false ), 'tags' => array( 'class' => 'TagBehavior', 'disableTagScanning' => true, ), )); }" 5707,"list($workgroup, $user) = explode('\\', $user); } else { $workgroup = null; } $this->state->init($workgroup, $user, $this->server->getPassword()); }",True,PHP,explode,NativeShare.php,https://github.com/icewind1991/SMB,icewind1991,Robin Appelman,2015-08-13 16:19:03+02:00,improve support for workgroups/domains,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2015-7698,"public function behaviors() { return array_merge(parent::behaviors(),array( 'X2LinkableBehavior'=>array( 'class'=>'X2LinkableBehavior', 'module'=>'marketing' ), 'ERememberFiltersBehavior' => array( 'class'=>'application.components.ERememberFiltersBehavior', 'defaults'=>array(), 'defaultStickOnClear'=>false ), 'tags' => array( 'class' => 'TagBehavior', 'disableTagScanning' => true, ), )); }" 5712,"public function read($source) { $source = $this->escapePath($source); $source = str_replace('\'', '\'""\'""\'', $source); $command = sprintf('%s --authentication-file=/proc/self/fd/3 Server::CLIENT, $this->server->getHost(), $this->name, $source ); $connection = new Connection($command); $connection->writeAuthentication($this->server->getUser(), $this->server->getPassword()); $fh = $connection->getFileOutputStream(); stream_context_set_option($fh, 'file', 'connection', $connection); return $fh; }",True,PHP,read,Share.php,https://github.com/icewind1991/SMB,icewind1991,Robin Appelman,2015-08-13 16:19:03+02:00,improve support for workgroups/domains,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2015-7698,"public function behaviors() { return array_merge(parent::behaviors(),array( 'X2LinkableBehavior'=>array( 'class'=>'X2LinkableBehavior', 'module'=>'marketing' ), 'ERememberFiltersBehavior' => array( 'class'=>'application.components.ERememberFiltersBehavior', 'defaults'=>array(), 'defaultStickOnClear'=>false ), 'tags' => array( 'class' => 'TagBehavior', 'disableTagScanning' => true, ), )); }" 5713,"protected function connect() { if ($this->connection and $this->connection->isValid()) { return; } $command = sprintf('%s --authentication-file=/proc/self/fd/3 Server::CLIENT, $this->server->getHost(), $this->name ); $this->connection = new Connection($command); $this->connection->writeAuthentication($this->server->getUser(), $this->server->getPassword()); if (!$this->connection->isValid()) { throw new ConnectionException(); } }",True,PHP,connect,Share.php,https://github.com/icewind1991/SMB,icewind1991,Robin Appelman,2015-08-13 16:19:03+02:00,improve support for workgroups/domains,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2015-7698,"public function getDisplayName ($plural=true, $ofModule=true) { return Yii::t('marketing', 'Web Form'); }" 5717,"function article_save() { global $txp_user, $vars, $prefs; extract($prefs); $incoming = array_map('assert_string', psa($vars)); $oldArticle = safe_row('Status, url_title, Title, '. 'unix_timestamp(LastMod) as sLastMod, LastModID, '. 'unix_timestamp(Posted) as sPosted, '. 'unix_timestamp(Expires) as sExpires', 'textpattern', 'ID = '.(int) $incoming['ID']);",True,PHP,article_save,txp_article.php,https://github.com/textpattern/textpattern,textpattern,Robert Wetzlmayr,2015-10-16 16:46:58+02:00,"Do not allow unprivileged authors to modify an existing article's markup setting. Refs #558.",CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2015-8032,"public function getDisplayName ($plural=true, $ofModule=true) { return Yii::t('marketing', 'Web Form'); }" 5719,"function new_pass_form() { pagetop(gTxt('tab_site_admin'), ''); echo form( hed(gTxt('change_password'), 2). inputLabel( 'new_pass', fInput('password', 'new_pass', '', '', '', '', INPUT_REGULAR, '', 'new_pass'), 'new_password', '', array('class' => 'txp-form-field edit-admin-new-password') ). graf( checkbox('mail_password', '1', true, '', 'mail_password'). n.tag(gTxt('mail_it'), 'label', array('for' => 'mail_password')), array('class' => 'edit-admin-mail-password')). graf(fInput('submit', 'change_pass', gTxt('submit'), 'publish')). eInput('admin'). sInput('change_pass'), '', '', 'post', 'txp-edit', '', 'change_password'); }",True,PHP,new_pass_form,txp_admin.php,https://github.com/textpattern/textpattern,textpattern,Stef Dawson,2015-11-05 21:56:00+00:00,"Security improvements part 1. See Issue #565 * No more emailing plaintext passwords out: password changes and reset requests are dealt with immediately on the login/admin panels. * Stronger cryptographic hashes for confirmation links that don't leak user ID information. * Hashes are securely tethered to the user account and auto-expire when logging in or generating a new request. Timeout window of 20 minutes by default for answering reset requests. * Password input boxes are unmaskable. Saves having a separate confirmation box, simplifies code logic and is better UX. * Dedicated txp_token table introduced for handling token-based storage and retrieval. Better for plugin authors than abusing txp_discuss_nonce. More on the way including strength meter and improvements to setup passwords...",CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2015-8033,"public function getDisplayName ($plural=true, $ofModule=true) { return Yii::t('marketing', 'Web Form'); }" 5722,"function change_pass() { global $txp_user; extract(psa(array('new_pass', 'mail_password'))); if (empty($new_pass)) { author_list(array(gTxt('password_required'), E_ERROR)); return; } $rs = change_user_password($txp_user, $new_pass); if ($rs) { $message = gTxt('password_changed'); if ($mail_password) { $email = fetch('email', 'txp_users', 'name', $txp_user); send_new_password($new_pass, $email, $txp_user); $message .= sp.gTxt('and_mailed_to').sp.$email; } $message .= '.'; author_list($message); } }",True,PHP,change_pass,txp_admin.php,https://github.com/textpattern/textpattern,textpattern,Stef Dawson,2015-11-05 21:56:00+00:00,"Security improvements part 1. See Issue #565 * No more emailing plaintext passwords out: password changes and reset requests are dealt with immediately on the login/admin panels. * Stronger cryptographic hashes for confirmation links that don't leak user ID information. * Hashes are securely tethered to the user account and auto-expire when logging in or generating a new request. Timeout window of 20 minutes by default for answering reset requests. * Password input boxes are unmaskable. Saves having a separate confirmation box, simplifies code logic and is better UX. * Dedicated txp_token table introduced for handling token-based storage and retrieval. Better for plugin authors than abusing txp_discuss_nonce. More on the way including strength meter and improvements to setup passwords...",CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2015-8033,"public function getDisplayName ($plural=true, $ofModule=true) { return Yii::t('marketing', 'Web Form'); }" 5723,"$passwd = generate_password(PASSWORD_LENGTH); if (change_user_password($name, $passwd)) { $email = safe_field(""email"", 'txp_users', ""name = '"".doSlash($name).""'""); if (send_new_password($passwd, $email, $name)) { $changed[] = $name; $msg = 'author_updated'; } else { return author_list(array(gTxt('could_not_mail').' '.txpspecialchars($name), E_ERROR)); } } } break; } if ($changed) { return author_list(gTxt($msg, array('{name}' => txpspecialchars(join(', ', $changed))))); } author_list($msg); }",True,PHP,generate_password,txp_admin.php,https://github.com/textpattern/textpattern,textpattern,Stef Dawson,2015-11-05 21:56:00+00:00,"Security improvements part 1. See Issue #565 * No more emailing plaintext passwords out: password changes and reset requests are dealt with immediately on the login/admin panels. * Stronger cryptographic hashes for confirmation links that don't leak user ID information. * Hashes are securely tethered to the user account and auto-expire when logging in or generating a new request. Timeout window of 20 minutes by default for answering reset requests. * Password input boxes are unmaskable. Saves having a separate confirmation box, simplifies code logic and is better UX. * Dedicated txp_token table introduced for handling token-based storage and retrieval. Better for plugin authors than abusing txp_discuss_nonce. More on the way including strength meter and improvements to setup passwords...",CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2015-8033,"public function actionGetItems(){ $model = X2Model::model ($this->modelClass); if (isset ($model)) { list ($accessCond, $params) = $model->getAccessSQLCondition (); $tableName = $model->tableName (); $sql = 'SELECT id, fileName as value FROM '.$tableName.' WHERE associationType!=""theme"" and fileName LIKE :qterm AND '.$accessCond.' AND (uploadedBy=:username OR private=0 OR private=NULL) ORDER BY fileName ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $params[':qterm'] = $qterm; $params[':username'] = Yii::app()->user->getName (); $result = $command->queryAll(true, $params); echo CJSON::encode($result); } Yii::app()->end(); }" 5725,"function doLoginForm($message) { global $textarray_script, $event, $step; include txpath.'/lib/txplib_head.php'; $event = 'login'; if (gps('logout')) { $step = 'logout'; } elseif (gps('reset')) { $step = 'reset'; } pagetop(gTxt('login'), $message); $stay = (cs('txp_login') and !gps('logout') ? 1 : 0); $reset = gps('reset'); $name = join(',', array_slice(explode(',', cs('txp_login')), 0, -1)); $out = array(); if ($reset) { $out[] = hed(gTxt('password_reset'), 1, array('id' => 'txp-login-heading')). n.tag( n.tag(gTxt('name'), 'label', array('for' => 'login_name')). fInput('text', 'p_userid', $name, '', '', '', INPUT_REGULAR, '', 'login_name'), 'div', array('class' => 'txp-form-field login-name')). graf( fInput('submit', '', gTxt('password_reset_button'), 'publish')). graf( href(gTxt('back_to_login'), 'index.php'), array('class' => 'login-return')). hInput('p_reset', 1); } else { $out[] = hed(gTxt('login_to_textpattern'), 1, array('id' => 'txp-login-heading')). n.tag( n.tag(gTxt('name'), 'label', array('for' => 'login_name')). fInput('text', 'p_userid', $name, '', '', '', INPUT_REGULAR, '', 'login_name'), 'div', array('class' => 'txp-form-field login-name')). n.tag( n.tag(gTxt('password'), 'label', array('for' => 'login_password')). fInput('password', 'p_password', '', '', '', '', INPUT_REGULAR, '', 'login_password'), 'div', array('class' => 'txp-form-field login-password')). graf( checkbox('stay', 1, $stay, '', 'login_stay').n. tag(gTxt('stay_logged_in'), 'label', array('for' => 'login_stay')). popHelp('remember_login').n, array('class' => 'login-stay')). graf( fInput('submit', '', gTxt('log_in_button'), 'publish').n ). graf( href(gTxt('password_forgotten'), '?reset=1'), array('class' => 'login-forgot')); if (gps('event')) { $out[] = eInput(gps('event')); } } echo form( join('', $out), '', '', 'post', 'txp-login', '', 'login_form'). script_js('textpattern.textarray = '.json_encode($textarray_script)). n.''.n.''.n.''; exit(0); }",True,PHP,doLoginForm,txp_auth.php,https://github.com/textpattern/textpattern,textpattern,Stef Dawson,2015-11-05 21:56:00+00:00,"Security improvements part 1. See Issue #565 * No more emailing plaintext passwords out: password changes and reset requests are dealt with immediately on the login/admin panels. * Stronger cryptographic hashes for confirmation links that don't leak user ID information. * Hashes are securely tethered to the user account and auto-expire when logging in or generating a new request. Timeout window of 20 minutes by default for answering reset requests. * Password input boxes are unmaskable. Saves having a separate confirmation box, simplifies code logic and is better UX. * Dedicated txp_token table introduced for handling token-based storage and retrieval. Better for plugin authors than abusing txp_discuss_nonce. More on the way including strength meter and improvements to setup passwords...",CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2015-8033,"public function actionGetItems(){ $model = X2Model::model ($this->modelClass); if (isset ($model)) { list ($accessCond, $params) = $model->getAccessSQLCondition (); $tableName = $model->tableName (); $sql = 'SELECT id, fileName as value FROM '.$tableName.' WHERE associationType!=""theme"" and fileName LIKE :qterm AND '.$accessCond.' AND (uploadedBy=:username OR private=0 OR private=NULL) ORDER BY fileName ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $params[':qterm'] = $qterm; $params[':username'] = Yii::app()->user->getName (); $result = $command->queryAll(true, $params); echo CJSON::encode($result); } Yii::app()->end(); }" 5728,"$confirm = pack('H*', gps('confirm')); $name = substr($confirm, 5); $nonce = safe_field(""nonce"", 'txp_users', ""name = '"".doSlash($name).""'""); if ($nonce and $confirm === pack('H*', substr(md5($nonce), 0, 10)).$name) { include_once txpath.'/lib/txplib_admin.php'; $message = reset_author_pass($name); } }",True,PHP,pack,txp_auth.php,https://github.com/textpattern/textpattern,textpattern,Stef Dawson,2015-11-05 21:56:00+00:00,"Security improvements part 1. See Issue #565 * No more emailing plaintext passwords out: password changes and reset requests are dealt with immediately on the login/admin panels. * Stronger cryptographic hashes for confirmation links that don't leak user ID information. * Hashes are securely tethered to the user account and auto-expire when logging in or generating a new request. Timeout window of 20 minutes by default for answering reset requests. * Password input boxes are unmaskable. Saves having a separate confirmation box, simplifies code logic and is better UX. * Dedicated txp_token table introduced for handling token-based storage and retrieval. Better for plugin authors than abusing txp_discuss_nonce. More on the way including strength meter and improvements to setup passwords...",CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2015-8033,"public function actionGetItems(){ $model = X2Model::model ($this->modelClass); if (isset ($model)) { list ($accessCond, $params) = $model->getAccessSQLCondition (); $tableName = $model->tableName (); $sql = 'SELECT id, fileName as value FROM '.$tableName.' WHERE associationType!=""theme"" and fileName LIKE :qterm AND '.$accessCond.' AND (uploadedBy=:username OR private=0 OR private=NULL) ORDER BY fileName ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $params[':qterm'] = $qterm; $params[':username'] = Yii::app()->user->getName (); $result = $command->queryAll(true, $params); echo CJSON::encode($result); } Yii::app()->end(); }" 5729,"function send_reset_confirmation_request($name) { global $sitename; $rs = safe_row(""email, nonce"", 'txp_users', ""name = '"".doSlash($name).""'""); if ($rs) { extract($rs); $confirm = bin2hex(pack('H*', substr(md5($nonce), 0, 10)).$name); $message = gTxt('greeting').' '.$name.','. n.n.gTxt('password_reset_confirmation').': '. n.hu.'textpattern/index.php?confirm='.$confirm; if (txpMail($email, ""[$sitename] "".gTxt('password_reset_confirmation_request'), $message)) { return gTxt('password_reset_confirmation_request_sent'); } else { return array(gTxt('could_not_mail'), E_ERROR); } } else { return gTxt('password_reset_confirmation_request_sent'); } }",True,PHP,send_reset_confirmation_request,txplib_admin.php,https://github.com/textpattern/textpattern,textpattern,Stef Dawson,2015-11-05 21:56:00+00:00,"Security improvements part 1. See Issue #565 * No more emailing plaintext passwords out: password changes and reset requests are dealt with immediately on the login/admin panels. * Stronger cryptographic hashes for confirmation links that don't leak user ID information. * Hashes are securely tethered to the user account and auto-expire when logging in or generating a new request. Timeout window of 20 minutes by default for answering reset requests. * Password input boxes are unmaskable. Saves having a separate confirmation box, simplifies code logic and is better UX. * Dedicated txp_token table introduced for handling token-based storage and retrieval. Better for plugin authors than abusing txp_discuss_nonce. More on the way including strength meter and improvements to setup passwords...",CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2015-8033,"public function actionGetItems(){ $model = X2Model::model ($this->modelClass); if (isset ($model)) { list ($accessCond, $params) = $model->getAccessSQLCondition (); $tableName = $model->tableName (); $sql = 'SELECT id, fileName as value FROM '.$tableName.' WHERE associationType!=""theme"" and fileName LIKE :qterm AND '.$accessCond.' AND (uploadedBy=:username OR private=0 OR private=NULL) ORDER BY fileName ASC'; $command = Yii::app()->db->createCommand($sql); $qterm = $_GET['term'].'%'; $params[':qterm'] = $qterm; $params[':username'] = Yii::app()->user->getName (); $result = $command->queryAll(true, $params); echo CJSON::encode($result); } Yii::app()->end(); }" 5731,hb_map_clear (hb_map_t *map) { if (unlikely (hb_object_is_immutable (map))) return; return map->clear (); },True,PHP,hb_map_clear,hb-map.cc,https://github.com/harfbuzz/harfbuzz,harfbuzz,Behdad Esfahbod,2021-08-24 10:31:49-06:00,"[set] Make all operators null-safe again Changed my mind. Also for hb_map_clear(). Part of https://github.com/harfbuzz/harfbuzz/pull/3162",CWE-787,Out-of-bounds Write,"The product writes data past the end, or before the beginning, of the intended buffer.",https://cwe.mitre.org/data/definitions/787.html,CVE-2021-45931,"public function actionView($id){ $model = $this->loadModel($id); if (!$this->checkPermissions ($model, 'view')) $this->denied (); User::addRecentItem('m', $id, Yii::app()->user->getId()); $this->render('view', array( 'model' => $model, )); }" 5733,"public function showCredits() { ?>

    : Marco L., Rolf W., Tobias U., Lars K., Donna F., Kevin D., Ramos S., Thomas M., John C., Andreas G., Ben M., Myra R. I., Carlos U. R.-S., Oleg I., M. N., Daniel K., James L., Jochen K., Cyril P., Thomas K., Patrik K., !

    , Besnik Bleta, FatCow, Rene, Fab, EzBizNiz, Gormer, Natalya, AggelioPolis, Web Hosting Geeks, Web Hosting Rating, Nata Strazda (Web Hosting Hub), Hossein (LibreOffice localization team), Ste & Chris !

    you for using my plugin. It is the best commendation if my piece of code is really used!','wp-piwik'); ?>

    loadModel($id); if (!$this->checkPermissions ($model, 'view')) $this->denied (); User::addRecentItem('m', $id, Yii::app()->user->getId()); $this->render('view', array( 'model' => $model, )); }" 5735,"$tableBody[] = array($row['label'], $row['nb_visits'], $row['bounce_rate']); if ($count == 10) break; } $this->table($tableHead, $tableBody, null); } }",True,PHP,array,Search.php,https://github.com/braekling/WP-Matomo,braekling,André Bräkling,2015-10-12 23:30:13+02:00,"Security fix + translations Security fix (XSS vulnerability) + several updated translations: Portuguese (Brazil), Italian, Albanian",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2015-9405,"public function actionView($id){ $model = $this->loadModel($id); if (!$this->checkPermissions ($model, 'view')) $this->denied (); User::addRecentItem('m', $id, Yii::app()->user->getId()); $this->render('view', array( 'model' => $model, )); }" 5736,"function generate_key($size) { if ( is_callable('openssl_random_pseudo_bytes') and !(version_compare(PHP_VERSION, '5.3.4') < 0 and defined('PHP_WINDOWS_VERSION_MAJOR')) ) { return substr( str_replace( array('+', '/'), '', base64_encode(openssl_random_pseudo_bytes($size+10)) ), 0, $size ); } else { $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $l = strlen($alphabet)-1; $key = ''; for ($i=0; $i<$size; $i++) { $key.= $alphabet[mt_rand(0, $l)]; } return $key; } }",True,PHP,generate_key,functions_session.inc.php,https://github.com/Piwigo/Piwigo,Piwigo,plegall,2016-04-26 11:07:44+02:00,"bug #470, use a dedicated lib to generate random bytes",CWE-335,Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG),The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.,https://cwe.mitre.org/data/definitions/335.html,CVE-2016-3735,"public function actionView($id){ $model = $this->loadModel($id); if (!$this->checkPermissions ($model, 'view')) $this->denied (); User::addRecentItem('m', $id, Yii::app()->user->getId()); $this->render('view', array( 'model' => $model, )); }" 5751,"function get_quick_search_results_no_cache($q, $options) { global $conf; $q = trim(stripslashes($q)); $search_results = array( 'items' => array(), 'qs' => array('q'=>$q), ); $q = trigger_change('qsearch_pre', $q); $scopes = array(); $scopes[] = new QSearchScope('tag', array('tags')); $scopes[] = new QSearchScope('photo', array('photos')); $scopes[] = new QSearchScope('file', array('filename')); $scopes[] = new QSearchScope('author', array(), true); $scopes[] = new QNumericRangeScope('width', array()); $scopes[] = new QNumericRangeScope('height', array()); $scopes[] = new QNumericRangeScope('ratio', array(), false, 0.001); $scopes[] = new QNumericRangeScope('size', array()); $scopes[] = new QNumericRangeScope('filesize', array()); $scopes[] = new QNumericRangeScope('hits', array('hit', 'visit', 'visits')); $scopes[] = new QNumericRangeScope('score', array('rating'), true); $scopes[] = new QNumericRangeScope('id', array()); $createdDateAliases = array('taken', 'shot'); $postedDateAliases = array('added'); if ($conf['calendar_datefield'] == 'date_creation') $createdDateAliases[] = 'date'; else $postedDateAliases[] = 'date'; $scopes[] = new QDateRangeScope('created', $createdDateAliases, true); $scopes[] = new QDateRangeScope('posted', $postedDateAliases); $scopes = trigger_change('qsearch_get_scopes', $scopes); $expression = new QExpression($q, $scopes); $inflector = null; $lang_code = substr(get_default_language(),0,2); @include_once(PHPWG_ROOT_PATH.'include/inflectors/'.$lang_code.'.php'); $class_name = 'Inflector_'.$lang_code; if (class_exists($class_name)) { $inflector = new $class_name; foreach( $expression->stokens as $token) { if (isset($token->scope) && !$token->scope->is_text) continue; if (strlen($token->term)>2 && ($token->modifier & (QST_QUOTED|QST_WILDCARD))==0 && strcspn($token->term, '\'0123456789') == strlen($token->term) ) { $token->variants = array_unique( array_diff( $inflector->get_variants($token->term), array($token->term) ) ); } } } trigger_notify('qsearch_expression_parsed', $expression); if (count($expression->stokens)==0) { return $search_results; } $qsr = new QResults; qsearch_get_tags($expression, $qsr); qsearch_get_images($expression, $qsr); trigger_notify('qsearch_before_eval', $expression, $qsr); $ids = qsearch_eval($expression, $qsr, $tmp, $search_results['qs']['unmatched_terms']); $debug[] = ""'; break; case 'export': $gen = ''; break; } return apply_filters( ""get_the_generator_{$type}"", $gen, $type ); }" 6076,"function updateObject($object, $table, $where=null, $identifier='id', $is_revisioned=false) { if ($is_revisioned) { $object->revision_id++; $res = $this->insertObject($object, $table); $this->trim_revisions($table, $object->$identifier, WORKFLOW_REVISION_LIMIT); return $res; } $sql = ""UPDATE "" . $this->prefix . ""$table SET ""; foreach (get_object_vars($object) as $var => $val) { if ($var{0} != '_') { if (is_array($val) || is_object($val)) { $val = serialize($val); $sql .= ""`$var`='"".$val.""',""; } else { $sql .= ""`$var`='"" . $this->escapeString($val) . ""',""; } } } $sql = substr($sql, 0, -1) . "" WHERE ""; if ($where != null) $sql .= $this->injectProof($where); else $sql .= ""`"" . $identifier . ""`="" . $object->$identifier; $res = (@mysqli_query($this->connection, $sql) != false); return $res; }",True,PHP,updateObject,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"function wp_http_validate_url( $url ) { $original_url = $url; $url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) ); if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) ) { return false; } $parsed_url = @parse_url( $url ); if ( ! $parsed_url || empty( $parsed_url['host'] ) ) { return false; } if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) ) { return false; } if ( false !== strpbrk( $parsed_url['host'], ': return false; } $parsed_home = @parse_url( get_option( 'home' ) ); if ( isset( $parsed_home['host'] ) ) { $same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ); } else { $same_host = false; } if ( ! $same_host ) { $host = trim( $parsed_url['host'], '.' ); if ( preg_match( '#^(([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)\.){3}([1-9]?\d|1\d\d|25[0-5]|2[0-4]\d)$ $ip = $host; } else { $ip = gethostbyname( $host ); if ( $ip === $host ) { $ip = false; } } if ( $ip ) { $parts = array_map( 'intval', explode( '.', $ip ) ); if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0] || ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] ) || ( 192 === $parts[0] && 168 === $parts[1] ) ) { if ( ! apply_filters( 'http_request_host_is_external', false, $host, $url ) ) { return false; } } } } if ( empty( $parsed_url['port'] ) ) { return $url; } $port = $parsed_url['port']; if ( 80 === $port || 443 === $port || 8080 === $port ) { return $url; } if ( $parsed_home && $same_host && isset( $parsed_home['port'] ) && $parsed_home['port'] === $port ) { return $url; } return false; }" 6077,"function updateObject($object, $table, $where=null, $identifier='id', $is_revisioned=false) { if ($is_revisioned) { $object->revision_id++; $res = $this->insertObject($object, $table); $this->trim_revisions($table, $object->$identifier, WORKFLOW_REVISION_LIMIT); return $res; } $sql = ""UPDATE "" . $this->prefix . ""$table SET ""; foreach (get_object_vars($object) as $var => $val) { if ($var{0} != '_') { if (is_array($val) || is_object($val)) { $val = serialize($val); $sql .= ""`$var`='"".$val.""',""; } else { $sql .= ""`$var`='"" . $this->escapeString($val) . ""',""; } } } $sql = substr($sql, 0, -1) . "" WHERE ""; if ($where != null) $sql .= $this->injectProof($where); else $sql .= ""`"" . $identifier . ""`="" . $object->$identifier; $res = (@mysqli_query($this->connection, $sql) != false); return $res; }",True,PHP,updateObject,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function index($id) { if (!is_numeric($id)) { throw new MethodNotAllowedException(__('No template with the provided ID exists, or you are not authorised to see it.')); } $template = $this->TemplateElement->Template->checkAuthorisation($id, $this->Auth->user(), false); if (!$this->_isSiteAdmin() && !$template) { throw new MethodNotAllowedException(__('No template with the provided ID exists, or you are not authorised to see it.')); } $templateElements = $this->TemplateElement->find('all', array( 'conditions' => array( 'template_id' => $id, ), 'contain' => array( 'TemplateElementAttribute', 'TemplateElementText', 'TemplateElementFile' ), 'order' => array('TemplateElement.position ASC') )); $this->loadModel('Attribute'); $this->set('validTypeGroups', $this->Attribute->validTypeGroups); $this->set('id', $id); $this->layout = 'ajaxTemplate'; $this->set('elements', $templateElements); $mayModify = false; if ($this->_isSiteAdmin() || $template['Template']['org'] == $this->Auth->user('Organisation')['name']) { $mayModify = true; } $this->set('mayModify', $mayModify); $this->render('ajax/ajaxIndex'); }" 6078,"function updateObject($object, $table, $where=null, $identifier='id', $is_revisioned=false) { if ($is_revisioned) { $object->revision_id++; $res = $this->insertObject($object, $table); $this->trim_revisions($table, $object->$identifier, WORKFLOW_REVISION_LIMIT); return $res; } $sql = ""UPDATE "" . $this->prefix . ""$table SET ""; foreach (get_object_vars($object) as $var => $val) { if ($var{0} != '_') { if (is_array($val) || is_object($val)) { $val = serialize($val); $sql .= ""`$var`='"".$val.""',""; } else { $sql .= ""`$var`='"" . $this->escapeString($val) . ""',""; } } } $sql = substr($sql, 0, -1) . "" WHERE ""; if ($where != null) $sql .= $this->injectProof($where); else $sql .= ""`"" . $identifier . ""`="" . $object->$identifier; $res = (@mysqli_query($this->connection, $sql) != false); return $res; }",True,PHP,updateObject,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function checkAuthorisation($id, $user, $write) { $template = $this->find('first', array( 'conditions' => array('id' => $id), 'recursive' => -1, )); if (empty($template)) { return false; } if ($user['Role']['perm_site_admin']) { return $template; } if ($write) { if ($user['Organisation']['name'] == $template['Template']['org'] && $user['Role']['perm_template']) { return $template; } return false; } else { if ($user['Organisation']['name'] == $template['Template']['org'] || $template['Template']['share']) { return $template; } return false; } }" 6080,"function updateObject($object, $table, $where=null, $identifier='id', $is_revisioned=false) { if ($is_revisioned) { $object->revision_id++; $res = $this->insertObject($object, $table); $this->trim_revisions($table, $object->$identifier, WORKFLOW_REVISION_LIMIT); return $res; } $sql = ""UPDATE "" . $this->prefix . ""$table SET ""; foreach (get_object_vars($object) as $var => $val) { if ($var{0} != '_') { if (is_array($val) || is_object($val)) { $val = serialize($val); $sql .= ""`$var`='"".$val.""',""; } else { $sql .= ""`$var`='"" . $this->escapeString($val) . ""',""; } } } $sql = substr($sql, 0, -1) . "" WHERE ""; if ($where != null) $sql .= $this->injectProof($where); else $sql .= ""`"" . $identifier . ""`="" . $object->$identifier; $res = (@mysqli_query($this->connection, $sql) != false); return $res; }",True,PHP,updateObject,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"return !empty($paramArray[$paramName]); }, ARRAY_FILTER_USE_KEY); if (!empty($paramArray)) { foreach ($paramArray as $p) { if (isset($request->params['named'][$p])) { $data[$p] = str_replace(';', ':', $request->params['named'][$p]); } } } foreach ($data as &$v) { if (is_string($v)) { $v = trim($v); if (strpos($v, '||')) { $v = explode('||', $v); } } } unset($v); return $data; }" 6081,"function updateObject($object, $table, $where=null, $identifier='id', $is_revisioned=false) { if ($is_revisioned) { $object->revision_id++; $res = $this->insertObject($object, $table); $this->trim_revisions($table, $object->$identifier, WORKFLOW_REVISION_LIMIT); return $res; } $sql = ""UPDATE "" . $this->prefix . ""$table SET ""; foreach (get_object_vars($object) as $var => $val) { if ($var{0} != '_') { if (is_array($val) || is_object($val)) { $val = serialize($val); $sql .= ""`$var`='"".$val.""',""; } else { $sql .= ""`$var`='"" . $this->escapeString($val) . ""',""; } } } $sql = substr($sql, 0, -1) . "" WHERE ""; if ($where != null) $sql .= $this->injectProof($where); else $sql .= ""`"" . $identifier . ""`="" . $object->$identifier; $res = (@mysqli_query($this->connection, $sql) != false); return $res; }",True,PHP,updateObject,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function add(array $params = []) { $modelName = $this->Controller->modelClass; $data = []; if ($this->Controller->request->is('post')) { $input = $this->Controller->request->data; if (empty($input[$modelName])) { $input = [$modelName => $input]; } if (!empty($params['override'])) { foreach ($params['override'] as $field => $value) { $input[$modelName][$field] = $value; } } unset($input[$modelName]['id']); if (!empty($params['fields'])) { $data = []; foreach ($params['fields'] as $field) { $data[$field] = $input[$modelName][$field]; } } else { $data = $input; } if (isset($params['beforeSave'])) { $data = $params['beforeSave']($data); } $model = $this->Controller->{$modelName}; $savedData = $model->save($data); if ($savedData) { if (isset($params['afterSave'])) { $params['afterSave']($data); } $data = $model->find('first', [ 'recursive' => -1, 'conditions' => [ 'id' => $model->id ] ]); if (empty($data)) { throw new Exception(""Something went wrong, saved data not found in database.""); } if (isset($params['afterFind'])) { $data = $params['afterFind']($data, $savedData); } $message = __('%s added.', $modelName); if ($this->Controller->IndexFilter->isRest()) { $this->Controller->restResponsePayload = $this->Controller->RestResponse->viewData($data, 'json'); } else { $this->Controller->Flash->success($message); if (!empty($params['displayOnSuccess'])) { $this->Controller->set('entity', $data); $this->Controller->set('referer', $this->Controller->referer(['action' => 'view', $model->id], true)); $this->Controller->render($params['displayOnSuccess']); return; } $redirect = isset($params['redirect']) ? $params['redirect'] : ['action' => 'index']; if (!empty($params['redirect_controller'])) { if (is_array($redirect)) { $redirect['controller'] = $params['redirect_controller']; } else { $redirect = '/' . $params['redirect_controller'] . '/' . $redirect; } } if ($this->Controller->request->is('ajax')) { $redirect = Router::url($redirect); $this->Controller->restResponsePayload = $this->Controller->RestResponse->viewData(['redirect' => $redirect], 'json'); } else { $this->Controller->redirect($redirect); } } } else { $message = __('%s could not be added.', $modelName); if ($this->Controller->IndexFilter->isRest()) { $controllerName = $this->Controller->params['controller']; $actionName = $this->Controller->params['action']; $this->Controller->restResponsePayload = $this->Controller->RestResponse->saveFailResponse($controllerName, $actionName, false, $model->validationErrors, 'json'); } else { $this->Controller->Flash->error($message); } } } $this->Controller->set('entity', $data); }" 6096,"function lockTable($table,$lockType=""WRITE"") { $sql = ""LOCK TABLES `"" . $this->prefix . ""$table` $lockType""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,lockTable,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"private function __saveCert($server, $id, $client = false, $delete = false) { if ($client) { $subm = 'submitted_client_cert'; $attr = 'client_cert_file'; $ins = '_client'; } else { $subm = 'submitted_cert'; $attr = 'cert_file'; $ins = ''; } if (!$delete) { $ext = ''; App::uses('File', 'Utility'); App::uses('Folder', 'Utility'); App::uses('FileAccessTool', 'Tools'); App::uses('SyncTool', 'Tools'); if (isset($server['Server'][$subm]['name'])) { if ($this->request->data['Server'][$subm]['size'] != 0) { if (!$this->Server->checkFilename($server['Server'][$subm]['name'])) { throw new Exception(__('Filename not allowed')); } if (!is_uploaded_file($server['Server'][$subm]['tmp_name'])) { throw new Exception(__('File not uploaded correctly')); } $ext = pathinfo($server['Server'][$subm]['name'], PATHINFO_EXTENSION); if (!in_array($ext, SyncTool::ALLOWED_CERT_FILE_EXTENSIONS)) { $this->Flash->error(__('Invalid extension.')); $this->redirect(array('action' => 'index')); } if (!$server['Server'][$subm]['size'] > 0) { $this->Flash->error(__('Incorrect extension or empty file.')); $this->redirect(array('action' => 'index')); } $certData = FileAccessTool::readFromFile($server['Server'][$subm]['tmp_name'], $server['Server'][$subm]['size']); } else { return true; } } else { $ext = 'pem'; $certData = base64_decode($server['Server'][$subm]); } try { $cert = openssl_x509_parse($certData); if (!$cert) { throw new Exception(__('Invalid certificate.')); } } catch (Exception $e) { $this->Flash->error(__('Invalid certificate.')); $this->redirect(array('action' => 'index')); } $destpath = APP . ""files"" . DS . ""certs"" . DS; $pemfile = new File($destpath . $id . $ins . '.' . $ext); $result = $pemfile->write($certData); $s = $this->Server->read(null, $id); $s['Server'][$attr] = $s['Server']['id'] . $ins . '.' . $ext; if ($result) { $this->Server->save($s); } } else { $s = $this->Server->read(null, $id); $s['Server'][$attr] = ''; $this->Server->save($s); } return true; }" 6097,"function lockTable($table,$lockType=""WRITE"") { $sql = ""LOCK TABLES `"" . $this->prefix . ""$table` $lockType""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,lockTable,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function setupHttpSocket($server = null, $timeout = false, $model = 'Server') { $params = ['compress' => true]; if (!empty($server)) { if (!empty($server[$model]['cert_file'])) { $params['ssl_cafile'] = APP . ""files"" . DS . ""certs"" . DS . $server[$model]['cert_file']; } if (!empty($server[$model]['client_cert_file'])) { $params['ssl_local_cert'] = APP . ""files"" . DS . ""certs"" . DS . $server[$model]['client_cert_file']; } if (!empty($server[$model]['self_signed'])) { $params['ssl_allow_self_signed'] = true; $params['ssl_verify_peer_name'] = false; if (!isset($server[$model]['cert_file'])) { $params['ssl_verify_peer'] = false; } } if (!empty($server[$model]['skip_proxy'])) { $params['skip_proxy'] = 1; } if (!empty($timeout)) { $params['timeout'] = $timeout; } } return $this->createHttpSocket($params); }" 6098,"function lockTable($table,$lockType=""WRITE"") { $sql = ""LOCK TABLES `"" . $this->prefix . ""$table` $lockType""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,lockTable,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function contact($id = null) { $events = $this->Event->fetchEvent($this->Auth->user(), array('eventid' => $id)); if (empty($events)) { throw new NotFoundException(__('Invalid event')); } if ($this->request->is('post') || $this->request->is('put')) { if (!isset($this->request->data['Event'])) { $this->request->data = array('Event' => $this->request->data); } $message = $this->request->data['Event']['message']; if (empty($message)) { $error = __('You must specify a message.'); if ($this->_isRest()) { throw new MethodNotAllowedException($error); } else { $this->Flash->error($error); $this->redirect(array('action' => 'contact', $id)); } } $creator_only = false; if (isset($this->request->data['Event']['person'])) { $creator_only = $this->request->data['Event']['person']; } $user = $this->Auth->user(); $user['gpgkey'] = $this->Event->User->getPGP($user['id']); $user['certif_public'] = $this->Event->User->getCertificate($user['id']); $success = $this->Event->sendContactEmailRouter($id, $message, $creator_only, $user, $this->_isSiteAdmin()); if ($success) { $return_message = __('Email sent to the reporter.'); if ($this->_isRest()) { return $this->RestResponse->saveSuccessResponse('Events', 'contact', $id, $this->response->type(), $return_message); } else { $this->Flash->success($return_message); $this->redirect(array('action' => 'view', $id)); } } else { $return_message = __('Sending of email failed.'); if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Events', 'contact', $id, $return_message, $this->response->type()); } else { $this->Flash->error($return_message, 'default', array(), 'error'); $this->redirect(array('action' => 'view', $id)); } } } if (empty($this->data)) { $this->data = $events[0]; } }" 6099,"function lockTable($table,$lockType=""WRITE"") { $sql = ""LOCK TABLES `"" . $this->prefix . ""$table` $lockType""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,lockTable,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function setHomePage() { if ($this->request->is('post')) { if (isset($this->request->data['UserSetting'])) { $this->request->data = $this->request->data['UserSetting']; } if (!isset($this->request->data['path'])) { $this->request->data = array('path' => $this->request->data); } if (empty($this->request->data['path'])) { throw new InvalidArgumentException(__('No path POSTed.')); } $setting = array( 'UserSetting' => array( 'user_id' => $this->Auth->user('id'), 'setting' => 'homepage', 'value' => json_encode(array('path' => $this->request->data['path'])) ) ); $result = $this->UserSetting->setSetting($this->Auth->user(), $setting); return $this->RestResponse->saveSuccessResponse('UserSettings', 'setHomePage', false, $this->response->type(), 'Homepage set to ' . $this->request->data['path']); } else { $this->layout = false; } }" 6100,"function lockTable($table,$lockType=""WRITE"") { $sql = ""LOCK TABLES `"" . $this->prefix . ""$table` $lockType""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,lockTable,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"public function logout() { if ($this->Session->check('Auth.User')) { $this->User->extralog($this->Auth->user(), ""logout""); } $this->Flash->info(__('Good-Bye')); $user = $this->User->find('first', array( 'conditions' => array( 'User.id' => $this->Auth->user('id') ), 'recursive' => -1 )); unset($user['User']['password']); $user['User']['action'] = 'logout'; $this->User->save($user['User'], true, array('id')); $this->redirect($this->Auth->logout()); }" 6101,"function lockTable($table,$lockType=""WRITE"") { $sql = ""LOCK TABLES `"" . $this->prefix . ""$table` $lockType""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,lockTable,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"public function admin_delete($id = null) { if (!$this->request->is('post') && !$this->request->is('delete')) { throw new MethodNotAllowedException(__('Action not allowed, post or delete request expected.')); } if (!$this->_isAdmin()) { throw new Exception('Administrators only.'); } $this->User->id = $id; $conditions = array('User.id' => $id); if (!$this->_isSiteAdmin()) { $conditions['org_id'] = $this->Auth->user('org_id'); } $user = $this->User->find('first', array( 'conditions' => $conditions, 'recursive' => -1 )); if (empty($user)) { throw new NotFoundException(__('Invalid user')); } $fieldsDescrStr = 'User (' . $id . '): ' . $user['User']['email']; if ($this->User->delete($id)) { $this->User->extralog($this->Auth->user(), ""delete"", $fieldsDescrStr, ''); if ($this->_isRest()) { return $this->RestResponse->saveSuccessResponse('User', 'admin_delete', $id, $this->response->type(), 'User deleted.'); } else { $this->Flash->success(__('User deleted')); $this->redirect(array('action' => 'index')); } } $this->Flash->error(__('User was not deleted')); $this->redirect(array('action' => 'index')); }" 6102,"function lockTable($table,$lockType=""WRITE"") { $sql = ""LOCK TABLES `"" . $this->prefix . ""$table` $lockType""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,lockTable,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function resetauthkey($id = null, $alert = false) { if (!$this->_isAdmin() && Configure::read('MISP.disableUserSelfManagement')) { throw new MethodNotAllowedException('User self-management has been disabled on this instance.'); } if ($id == 'me') { $id = $this->Auth->user('id'); } if (!$this->userRole['perm_auth']) { throw new MethodNotAllowedException(__('Invalid action.')); } $newkey = $this->User->resetauthkey($this->Auth->user(), $id, $alert); if ($newkey === false) { throw new MethodNotAllowedException(__('Invalid user.')); } if (!$this->_isRest()) { $this->Flash->success(__('New authkey generated.', true)); $this->_refreshAuth(); $this->redirect($this->referer()); } else { return $this->RestResponse->saveSuccessResponse('User', 'resetauthkey', $id, $this->response->type(), 'Authkey updated: ' . $newkey); } }" 6110,"function insertObject($object, $table) { $sql = ""INSERT INTO `"" . $this->prefix . ""$table` (""; $values = "") VALUES (""; foreach (get_object_vars($object) as $var => $val) { if ($var{0} != '_') { $sql .= ""`$var`,""; if ($values != "") VALUES ("") { $values .= "",""; } $values .= ""'"" . $this->escapeString($val) . ""'""; } } $sql = substr($sql, 0, -1) . substr($values, 0) . "")""; if (@mysqli_query($this->connection, $sql) != false) { $id = mysqli_insert_id($this->connection); return $id; } else return 0; }",True,PHP,insertObject,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function change_pw() { if (!$this->_isAdmin() && Configure::read('MISP.disableUserSelfManagement')) { throw new MethodNotAllowedException('User self-management has been disabled on this instance.'); } $id = $this->Auth->user('id'); $user = $this->User->find('first', array( 'conditions' => array('User.id' => $id), 'recursive' => -1 )); if ($this->request->is('post') || $this->request->is('put')) { if (!isset($this->request->data['User'])) { $this->request->data = array('User' => $this->request->data); } $abortPost = false; if (Configure::read('Security.require_password_confirmation')) { if (!empty($this->request->data['User']['current_password'])) { $hashed = $this->User->verifyPassword($this->Auth->user('id'), $this->request->data['User']['current_password']); if (!$hashed) { $message = __('Invalid password. Please enter your current password to continue.'); if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type()); } $abortPost = true; $this->Flash->error($message); } unset($this->request->data['User']['current_password']); } else if (!$this->_isRest()) { $message = __('Please enter your current password to continue.'); if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type()); } $abortPost = true; $this->Flash->info($message); } } if (!$abortPost) { $user['User']['change_pw'] = 0; $user['User']['password'] = $this->request->data['User']['password']; if ($this->_isRest()) { $user['User']['confirm_password'] = $this->request->data['User']['password']; } else { $user['User']['confirm_password'] = $this->request->data['User']['confirm_password']; } $temp = $user['User']['password']; if ($this->User->save($user)) { $message = __('Password Changed.'); $this->User->extralog($this->Auth->user(), ""change_pw"", null, null, $user); if ($this->_isRest()) { return $this->RestResponse->saveSuccessResponse('User', 'change_pw', false, $this->response->type(), $message); } $this->Flash->success($message); $this->_refreshAuth(); $this->redirect(array('action' => 'view', $id)); } else { $message = __('The password could not be updated. Make sure you meet the minimum password length / complexity requirements.'); if ($this->_isRest()) { return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type()); } $this->Flash->error($message); } } } if ($this->_isRest()) { return $this->RestResponse->describe('Users', 'change_pw', false, $this->response->type()); } $this->loadModel('Server'); $this->set('complexity', !empty(Configure::read('Security.password_policy_complexity')) ? Configure::read('Security.password_policy_complexity') : $this->Server->serverSettings['Security']['password_policy_complexity']['value']); $this->set('length', !empty(Configure::read('Security.password_policy_length')) ? Configure::read('Security.password_policy_length') : $this->Server->serverSettings['Security']['password_policy_length']['value']); $this->User->recursive = 0; $this->User->read(null, $id); $this->User->set('password', ''); $this->request->data = $this->User->data; $roles = $this->User->Role->find('list'); $this->set(compact('roles')); }" 6111,"function insertObject($object, $table) { $sql = ""INSERT INTO `"" . $this->prefix . ""$table` (""; $values = "") VALUES (""; foreach (get_object_vars($object) as $var => $val) { if ($var{0} != '_') { $sql .= ""`$var`,""; if ($values != "") VALUES ("") { $values .= "",""; } $values .= ""'"" . $this->escapeString($val) . ""'""; } } $sql = substr($sql, 0, -1) . substr($values, 0) . "")""; if (@mysqli_query($this->connection, $sql) != false) { $id = mysqli_insert_id($this->connection); return $id; } else return 0; }",True,PHP,insertObject,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"private function __pullEvent($eventId, &$successes, &$fails, $eventModel, $server, $user, $jobId) { $event = $eventModel->downloadEventFromServer( $eventId, $server ); ; if (!empty($event)) { if ($this->__checkIfEventIsBlockedBeforePull($event)) { return false; } $event = $this->__updatePulledEventBeforeInsert($event, $server, $user); if (!$this->__checkIfEventSaveAble($event)) { $fails[$eventId] = __('Empty event detected.'); } else { $this->__checkIfPulledEventExistsAndAddOrUpdate($event, $eventId, $successes, $fails, $eventModel, $server, $user, $jobId); } } else { $fails[$eventId] = __('failed downloading the event'); } return true; }" 6112,"function insertObject($object, $table) { $sql = ""INSERT INTO `"" . $this->prefix . ""$table` (""; $values = "") VALUES (""; foreach (get_object_vars($object) as $var => $val) { if ($var{0} != '_') { $sql .= ""`$var`,""; if ($values != "") VALUES ("") { $values .= "",""; } $values .= ""'"" . $this->escapeString($val) . ""'""; } } $sql = substr($sql, 0, -1) . substr($values, 0) . "")""; if (@mysqli_query($this->connection, $sql) != false) { $id = mysqli_insert_id($this->connection); return $id; } else return 0; }",True,PHP,insertObject,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"private function __checkIfPulledEventExistsAndAddOrUpdate($event, $eventId, &$successes, &$fails, $eventModel, $server, $user, $jobId) { $existingEvent = $eventModel->find('first', array('conditions' => array('Event.uuid' => $event['Event']['uuid']))); $passAlong = $server['Server']['id']; if (!$existingEvent) { $result = $eventModel->_add($event, true, $user, $server['Server']['org_id'], $passAlong, true, $jobId); if ($result) { $successes[] = $eventId; } else { $fails[$eventId] = __('Failed (partially?) because of validation errors: ') . json_encode($eventModel->validationErrors, true); } } else { if (!$existingEvent['Event']['locked'] && !$server['Server']['internal']) { $fails[$eventId] = __('Blocked an edit to an event that was created locally. This can happen if a synchronised event that was created on this instance was modified by an administrator on the remote side.'); } else { $result = $eventModel->_edit($event, $user, $existingEvent['Event']['id'], $jobId, $passAlong); if ($result === true) { $successes[] = $eventId; } elseif (isset($result['error'])) { $fails[$eventId] = $result['error']; } else { $fails[$eventId] = json_encode($result); } } } }" 6113,"function insertObject($object, $table) { $sql = ""INSERT INTO `"" . $this->prefix . ""$table` (""; $values = "") VALUES (""; foreach (get_object_vars($object) as $var => $val) { if ($var{0} != '_') { $sql .= ""`$var`,""; if ($values != "") VALUES ("") { $values .= "",""; } $values .= ""'"" . $this->escapeString($val) . ""'""; } } $sql = substr($sql, 0, -1) . substr($values, 0) . "")""; if (@mysqli_query($this->connection, $sql) != false) { $id = mysqli_insert_id($this->connection); return $id; } else return 0; }",True,PHP,insertObject,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"private function __findObjectByUuid($object_uuid, &$type, $scope = 'modify') { $this->loadModel('Event'); if (!$this->userRole['perm_tagger']) { throw new MethodNotAllowedException(__('This functionality requires tagging permission.')); } $object = $this->Event->fetchEvent($this->Auth->user(), array( 'event_uuid' => $object_uuid, 'metadata' => 1 )); $type = 'Event'; if (!empty($object)) { $object = $object[0]; if ( $scope !== 'view' && !$this->_isSiteAdmin() && !$object['Event']['orgc_id'] != $this->Auth->user('org_id') ) { throw new MethodNotAllowedException(__('Invalid Target.')); } } else { $type = 'Attribute'; $object = $this->Event->Attribute->fetchAttributes( $this->Auth->user(), array( 'conditions' => array( 'Attribute.uuid' => $object_uuid ), 'flatten' => 1 ) ); if (!empty($object)) { $object = $object[0]; if ( $scope !== 'view' && !$this->_isSiteAdmin() && !$object['Event']['orgc_id'] != $this->Auth->user('org_id') ) { throw new MethodNotAllowedException(__('Invalid Target.')); } } else { throw new MethodNotAllowedException(__('Invalid Target.')); } } return $object; }" 6114,"function insertObject($object, $table) { $sql = ""INSERT INTO `"" . $this->prefix . ""$table` (""; $values = "") VALUES (""; foreach (get_object_vars($object) as $var => $val) { if ($var{0} != '_') { $sql .= ""`$var`,""; if ($values != "") VALUES ("") { $values .= "",""; } $values .= ""'"" . $this->escapeString($val) . ""'""; } } $sql = substr($sql, 0, -1) . substr($values, 0) . "")""; if (@mysqli_query($this->connection, $sql) != false) { $id = mysqli_insert_id($this->connection); return $id; } else return 0; }",True,PHP,insertObject,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"public function isBlacklisted($ip, $username) { $this->clean(); $params = array( 'conditions' => array( 'Bruteforce.ip' => $ip, 'LOWER(Bruteforce.username)' => trim(strtolower($username))) ); $count = $this->find('count', $params); $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; if ($count >= $amount) { return true; } else { return false; } }" 6115,"function insertObject($object, $table) { $sql = ""INSERT INTO `"" . $this->prefix . ""$table` (""; $values = "") VALUES (""; foreach (get_object_vars($object) as $var => $val) { if ($var{0} != '_') { $sql .= ""`$var`,""; if ($values != "") VALUES ("") { $values .= "",""; } $values .= ""'"" . $this->escapeString($val) . ""'""; } } $sql = substr($sql, 0, -1) . substr($values, 0) . "")""; if (@mysqli_query($this->connection, $sql) != false) { $id = mysqli_insert_id($this->connection); return $id; } else return 0; }",True,PHP,insertObject,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"public function isBlacklisted($ip, $username) { $this->clean(); $params = array( 'conditions' => array( 'Bruteforce.ip' => $ip, 'LOWER(Bruteforce.username)' => trim(strtolower($username))) ); $count = $this->find('count', $params); $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; if ($count >= $amount) { return true; } else { return false; } }" 6116,"function insertObject($object, $table) { $sql = ""INSERT INTO `"" . $this->prefix . ""$table` (""; $values = "") VALUES (""; foreach (get_object_vars($object) as $var => $val) { if ($var{0} != '_') { $sql .= ""`$var`,""; if ($values != "") VALUES ("") { $values .= "",""; } $values .= ""'"" . $this->escapeString($val) . ""'""; } } $sql = substr($sql, 0, -1) . substr($values, 0) . "")""; if (@mysqli_query($this->connection, $sql) != false) { $id = mysqli_insert_id($this->connection); return $id; } else return 0; }",True,PHP,insertObject,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function isBlacklisted($ip, $username) { $this->clean(); $params = array( 'conditions' => array( 'Bruteforce.ip' => $ip, 'LOWER(Bruteforce.username)' => trim(strtolower($username))) ); $count = $this->find('count', $params); $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; if ($count >= $amount) { return true; } else { return false; } }" 6131,"function unlockTables() { $sql = ""UNLOCK TABLES""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,unlockTables,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function isBlacklisted($ip, $username) { $this->clean(); $params = array( 'conditions' => array( 'Bruteforce.ip' => $ip, 'LOWER(Bruteforce.username)' => trim(strtolower($username))) ); $count = $this->find('count', $params); $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; if ($count >= $amount) { return true; } else { return false; } }" 6132,"function unlockTables() { $sql = ""UNLOCK TABLES""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,unlockTables,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function isBlacklisted($ip, $username) { $this->clean(); $params = array( 'conditions' => array( 'Bruteforce.ip' => $ip, 'LOWER(Bruteforce.username)' => trim(strtolower($username))) ); $count = $this->find('count', $params); $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; if ($count >= $amount) { return true; } else { return false; } }" 6133,"function unlockTables() { $sql = ""UNLOCK TABLES""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,unlockTables,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function isBlacklisted($ip, $username) { $this->clean(); $params = array( 'conditions' => array( 'Bruteforce.ip' => $ip, 'LOWER(Bruteforce.username)' => trim(strtolower($username))) ); $count = $this->find('count', $params); $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; if ($count >= $amount) { return true; } else { return false; } }" 6134,"function unlockTables() { $sql = ""UNLOCK TABLES""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,unlockTables,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function isBlacklisted($ip, $username) { $this->clean(); $params = array( 'conditions' => array( 'Bruteforce.ip' => $ip, 'LOWER(Bruteforce.username)' => trim(strtolower($username))) ); $count = $this->find('count', $params); $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; if ($count >= $amount) { return true; } else { return false; } }" 6135,"function unlockTables() { $sql = ""UNLOCK TABLES""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,unlockTables,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"public function isBlacklisted($ip, $username) { $this->clean(); $params = array( 'conditions' => array( 'Bruteforce.ip' => $ip, 'LOWER(Bruteforce.username)' => trim(strtolower($username))) ); $count = $this->find('count', $params); $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; if ($count >= $amount) { return true; } else { return false; } }" 6136,"function unlockTables() { $sql = ""UNLOCK TABLES""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,unlockTables,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"public function isBlacklisted($ip, $username) { $this->clean(); $params = array( 'conditions' => array( 'Bruteforce.ip' => $ip, 'LOWER(Bruteforce.username)' => trim(strtolower($username))) ); $count = $this->find('count', $params); $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; if ($count >= $amount) { return true; } else { return false; } }" 6137,"function unlockTables() { $sql = ""UNLOCK TABLES""; $res = mysqli_query($this->connection, $sql); return $res; }",True,PHP,unlockTables,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function clean() { $dataSourceConfig = ConnectionManager::getDataSource('default')->config; $dataSource = $dataSourceConfig['datasource']; $expire = date('Y-m-d H:i:s', time()); if ($dataSource == 'Database/Mysql') { $sql = 'DELETE FROM bruteforces WHERE `expire` <= ""' . $expire . '"";'; } elseif ($dataSource == 'Database/Postgres') { $sql = 'DELETE FROM bruteforces WHERE expire <= ""' . $expire . '"";'; } $this->query($sql); }" 6138,"function columnUpdate($table, $col, $val, $where=1) { $res = @mysqli_query($this->connection, ""UPDATE `"" . $this->prefix . ""$table` SET `$col`='"" . $val . ""' WHERE $where""); }",True,PHP,columnUpdate,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function clean() { $dataSourceConfig = ConnectionManager::getDataSource('default')->config; $dataSource = $dataSourceConfig['datasource']; $expire = date('Y-m-d H:i:s', time()); if ($dataSource == 'Database/Mysql') { $sql = 'DELETE FROM bruteforces WHERE `expire` <= ""' . $expire . '"";'; } elseif ($dataSource == 'Database/Postgres') { $sql = 'DELETE FROM bruteforces WHERE expire <= ""' . $expire . '"";'; } $this->query($sql); }" 6139,"function columnUpdate($table, $col, $val, $where=1) { $res = @mysqli_query($this->connection, ""UPDATE `"" . $this->prefix . ""$table` SET `$col`='"" . $val . ""' WHERE $where""); }",True,PHP,columnUpdate,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function clean() { $dataSourceConfig = ConnectionManager::getDataSource('default')->config; $dataSource = $dataSourceConfig['datasource']; $expire = date('Y-m-d H:i:s', time()); if ($dataSource == 'Database/Mysql') { $sql = 'DELETE FROM bruteforces WHERE `expire` <= ""' . $expire . '"";'; } elseif ($dataSource == 'Database/Postgres') { $sql = 'DELETE FROM bruteforces WHERE expire <= ""' . $expire . '"";'; } $this->query($sql); }" 6140,"function columnUpdate($table, $col, $val, $where=1) { $res = @mysqli_query($this->connection, ""UPDATE `"" . $this->prefix . ""$table` SET `$col`='"" . $val . ""' WHERE $where""); }",True,PHP,columnUpdate,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function clean() { $dataSourceConfig = ConnectionManager::getDataSource('default')->config; $dataSource = $dataSourceConfig['datasource']; $expire = date('Y-m-d H:i:s', time()); if ($dataSource == 'Database/Mysql') { $sql = 'DELETE FROM bruteforces WHERE `expire` <= ""' . $expire . '"";'; } elseif ($dataSource == 'Database/Postgres') { $sql = 'DELETE FROM bruteforces WHERE expire <= ""' . $expire . '"";'; } $this->query($sql); }" 6141,"function columnUpdate($table, $col, $val, $where=1) { $res = @mysqli_query($this->connection, ""UPDATE `"" . $this->prefix . ""$table` SET `$col`='"" . $val . ""' WHERE $where""); }",True,PHP,columnUpdate,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function clean() { $dataSourceConfig = ConnectionManager::getDataSource('default')->config; $dataSource = $dataSourceConfig['datasource']; $expire = date('Y-m-d H:i:s', time()); if ($dataSource == 'Database/Mysql') { $sql = 'DELETE FROM bruteforces WHERE `expire` <= ""' . $expire . '"";'; } elseif ($dataSource == 'Database/Postgres') { $sql = 'DELETE FROM bruteforces WHERE expire <= ""' . $expire . '"";'; } $this->query($sql); }" 6142,"function columnUpdate($table, $col, $val, $where=1) { $res = @mysqli_query($this->connection, ""UPDATE `"" . $this->prefix . ""$table` SET `$col`='"" . $val . ""' WHERE $where""); }",True,PHP,columnUpdate,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"public function clean() { $dataSourceConfig = ConnectionManager::getDataSource('default')->config; $dataSource = $dataSourceConfig['datasource']; $expire = date('Y-m-d H:i:s', time()); if ($dataSource == 'Database/Mysql') { $sql = 'DELETE FROM bruteforces WHERE `expire` <= ""' . $expire . '"";'; } elseif ($dataSource == 'Database/Postgres') { $sql = 'DELETE FROM bruteforces WHERE expire <= ""' . $expire . '"";'; } $this->query($sql); }" 6143,"function columnUpdate($table, $col, $val, $where=1) { $res = @mysqli_query($this->connection, ""UPDATE `"" . $this->prefix . ""$table` SET `$col`='"" . $val . ""' WHERE $where""); }",True,PHP,columnUpdate,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"public function clean() { $dataSourceConfig = ConnectionManager::getDataSource('default')->config; $dataSource = $dataSourceConfig['datasource']; $expire = date('Y-m-d H:i:s', time()); if ($dataSource == 'Database/Mysql') { $sql = 'DELETE FROM bruteforces WHERE `expire` <= ""' . $expire . '"";'; } elseif ($dataSource == 'Database/Postgres') { $sql = 'DELETE FROM bruteforces WHERE expire <= ""' . $expire . '"";'; } $this->query($sql); }" 6144,"function columnUpdate($table, $col, $val, $where=1) { $res = @mysqli_query($this->connection, ""UPDATE `"" . $this->prefix . ""$table` SET `$col`='"" . $val . ""' WHERE $where""); }",True,PHP,columnUpdate,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function clean() { $dataSourceConfig = ConnectionManager::getDataSource('default')->config; $dataSource = $dataSourceConfig['datasource']; $expire = date('Y-m-d H:i:s', time()); if ($dataSource == 'Database/Mysql') { $sql = 'DELETE FROM bruteforces WHERE `expire` <= ""' . $expire . '"";'; } elseif ($dataSource == 'Database/Postgres') { $sql = 'DELETE FROM bruteforces WHERE expire <= ""' . $expire . '"";'; } $this->query($sql); }" 6152,"function selectObjectBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return null; return mysqli_fetch_object($res); }",True,PHP,selectObjectBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function clean() { $dataSourceConfig = ConnectionManager::getDataSource('default')->config; $dataSource = $dataSourceConfig['datasource']; $expire = date('Y-m-d H:i:s', time()); if ($dataSource == 'Database/Mysql') { $sql = 'DELETE FROM bruteforces WHERE `expire` <= ""' . $expire . '"";'; } elseif ($dataSource == 'Database/Postgres') { $sql = 'DELETE FROM bruteforces WHERE expire <= ""' . $expire . '"";'; } $this->query($sql); }" 6153,"function selectObjectBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return null; return mysqli_fetch_object($res); }",True,PHP,selectObjectBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function insert($ip, $username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; $expire = time() + $expire; $expire = date('Y-m-d H:i:s', $expire); $bruteforceEntry = array( 'ip' => $ip, 'username' => trim(strtolower($username)), 'expire' => $expire ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; if ($this->isBlacklisted($ip, $username)) { $title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blacklisted for ' . $expire . ' seconds.'; } $log = array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', 'title' => $title ); $this->Log->save($log); }" 6154,"function selectObjectBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return null; return mysqli_fetch_object($res); }",True,PHP,selectObjectBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function insert($ip, $username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; $expire = time() + $expire; $expire = date('Y-m-d H:i:s', $expire); $bruteforceEntry = array( 'ip' => $ip, 'username' => trim(strtolower($username)), 'expire' => $expire ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; if ($this->isBlacklisted($ip, $username)) { $title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blacklisted for ' . $expire . ' seconds.'; } $log = array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', 'title' => $title ); $this->Log->save($log); }" 6155,"function selectObjectBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return null; return mysqli_fetch_object($res); }",True,PHP,selectObjectBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"public function insert($ip, $username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; $expire = time() + $expire; $expire = date('Y-m-d H:i:s', $expire); $bruteforceEntry = array( 'ip' => $ip, 'username' => trim(strtolower($username)), 'expire' => $expire ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; if ($this->isBlacklisted($ip, $username)) { $title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blacklisted for ' . $expire . ' seconds.'; } $log = array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', 'title' => $title ); $this->Log->save($log); }" 6156,"function selectObjectBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return null; return mysqli_fetch_object($res); }",True,PHP,selectObjectBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"public function insert($ip, $username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; $expire = time() + $expire; $expire = date('Y-m-d H:i:s', $expire); $bruteforceEntry = array( 'ip' => $ip, 'username' => trim(strtolower($username)), 'expire' => $expire ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; if ($this->isBlacklisted($ip, $username)) { $title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blacklisted for ' . $expire . ' seconds.'; } $log = array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', 'title' => $title ); $this->Log->save($log); }" 6157,"function selectObjectBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return null; return mysqli_fetch_object($res); }",True,PHP,selectObjectBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"public function insert($ip, $username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; $expire = time() + $expire; $expire = date('Y-m-d H:i:s', $expire); $bruteforceEntry = array( 'ip' => $ip, 'username' => trim(strtolower($username)), 'expire' => $expire ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; if ($this->isBlacklisted($ip, $username)) { $title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blacklisted for ' . $expire . ' seconds.'; } $log = array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', 'title' => $title ); $this->Log->save($log); }" 6158,"function selectObjectBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return null; return mysqli_fetch_object($res); }",True,PHP,selectObjectBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function insert($ip, $username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; $expire = time() + $expire; $expire = date('Y-m-d H:i:s', $expire); $bruteforceEntry = array( 'ip' => $ip, 'username' => trim(strtolower($username)), 'expire' => $expire ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; if ($this->isBlacklisted($ip, $username)) { $title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blacklisted for ' . $expire . ' seconds.'; } $log = array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', 'title' => $title ); $this->Log->save($log); }" 6159,"function selectArraysBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return array(); $arrays = array(); for ($i = 0, $iMax = mysqli_num_rows($res); $i < $iMax; $i++) $arrays[] = mysqli_fetch_assoc($res); return $arrays; }",True,PHP,selectArraysBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"public function insert($ip, $username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; $expire = time() + $expire; $expire = date('Y-m-d H:i:s', $expire); $bruteforceEntry = array( 'ip' => $ip, 'username' => trim(strtolower($username)), 'expire' => $expire ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; if ($this->isBlacklisted($ip, $username)) { $title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blacklisted for ' . $expire . ' seconds.'; } $log = array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', 'title' => $title ); $this->Log->save($log); }" 6160,"function selectArraysBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return array(); $arrays = array(); for ($i = 0, $iMax = mysqli_num_rows($res); $i < $iMax; $i++) $arrays[] = mysqli_fetch_assoc($res); return $arrays; }",True,PHP,selectArraysBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function insert($ip, $username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; $expire = time() + $expire; $expire = date('Y-m-d H:i:s', $expire); $bruteforceEntry = array( 'ip' => $ip, 'username' => trim(strtolower($username)), 'expire' => $expire ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; if ($this->isBlacklisted($ip, $username)) { $title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blacklisted for ' . $expire . ' seconds.'; } $log = array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', 'title' => $title ); $this->Log->save($log); }" 6161,"function selectArraysBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return array(); $arrays = array(); for ($i = 0, $iMax = mysqli_num_rows($res); $i < $iMax; $i++) $arrays[] = mysqli_fetch_assoc($res); return $arrays; }",True,PHP,selectArraysBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"public function insert($ip, $username) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); $expire = Configure::check('SecureAuth.expire') ? Configure::read('SecureAuth.expire') : 300; $amount = Configure::check('SecureAuth.amount') ? Configure::read('SecureAuth.amount') : 5; $expire = time() + $expire; $expire = date('Y-m-d H:i:s', $expire); $bruteforceEntry = array( 'ip' => $ip, 'username' => trim(strtolower($username)), 'expire' => $expire ); $this->save($bruteforceEntry); $title = 'Failed login attempt using username ' . $username . ' from IP: ' . $_SERVER['REMOTE_ADDR'] . '.'; if ($this->isBlacklisted($ip, $username)) { $title .= 'This has tripped the bruteforce protection after ' . $amount . ' failed attempts. The user is now blacklisted for ' . $expire . ' seconds.'; } $log = array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => 0, 'email' => $username, 'action' => 'login_fail', 'title' => $title ); $this->Log->save($log); }" 6162,"function selectArraysBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return array(); $arrays = array(); for ($i = 0, $iMax = mysqli_num_rows($res); $i < $iMax; $i++) $arrays[] = mysqli_fetch_assoc($res); return $arrays; }",True,PHP,selectArraysBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,private function __add_query($cmd) { unset($this->__default_filters['returnFormat']); $body = json_encode($this->__default_filters); $bodyFilename = $this->__generateSetupFile($body); $this->__request_object['body'] = $bodyFilename; $this->__request_object['level'] = strtolower($this->__scope) . 's'; $setup = json_encode($this->__setup); $setupFilename = $this->__generateSetupFile($setup); $this->__request_object['setup'] = $setupFilename; $this->__request_object['misp_url'] = $this->__url; $commandFile = $this->__generateCommandFile(); $results = shell_exec($cmd . ' --query_data ' . $commandFile); unlink($commandFile); unlink($bodyFilename); unlink($setupFilename); return $results; } 6163,"function selectArraysBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return array(); $arrays = array(); for ($i = 0, $iMax = mysqli_num_rows($res); $i < $iMax; $i++) $arrays[] = mysqli_fetch_assoc($res); return $arrays; }",True,PHP,selectArraysBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,private function __simple_query($cmd) { if (!empty($this->__setup['resources'])) { $this->__request_object['search'] = $this->__setup['resources']; } $commandFile = $this->__generateCommandFile(); $results = shell_exec($cmd . ' --query_data ' . $commandFile); unlink($commandFile); return $results; } 6164,"function selectArraysBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return array(); $arrays = array(); for ($i = 0, $iMax = mysqli_num_rows($res); $i < $iMax; $i++) $arrays[] = mysqli_fetch_assoc($res); return $arrays; }",True,PHP,selectArraysBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,private function __delete_query($cmd) { $this->__request_object['delete'] = $this->__setup['dataset']; return $this->__simple_query($cmd); } 6165,"function selectArraysBySql($sql) { $res = @mysqli_query($this->connection, $this->injectProof($sql)); if ($res == null) return array(); $arrays = array(); for ($i = 0, $iMax = mysqli_num_rows($res); $i < $iMax; $i++) $arrays[] = mysqli_fetch_assoc($res); return $arrays; }",True,PHP,selectArraysBySql,mysqli.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,public function footer() { $my_server = ClassRegistry::init('Server'); $cmd = $my_server->getPythonVersion() . ' ' . $this->__scripts_dir . $this->__script_name; if (!empty($this->__auth)) { $this->__request_object['auth'] = $this->__auth; } if ($this->__search){ return $this->__search_query($cmd); } return $this->__delete ? $this->__delete_query($cmd) : $this->__add_query($cmd); } 6180,private function runCallback() { foreach ($this->records as &$record) { if (isset($record->ref_type)) { $refType = $record->ref_type; if (class_exists($record->ref_type)) { $type = new $refType(); $classinfo = new ReflectionClass($type); if ($classinfo->hasMethod('paginationCallback')) { $item = new $type($record->original_id); $item->paginationCallback($record); } } } } },True,PHP,runCallback,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,private function __search_query($cmd) { $this->__request_object['search'] = $this->__setup['dataset']; return $this->__simple_query($cmd); } 6181,private function runCallback() { foreach ($this->records as &$record) { if (isset($record->ref_type)) { $refType = $record->ref_type; if (class_exists($record->ref_type)) { $type = new $refType(); $classinfo = new ReflectionClass($type); if ($classinfo->hasMethod('paginationCallback')) { $item = new $type($record->original_id); $item->paginationCallback($record); } } } } },True,PHP,runCallback,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"public function urlOrExistingFilepath($fields) { if ($this->isFeedLocal($this->data)) { $path = mb_ereg_replace(""/\:\/\ if ($this->data['Feed']['source_format'] == 'misp') { if (!is_dir($path)) { return 'For MISP type local feeds, please specify the containing directory.'; } } else { if (!file_exists($path)) { return 'Invalid path or file not found. Make sure that the path points to an existing file that is readable and watch out for typos.'; } } } else { if (!filter_var($this->data['Feed']['url'], FILTER_VALIDATE_URL)) { return false; } } return true; }" 6182,private function runCallback() { foreach ($this->records as &$record) { if (isset($record->ref_type)) { $refType = $record->ref_type; if (class_exists($record->ref_type)) { $type = new $refType(); $classinfo = new ReflectionClass($type); if ($classinfo->hasMethod('paginationCallback')) { $item = new $type($record->original_id); $item->paginationCallback($record); } } } } },True,PHP,runCallback,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"unset($k, $v); } } return self::$user; }" 6183,private function runCallback() { foreach ($this->records as &$record) { if (isset($record->ref_type)) { $refType = $record->ref_type; if (class_exists($record->ref_type)) { $type = new $refType(); $classinfo = new ReflectionClass($type); if ($classinfo->hasMethod('paginationCallback')) { $item = new $type($record->original_id); $item->paginationCallback($record); } } } } },True,PHP,runCallback,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,"unset($map[$n], $n, $d); } unset($map); if(!self::$client) { self::$client = false; } } }" 6184,private function runCallback() { foreach ($this->records as &$record) { if (isset($record->ref_type)) { $refType = $record->ref_type; if (class_exists($record->ref_type)) { $type = new $refType(); $classinfo = new ReflectionClass($type); if ($classinfo->hasMethod('paginationCallback')) { $item = new $type($record->original_id); $item->paginationCallback($record); } } } } },True,PHP,runCallback,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"unset($m[0][$i], $m[1][$i], $m[2][$i], $m[3][$i], $k, $v, $i); } } return $r; }" 6185,private function runCallback() { foreach ($this->records as &$record) { if (isset($record->ref_type)) { $refType = $record->ref_type; if (class_exists($record->ref_type)) { $type = new $refType(); $classinfo = new ReflectionClass($type); if ($classinfo->hasMethod('paginationCallback')) { $item = new $type($record->original_id); $item->paginationCallback($record); } } } } },True,PHP,runCallback,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,public static function ca() { if (is_null(self::$ca)) new CertificateAuthenticate(); return self::$ca; } 6186,private function runCallback() { foreach ($this->records as &$record) { if (isset($record->ref_type)) { $refType = $record->ref_type; if (class_exists($record->ref_type)) { $type = new $refType(); $classinfo = new ReflectionClass($type); if ($classinfo->hasMethod('paginationCallback')) { $item = new $type($record->original_id); $item->paginationCallback($record); } } } } },True,PHP,runCallback,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"public function getUser(CakeRequest $request) { if (empty(self::$user)) { if (self::$client) { self::$user = self::$client; $sync = Configure::read('CertAuth.syncUser'); $url = Configure::read('CertAuth.restApi.url'); if ($sync && $url) { if (!self::getRestUser()) return false; } $userModelKey = empty(Configure::read('CertAuth.userModelKey')) ? 'email' : Configure::read('CertAuth.userModelKey'); $userDefaults = Configure::read('CertAuth.userDefaults'); $this->User = ClassRegistry::init('User'); if (!empty(self::$user[$userModelKey])) { $existingUser = $this->User->find('first', array( 'conditions' => array($userModelKey => self::$user[$userModelKey]), 'recursive' => false )); } if ($existingUser) { if ($sync) { if (!isset(self::$user['org_id']) && isset(self::$user['org'])) { self::$user['org_id'] = $this->User->Organisation->createOrgFromName(self::$user['org'], $existingUser['User']['id'], true); if (self::$user['org_id'] && $existingUser['User']['org_id'] != self::$user['org_id']) { if ($userDefaults && is_array($userDefaults)) { self::$user = array_merge($userDefaults + self::$user); } } unset(self::$user['org']); } $write = array(); foreach (self::$user as $k => $v) { if (isset($existingUser['User'][$k]) && trim($existingUser['User'][$k]) != trim($v)) { $write[] = $k; $existingUser['User'][$k] = trim($v); } } if (!empty($write) && !$this->User->save($existingUser['User'], true, $write)) { CakeLog::write('alert', 'Could not update model at database with RestAPI data.'); } } self::$user = $this->User->getAuthUser($existingUser['User']['id']); if (isset(self::$user['gpgkey'])) unset(self::$user['gpgkey']); } else if ($sync && !empty(self::$user)) { $org = isset(self::$client['org']) ? self::$client['org'] : null; if ($org == null) return false; if (!isset(self::$user['org_id']) && isset(self::$user['org'])) { self::$user['org_id'] = $this->User->Organisation->createOrgFromName($org, 0, true); unset(self::$user['org']); } if ($userDefaults && is_array($userDefaults)) { self::$user = array_merge(self::$user, $userDefaults); } $this->User->create(); if ($this->User->save(self::$user)) { $id = $this->User->id; self::$user = $this->User->getAuthUser($id); if (isset(self::$user['gpgkey'])) unset(self::$user['gpgkey']); } else { CakeLog::write('alert', 'Could not insert model at database from RestAPI data. Reason: ' . json_encode($this->User->validationErrors)); } } else { self::$user = false; } } } return self::$user; }" 6187,"public function makeSortDropdown($params) { global $router; if (!empty($this->columns) && is_array($this->columns)) { $this->sort_dropdown = array(); if (!expTheme::inAction()) { unset($params['section']); if (empty($params['controller'])) $params['controller'] = $this->controller; if (empty($params['action'])) $params['action'] = $this->action; } $defaultParams['controller'] = $params['controller']; $defaultParams['action'] = $params['action']; if (isset($params['title'])) $defaultParams['title'] = $params['title']; if (isset($params['page'])) $defaultParams['page'] = $params['page']; $this->sort_dropdown[$router->makeLink($defaultParams, false, false, true)] = ""Default""; foreach ($this->columns as $colname=>$col) { $params['order'] = $col; if (!empty($col)) { if ($colname == 'Price') { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Lowest to Highest""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Highest to Lowest""; } else { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - A-Z""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Z-A""; } } } } }",True,PHP,makeSortDropdown,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7781,"unset($k, $v); } } return self::$user; }" 6188,"public function makeSortDropdown($params) { global $router; if (!empty($this->columns) && is_array($this->columns)) { $this->sort_dropdown = array(); if (!expTheme::inAction()) { unset($params['section']); if (empty($params['controller'])) $params['controller'] = $this->controller; if (empty($params['action'])) $params['action'] = $this->action; } $defaultParams['controller'] = $params['controller']; $defaultParams['action'] = $params['action']; if (isset($params['title'])) $defaultParams['title'] = $params['title']; if (isset($params['page'])) $defaultParams['page'] = $params['page']; $this->sort_dropdown[$router->makeLink($defaultParams, false, false, true)] = ""Default""; foreach ($this->columns as $colname=>$col) { $params['order'] = $col; if (!empty($col)) { if ($colname == 'Price') { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Lowest to Highest""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Highest to Lowest""; } else { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - A-Z""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Z-A""; } } } } }",True,PHP,makeSortDropdown,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-7788,"unset($map[$n], $n, $d); } unset($map); if(!self::$client) { self::$client = false; } } }" 6189,"public function makeSortDropdown($params) { global $router; if (!empty($this->columns) && is_array($this->columns)) { $this->sort_dropdown = array(); if (!expTheme::inAction()) { unset($params['section']); if (empty($params['controller'])) $params['controller'] = $this->controller; if (empty($params['action'])) $params['action'] = $this->action; } $defaultParams['controller'] = $params['controller']; $defaultParams['action'] = $params['action']; if (isset($params['title'])) $defaultParams['title'] = $params['title']; if (isset($params['page'])) $defaultParams['page'] = $params['page']; $this->sort_dropdown[$router->makeLink($defaultParams, false, false, true)] = ""Default""; foreach ($this->columns as $colname=>$col) { $params['order'] = $col; if (!empty($col)) { if ($colname == 'Price') { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Lowest to Highest""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Highest to Lowest""; } else { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - A-Z""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Z-A""; } } } } }",True,PHP,makeSortDropdown,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-8897,"unset($m[0][$i], $m[1][$i], $m[2][$i], $m[3][$i], $k, $v, $i); } } return $r; }" 6190,"public function makeSortDropdown($params) { global $router; if (!empty($this->columns) && is_array($this->columns)) { $this->sort_dropdown = array(); if (!expTheme::inAction()) { unset($params['section']); if (empty($params['controller'])) $params['controller'] = $this->controller; if (empty($params['action'])) $params['action'] = $this->action; } $defaultParams['controller'] = $params['controller']; $defaultParams['action'] = $params['action']; if (isset($params['title'])) $defaultParams['title'] = $params['title']; if (isset($params['page'])) $defaultParams['page'] = $params['page']; $this->sort_dropdown[$router->makeLink($defaultParams, false, false, true)] = ""Default""; foreach ($this->columns as $colname=>$col) { $params['order'] = $col; if (!empty($col)) { if ($colname == 'Price') { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Lowest to Highest""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Highest to Lowest""; } else { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - A-Z""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Z-A""; } } } } }",True,PHP,makeSortDropdown,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8899,public static function client() { if (is_null(self::$client)) new CertificateAuthenticate(); return self::$client; } 6191,"public function makeSortDropdown($params) { global $router; if (!empty($this->columns) && is_array($this->columns)) { $this->sort_dropdown = array(); if (!expTheme::inAction()) { unset($params['section']); if (empty($params['controller'])) $params['controller'] = $this->controller; if (empty($params['action'])) $params['action'] = $this->action; } $defaultParams['controller'] = $params['controller']; $defaultParams['action'] = $params['action']; if (isset($params['title'])) $defaultParams['title'] = $params['title']; if (isset($params['page'])) $defaultParams['page'] = $params['page']; $this->sort_dropdown[$router->makeLink($defaultParams, false, false, true)] = ""Default""; foreach ($this->columns as $colname=>$col) { $params['order'] = $col; if (!empty($col)) { if ($colname == 'Price') { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Lowest to Highest""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Highest to Lowest""; } else { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - A-Z""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Z-A""; } } } } }",True,PHP,makeSortDropdown,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2016-8900,"unset($k, $v); } } return self::$user; }" 6192,"public function makeSortDropdown($params) { global $router; if (!empty($this->columns) && is_array($this->columns)) { $this->sort_dropdown = array(); if (!expTheme::inAction()) { unset($params['section']); if (empty($params['controller'])) $params['controller'] = $this->controller; if (empty($params['action'])) $params['action'] = $this->action; } $defaultParams['controller'] = $params['controller']; $defaultParams['action'] = $params['action']; if (isset($params['title'])) $defaultParams['title'] = $params['title']; if (isset($params['page'])) $defaultParams['page'] = $params['page']; $this->sort_dropdown[$router->makeLink($defaultParams, false, false, true)] = ""Default""; foreach ($this->columns as $colname=>$col) { $params['order'] = $col; if (!empty($col)) { if ($colname == 'Price') { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Lowest to Highest""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Highest to Lowest""; } else { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - A-Z""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Z-A""; } } } } }",True,PHP,makeSortDropdown,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9020,"unset($map[$n], $n, $d); } unset($map); if(!self::$client) { self::$client = false; } } }" 6193,"public function makeSortDropdown($params) { global $router; if (!empty($this->columns) && is_array($this->columns)) { $this->sort_dropdown = array(); if (!expTheme::inAction()) { unset($params['section']); if (empty($params['controller'])) $params['controller'] = $this->controller; if (empty($params['action'])) $params['action'] = $this->action; } $defaultParams['controller'] = $params['controller']; $defaultParams['action'] = $params['action']; if (isset($params['title'])) $defaultParams['title'] = $params['title']; if (isset($params['page'])) $defaultParams['page'] = $params['page']; $this->sort_dropdown[$router->makeLink($defaultParams, false, false, true)] = ""Default""; foreach ($this->columns as $colname=>$col) { $params['order'] = $col; if (!empty($col)) { if ($colname == 'Price') { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Lowest to Highest""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Highest to Lowest""; } else { $params['dir'] = 'ASC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - A-Z""; $params['dir'] = 'DESC'; $this->sort_dropdown[$router->makeLink($params, false, false, true)] = $colname . "" - Z-A""; } } } } }",True,PHP,makeSortDropdown,expPaginator.php,https://github.com/exponentcms/exponent-cms,exponentcms,dleffler,2016-09-28 15:21:21-04:00,"iniitial effort to greatly enhance system security (xss, sql inject, file exploit, rce, etc...)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2016-9087,"unset($m[0][$i], $m[1][$i], $m[2][$i], $m[3][$i], $k, $v, $i); } } return $r; }" 6201,"$class = isset($this->class) ? $this->class : 'page'; $params['dir'] = 'ASC'; if ($col == $current) { $class = 'current '.strtolower($this->order_direction); $params['dir'] = $this->order_direction == 'ASC' ? 'DESC' : 'ASC'; } $params['order'] = $col; $this->header_columns .= '
    		'; if (empty($col)) { $this->header_columns .= ''.$colname.''; $this->columns[$colname] = ' '; } else if($colname==""actupon"") { $this->header_columns .= ''; $js = "" $('#selall').change(function () { $('input[name=\""act-upon[]\""]').prop('checked', this.checked); }); ""; expJavascript::pushToFoot(array( ""unique""=>'select-all', ""jquery""=>1, ""content""=>$js, )); } else { unset($params['page']); if ($col == 'no-sort') { $this->header_columns .= $colname; } else { $this->header_columns .= 'makeLink($params, false, false, true).'"" alt=""sort by '.$colname.'"" rel=""nofollow"">'.$colname.''; } } $this->header_columns .= ''; if (empty($col)) { $this->header_columns .= ''.$colname.''; $this->columns[$colname] = ' '; } else if($colname==""actupon"") { $this->header_columns .= ''; $js = "" $('#selall').change(function () { $('input[name=\""act-upon[]\""]').prop('checked', this.checked); }); ""; expJavascript::pushToFoot(array( ""unique""=>'select-all', ""jquery""=>1, ""content""=>$js, )); } else { unset($params['page']); if ($col == 'no-sort') { $this->header_columns .= $colname; } else { $this->header_columns .= 'makeLink($params, false, false, true).'"" alt=""sort by '.$colname.'"" rel=""nofollow"">'.$colname.''; } } $this->header_columns .= ''; if (empty($col)) { $this->header_columns .= ''.$colname.''; $this->columns[$colname] = ' '; } else if($colname==""actupon"") { $this->header_columns .= ''; $js = "" $('#selall').change(function () { $('input[name=\""act-upon[]\""]').prop('checked', this.checked); }); ""; expJavascript::pushToFoot(array( ""unique""=>'select-all', ""jquery""=>1, ""content""=>$js, )); } else { unset($params['page']); if ($col == 'no-sort') { $this->header_columns .= $colname; } else { $this->header_columns .= 'makeLink($params, false, false, true).'"" alt=""sort by '.$colname.'"" rel=""nofollow"">'.$colname.''; } } $this->header_columns .= ''; if (empty($col)) { $this->header_columns .= ''.$colname.''; $this->columns[$colname] = ' '; } else if($colname==""actupon"") { $this->header_columns .= ''; $js = "" $('#selall').change(function () { $('input[name=\""act-upon[]\""]').prop('checked', this.checked); }); ""; expJavascript::pushToFoot(array( ""unique""=>'select-all', ""jquery""=>1, ""content""=>$js, )); } else { unset($params['page']); if ($col == 'no-sort') { $this->header_columns .= $colname; } else { $this->header_columns .= 'makeLink($params, false, false, true).'"" alt=""sort by '.$colname.'"" rel=""nofollow"">'.$colname.''; } } $this->header_columns .= ''; if (empty($col)) { $this->header_columns .= ''.$colname.''; $this->columns[$colname] = ' '; } else if($colname==""actupon"") { $this->header_columns .= ''; $js = "" $('#selall').change(function () { $('input[name=\""act-upon[]\""]').prop('checked', this.checked); }); ""; expJavascript::pushToFoot(array( ""unique""=>'select-all', ""jquery""=>1, ""content""=>$js, )); } else { unset($params['page']); if ($col == 'no-sort') { $this->header_columns .= $colname; } else { $this->header_columns .= 'makeLink($params, false, false, true).'"" alt=""sort by '.$colname.'"" rel=""nofollow"">'.$colname.''; } } $this->header_columns .= ''; if (empty($col)) { $this->header_columns .= ''.$colname.''; $this->columns[$colname] = ' '; } else if($colname==""actupon"") { $this->header_columns .= ''; $js = "" $('#selall').change(function () { $('input[name=\""act-upon[]\""]').prop('checked', this.checked); }); ""; expJavascript::pushToFoot(array( ""unique""=>'select-all', ""jquery""=>1, ""content""=>$js, )); } else { unset($params['page']); if ($col == 'no-sort') { $this->header_columns .= $colname; } else { $this->header_columns .= 'makeLink($params, false, false, true).'"" alt=""sort by '.$colname.'"" rel=""nofollow"">'.$colname.''; } } $this->header_columns .= ''; if (empty($col)) { $this->header_columns .= ''.$colname.''; $this->columns[$colname] = ' '; } else if($colname==""actupon"") { $this->header_columns .= ''; $js = "" $('#selall').change(function () { $('input[name=\""act-upon[]\""]').prop('checked', this.checked); }); ""; expJavascript::pushToFoot(array( ""unique""=>'select-all', ""jquery""=>1, ""content""=>$js, )); } else { unset($params['page']); if ($col == 'no-sort') { $this->header_columns .= $colname; } else { $this->header_columns .= 'makeLink($params, false, false, true).'"" alt=""sort by '.$colname.'"" rel=""nofollow"">'.$colname.''; } } $this->header_columns .= '
    '; echo ''; createDetailRow($event, ""equipment"", ""label.host""); createDetailRow($event, ""host_alias"", ""label.host_alias""); createDetailRow($event, ""ip_address"", ""label.ip_address""); createDetailRow($event, ""service"", ""label.service""); createDetailRow($event, ""state"", ""label.state""); createDetailRow($event, ""description"", ""label.desc""); createDetailRow($event, ""occ"", ""label.occurence""); createDetailRow($event, ""o_sec"", ""label.o_time""); createDetailRow($event, ""l_sec"", ""label.l_time""); createDetailRow($event, ""a_sec"", ""label.a_time""); createDetailRow($event, ""hostgroups"", ""label.hostgroups""); createDetailRow($event, ""servicegroups"", ""label.servicegroups""); createDetailRow($event, ""src"", ""label.source""); createDetailRow($event, ""owner"", ""label.owner""); createDetailRow($event, ""comments"", ""label.comments""); echo ''; echo '
    '; }",True,PHP,details,ged_functions.php,https://github.com/EyesOfNetworkCommunity/eonweb,EyesOfNetworkCommunity,Jean-Philippe Levy,2016-10-27 09:33:52+02:00,Fix vulnerabilities,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2017-6087,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10868,"$result = sqlrequest($database_ged, $sql); if(!$result){ $success = false; } } if($success){ message(11, "" : "".getLabel(""message.event_edited""), ""ok""); } else { message(11, "" : "".getLabel(""message.event_edited_error""), ""danger""); } }",True,PHP,sqlrequest,ged_functions.php,https://github.com/EyesOfNetworkCommunity/eonweb,EyesOfNetworkCommunity,Jean-Philippe Levy,2016-10-27 09:33:52+02:00,Fix vulnerabilities,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2017-6087,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10870,"$event = mysqli_fetch_assoc($result); if($queue == ""active""){ $ged_command = ""-drop -type $ged_type_nbr -queue $queue ""; foreach ($array_ged_packets as $key => $value) { if($value[""key""] == true){ $ged_command .= ""\"""".$event[$key].""\"" ""; } } $ged_command = trim($ged_command, "" ""); shell_exec($path_ged_bin."" "".$ged_command); logging(""ged_update"",$ged_command); } else { $id_list .= $id."",""; } } if($queue == ""history""){ $id_list = trim($id_list, "",""); $ged_command = ""-drop -id "".$id_list."" -queue history""; shell_exec($path_ged_bin."" "".$ged_command); logging(""ged_update"",$ged_command); } }",True,PHP,mysqli_fetch_assoc,ged_functions.php,https://github.com/EyesOfNetworkCommunity/eonweb,EyesOfNetworkCommunity,Jean-Philippe Levy,2016-10-27 09:33:52+02:00,Fix vulnerabilities,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2017-6087,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10872,"function logging($module,$command,$user=false){ global $database_eonweb; global $dateformat; if($user) sqlrequest($database_eonweb,""insert into logs values ('','"".time().""','$user','$module','$command','"".$_SERVER[""REMOTE_ADDR""].""');""); elseif(isset($_COOKIE['user_name'])) sqlrequest($database_eonweb,""insert into logs values ('','"".time().""','"".$_COOKIE['user_name'].""','$module','$command','"".$_SERVER[""REMOTE_ADDR""].""');""); }",True,PHP,logging,function.php,https://github.com/EyesOfNetworkCommunity/eonweb,EyesOfNetworkCommunity,root,2020-06-16 16:24:27+02:00,FIX 2.4 protect login/logout logs recording,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-24390,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10874,"public function set_controller($controller, $action) { include CLASS_DIR . 'module.php'; $module = new Module($controller); define ('MODULE_NAME', $module->get_name()); $class_file = APP_DIR . 'controller/' . MODULE_NAME . '.php'; $class_name = ucfirst(MODULE_NAME) . '_Controller'; $class_method = ucfirst($action) . '_Action'; if (file_exists($class_file)) { include $class_file; if (class_exists($class_name)) { $this->controller_object = new $class_name($this); $this->set_acl($this); } else { die ('Class:

    '.$class_name.'

    not found.'); } } else { die ('File:

    '.$class_file.'

    not found.'); } $this->set_model_object(MODULE_NAME); $this->set_view_object(MODULE_NAME); if (method_exists($class_name, $class_method)) { $this->controller_object->{$class_method}(); } else { die ('Method:

    '.$class_method.'

    in class:

    '.$class_name.'

    not found.'); } }",True,PHP,set_controller,application.php,https://github.com/andrzuk/FineCMS,andrzuk,Andrzej,2017-03-06 08:55:38+01:00,Add filtration of URL action parameter.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-6511,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10877,"public function renderRequest() { $request = ''; foreach ($this->displayVars as $name) { if (!empty($GLOBALS[$name])) { $request .= '$' . $name . ' = ' . VarDumper::export($GLOBALS[$name]) . "";\n\n""; } } return '
    ' . rtrim($request, ""\n"") . '
    '; }",True,PHP,renderRequest,ErrorHandler.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2017-01-18 01:05:50+03:00,Fixes #13401: Fixed lack of escaping of request dump at exception screens,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-7271,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10882,"} elseif ($exception instanceof ErrorException) { $message = ""{$exception->getName()}""; } else {",True,PHP,elseif,ErrorHandler.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2018-01-22 11:41:24+03:00,Fixes #14711: Fixed `yii\web\ErrorHandler` displaying exception message in non-debug mode,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-6010,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10884,". ""Stack trace:\n"" . $exception->getTraceAsString(); } else { $message = 'Error: ' . $exception->getMessage(); } return $message; }",True,PHP,getTraceAsString,ErrorHandler.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2018-01-22 11:41:24+03:00,Fixes #14711: Fixed `yii\web\ErrorHandler` displaying exception message in non-debug mode,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-6010,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10885,"public function dispatch($messages, $final) { $targetErrors = []; foreach ($this->targets as $target) { if ($target->enabled) { try { $target->collect($messages, $final); } catch (\Exception $e) { $target->enabled = false; $targetErrors[] = [ 'Unable to send log via ' . get_class($target) . ': ' . ErrorHandler::convertExceptionToString($e), Logger::LEVEL_WARNING, __METHOD__, microtime(true), [], ]; } } } if (!empty($targetErrors)) { $this->dispatch($targetErrors, true); } }",True,PHP,dispatch,Dispatcher.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2018-01-22 11:41:24+03:00,Fixes #14711: Fixed `yii\web\ErrorHandler` displaying exception message in non-debug mode,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-6010,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10890,private function isWindows() { return DIRECTORY_SEPARATOR !== '/'; },True,PHP,isWindows,Security.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10891,private function isWindows() { return DIRECTORY_SEPARATOR !== '/'; },True,PHP,isWindows,Security.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10892,"public function generateRandomKey($length = 32) { if (!is_int($length)) { throw new InvalidArgumentException('First parameter ($length) must be an integer'); } if ($length < 1) { throw new InvalidArgumentException('First parameter ($length) must be greater than 0'); } if (function_exists('random_bytes')) { return random_bytes($length); } if (function_exists('openssl_random_pseudo_bytes') && ($this->shouldUseLibreSSL() || $this->isWindows()) ) { $key = openssl_random_pseudo_bytes($length, $cryptoStrong); if ($cryptoStrong === false) { throw new Exception( 'openssl_random_pseudo_bytes() set $crypto_strong false. Your PHP setup is insecure.' ); } if ($key !== false && StringHelper::byteLength($key) === $length) { return $key; } } if (function_exists('mcrypt_create_iv')) { $key = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); if (StringHelper::byteLength($key) === $length) { return $key; } } if ($this->_randomFile === null && !$this->isWindows()) { $device = PHP_OS === 'FreeBSD' ? '/dev/random' : '/dev/urandom'; $lstat = @lstat($device); if ($lstat !== false && ($lstat['mode'] & 0170000) === 020000) { $this->_randomFile = fopen($device, 'rb') ?: null; if (is_resource($this->_randomFile)) { $bufferSize = 8; if (function_exists('stream_set_read_buffer')) { stream_set_read_buffer($this->_randomFile, $bufferSize); } if (function_exists('stream_set_chunk_size')) { stream_set_chunk_size($this->_randomFile, $bufferSize); } } } } if (is_resource($this->_randomFile)) { $buffer = ''; $stillNeed = $length; while ($stillNeed > 0) { $someBytes = fread($this->_randomFile, $stillNeed); if ($someBytes === false) { break; } $buffer .= $someBytes; $stillNeed -= StringHelper::byteLength($someBytes); if ($stillNeed === 0) { return $buffer; } } fclose($this->_randomFile); $this->_randomFile = null; } throw new Exception('Unable to generate a random key'); }",True,PHP,generateRandomKey,Security.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10893,"public function generateRandomKey($length = 32) { if (!is_int($length)) { throw new InvalidArgumentException('First parameter ($length) must be an integer'); } if ($length < 1) { throw new InvalidArgumentException('First parameter ($length) must be greater than 0'); } if (function_exists('random_bytes')) { return random_bytes($length); } if (function_exists('openssl_random_pseudo_bytes') && ($this->shouldUseLibreSSL() || $this->isWindows()) ) { $key = openssl_random_pseudo_bytes($length, $cryptoStrong); if ($cryptoStrong === false) { throw new Exception( 'openssl_random_pseudo_bytes() set $crypto_strong false. Your PHP setup is insecure.' ); } if ($key !== false && StringHelper::byteLength($key) === $length) { return $key; } } if (function_exists('mcrypt_create_iv')) { $key = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM); if (StringHelper::byteLength($key) === $length) { return $key; } } if ($this->_randomFile === null && !$this->isWindows()) { $device = PHP_OS === 'FreeBSD' ? '/dev/random' : '/dev/urandom'; $lstat = @lstat($device); if ($lstat !== false && ($lstat['mode'] & 0170000) === 020000) { $this->_randomFile = fopen($device, 'rb') ?: null; if (is_resource($this->_randomFile)) { $bufferSize = 8; if (function_exists('stream_set_read_buffer')) { stream_set_read_buffer($this->_randomFile, $bufferSize); } if (function_exists('stream_set_chunk_size')) { stream_set_chunk_size($this->_randomFile, $bufferSize); } } } } if (is_resource($this->_randomFile)) { $buffer = ''; $stillNeed = $length; while ($stillNeed > 0) { $someBytes = fread($this->_randomFile, $stillNeed); if ($someBytes === false) { break; } $buffer .= $someBytes; $stillNeed -= StringHelper::byteLength($someBytes); if ($stillNeed === 0) { return $buffer; } } fclose($this->_randomFile); $this->_randomFile = null; } throw new Exception('Unable to generate a random key'); }",True,PHP,generateRandomKey,Security.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10894,"public function gc($force = false) { if ($force || mt_rand(0, 1000000) < $this->gcProbability) { $this->db->createCommand() ->delete($this->cacheTable, '[[expire]] > 0 AND [[expire]] < ' . time()) ->execute(); } }",True,PHP,gc,DbCache.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10895,"public function gc($force = false) { if ($force || mt_rand(0, 1000000) < $this->gcProbability) { $this->db->createCommand() ->delete($this->cacheTable, '[[expire]] > 0 AND [[expire]] < ' . time()) ->execute(); } }",True,PHP,gc,DbCache.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10898,"public function gc($force = false, $expiredOnly = true) { if ($force || mt_rand(0, 1000000) < $this->gcProbability) { $this->gcRecursive($this->cachePath, $expiredOnly); } }",True,PHP,gc,FileCache.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10899,"public function gc($force = false, $expiredOnly = true) { if ($force || mt_rand(0, 1000000) < $this->gcProbability) { $this->gcRecursive($this->cachePath, $expiredOnly); } }",True,PHP,gc,FileCache.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10906,"protected function renderImageByGD($code) { $image = imagecreatetruecolor($this->width, $this->height); $backColor = imagecolorallocate( $image, (int) ($this->backColor % 0x1000000 / 0x10000), (int) ($this->backColor % 0x10000 / 0x100), $this->backColor % 0x100 ); imagefilledrectangle($image, 0, 0, $this->width - 1, $this->height - 1, $backColor); imagecolordeallocate($image, $backColor); if ($this->transparent) { imagecolortransparent($image, $backColor); } $foreColor = imagecolorallocate( $image, (int) ($this->foreColor % 0x1000000 / 0x10000), (int) ($this->foreColor % 0x10000 / 0x100), $this->foreColor % 0x100 ); $length = strlen($code); $box = imagettfbbox(30, 0, $this->fontFile, $code); $w = $box[4] - $box[0] + $this->offset * ($length - 1); $h = $box[1] - $box[5]; $scale = min(($this->width - $this->padding * 2) / $w, ($this->height - $this->padding * 2) / $h); $x = 10; $y = round($this->height * 27 / 40); for ($i = 0; $i < $length; ++$i) { $fontSize = (int) (mt_rand(26, 32) * $scale * 0.8); $angle = mt_rand(-10, 10); $letter = $code[$i]; $box = imagettftext($image, $fontSize, $angle, $x, $y, $foreColor, $this->fontFile, $letter); $x = $box[2] + $this->offset; } imagecolordeallocate($image, $foreColor); ob_start(); imagepng($image); imagedestroy($image); return ob_get_clean(); }",True,PHP,renderImageByGD,CaptchaAction.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10907,"protected function renderImageByGD($code) { $image = imagecreatetruecolor($this->width, $this->height); $backColor = imagecolorallocate( $image, (int) ($this->backColor % 0x1000000 / 0x10000), (int) ($this->backColor % 0x10000 / 0x100), $this->backColor % 0x100 ); imagefilledrectangle($image, 0, 0, $this->width - 1, $this->height - 1, $backColor); imagecolordeallocate($image, $backColor); if ($this->transparent) { imagecolortransparent($image, $backColor); } $foreColor = imagecolorallocate( $image, (int) ($this->foreColor % 0x1000000 / 0x10000), (int) ($this->foreColor % 0x10000 / 0x100), $this->foreColor % 0x100 ); $length = strlen($code); $box = imagettfbbox(30, 0, $this->fontFile, $code); $w = $box[4] - $box[0] + $this->offset * ($length - 1); $h = $box[1] - $box[5]; $scale = min(($this->width - $this->padding * 2) / $w, ($this->height - $this->padding * 2) / $h); $x = 10; $y = round($this->height * 27 / 40); for ($i = 0; $i < $length; ++$i) { $fontSize = (int) (mt_rand(26, 32) * $scale * 0.8); $angle = mt_rand(-10, 10); $letter = $code[$i]; $box = imagettftext($image, $fontSize, $angle, $x, $y, $foreColor, $this->fontFile, $letter); $x = $box[2] + $this->offset; } imagecolordeallocate($image, $foreColor); ob_start(); imagepng($image); imagedestroy($image); return ob_get_clean(); }",True,PHP,renderImageByGD,CaptchaAction.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10908,"protected function renderImageByImagick($code) { $backColor = $this->transparent ? new \ImagickPixel('transparent') : new \ImagickPixel('#' . str_pad(dechex($this->backColor), 6, 0, STR_PAD_LEFT)); $foreColor = new \ImagickPixel('#' . str_pad(dechex($this->foreColor), 6, 0, STR_PAD_LEFT)); $image = new \Imagick(); $image->newImage($this->width, $this->height, $backColor); $draw = new \ImagickDraw(); $draw->setFont($this->fontFile); $draw->setFontSize(30); $fontMetrics = $image->queryFontMetrics($draw, $code); $length = strlen($code); $w = (int) $fontMetrics['textWidth'] - 8 + $this->offset * ($length - 1); $h = (int) $fontMetrics['textHeight'] - 8; $scale = min(($this->width - $this->padding * 2) / $w, ($this->height - $this->padding * 2) / $h); $x = 10; $y = round($this->height * 27 / 40); for ($i = 0; $i < $length; ++$i) { $draw = new \ImagickDraw(); $draw->setFont($this->fontFile); $draw->setFontSize((int) (mt_rand(26, 32) * $scale * 0.8)); $draw->setFillColor($foreColor); $image->annotateImage($draw, $x, $y, mt_rand(-10, 10), $code[$i]); $fontMetrics = $image->queryFontMetrics($draw, $code[$i]); $x += (int) $fontMetrics['textWidth'] + $this->offset; } $image->setImageFormat('png'); return $image->getImageBlob(); }",True,PHP,renderImageByImagick,CaptchaAction.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10909,"protected function renderImageByImagick($code) { $backColor = $this->transparent ? new \ImagickPixel('transparent') : new \ImagickPixel('#' . str_pad(dechex($this->backColor), 6, 0, STR_PAD_LEFT)); $foreColor = new \ImagickPixel('#' . str_pad(dechex($this->foreColor), 6, 0, STR_PAD_LEFT)); $image = new \Imagick(); $image->newImage($this->width, $this->height, $backColor); $draw = new \ImagickDraw(); $draw->setFont($this->fontFile); $draw->setFontSize(30); $fontMetrics = $image->queryFontMetrics($draw, $code); $length = strlen($code); $w = (int) $fontMetrics['textWidth'] - 8 + $this->offset * ($length - 1); $h = (int) $fontMetrics['textHeight'] - 8; $scale = min(($this->width - $this->padding * 2) / $w, ($this->height - $this->padding * 2) / $h); $x = 10; $y = round($this->height * 27 / 40); for ($i = 0; $i < $length; ++$i) { $draw = new \ImagickDraw(); $draw->setFont($this->fontFile); $draw->setFontSize((int) (mt_rand(26, 32) * $scale * 0.8)); $draw->setFillColor($foreColor); $image->annotateImage($draw, $x, $y, mt_rand(-10, 10), $code[$i]); $fontMetrics = $image->queryFontMetrics($draw, $code[$i]); $x += (int) $fontMetrics['textWidth'] + $this->offset; } $image->setImageFormat('png'); return $image->getImageBlob(); }",True,PHP,renderImageByImagick,CaptchaAction.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10912,"protected function generateVerifyCode() { if ($this->minLength > $this->maxLength) { $this->maxLength = $this->minLength; } if ($this->minLength < 3) { $this->minLength = 3; } if ($this->maxLength > 20) { $this->maxLength = 20; } $length = mt_rand($this->minLength, $this->maxLength); $letters = 'bcdfghjklmnpqrstvwxyz'; $vowels = 'aeiou'; $code = ''; for ($i = 0; $i < $length; ++$i) { if ($i % 2 && mt_rand(0, 10) > 2 || !($i % 2) && mt_rand(0, 10) > 9) { $code .= $vowels[mt_rand(0, 4)]; } else { $code .= $letters[mt_rand(0, 20)]; } } return $code; }",True,PHP,generateVerifyCode,CaptchaAction.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10913,"protected function generateVerifyCode() { if ($this->minLength > $this->maxLength) { $this->maxLength = $this->minLength; } if ($this->minLength < 3) { $this->minLength = 3; } if ($this->maxLength > 20) { $this->maxLength = 20; } $length = mt_rand($this->minLength, $this->maxLength); $letters = 'bcdfghjklmnpqrstvwxyz'; $vowels = 'aeiou'; $code = ''; for ($i = 0; $i < $length; ++$i) { if ($i % 2 && mt_rand(0, 10) > 2 || !($i % 2) && mt_rand(0, 10) > 9) { $code .= $vowels[mt_rand(0, 4)]; } else { $code .= $letters[mt_rand(0, 20)]; } } return $code; }",True,PHP,generateVerifyCode,CaptchaAction.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10914,"public function generateMessageFileName() { $time = microtime(true); return date('Ymd-His-', $time) . sprintf('%04d', (int) (($time - (int) $time) * 10000)) . '-' . sprintf('%04d', mt_rand(0, 10000)) . '.eml'; }",True,PHP,generateMessageFileName,BaseMailer.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10915,"public function generateMessageFileName() { $time = microtime(true); return date('Ymd-His-', $time) . sprintf('%04d', (int) (($time - (int) $time) * 10000)) . '-' . sprintf('%04d', mt_rand(0, 10000)) . '.eml'; }",True,PHP,generateMessageFileName,BaseMailer.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10918,"fwrite(STDERR, sprintf(""%2d %s ==> %s\n"", $i + 1, $test, var_export($result, true)));",True,PHP,fwrite,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10919,"fwrite(STDERR, sprintf(""%2d %s ==> %s\n"", $i + 1, $test, var_export($result, true)));",True,PHP,fwrite,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10920,protected function setUp() { static::$functions = []; static::$fopen = null; static::$fread = null; parent::setUp(); $this->security = new ExposedSecurity(); $this->security->derivationIterations = 1000; },True,PHP,setUp,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10921,protected function setUp() { static::$functions = []; static::$fopen = null; static::$fread = null; parent::setUp(); $this->security = new ExposedSecurity(); $this->security->derivationIterations = 1000; },True,PHP,setUp,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10922,"function fread($handle, $length) { if (\yiiunit\framework\base\SecurityTest::$fread !== null) { return \yiiunit\framework\base\SecurityTest::$fread; } if (\yiiunit\framework\base\SecurityTest::$fopen !== null) { return $length < 8 ? \str_repeat('s', $length) : 'test1234'; } return \fread($handle, $length); }",True,PHP,fread,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10923,"function fread($handle, $length) { if (\yiiunit\framework\base\SecurityTest::$fread !== null) { return \yiiunit\framework\base\SecurityTest::$fread; } if (\yiiunit\framework\base\SecurityTest::$fopen !== null) { return $length < 8 ? \str_repeat('s', $length) : 'test1234'; } return \fread($handle, $length); }",True,PHP,fread,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10924,function function_exists($name) { if (isset(\yiiunit\framework\base\SecurityTest::$functions[$name])) { return \yiiunit\framework\base\SecurityTest::$functions[$name]; } return \function_exists($name); },True,PHP,function_exists,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10925,function function_exists($name) { if (isset(\yiiunit\framework\base\SecurityTest::$functions[$name])) { return \yiiunit\framework\base\SecurityTest::$functions[$name]; } return \function_exists($name); },True,PHP,function_exists,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10928,protected function tearDown() { static::$functions = []; static::$fopen = null; static::$fread = null; parent::tearDown(); },True,PHP,tearDown,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"public function approve() { expHistory::set('editable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for note to approve')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); assign_to_template(array( 'simplenote'=>$simplenote, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10929,protected function tearDown() { static::$functions = []; static::$fopen = null; static::$fread = null; parent::tearDown(); },True,PHP,tearDown,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10930,"function fopen($filename, $mode) { if (\yiiunit\framework\base\SecurityTest::$fopen !== null) { return \yiiunit\framework\base\SecurityTest::$fopen; } return \fopen($filename, $mode); }",True,PHP,fopen,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10931,"function fopen($filename, $mode) { if (\yiiunit\framework\base\SecurityTest::$fopen !== null) { return \yiiunit\framework\base\SecurityTest::$fopen; } return \fopen($filename, $mode); }",True,PHP,fopen,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10932,private function isWindows() { return DIRECTORY_SEPARATOR !== '/'; },True,PHP,isWindows,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10933,private function isWindows() { return DIRECTORY_SEPARATOR !== '/'; },True,PHP,isWindows,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10934,"static::$functions = ['random_bytes' => false, 'openssl_random_pseudo_bytes' => false, 'mcrypt_create_iv' => false];",True,PHP,$functions,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10935,"static::$functions = ['random_bytes' => false, 'openssl_random_pseudo_bytes' => false, 'mcrypt_create_iv' => false];",True,PHP,$functions,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10936,"$this->markTestSkipped('Function openssl_random_pseudo_bytes need LibreSSL version >=2.1.5 or Windows system on server'); } } static::$functions = $functions; for ($length = 1; $length < 64; $length++) { $key1 = $this->security->generateRandomKey($length); $this->assertInternalType('string', $key1); $this->assertEquals($length, strlen($key1)); $key2 = $this->security->generateRandomKey($length); $this->assertInternalType('string', $key2); $this->assertEquals($length, strlen($key2)); if ($length >= 7) { $this->assertNotEquals($key1, $key2); } } $length = 1024 * 1024; $key1 = $this->security->generateRandomKey($length); $this->assertInternalType('string', $key1); $this->assertEquals($length, strlen($key1)); $key2 = $this->security->generateRandomKey($length); $this->assertInternalType('string', $key2); $this->assertEquals($length, strlen($key2)); $this->assertNotEquals($key1, $key2); static::$fopen = fopen('php: $length = 1024 * 1024; $key1 = $this->security->generateRandomKey($length); $this->assertInternalType('string', $key1); $this->assertEquals($length, strlen($key1)); }",True,PHP,markTestSkipped,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10937,"$this->markTestSkipped('Function openssl_random_pseudo_bytes need LibreSSL version >=2.1.5 or Windows system on server'); } } static::$functions = $functions; for ($length = 1; $length < 64; $length++) { $key1 = $this->security->generateRandomKey($length); $this->assertInternalType('string', $key1); $this->assertEquals($length, strlen($key1)); $key2 = $this->security->generateRandomKey($length); $this->assertInternalType('string', $key2); $this->assertEquals($length, strlen($key2)); if ($length >= 7) { $this->assertNotEquals($key1, $key2); } } $length = 1024 * 1024; $key1 = $this->security->generateRandomKey($length); $this->assertInternalType('string', $key1); $this->assertEquals($length, strlen($key1)); $key2 = $this->security->generateRandomKey($length); $this->assertInternalType('string', $key2); $this->assertEquals($length, strlen($key2)); $this->assertNotEquals($key1, $key2); static::$fopen = fopen('php: $length = 1024 * 1024; $key1 = $this->security->generateRandomKey($length); $this->assertInternalType('string', $key1); $this->assertEquals($length, strlen($key1)); }",True,PHP,markTestSkipped,SecurityTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10938,"$rndString = function ($len = 10) { $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $randomString = ''; for ($i = 0; $i < $len; $i++) { $randomString .= $characters[rand(0, strlen($characters) - 1)]; } return $randomString; };",True,PHP,$rndString,FileValidatorTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10939,"$rndString = function ($len = 10) { $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $randomString = ''; for ($i = 0; $i < $len; $i++) { $randomString .= $characters[rand(0, strlen($characters) - 1)]; } return $randomString; };",True,PHP,$rndString,FileValidatorTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10944,"private function generateTempFileData() { return [ 'name' => md5(mt_rand()), 'tmp_name' => tempnam(sys_get_temp_dir(), ''), 'type' => 'image/jpeg', 'size' => mt_rand(1000, 10000), 'error' => '0', ]; }",True,PHP,generateTempFileData,UploadedFileTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10945,"private function generateTempFileData() { return [ 'name' => md5(mt_rand()), 'tmp_name' => tempnam(sys_get_temp_dir(), ''), 'type' => 'image/jpeg', 'size' => mt_rand(1000, 10000), 'error' => '0', ]; }",True,PHP,generateTempFileData,UploadedFileTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10948,"private function generateFakeFileData() { return [ 'name' => md5(mt_rand()), 'tmp_name' => md5(mt_rand()), 'type' => 'image/jpeg', 'size' => mt_rand(1000, 10000), 'error' => '0', ]; }",True,PHP,generateFakeFileData,UploadedFileTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3689,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10949,"private function generateFakeFileData() { return [ 'name' => md5(mt_rand()), 'tmp_name' => md5(mt_rand()), 'type' => 'image/jpeg', 'size' => mt_rand(1000, 10000), 'error' => '0', ]; }",True,PHP,generateFakeFileData,UploadedFileTest.php,https://github.com/yiisoft/yii2,yiisoft,GitHub,2021-08-09 10:25:36+03:00,Fix #18817: Use `paragonie/random_compat` for random bytes and int generation,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-3692,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10950,"function process_user(){ include(""lib/dropboxAPI.php""); $myCustomClient = new dbx\Client($accessToken, $clientIdentifier); $pathPrefix=""/Chargements appareil photo/ArticleTdm""; $cursortxt = ""lib/cursor.txt""; $url=""url""; delta($myCustomClient ,$cursortxt, $url, $pathPrefix); $pathPrefix=""/Chargements appareil photo/ChallengeTdm""; $cursortxt = ""lib/cursorC.txt""; $url=""challenge_update""; delta($myCustomClient , $cursortxt, $url, $pathPrefix); }",True,PHP,process_user,Webhook.php,https://github.com/trollepierre/tdm,trollepierre,Pierre Trollé,2017-04-13 09:44:41+02:00,fix(TDM-1) : fix issue #1,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-7871,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10952,function verify(){ echo $_GET['challenge']; },True,PHP,verify,Webhook.php,https://github.com/trollepierre/tdm,trollepierre,Pierre Trollé,2017-04-13 09:44:41+02:00,fix(TDM-1) : fix issue #1,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-7871,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10954,function verify(){ echo $_GET['challenge']; },True,PHP,verify,webhook.php,https://github.com/trollepierre/tdm,trollepierre,Pierre Trollé,2017-04-13 09:44:41+02:00,fix(TDM-1) : fix issue #1,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-7871,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10957,"$ul->appendChild(new XMLElement('li', $s->get('navigation_group'))); $groups[] = $s->get('navigation_group'); }",True,PHP,appendChild,content.blueprintssections.php,https://github.com/DeuxHuitHuit/symphony-2,DeuxHuitHuit,Nicolas Brassard,2017-05-09 11:29:30-04:00,"Prevent XSS with section's name and nav group This commit adds sanitization of the section's name and naviguation group, which permitted authenticated XSS. Reported by Pradeep Kumar cc @michael-e @brendo",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-8876,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10959,"function RemoveXSSchars(&$val) { static $patterns = NULL; static $replacements = NULL; $val_before = $val; $found = true; if ( $patterns == NULL ) { $patterns = array(); $replacements = array(); $patterns[] = '/([\x00-\x08\x0b-\x0c\x0e-\x19])/'; $replacements[] = ''; $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@ $search .= '~`"";:?+/={}[]-_|\'\\'; for ($i = 0, $istrlen_search = strlen($search); $i < $istrlen_search; $i++) { $patterns[] = '/(& $replacements[] = $search[$i]; $patterns[] = '/(& $replacements[] = $search[$i]; } } $val = preg_replace($patterns, $replacements, $val); if ($val_before == $val) { $found = false; } return $found; }",True,PHP,RemoveXSSchars,PreventXss.php,https://github.com/tikiorg/tiki,tikiorg,drsassafras,2017-04-05 13:31:29+00:00,"[SEC] XSS Bypass - prevents bypassing of the xss filter by padding zeros git-svn-id: https://svn.code.sf.net/p/tikiwiki/code/branches/17.x@62084 b456876b-0849-0410-b77d-98878d47e9d5",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2017-9305,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10961,public function validateMulti(array $credentialCandidates) { $lastException = null; foreach ($credentialCandidates as $credential) { if (false == $credential instanceof CredentialInterface) { throw new \InvalidArgumentException('Expected CredentialInterface'); } if (null == $credential->getPublicKey()) { continue; } try { $result = $this->validate($credential->getPublicKey()); if ($result === false) { return; } return $credential; } catch (LightSamlSecurityException $ex) { $lastException = $ex; } } if ($lastException) { throw $lastException; } else { throw new LightSamlSecurityException('No public key available for signature verification'); } },True,PHP,validateMulti,AbstractSignatureReader.php,https://github.com/lightSAML/lightSAML,lightSAML,Milos Tomic,2018-03-05 17:26:57+01:00,Check for supported signature algorithms,CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2018-1000165,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10963,"public function remind() { /*if (!check_captcha()) { $this->templatemanager->notify_next(__(""You have entered wrong security code.""), ""error"", __(""Error!"")); redirect(""administration/auth/forgot""); die; } $email = trim($this->input->post(""email"", true)); $u = User::factory()->get_by_email($email); if (!$u->exists()) { $this->templatemanager->notify_next(__(""User with that e-mail does not exists!""), ""error"", __(""Error"")); redirect(""administration/auth/forgot""); } $u->key = random_string('unique'); $u->save(); Log::write('requested password change', LogSeverity::Notice, $u->id); $vars = array( 'name'=>$u->name ,'email'=>$u->email ,'website_title'=>Setting::value('website_title', CS_PRODUCT_NAME) ,'reset_link'=>site_url('administration/auth/resetpass/'.$u->id.'/'.$u->key) ,'site_url'=>site_url() ); $template = file_get_contents(APPPATH . ""templates/forgot_password.html""); $template = __($template, null, 'email'); $template .= ""
    \n
    \n
    \n"" . __(file_get_contents(APPPATH . ""templates/signature.html""), null, 'email'); $template = parse_template($template, $vars); $this->email->to(""$email""); $this->email->subject(__(""%s password reset"", Setting::value('website_title', CS_PRODUCT_NAME), 'email')); $this->email->message($template); $this->email->set_alt_message(strip_tags($template)); $from = Setting::value(""default_email"", false); if (empty($from)) $from = ""noreply@"".get_domain_name(true); $this->email->from($from); $sent = $this->email->send(); if ($sent) $this->templatemanager->notify_next(__(""Please check your e-mail for further information.""), ""notice"", __(""Notice"")); else $this->templatemanager->notify_next(__(""Activation e-mail could not be sent!""), ""error"", __(""Error"")); redirect(""administration/auth/login""); }",True,PHP,remind,auth.php,https://github.com/InstantUpdate/CMS,InstantUpdate,GitHub,2018-04-19 22:09:49+02:00,fix(auth): Send password reset emails to user's email stored in the db,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2018-1000501,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10970,"function load_gallery($auc_id) { $UPLOADED_PICTURES = array(); if (is_dir(UPLOAD_PATH . $auc_id)) { if ($dir = opendir(UPLOAD_PATH . $auc_id)) { while ($file = @readdir($dir)) { if ($file != '.' && $file != '..' && strpos($file, 'thumb-') === false) { $UPLOADED_PICTURES[] = UPLOAD_FOLDER . $auc_id . '/' . $file; } } closedir($dir); } } return $UPLOADED_PICTURES; }",True,PHP,load_gallery,editauction.php,https://github.com/renlok/WeBid,renlok,Chris Dickenson,2018-11-22 01:36:55+00:00,Number of secerity fixes & fix for setup fee #510,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-1000867,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10971,"function load_gallery($auc_id) { $UPLOADED_PICTURES = array(); if (is_dir(UPLOAD_PATH . $auc_id)) { if ($dir = opendir(UPLOAD_PATH . $auc_id)) { while ($file = @readdir($dir)) { if ($file != '.' && $file != '..' && strpos($file, 'thumb-') === false) { $UPLOADED_PICTURES[] = UPLOAD_FOLDER . $auc_id . '/' . $file; } } closedir($dir); } } return $UPLOADED_PICTURES; }",True,PHP,load_gallery,editauction.php,https://github.com/renlok/WeBid,renlok,Chris Dickenson,2018-11-22 01:36:55+00:00,Number of secerity fixes & fix for setup fee #510,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-1000868,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10972,"function load_gallery($auc_id) { $UPLOADED_PICTURES = array(); if (is_dir(UPLOAD_PATH . $auc_id)) { if ($dir = opendir(UPLOAD_PATH . $auc_id)) { while ($file = @readdir($dir)) { if ($file != '.' && $file != '..' && strpos($file, 'thumb-') === false) { $UPLOADED_PICTURES[] = UPLOAD_FOLDER . $auc_id . '/' . $file; } } closedir($dir); } } return $UPLOADED_PICTURES; }",True,PHP,load_gallery,editauction.php,https://github.com/renlok/WeBid,renlok,Chris Dickenson,2018-11-22 01:36:55+00:00,Number of secerity fixes & fix for setup fee #510,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2018-1000882,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10976,"function get_fee($minimum_bid, $just_fee = true) { global $system, $DBPrefix, $buy_now_price, $reserve_price, $is_bold, $is_highlighted, $is_featured, $_SESSION, $subtitle, $sellcat2, $relist, $db; $query = ""SELECT * FROM "" . $DBPrefix . ""fees ORDER BY type, fee_from ASC""; $db->direct_query($query); $fee_value = 0; $fee_data = array( 'setup_fee' => 0, 'featured_fee' => 0, 'bold_fee' => 0, 'highlighted_fee' => 0, 'subtitle_fee' => 0, 'relist_fee' => 0, 'reserve_fee' => 0, 'buynow_fee' => 0, 'picture_fee' => 0, 'extracat_fee' => 0 ); while ($row = $db->fetch()) { if ($minimum_bid >= $row['fee_from'] && $minimum_bid <= $row['fee_to'] && $row['type'] == 'setup') { if ($row['fee_type'] == 'flat') { $fee_data['setup_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } else { $tmp = bcdiv($row['value'], '100', $system->SETTINGS['moneydecimals']); $tmp = bcmul($tmp, $minimum_bid, $system->SETTINGS['moneydecimals']); $fee_data['setup_fee'] = $tmp; $fee_value = bcadd($fee_value, $tmp, $system->SETTINGS['moneydecimals']); } } if ($row['type'] == 'buynow_fee' && $buy_now_price > 0) { $fee_data['buynow_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'reserve_fee' && $reserve_price > 0) { $fee_data['reserve_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'bold_fee' && $is_bold) { $fee_data['bold_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'highlighted_fee' && $is_highlighted) { $fee_data['highlighted_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'featured_fee' && $is_featured) { $fee_data['featured_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'picture_fee' && count($_SESSION['UPLOADED_PICTURES']) > 0) { $tmp = bcmul(count($_SESSION['UPLOADED_PICTURES']), $row['value'], $system->SETTINGS['moneydecimals']); $fee_data['picture_fee'] = $tmp; $fee_value = bcadd($fee_value, $tmp, $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'subtitle_fee' && !empty($subtitle)) { $fee_data['subtitle_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'extracat_fee' && $sellcat2 > 0) { $fee_data['extracat_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'relist_fee' && $relist > 0) { $fee_data['relist_fee'] = ($row['value'] * $relist); $fee_value = bcadd($fee_value, ($row['value'] * $relist), $system->SETTINGS['moneydecimals']); } } if ($just_fee) { $return = $fee_value; } else { $return = array($fee_value, $fee_data); } return $return; }",True,PHP,get_fee,functions_sell.php,https://github.com/renlok/WeBid,renlok,Chris Dickenson,2018-11-22 01:36:55+00:00,Number of secerity fixes & fix for setup fee #510,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-1000867,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10977,"function get_fee($minimum_bid, $just_fee = true) { global $system, $DBPrefix, $buy_now_price, $reserve_price, $is_bold, $is_highlighted, $is_featured, $_SESSION, $subtitle, $sellcat2, $relist, $db; $query = ""SELECT * FROM "" . $DBPrefix . ""fees ORDER BY type, fee_from ASC""; $db->direct_query($query); $fee_value = 0; $fee_data = array( 'setup_fee' => 0, 'featured_fee' => 0, 'bold_fee' => 0, 'highlighted_fee' => 0, 'subtitle_fee' => 0, 'relist_fee' => 0, 'reserve_fee' => 0, 'buynow_fee' => 0, 'picture_fee' => 0, 'extracat_fee' => 0 ); while ($row = $db->fetch()) { if ($minimum_bid >= $row['fee_from'] && $minimum_bid <= $row['fee_to'] && $row['type'] == 'setup') { if ($row['fee_type'] == 'flat') { $fee_data['setup_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } else { $tmp = bcdiv($row['value'], '100', $system->SETTINGS['moneydecimals']); $tmp = bcmul($tmp, $minimum_bid, $system->SETTINGS['moneydecimals']); $fee_data['setup_fee'] = $tmp; $fee_value = bcadd($fee_value, $tmp, $system->SETTINGS['moneydecimals']); } } if ($row['type'] == 'buynow_fee' && $buy_now_price > 0) { $fee_data['buynow_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'reserve_fee' && $reserve_price > 0) { $fee_data['reserve_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'bold_fee' && $is_bold) { $fee_data['bold_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'highlighted_fee' && $is_highlighted) { $fee_data['highlighted_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'featured_fee' && $is_featured) { $fee_data['featured_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'picture_fee' && count($_SESSION['UPLOADED_PICTURES']) > 0) { $tmp = bcmul(count($_SESSION['UPLOADED_PICTURES']), $row['value'], $system->SETTINGS['moneydecimals']); $fee_data['picture_fee'] = $tmp; $fee_value = bcadd($fee_value, $tmp, $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'subtitle_fee' && !empty($subtitle)) { $fee_data['subtitle_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'extracat_fee' && $sellcat2 > 0) { $fee_data['extracat_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'relist_fee' && $relist > 0) { $fee_data['relist_fee'] = ($row['value'] * $relist); $fee_value = bcadd($fee_value, ($row['value'] * $relist), $system->SETTINGS['moneydecimals']); } } if ($just_fee) { $return = $fee_value; } else { $return = array($fee_value, $fee_data); } return $return; }",True,PHP,get_fee,functions_sell.php,https://github.com/renlok/WeBid,renlok,Chris Dickenson,2018-11-22 01:36:55+00:00,Number of secerity fixes & fix for setup fee #510,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-1000868,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10978,"function get_fee($minimum_bid, $just_fee = true) { global $system, $DBPrefix, $buy_now_price, $reserve_price, $is_bold, $is_highlighted, $is_featured, $_SESSION, $subtitle, $sellcat2, $relist, $db; $query = ""SELECT * FROM "" . $DBPrefix . ""fees ORDER BY type, fee_from ASC""; $db->direct_query($query); $fee_value = 0; $fee_data = array( 'setup_fee' => 0, 'featured_fee' => 0, 'bold_fee' => 0, 'highlighted_fee' => 0, 'subtitle_fee' => 0, 'relist_fee' => 0, 'reserve_fee' => 0, 'buynow_fee' => 0, 'picture_fee' => 0, 'extracat_fee' => 0 ); while ($row = $db->fetch()) { if ($minimum_bid >= $row['fee_from'] && $minimum_bid <= $row['fee_to'] && $row['type'] == 'setup') { if ($row['fee_type'] == 'flat') { $fee_data['setup_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } else { $tmp = bcdiv($row['value'], '100', $system->SETTINGS['moneydecimals']); $tmp = bcmul($tmp, $minimum_bid, $system->SETTINGS['moneydecimals']); $fee_data['setup_fee'] = $tmp; $fee_value = bcadd($fee_value, $tmp, $system->SETTINGS['moneydecimals']); } } if ($row['type'] == 'buynow_fee' && $buy_now_price > 0) { $fee_data['buynow_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'reserve_fee' && $reserve_price > 0) { $fee_data['reserve_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'bold_fee' && $is_bold) { $fee_data['bold_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'highlighted_fee' && $is_highlighted) { $fee_data['highlighted_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'featured_fee' && $is_featured) { $fee_data['featured_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'picture_fee' && count($_SESSION['UPLOADED_PICTURES']) > 0) { $tmp = bcmul(count($_SESSION['UPLOADED_PICTURES']), $row['value'], $system->SETTINGS['moneydecimals']); $fee_data['picture_fee'] = $tmp; $fee_value = bcadd($fee_value, $tmp, $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'subtitle_fee' && !empty($subtitle)) { $fee_data['subtitle_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'extracat_fee' && $sellcat2 > 0) { $fee_data['extracat_fee'] = $row['value']; $fee_value = bcadd($fee_value, $row['value'], $system->SETTINGS['moneydecimals']); } if ($row['type'] == 'relist_fee' && $relist > 0) { $fee_data['relist_fee'] = ($row['value'] * $relist); $fee_value = bcadd($fee_value, ($row['value'] * $relist), $system->SETTINGS['moneydecimals']); } } if ($just_fee) { $return = $fee_value; } else { $return = array($fee_value, $fee_data); } return $return; }",True,PHP,get_fee,functions_sell.php,https://github.com/renlok/WeBid,renlok,Chris Dickenson,2018-11-22 01:36:55+00:00,Number of secerity fixes & fix for setup fee #510,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2018-1000882,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10981,"public function print_section_subnets_table($User, $sectionId, $showSupernetOnly = false) { $html = array(); $Tools = new Tools ($this->Database); $custom = $Tools->fetch_custom_fields (""subnets""); $hidden_fields = json_decode($User->settings->hiddenCustomFields, true) ? : ['subnets'=>null]; $hidden_fields = is_array($hidden_fields['subnets']) ? $hidden_fields['subnets'] : array(); $permission = $this->check_permission($User->user, $sectionId); $showSupernetOnly = $showSupernetOnly ? '1' : '0'; if ($permission != 0) { if ($permission>1) { $html[] = ""
    ""; $html[] = ''; $html[] = """"; $html[] = ""
    ""; } $html[] = ''; $html[] = ''; $html[] = ''; $html[] = ''; if($User->get_module_permissions (""vlan"")>=User::ACCESS_R) $html[] = ''; if($User->settings->enableVRF == 1 && $User->get_module_permissions (""vrf"")>=User::ACCESS_R) { $html[] = ''; } $html[] = ''; if($User->get_module_permissions (""devices"")>=User::ACCESS_R) $html[] = ''; if($User->settings->enableCustomers == 1 && $User->get_module_permissions (""customers"")>=User::ACCESS_R) { $html[] = ''; } if(is_array($custom)) { foreach($custom as $field) { if(!in_array($field['name'], $hidden_fields)) { $html[] = ''; } } } $html[] = ''; $html[] = '
    '._('Subnet').''._('Description').''._('VLAN').''._('VRF').''._('Master Subnet').''._('Device').''._('Customer').''.$Tools->print_custom_field_name($field['name']).'
    '; if ($showSupernetOnly==='1') { $html[] = ""
    ""._('Only master subnets are shown').'
    '; } } else { $html[] = ""
    ""._('You do not have permission to access this network').'!
    '; } return implode(""\n"", $html); }",True,PHP,print_section_subnets_table,class.Sections.php,https://github.com/phpipam/phpipam,phpipam,Gary Allan,2022-01-17 22:14:10+00:00,"Bugfix: Security fix - XSS (reflected) in 'find subnets'; Reported by Celso Bezerra ",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-46426,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10982,"public function print_section_subnets_table($User, $sectionId, $showSupernetOnly = false) { $html = array(); $Tools = new Tools ($this->Database); $custom = $Tools->fetch_custom_fields (""subnets""); $hidden_fields = json_decode($User->settings->hiddenCustomFields, true) ? : ['subnets'=>null]; $hidden_fields = is_array($hidden_fields['subnets']) ? $hidden_fields['subnets'] : array(); $permission = $this->check_permission($User->user, $sectionId); $showSupernetOnly = $showSupernetOnly ? '1' : '0'; if ($permission != 0) { if ($permission>1) { $html[] = ""
    ""; $html[] = ''; $html[] = """"; $html[] = ""
    ""; } $html[] = ''; $html[] = ''; $html[] = ''; $html[] = ''; if($User->get_module_permissions (""vlan"")>=User::ACCESS_R) $html[] = ''; if($User->settings->enableVRF == 1 && $User->get_module_permissions (""vrf"")>=User::ACCESS_R) { $html[] = ''; } $html[] = ''; if($User->get_module_permissions (""devices"")>=User::ACCESS_R) $html[] = ''; if($User->settings->enableCustomers == 1 && $User->get_module_permissions (""customers"")>=User::ACCESS_R) { $html[] = ''; } if(is_array($custom)) { foreach($custom as $field) { if(!in_array($field['name'], $hidden_fields)) { $html[] = ''; } } } $html[] = ''; $html[] = '
    '._('Subnet').''._('Description').''._('VLAN').''._('VRF').''._('Master Subnet').''._('Device').''._('Customer').''.$Tools->print_custom_field_name($field['name']).'
    '; if ($showSupernetOnly==='1') { $html[] = ""
    ""._('Only master subnets are shown').'
    '; } } else { $html[] = ""
    ""._('You do not have permission to access this network').'!
    '; } return implode(""\n"", $html); }",True,PHP,print_section_subnets_table,class.Sections.php,https://github.com/phpipam/phpipam,phpipam,Gary Allan,2022-01-17 22:14:10+00:00,"Bugfix: Security fix - XSS (reflected) in 'find subnets'; Reported by Celso Bezerra ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-46426,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10984,"public function update_custom_field_definition ($field) { if (!in_array($field['fieldType'], $this->valid_custom_field_types())) { $this->Result->show(""danger"", _(""Error: "")._(""Invalid custom field type"")); return false; } if($field['fieldType']==""bool"" || $field['fieldType']==""text"" || $field['fieldType']==""date"" || $field['fieldType']==""datetime"") { $field['ftype'] = $field['fieldType']; } else { $field['ftype'] = $field['fieldType'].""("".$field['fieldSize']."")""; } $field['fieldDefault'] = is_blank($field['fieldDefault']) ? NULL : $field['fieldDefault']; if($field['fieldType']==""varchar"" || $field['fieldType']==""text"" || $field['fieldType']==""set"" || $field['fieldType']==""enum"") { $charset = ""CHARACTER SET utf8mb4""; } else { $charset = """"; } $field['table'] = $this->Database->escape($field['table']); $field['name'] = $this->Database->escape($field['name']); $field['oldname'] = $this->Database->escape($field['oldname']); $field['action'] = $this->strip_input_tags($field['action']); $field['Comment'] = $this->strip_input_tags($field['Comment']); if($field['action']==""edit"" || $field['action']==""add"") { if(strpos($field['name'], ""custom_"")!==0) { $field['name'] = ""custom_"".$field['name']; } } if($field['action']==""delete"") { $query = ""ALTER TABLE `$field[table]` DROP `$field[oldname]`;""; } else if ($field['action']==""edit""&&@$field['NULL']==""NO"") { $query = ""ALTER TABLE `$field[table]` CHANGE COLUMN `$field[oldname]` `$field[name]` $field[ftype] $charset DEFAULT :default NOT NULL COMMENT :comment;""; } else if ($field['action']==""edit"") { $query = ""ALTER TABLE `$field[table]` CHANGE COLUMN `$field[oldname]` `$field[name]` $field[ftype] $charset DEFAULT :default COMMENT :comment;""; } else if ($field['action']==""add""&&@$field['NULL']==""NO"") { $query = ""ALTER TABLE `$field[table]` ADD COLUMN `$field[name]` $field[ftype] $charset DEFAULT :default NOT NULL COMMENT :comment;""; } else if ($field['action']==""add"") { $query = ""ALTER TABLE `$field[table]` ADD COLUMN `$field[name]` $field[ftype] $charset DEFAULT :default NULL COMMENT :comment;""; } else { return false; } $params = array(); if (strpos($query, "":default"")>0) $params['default'] = $field['fieldDefault']; if (strpos($query, "":comment"")>0) $params['comment'] = $field['Comment']; try { $res = $this->Database->runQuery($query, $params); } catch (Exception $e) { $this->Result->show(""danger"", _(""Error: "").$e->getMessage(), false); $this->Log->write( _(""Custom field"")."" "".$field[""action""], _(""Custom field"")."" "".$field[""action""]."" ""._(""failed"")."" ("".$field[""name""]."").
    "".$this->array_to_log($field), 2); return false; } $this->Log->write( _(""Custom field"")."" "".$field[""action""], _(""Custom field"")."" "".$field[""action""]."" ""._(""success"")."" ("".$field[""name""]."").
    "".$this->array_to_log($field), 0); return true; }",True,PHP,update_custom_field_definition,class.Admin.php,https://github.com/phpipam/phpipam,phpipam,Gary Allan,2023-03-05 22:32:48+00:00,"Bugfix: SQL injection in custom field enum/set types Reported by Peng Zhou @zpbrent",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-1211,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10987,"foreach($w as $c) { $wdet = (array) $widgets[$c]; if(array_key_exists($c, $widgets)) { if(is_blank($wdet['wsize'])) { $wdet['wsize'] = 6; } print ""
    ""; print ""
    ""; if($wdet['whref']==""yes"") { print ""

    ""._($wdet['wtitle']).""

    ""; } else { print ""

    ""._($wdet['wtitle']).""

    ""; } print ""
    ""; print ""
    ""._('Loading widget').""
    ""; print ""
    ""; print ""
    ""; print ""
    ""; } else { print ""
    ""; print ""
    ""; print ""

    Invalid widget $c

    ""; print ""
    ""; print ""
    ""; } }",True,PHP,foreach,index.php,https://github.com/phpipam/phpipam,phpipam,Gary Allan,2023-03-06 21:08:01+00:00,"Bugfix: XSS (stored) in user widget settings Reported by Peng Zhou @zpbrent",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1212,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 10989,"public function noxss_html($html) { if (!is_string($html) || is_blank($html)) return """"; $html = mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'); $err_mode = libxml_use_internal_errors(false); $php_reporting = error_reporting(0); try { $dom = new \DOMDocument(); if ($dom->loadHTML("""".$html."""", LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD | LIBXML_NOBLANKS | LIBXML_NOWARNING | LIBXML_NOERROR) === false) return """"; $banned_elements = ['script', 'iframe', 'embed']; $remove_elements = []; $elements = $dom->getElementsByTagName('*'); if (is_object($elements) && $elements->length>0) { foreach($elements as $e) { if (in_array($e->nodeName, $banned_elements)) { $remove_elements[] = $e; continue; } if (!$e->hasAttributes()) continue; foreach ($e->attributes as $attr) { if (substr($attr->nodeName,0,2) == ""on"") $e->removeAttribute($attr->nodeName); } } foreach($remove_elements as $e) $e->parentNode->removeChild($e); $html = str_replace(['', ''], '', $dom->saveHTML()); } } catch (Exception $e) { $html = """"; } libxml_use_internal_errors($err_mode); error_reporting($php_reporting); return is_string($html) ? $html : """"; }",True,PHP,noxss_html,class.Common.php,https://github.com/phpipam/phpipam,phpipam,Gary Allan,2023-03-06 21:08:01+00:00,"Bugfix: XSS (stored) in user widget settings Reported by Peng Zhou @zpbrent",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1212,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11701,"$variable[$key] = self::filter($val); } } else { $variable = preg_replace_callback('# $tag = strtolower($matches[1]); if (in_array($tag, array( 'b', 'strong', 'small', 'i', 'em', 'u', 's', 'sub', 'sup', 'a', 'button', 'img', 'br', 'font', 'span', 'blockquote', 'q', 'abbr', 'address', 'code', 'hr', 'audio', 'video', 'source', 'iframe', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'ul', 'ol', 'li', 'dl', 'dt', 'dd', 'div', 'p', 'var', 'table', 'thead', 'tbody', 'tfoot', 'tr', 'th', 'td', 'colgroup', 'col', 'section', 'article', 'aside'))) { return $matches[0]; } else if (in_array($tag, array('script', 'link'))) { return ''; } else { return htmlentities($matches[0]); } }, $variable); } return $variable; } public static function getMethod() { return $_SERVER['REQUEST_METHOD']; } public static function hasDataForURL($url, $method = 'POST') { $route = WRoute::parseURL($url); $current_route = WRoute::route(); return self::getMethod() == strtoupper($method) && $route['app'] == $current_route['app'] && (!isset($current_route['params'][0]) || !isset($route['params'][0]) || $current_route['params'][0] == $route['params'][0]); } } ?>",True,PHP,filter,WRequest.php,https://github.com/Creatiwity/wityCMS,Creatiwity,Johan Dufau,2017-02-26 11:45:28+01:00,#146 - Uses HTML purifier and htmlspecialchars in search app,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-11512,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11704,"function twig_array_filter(Environment $env, $array, $arrow) { if (!twig_test_iterable($array)) { throw new RuntimeError(sprintf('The ""filter"" filter expects an array or ""Traversable"", got ""%s"".', \is_object($array) ? \get_class($array) : \gettype($array))); } if (!$arrow instanceof Closure && $env->hasExtension('\Twig\Extension\SandboxExtension') && $env->getExtension('\Twig\Extension\SandboxExtension')->isSandboxed()) { throw new RuntimeError('The callable passed to ""filter"" filter must be a Closure in sandbox mode.'); } if (\is_array($array)) { return array_filter($array, $arrow, \ARRAY_FILTER_USE_BOTH); } return new \CallbackFilterIterator(new \IteratorIterator($array), $arrow); }",True,PHP,twig_array_filter,CoreExtension.php,https://github.com/twigphp/Twig,twigphp,Fabien Potencier,2022-02-04 07:52:21+01:00,Disallow non closures in `sort` filter when the sanbox mode is enabled,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-23614,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11707,"function twig_array_reduce(Environment $env, $array, $arrow, $initial = null) { if (!$arrow instanceof Closure && $env->hasExtension('\Twig\Extension\SandboxExtension') && $env->getExtension('\Twig\Extension\SandboxExtension')->isSandboxed()) { throw new RuntimeError('The callable passed to the ""reduce"" filter must be a Closure in sandbox mode.'); } if (!\is_array($array)) { if (!$array instanceof \Traversable) { throw new RuntimeError(sprintf('The ""reduce"" filter only works with arrays or ""Traversable"", got ""%s"" as first argument.', \gettype($array))); } $array = iterator_to_array($array); } return array_reduce($array, $arrow, $initial); }",True,PHP,twig_array_reduce,CoreExtension.php,https://github.com/twigphp/Twig,twigphp,Fabien Potencier,2022-02-04 07:52:21+01:00,Disallow non closures in `sort` filter when the sanbox mode is enabled,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-23614,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11714,"protected function doEnterNode(Node $node, Environment $env) { if ($node instanceof ModuleNode) { $this->inAModule = true; $this->tags = []; $this->filters = []; $this->functions = []; return $node; } elseif ($this->inAModule) { if ($node->getNodeTag() && !isset($this->tags[$node->getNodeTag()])) { $this->tags[$node->getNodeTag()] = $node; } if ($node instanceof FilterExpression && !isset($this->filters[$node->getNode('filter')->getAttribute('value')])) { $this->filters[$node->getNode('filter')->getAttribute('value')] = $node; } if ($node instanceof FunctionExpression && !isset($this->functions[$node->getAttribute('name')])) { $this->functions[$node->getAttribute('name')] = $node; } if ($node instanceof RangeBinary && !isset($this->functions['range'])) { $this->functions['range'] = $node; } if ($node instanceof PrintNode) { return new SandboxedPrintNode($node->getNode('expr'), $node->getTemplateLine(), $node->getNodeTag()); } } return $node; }",True,PHP,doEnterNode,SandboxNodeVisitor.php,https://github.com/twigphp/Twig,twigphp,Fabien Potencier,2019-03-12 11:09:54+01:00,fixed security issue in the sandbox,NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2019-9942,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11719,"public function testSandboxAllowMethodToStringDisabled() { $twig = $this->getEnvironment(false, [], self::$templates); FooObject::reset(); $this->assertEquals('foo', $twig->load('1_basic5')->render(self::$params), 'Sandbox allows __toString when sandbox disabled'); $this->assertEquals(1, FooObject::$called['__toString'], 'Sandbox only calls method once'); }",True,PHP,testSandboxAllowMethodToStringDisabled,SandboxTest.php,https://github.com/twigphp/Twig,twigphp,Fabien Potencier,2019-03-12 11:09:54+01:00,fixed security issue in the sandbox,NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2019-9942,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11721,"public function testSandboxUnallowedToStringArray() { $twig = $this->getEnvironment(true, [], self::$templates); try { $twig->load('1_basic6')->render(self::$params); $this->fail('Sandbox throws a SecurityError exception if an unallowed method (__toString()) is called in the template'); } catch (SecurityError $e) { $this->assertInstanceOf('\Twig\Sandbox\SecurityNotAllowedMethodError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedMethodError'); $this->assertEquals('FooObject', $e->getClassName(), 'Exception should be raised on the ""FooObject"" class'); $this->assertEquals('__tostring', $e->getMethodName(), 'Exception should be raised on the ""__toString"" method'); } }",True,PHP,testSandboxUnallowedToStringArray,SandboxTest.php,https://github.com/twigphp/Twig,twigphp,Fabien Potencier,2019-03-12 11:09:54+01:00,fixed security issue in the sandbox,NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2019-9942,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11722,"public function testSandboxUnallowedToString() { $twig = $this->getEnvironment(true, [], self::$templates); try { $twig->load('1_basic5')->render(self::$params); $this->fail('Sandbox throws a SecurityError exception if an unallowed method (__toString()) is called in the template'); } catch (SecurityError $e) { $this->assertInstanceOf('\Twig\Sandbox\SecurityNotAllowedMethodError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedMethodError'); $this->assertEquals('FooObject', $e->getClassName(), 'Exception should be raised on the ""FooObject"" class'); $this->assertEquals('__tostring', $e->getMethodName(), 'Exception should be raised on the ""__toString"" method'); } }",True,PHP,testSandboxUnallowedToString,SandboxTest.php,https://github.com/twigphp/Twig,twigphp,Fabien Potencier,2019-03-12 11:09:54+01:00,fixed security issue in the sandbox,NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2019-9942,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11723,"public function testSandboxAllowMethodToString() { $twig = $this->getEnvironment(true, [], self::$templates, [], [], ['FooObject' => '__toString']); FooObject::reset(); $this->assertEquals('foo', $twig->load('1_basic5')->render(self::$params), 'Sandbox allow some methods'); $this->assertEquals(1, FooObject::$called['__toString'], 'Sandbox only calls method once'); }",True,PHP,testSandboxAllowMethodToString,SandboxTest.php,https://github.com/twigphp/Twig,twigphp,Fabien Potencier,2019-03-12 11:09:54+01:00,fixed security issue in the sandbox,NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2019-9942,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11724,"function smarty_function_math($params, $template) { static $_allowed_funcs = array( 'int' => true, 'abs' => true, 'ceil' => true, 'cos' => true, 'exp' => true, 'floor' => true, 'log' => true, 'log10' => true, 'max' => true, 'min' => true, 'pi' => true, 'pow' => true, 'rand' => true, 'round' => true, 'sin' => true, 'sqrt' => true, 'srand' => true, 'tan' => true ); if (empty($params[ 'equation' ])) { trigger_error(""math: missing equation parameter"", E_USER_WARNING); return; } $equation = $params[ 'equation' ]; if (substr_count($equation, '(') !== substr_count($equation, ')')) { trigger_error(""math: unbalanced parenthesis"", E_USER_WARNING); return; } if (strpos($equation, '`') !== false) { trigger_error(""math: backtick character not allowed in equation"", E_USER_WARNING); return; } if (strpos($equation, '$') !== false) { trigger_error(""math: dollar signs not allowed in equation"", E_USER_WARNING); return; } foreach ($params as $key => $val) { if ($key !== 'equation' && $key !== 'format' && $key !== 'assign') { if (strlen($val) === 0) { trigger_error(""math: parameter '{$key}' is empty"", E_USER_WARNING); return; } if (!is_numeric($val)) { trigger_error(""math: parameter '{$key}' is not numeric"", E_USER_WARNING); return; } } } preg_match_all('!(?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)!', $equation, $match); foreach ($match[ 1 ] as $curr_var) { if ($curr_var && !isset($params[ $curr_var ]) && !isset($_allowed_funcs[ $curr_var ])) { trigger_error( ""math: function call '{$curr_var}' not allowed, or missing parameter '{$curr_var}'"", E_USER_WARNING ); return; } } foreach ($params as $key => $val) { if ($key !== 'equation' && $key !== 'format' && $key !== 'assign') { $equation = preg_replace(""/\b$key\b/"", "" \$params['$key'] "", $equation); } } $smarty_math_result = null; eval(""\$smarty_math_result = "" . $equation . "";""); if (empty($params[ 'format' ])) { if (empty($params[ 'assign' ])) { return $smarty_math_result; } else { $template->assign($params[ 'assign' ], $smarty_math_result); } } else { if (empty($params[ 'assign' ])) { printf($params[ 'format' ], $smarty_math_result); } else { $template->assign($params[ 'assign' ], sprintf($params[ 'format' ], $smarty_math_result)); } } }",True,PHP,smarty_function_math,function.math.php,https://github.com/smarty-php/smarty,smarty-php,GitHub,2022-01-10 00:01:43+01:00,"Merge pull request from GHSA-29gp-2c3m-3j6m * Temporary fix. Waiting for CVE * Add CVE",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2021-29454,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11735,"public function admin_print_scripts( $not_used ) { $kml_url = get_transient( 'gm_uploaded_kml_url' ); if (strlen($kml_url) > 0) { echo ' '; delete_transient( 'gm_uploaded_kml_url' ); } }",True,PHP,admin_print_scripts,geo-mashup-ui-managers.php,https://github.com/cyberhobo/wordpress-geo-mashup,cyberhobo,Dylan Kuhn,2018-07-11 20:20:20-07:00,"Strengthen sanitization, fixes #817",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2018-14071,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11738,"public function save_comment( $comment_id = 0, $approval = '' ) { if ( !$comment_id || 'spam' === $approval || empty( $_POST['comment_location'] ) || !is_array( $_POST['comment_location'] ) ) { return false; } GeoMashupDB::set_object_location( 'comment', $comment_id, $_POST['comment_location'] ); }",True,PHP,save_comment,geo-mashup-ui-managers.php,https://github.com/cyberhobo/wordpress-geo-mashup,cyberhobo,Dylan Kuhn,2018-07-11 20:20:20-07:00,"Strengthen sanitization, fixes #817",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2018-14071,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11741,"public function print_form() { global $user_id; include_once( GEO_MASHUP_DIR_PATH . '/edit-form.php'); if ( isset( $_GET['user_id'] ) ) { $object_id = $_GET['user_id']; } else { $object_id = $user_id; } echo '

    ' . __( 'Location', 'GeoMashup' ) . '

    '; geo_mashup_edit_form( 'user', $object_id, get_class( $this ) ); }",True,PHP,print_form,geo-mashup-ui-managers.php,https://github.com/cyberhobo/wordpress-geo-mashup,cyberhobo,Dylan Kuhn,2018-07-11 20:20:20-07:00,"Strengthen sanitization, fixes #817",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2018-14071,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11743,"public function init() { global $geo_mashup_options, $pagenow; $enabled = is_admin() && $geo_mashup_options->get( 'overall', 'located_object_name', 'user' ) == 'true' && preg_match( '/(user-edit|profile).php/', $pagenow ); $enabled = apply_filters( 'geo_mashup_load_user_editor', $enabled ); if ( $enabled ) { add_action( 'show_user_profile', array( &$this, 'print_form' ) ); add_action( 'edit_user_profile', array( &$this, 'print_form' ) ); add_action( 'personal_options_update', array( &$this, 'save_user')); add_action( 'edit_user_profile_update', array( &$this, 'save_user')); $this->enqueue_form_client_items(); } }",True,PHP,init,geo-mashup-ui-managers.php,https://github.com/cyberhobo/wordpress-geo-mashup,cyberhobo,Dylan Kuhn,2018-07-11 20:20:20-07:00,"Strengthen sanitization, fixes #817",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2018-14071,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11746,"public function wp_footer() { global $geo_mashup_options; if ( $this->add_form_script ) { GeoMashup::register_script( 'geo-mashup-comment-form', 'js/comment-form.js', array( 'jquery' ), GEO_MASHUP_VERSION, true ); wp_localize_script( 'geo-mashup-comment-form', 'geo_mashup_comment_form_settings', array( 'geonames_username' => $geo_mashup_options->get( 'overall', 'geonames_username' ) ) ); wp_print_scripts( 'geo-mashup-comment-form' ); } }",True,PHP,wp_footer,geo-mashup-ui-managers.php,https://github.com/cyberhobo/wordpress-geo-mashup,cyberhobo,Dylan Kuhn,2018-07-11 20:20:20-07:00,"Strengthen sanitization, fixes #817",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2018-14071,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11747,"public function replace_save_pre_shortcode( $shortcode_match ) { $content = $shortcode_match[0]; $tag_index = array_search( 'geo_mashup_save_location', $shortcode_match ); if ( $tag_index !== false ) { $this->inline_location = shortcode_parse_atts( stripslashes( $shortcode_match[$tag_index+1] ) ); $success = false; if ( ( empty( $this->inline_location['lat'] ) or empty( $this->inline_location['lng'] ) ) and !empty( $this->inline_location['address'] ) ) { $query = $this->inline_location['address']; $this->inline_location = GeoMashupDB::blank_object_location( ARRAY_A ); $success = GeoMashupDB::geocode( $query, $this->inline_location ); if ( !$success ) { sleep( 1 ); $success = GeoMashupDB::geocode( $query, $this->inline_location ); } } else if ( is_numeric ( $this->inline_location['lat'] ) and is_numeric( $this->inline_location['lng'] ) ) { $success = true; } if ( $success ) { $content = ''; } else { $message = ( is_wp_error( GeoMashupDB::$geocode_error ) ? GeoMashupDB::$geocode_error->get_error_message() : __( 'Address not found - try making it less detailed', 'GeoMashup' ) ); $content = str_replace( ']', ' geocoding_error=""' . $message . '""]', $content ); $this->inline_location = null; } } return $content; }",True,PHP,replace_save_pre_shortcode,geo-mashup-ui-managers.php,https://github.com/cyberhobo/wordpress-geo-mashup,cyberhobo,Dylan Kuhn,2018-07-11 20:20:20-07:00,"Strengthen sanitization, fixes #817",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2018-14071,"function getNotes() { global $user, $db; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : intval($this->params['require_login']); $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : intval($this->params['require_approval']); $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : intval($this->params['require_notification']); $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : expString::escape($this->params['notification_email']); $sql = 'SELECT n.* FROM '.$db->prefix.'expSimpleNote n '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND n.approved=1'; $simplenotes = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Readable Column Name')=>'Column Name' ), )); if ($require_approval == 1 && $user->isAdmin()) { $sql = 'SELECT count(com.id) as c FROM '.$db->prefix.'expSimpleNote com '; $sql .= 'JOIN '.$db->prefix.'content_expSimpleNote cnt ON com.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".expString::escape($this->params['content_type']).""' ""; $sql .= 'AND com.approved=0'; $unapproved = $db->countObjectsBySql($sql); } else { $unapproved = 0; } assign_to_template(array( 'simplenotes'=>$simplenotes, 'unapproved'=>$unapproved, 'content_id'=>$this->params['content_id'], 'content_type'=>$this->params['content_type'], 'user'=>$user, 'hideform'=>$this->params['hideform'], 'hidenotes'=>$this->params['hidenotes'], 'title'=>$this->params['title'], 'formtitle'=>$this->params['formtitle'], 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11748,"public function save_user() { if ( empty( $_POST['user_id'] ) ) { return false; } $user_id = $_POST['user_id']; if ( !is_numeric( $user_id ) ) { return $user_id; } if ( !current_user_can( 'edit_user', $user_id ) ) { return $user_id; } return $this->save_posted_object_location( $user_id ); }",True,PHP,save_user,geo-mashup-ui-managers.php,https://github.com/cyberhobo/wordpress-geo-mashup,cyberhobo,Dylan Kuhn,2018-07-11 20:20:20-07:00,"Strengthen sanitization, fixes #817",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2018-14071,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11750,"public function enqueue_scripts() { global $geo_mashup_options, $pagenow, $post; if ( empty( $post ) ) return null; $load_location_editor = ( is_admin() and preg_match( '/(post|page)(-new|).php/', $pagenow ) and in_array( $post->post_type, $geo_mashup_options->get( 'overall', 'located_post_types' ) ) ); $load_location_editor = apply_filters( 'geo_mashup_load_location_editor', $load_location_editor ); if ( $load_location_editor ) { $this->enqueue_form_client_items(); } }",True,PHP,enqueue_scripts,geo-mashup-ui-managers.php,https://github.com/cyberhobo/wordpress-geo-mashup,cyberhobo,Dylan Kuhn,2018-07-11 20:20:20-07:00,"Strengthen sanitization, fixes #817",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2018-14071,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11751,private function get_submit_action() { $action = null; if ( isset( $_POST['geo_mashup_add_location'] ) or isset( $_POST['geo_mashup_update_location'] ) ) { if ( ! empty( $_POST['geo_mashup_search'] ) and isset( $_POST['geo_mashup_no_js'] ) and 'true' == $_POST['geo_mashup_no_js'] ) { $action = 'geocode'; } else { $action = 'save'; } } else if ( isset( $_POST['geo_mashup_changed'] ) and 'true' == $_POST['geo_mashup_changed'] and ! empty( $_POST['geo_mashup_location'] ) ) { $action = 'save'; } else if ( isset( $_POST['geo_mashup_delete_location'] ) ) { $action = 'delete'; } else if ( ! empty( $_POST['geo_mashup_location_id'] ) and empty( $_POST['geo_mashup_location'] ) ) { $action = 'delete'; } return $action; },True,PHP,get_submit_action,geo-mashup-ui-managers.php,https://github.com/cyberhobo/wordpress-geo-mashup,cyberhobo,Dylan Kuhn,2018-07-11 20:20:20-07:00,"Strengthen sanitization, fixes #817",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2018-14071,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11753,"public function save_posted_object_location( $object_name, $object_id ) { if ( empty( $_POST['geo_mashup_nonce'] ) || !wp_verify_nonce( $_POST['geo_mashup_nonce'], 'geo-mashup-edit' ) ) { return new WP_Error( 'invalid_request', __( 'Object location not saved - invalid request.', 'GeoMashup' ) ); } $action = $this->get_submit_action(); if ( 'save' == $action or 'geocode' == $action ) { $date_string = $_POST['geo_mashup_date'] . ' ' . $_POST['geo_mashup_hour'] . ':' . $_POST['geo_mashup_minute'] . ':00'; $geo_date = date( 'Y-m-d H:i:s', strtotime( $date_string ) ); $post_location = array(); $post_location['saved_name'] = stripslashes( $_POST['geo_mashup_location_name'] ); if ( 'geocode' == $action ) { $status = GeoMashupDB::geocode( $_POST['geo_mashup_search'], $post_location ); if ( $status != 200 ) { $post_location = array(); } } else { if ( ! empty( $_POST['geo_mashup_select'] ) ) { $selected_items = explode( '|', $_POST['geo_mashup_select'] ); $post_location = intval( $selected_items[0] ); } else { $post_location['id'] = $_POST['geo_mashup_location_id']; list( $lat, $lng ) = explode( ',', $_POST['geo_mashup_location'] ); $post_location['lat'] = trim( $lat ); $post_location['lng'] = trim( $lng ); $post_location['geoname'] = $_POST['geo_mashup_geoname']; $post_location['address'] = stripslashes( $_POST['geo_mashup_address'] ); $post_location['postal_code'] = $_POST['geo_mashup_postal_code']; $post_location['country_code'] = $_POST['geo_mashup_country_code']; $post_location['admin_code'] = $_POST['geo_mashup_admin_code']; $post_location['sub_admin_code'] = $_POST['geo_mashup_sub_admin_code']; $post_location['locality_name'] = $_POST['geo_mashup_locality_name']; if ( !empty( $_POST['geo_mashup_null_fields'] ) ) $post_location['set_null'] = $_POST['geo_mashup_null_fields']; } } if ( ! empty( $post_location ) ) { $error = GeoMashupDB::set_object_location( $object_name, $object_id, $post_location, true, $geo_date ); if ( is_wp_error( $error ) ) return $error; } } else if ( 'delete' == $action ) { $error = GeoMashupDB::delete_object_location( $object_name, $object_id ); if ( is_wp_error( $error ) ) return $error; } return true; }",True,PHP,save_posted_object_location,geo-mashup-ui-managers.php,https://github.com/cyberhobo/wordpress-geo-mashup,cyberhobo,Dylan Kuhn,2018-07-11 20:20:20-07:00,"Strengthen sanitization, fixes #817",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2018-14071,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11757,"public static function generate_location_json( ) { status_header(200); header('Content-type: application/json; charset='.get_option('blog_charset'), true); header('Cache-Control: no-cache;', true); header('Expires: -1;', true); $json = GeoMashup::get_locations_json($_REQUEST); if ( isset( $_REQUEST['callback'] ) ) $json = $_REQUEST['callback'] . '(' . $json . ')'; echo $json; }",True,PHP,generate_location_json,geo-query.php,https://github.com/cyberhobo/wordpress-geo-mashup,cyberhobo,Dylan Kuhn,2018-07-11 20:20:20-07:00,"Strengthen sanitization, fixes #817",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2018-14071,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11759,"public function actionSeoFileLink($url, $robots = '', $canonical = '', $inline = true, $fileName = '') { $url = base64_decode($url); $robots = base64_decode($robots); $canonical = base64_decode($canonical); $url = UrlHelper::absoluteUrlWithProtocol($url); $contents = file_get_contents($url); $response = Craft::$app->getResponse(); if ($contents) { if (!empty($robots)) { $headerValue = $robots; $response->headers->add('X-Robots-Tag', $headerValue); } if (!empty($canonical)) { $headerValue = '<'.$canonical.'>; rel=""canonical""'; $response->headers->add('Link', $headerValue); } $allowedExtensions = Craft::$app->getConfig()->getGeneral()->allowedFileExtensions; if (($ext = pathinfo($fileName, PATHINFO_EXTENSION)) !== '') { $ext = strtolower($ext); } if ($ext === '' || !in_array($ext, $allowedExtensions, true)) { throw new ServerErrorHttpException(Craft::t('seomatic', 'File format not allowed.')); } $response->sendContentAsFile( $contents, $fileName, [ 'inline' => $inline, 'mimeType' => FileHelper::getMimeTypeByExtension($fileName) ] ); } else { throw new NotFoundHttpException(Craft::t('seomatic', 'File not found.')); } return $response; }",True,PHP,actionSeoFileLink,FileController.php,https://github.com/nystudio107/craft-seomatic,nystudio107,Andrew Welch,2021-09-24 11:01:54-04:00,Disallow SVGs,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-41750,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11764,"public function get_bitly () { $file = urldecode (join ('/', func_get_args ())); $link = $this->controller->absolutize ('/files/' . $file); return BitlyLink::lookup ($link); }",True,PHP,get_bitly,API.php,https://github.com/jbroadway/elefant,jbroadway,lux,2018-09-11 02:13:26-05:00,"Fixed filemanager file upload validations, re: #287",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2018-16974,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11765,"public function post_prop () { $file = urldecode (join ('/', func_get_args ())); if (! FileManager::verify_file ($file)) { return $this->error (__ ('Invalid file name')); } if (isset ($_POST['props'])) { if (! is_array ($_POST['props'])) { return $this->error (__ ('Invalid properties')); } foreach ($_POST['props'] as $k => $v) { if (FileManager::prop ($file, $k, $v) === false) { return $this->error (__ ('Error saving properties.')); } } return array ( 'file' => $file, 'props' => $_POST['props'], 'msg' => __ ('Properties saved.') ); } if (! isset ($_POST['prop'])) { return $this->error (__ ('Missing property name')); } if (isset ($_POST['value'])) { $res = FileManager::prop ($file, $_POST['prop'], $_POST['value']); } else { $res = FileManager::prop ($file, $_POST['prop']); } return array ( 'file' => $file, 'prop' => $_POST['prop'], 'value' => $res, 'msg' => __ ('Properties saved.') ); }",True,PHP,post_prop,API.php,https://github.com/jbroadway/elefant,jbroadway,lux,2018-09-11 02:13:26-05:00,"Fixed filemanager file upload validations, re: #287",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2018-16974,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11767,$fontfile = self::_getfontpath().$file; } elseif (@file_exists($file)) { $fontfile = $file; } return $fontfile; },True,PHP,_getfontpath,tcpdf_fonts.php,https://github.com/tecnickcom/TCPDF,tecnickcom,nicolaasuni,2018-09-14 14:28:55+01:00,Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data.,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2018-17057,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11771,function core_load_function($fid) { global $DB; global $menu_layout; switch($fid) { case 'utils': $func = new stdClass(); $func->id = 'utils'; $func->codename = 'utils'; $func->category = 'internal'; $func->icon = ''; $func->lid = ''; $func->enabled = 1; break; case 'grid_notes': $func = new stdClass(); $func->id = 'grid_notes'; $func->codename = 'grid_notes'; $func->category = 'content'; $func->icon = ''; $func->lid = ''; $func->enabled = 1; break; case 'permissions': $func = new stdClass(); $func->id = 'permissions'; $func->codename = 'permissions'; $func->category = 'config'; $func->icon = ''; $func->lid = ''; $func->enabled = 1; break; default: if(is_numeric($fid)) $where = 'id = '.intval($fid); else $where = 'codename = '.protect($fid); $DB->query('SELECT * FROM nv_functions WHERE '.$where.' AND enabled = 1'); $func = $DB->first(); if(!$menu_layout->function_is_displayed($func->id)) $func = false; } return $func; },True,PHP,core_load_function,core.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11772,"public function query_single($column, $table, $where = '1=1', $order = '') { $rs = null; if(!empty($order)) $order = ' ORDER BY '.$order; try { $stm = $this->db->query('SELECT ' . $column . ' FROM ' . $table . ' WHERE ' . $where . $order . ' LIMIT 1'); $this->queries_count++; $stm->setFetchMode(PDO::FETCH_NUM); $rs = $stm->fetchAll(); $stm->closeCursor(); unset($stm); } catch(Exception $e) { return NULL; } if(empty($rs)) return NULL; else return $rs[0][0]; }",True,PHP,query_single,database.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11773,"public function query($sql, $fetch_mode='object') { $this->lastError = ''; $this->lastResult = ''; switch($fetch_mode) { case 'array': $fetch = PDO::FETCH_ASSOC; break; case 'object': default: $fetch = PDO::FETCH_OBJ; break; } try { $statement = $this->db->query($sql); $this->queries_count++; if(!$statement) return false; $statement->setFetchMode($fetch); $this->lastResult = $statement->fetchAll(); $statement->closeCursor(); unset($statement); } catch(PDOException $e) { $this->lastError = $e->getMessage(); } catch(Exception $e) { return false; } return empty($this->lastError); }",True,PHP,query,database.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11774,"public function queryLimit($cols, $table, $where=""1=1"", $order="""", $offset=0, $max=100) { $this->lastError = ''; $this->lastResult = ''; $fetch = PDO::FETCH_ASSOC; try { $sql = ' SELECT SQL_CALC_FOUND_ROWS '.$cols.' FROM '.$table.' WHERE '.$where.' ORDER BY '.$order.' LIMIT '.$max.' OFFSET '.$offset; $statement = $this->db->query($sql); $this->queries_count++; $statement->setFetchMode($fetch); $this->lastResult = $statement->fetchAll(); $statement->closeCursor(); unset($statement); } catch(PDOException $e) { $this->lastError = $e->getMessage(); } catch(Exception $e) { return false; } return empty($this->lastError); }",True,PHP,queryLimit,database.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11776,"public function setting($name, $value=NULL) { global $DB; global $website; $DB->query( 'SELECT * FROM nv_settings WHERE type = ""user"" AND user = '.protect($this->id).' AND website = '.protect($website->id).' AND name = '.protect($name) ); $setting = $DB->first(); if(!isset($value)) { if(!empty($setting)) $value = $setting->value; } else { if(empty($setting)) { $DB->execute(' INSERT INTO nv_settings (id, website, type, user, name, value) VALUES (:id, :website, :type, :user, :name, :value) ', array( ':id' => 0, ':website' => $website->id, ':type' => ""user"", ':user' => $this->id, ':name' => $name, ':value' => $value )); } else { $DB->execute(' UPDATE nv_settings SET value = :value WHERE id = :id ', array( ':id' => $setting->id, ':value' => $value )); } } return $value; }",True,PHP,setting,user.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11777,"public function authenticate($user, $pass) { global $DB; $user = trim($user); $user = mb_strtolower($user); $A1 = md5($user.':'.APP_REALM.':'.$pass); if($DB->query('SELECT * FROM nv_users WHERE LOWER(username) = '.protect($user))) { $data = $DB->result(); if($data[0]->password==$A1) { $this->load_from_resultset($data[0]); $this->attempts = 0; $this->update(); return true; } else if(!empty($data[0]->id)) { $this->load_from_resultset($data[0]); $this->attempts++; if($this->attempts > 9) $this->blocked = 1; $this->update(); return false; } } return false; }",True,PHP,authenticate,user.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11781,"public function navigate_session() { global $website; global $user; global $DB; $fid = $_REQUEST['fid']; if(empty($fid)) $fid = 'dashboard'; $user_profile_name = $DB->query_single('name', 'nv_profiles', 'id='.protect($user->profile)); $this->add_content( '
    '. (empty($website->id)? '' : ''). ''. '
    '. '
    '. (empty($website->id)? '' : '
    '.t(275, 'Recent items').'
    ').",True,PHP,navigate_session,layout.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11782,"function add_actions($actions) { if(is_array($actions) && !empty($actions)) { $search_form_pos = array_search('search_form', $actions); if($search_form_pos !== false) { $actions[$search_form_pos] = array(); if( empty($_REQUEST['act']) || $_REQUEST['act']=='list' || ($_REQUEST['fid']=='extensions' && $_REQUEST['act']=='run' && (empty($_REQUEST['mode']) || $_REQUEST['mode']=='list')) ) { $actions[$search_form_pos][] = ''; $actions[$search_form_pos][] = '
    '; } else { $actions[$search_form_pos][] = ''; $actions[$search_form_pos][] = ''; } $actions[$search_form_pos][] = ' '; $actions[$search_form_pos][] = ' '; $actions[$search_form_pos][] = ' '; $actions[$search_form_pos][] = ' '; $actions[$search_form_pos][] = '
    '; $actions[$search_form_pos] = implode(""\n"", $actions[$search_form_pos]); } $actions_html = ''; foreach($actions as $action) { if(is_array($action)) { $actions_html .= $action[0].""\n""; $actions_html .= '
      '; array_shift($action); foreach($action as $subaction) $actions_html .= '
    • '.$subaction.'
      • '; $actions_html .= '
    '.""\n""; } else if(!empty($action)) { $actions_html .= $action . ""\n""; } } $actions = $actions_html; } if(!empty($actions)) $this->elements['actions'][] = '
    '.$actions.'
    '; }",True,PHP,add_actions,navibars.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11788,"public static function types($orderby='id', $asc='asc') { global $theme; global $DB; global $website; $data = block::custom_types(); $theme_blocks = json_decode(json_encode($theme->blocks), true); if(!is_array($theme_blocks)) $theme_blocks = array(); else { for($b=0; $b < count($theme_blocks); $b++) { $theme_blocks[$b]['title'] = $theme->t($theme_blocks[$b]['title']); $theme_blocks[$b]['count'] = $DB->query_single( 'COUNT(*) AS total', 'nv_blocks', ' website = '.$website->id.' AND type = '.protect($theme_blocks[$b]['id']) ); } } if(!is_array($data)) $data = array(); $data = array_merge($data, $theme_blocks); for($d=0; $d < count($data); $d++) { if(function_exists($theme->t)) $data[$d]['title'] = $theme->t($data[$d]['title']); if(empty($data[$d]['code'])) $data[$d]['code'] = $data[$d]['title']; if(empty($data[$d]['type'])) $data[$d]['type'] = 'block'; } if(!is_array($data)) $data = array(); $order = array(); foreach($data as $key => $row) $order[$key] = $row[$orderby]; array_multisort($order, (($asc=='asc')? SORT_ASC : SORT_DESC), $data); return $data; }",True,PHP,types,block.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11790,public static function types_update($array) { global $DB; global $website; $array = array_filter($array); sort($array); $array = serialize($array); $ok = $DB->execute(' UPDATE nv_websites SET block_types = '.protect($array).' WHERE id = '.$website->id ); if(!$ok) throw new Exception($DB->last_error()); return true; },True,PHP,types_update,block.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11791,"public function backup($type='json') { global $DB; global $website; $DB->query(' SELECT * FROM nv_blocks WHERE website = '.protect($website->id), 'object' ); $out = $DB->result(); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,block.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11794,"public static function paginated_list($offset, $limit, $order_by_field, $order_by_ascdesc) { global $DB; global $website; $DB->queryLimit( '*', 'nv_block_groups', 'website = '.protect($website->id), $order_by_field.' '.$order_by_ascdesc, $offset, $limit ); $rs = $DB->result(); $total = $DB->foundRows(); return array($rs, $total); }",True,PHP,paginated_list,block_group.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11795,public function load_by_code($code) { global $DB; global $website; if($DB->query('SELECT * FROM nv_block_groups WHERE code = '.protect($code).' AND website = '.$website->id)) { $data = $DB->result(); $this->load_from_resultset($data); } },True,PHP,load_by_code,block_group.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11798,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query(' SELECT * FROM nv_block_groups WHERE website = '.protect($website->id), 'object' ); $out = $DB->result(); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,block_group.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11800,"public function backup($type='json') { global $DB; global $website; $DB->query('SELECT * FROM nv_brands WHERE website = '.protect($website->id), 'object'); $out = $DB->result(); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,brand.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11804,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query(' SELECT * FROM nv_comments WHERE website = '.protect($website->id), 'object' ); $out = $DB->result(); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,comment.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11805,"public static function remove_spam() { global $DB; global $website; $count = $DB->query_single( 'count(*) as total', 'nv_comments', 'website = '.protect($website->id).' AND status = 3' ); $ok = $DB->execute(' DELETE FROM nv_comments WHERE website = '.protect($website->id).' AND status = 3 '); if($ok) return $count; }",True,PHP,remove_spam,comment.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11806,public static function webuser_comments_count($webuser_id) { global $DB; global $website; $DB->query(' SELECT COUNT(*) AS total FROM nv_comments WHERE website = '.protect($website->id).' AND user = '.protect($webuser_id).' AND status = 0' ); $out = $DB->result('total'); if(is_array($out)) $out = $out[0]; return $out; },True,PHP,webuser_comments_count,comment.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11808,"public static function pending_count() { global $DB; global $website; $pending_comments = $DB->query_single( 'COUNT(*)', 'nv_comments', ' website = '.protect($website->id).' AND status = -1' ); return $pending_comments; }",True,PHP,pending_count,comment.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11813,"public function backup($type='json') { global $DB; global $website; $DB->query('SELECT * FROM nv_coupons WHERE website = '.protect($website->id), 'object'); $out = $DB->result(); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,coupon.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11814,"public function redeemable($cart, $webuser) { global $website; global $DB; $redeemable = true; if($this->website != $website->id) $redeemable = false; if($this->currency != $cart['currency']) $redeemable = false; $now = core_time(); if( !empty($this->date_begin) && $now < $this->date_begin) $redeemable = false; if( !empty($this->date_end) && $now > $this->date_end) $redeemable = false; if( !empty($this->minimum_spend) && $cart['subtotal'] < $this->minimum_spend ) $redeemable = false; if( !empty($this->times_allowed_customer) ) { $times_used_by_customer = $DB->query_single( 'COUNT(*)', 'nv_orders', ' website = '.protect($website->id).' AND webuser = '.protect($webuser).' AND coupon = '.protect($this->id) ); if($times_used_by_customer > $this->times_allowed_customer) $redeemable = false; } if( !empty($this->times_allowed_globally) ) { $times_used_globally = $DB->query_single( 'COUNT(*)', 'nv_orders', ' website = '.protect($website->id).' AND coupon = '.protect($this->id) ); if($times_used_globally > $this->times_allowed_globally) $redeemable = false; } return $redeemable; }",True,PHP,redeemable,coupon.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11815,"public static function find($code) { global $DB; global $website; $DB->query(' SELECT * FROM nv_coupons WHERE website = '.protect($website->id).' AND code = '.protect($code), 'object' ); $rs = $DB->result(); $out = false; if(!empty($rs)) { $coupon = new coupon(); $coupon->load_from_resultset($rs); $out = $coupon; } return $out; }",True,PHP,find,coupon.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11817,"function dashboard_panel_public_wall($params) { global $DB; global $website; global $layout; $stats = &$params['statistics']; $navibars = &$params['navibars']; $layout->navigate_notes_dialog('website', $website->id); $public_wall_notes = grid_notes::comments('website', $website->id); $elements_html = '
    '.$public_wall_notes[$e]['username'].'
    '; for($e = 0; $e < 4; $e++) { if(!isset($public_wall_notes[$e])) break; $tmp = array( '
    ', '
    '. ''.$public_wall_notes[$e]['date'].' '. ''.$public_wall_notes[$e]['username'].''. '
    ', '
    '.$public_wall_notes[$e]['note'].'
    ', '
    ' ); $elements_html .= implode(""\n"", $tmp); } $navibars->add_tab_content_panel( ' '.t(637, 'Website notes'). '
    '. '
    '.count($public_wall_notes).'
    ', $elements_html, 'navigate-panel-public-wall', '100%', '314px'//'162px' ); }",True,PHP,dashboard_panel_public_wall,dashboard.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11819,"function dashboard_panel_web_summary($params) { global $DB; global $website; global $layout; $stats = &$params['statistics']; $navibars = &$params['navibars']; $DB->query(' SELECT COUNT(c.object_id) as total FROM ( SELECT DISTINCT p.object_id FROM nv_paths p WHERE p.website = '.protect($website->id).' GROUP BY p.object_id ) c '); $count = $DB->first(); $stats['pages_available'] = $count->total; $DB->query(' SELECT COUNT(i.id) as total FROM nv_items i WHERE i.website = '.protect($website->id).' AND i.embedding = 0 AND ( SELECT count(p.id) FROM nv_paths p WHERE p.object_id = i.id ) < 1 '); $count = $DB->first(); $stats['pages_available'] += $count->total; $stats['comments_count'] = $DB->query_single('COUNT(*)', 'nv_comments', 'website = '.protect($website->id)); $stats['comments_torevise'] = $DB->query_single('COUNT(*)', 'nv_comments', 'website = '.protect($website->id).' AND status = -1'); $DB->query(' SELECT SUM(x.page_views) as pages_viewed FROM ( SELECT i.views as page_views, i.id as id_item FROM nv_items i WHERE i.website = '.protect($website->id).' AND i.template > 0 AND i.embedding = 0 UNION ALL SELECT s.views as page_views, s.id as id_category FROM nv_structure s WHERE s.website = '.protect($website->id).' ) x '); $stats['pages_viewed'] = $DB->first(); $stats['pages_viewed'] = intval($stats['pages_viewed']->pages_viewed); $navibars->add_tab_content_panel(' '.t(278, 'Web summary'), array( '

    '.$stats['pages_available'].'


    '.t(279, 'pages available').'
    ', '

    '.$stats['pages_viewed'].'


    '.t(280, 'pages viewed').'
    ', '

    '.$stats['comments_count'].'


    '.t(250, 'Comments').'
    ', '

    '.$stats['comments_torevise'].'


    '.t(281, 'comments to revise').'
    ' ), 'navigate-panel-web-summary', '100%', '314px' ); $layout->add_script(' $("".navigate-panels-summary"").each(function() { if($(this).height() > 78) $(this).find(""br"").remove(); }); '); }",True,PHP,dashboard_panel_web_summary,dashboard.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11821,"function dashboard_panel_top_pages($params) { global $DB; global $website; $stats = &$params['statistics']; $navibars = &$params['navibars']; $sql = ' SELECT i.views as page_views, i.id as id_item, i.category as id_category, p.views as path_views, p.path as path FROM nv_items i, nv_paths p WHERE i.website = '.protect($website->id).' AND i.template > 0 AND i.embedding = 0 AND p.website = '.protect($website->id).' AND p.type = ""item"" AND p.object_id = i.id UNION ALL SELECT s.views as page_views, NULL as id_item, s.id as id_category, p.views as path_views, p.path as path FROM nv_structure s, nv_paths p WHERE s.website = '.protect($website->id).' AND p.website = '.protect($website->id).' AND p.type = ""structure"" AND p.object_id = s.id ORDER BY path_views DESC LIMIT 10 '; $DB->query($sql, 'array'); $pages = $DB->result(); $pages_html = ''; $url = $website->protocol; if(!empty($website->subdomain)) $url .= $website->subdomain.'.'; $url .= $website->domain; $url .= $website->folder; for($e = 0; $e < 10; $e++) { if(!$pages[$e]) break; $pages_html .= ''; } $navibars->add_tab_content_panel( ' '.t(296, 'Top pages'), $pages_html, 'navigate-panel-top-pages', '100%', '314px' ); }",True,PHP,dashboard_panel_top_pages,dashboard.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11823,"function dashboard_panel_recent_comments($params) { global $DB; global $website; global $layout; $stats = &$params['statistics']; $navibars = &$params['navibars']; $comments_limit = 25; $DB->query(' SELECT nvc.*, nvwu.username, nvwu.avatar, nvwd.text as content_title FROM nv_comments nvc LEFT OUTER JOIN nv_webusers nvwu ON nvwu.id = nvc.user LEFT OUTER JOIN nv_webdictionary nvwd ON nvwd.node_id = nvc.object_id AND nvwd.website = nvc.website AND nvwd.node_type = nvc.object_type AND nvwd.subtype = ""title"" AND nvwd.lang = '.protect($website->languages_published[0]).' WHERE nvc.website = '.$website->id.' ORDER BY nvc.date_created DESC LIMIT '.$comments_limit ); $comments = $DB->result(); if(!empty($comments[0])) { $comments_html = '
    '; for($c=0; $c < $comments_limit; $c++) { if(empty($comments[$c])) break; if($comments[$c]->status==2) $comment_status = 'hidden'; else if($comments[$c]->status==1) $comment_status = 'private'; else if($comments[$c]->status==-1) $comment_status = 'new'; else $comment_status = 'public'; $tmp = array( '', '
    id.'"" class=""navigate-panel-recent-comments-element"">'.htmlentities($comments[$c]->message).'
    '); $comments_html .= implode(""\n"", $tmp); } $comments_html .= '
    '; $layout->add_script(' $("".navigate-panel-recent-comments-username"").hover(function() { $(this).addClass(""ui-state-highlight""); }, function() { $(this).removeClass(""ui-state-highlight""); }); $("".navigate-panel-recent-comments-remove"").hover(function() { $(this).parent().addClass(""ui-state-error""); }, function() { $(this).parent().removeClass(""ui-state-error""); }); $("".navigate-panel-recent-comments-remove"").on(""click"", function() { var el_comment = $(this).parent(); $.getJSON( $(this).attr(""action-href""), function(result) { if(result==true) { $(el_comment).fadeOut(); $(el_comment).next().fadeOut(); } } ); }); '); $navibars->add_tab_content_panel( ' '.t(276, 'Recent comments'), $comments_html, 'navigate-panel-recent-comments', '100%', '314px' ); }",True,PHP,dashboard_panel_recent_comments,dashboard.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11825,"public function load($code) { global $DB; global $website; if(file_exists(NAVIGATE_PATH.'/plugins/'.$code.'/'.$code.'.plugin')) $this->definition = @json_decode(file_get_contents(NAVIGATE_PATH.'/plugins/'.$code.'/'.$code.'.plugin')); debug_json_error('extension: '.$code); $this->id = null; $this->website = $website->id; $this->title = $this->definition->title; $this->code = $code; $this->enabled = 1; $this->settings = array(); $DB->query(' SELECT * FROM nv_extensions WHERE website = '.protect($this->website).' AND extension = '.protect($this->code) ); $row = $DB->first(); if(!empty($row)) { $this->id = $row->id; $this->enabled = $row->enabled; $this->settings = json_decode($row->settings, true); } else { if(isset($this->definition->options)) { foreach ($this->definition->options as $option) { if (isset($option->dvalue)) { $this->settings[$option->id] = $option->dvalue; } } } } }",True,PHP,load,extension.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11826,"public function t($code) { global $user; global $session; global $website; global $DB; if(empty($this->dictionary)) { $extension_languages = (array)$this->definition->languages; $file = ''; if(!is_array($extension_languages)) $extension_languages = array(); $current_language = $session['lang']; if(empty($current_language) && !empty($webuser)) $current_language = $webuser->language; if(empty($current_language) && !empty($user)) $current_language = $user->language; foreach($extension_languages as $lcode => $lfile) { if( $lcode==@$user->language || $lcode==@$session['lang'] || empty($file) ) { $file = $lfile; } } $json = ''; if(file_exists(NAVIGATE_PATH.'/plugins/'.$this->code.'/'.$file)) $json = @file_get_contents(NAVIGATE_PATH.'/plugins/'.$this->code.'/'.$file); if(!empty($json)) $this->dictionary = (array)json_decode($json); if(!empty($website->id)) { $DB->query(' SELECT subtype, lang, text FROM nv_webdictionary WHERE website = '.$website->id.' AND node_type = ""extension"" AND lang = '.protect($current_language).' AND extension = '.protect($this->code) ); $rs = $DB->result(); for($r=0; $r < count($rs); $r++) $this->dictionary[$rs[$r]->subtype] = $rs[$r]->text; } } if(is_string($code)) { $out = $code; if(substr($out, 0, 1)=='@') $out = substr($out, 1); if(!empty($this->dictionary[$out])) $out = $this->dictionary[$out]; } return $out; }",True,PHP,t,extension.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11827,"public function delete() { global $DB; global $user; global $events; $ok = false; if($user->permission(""themes.delete"")==""false"") throw new Exception(t(610, ""Sorry, you are not allowed to execute this function."")); if(file_exists(NAVIGATE_PATH.'/plugins/'.$this->code.'/'.$this->code.'.plugin')) { core_remove_folder(NAVIGATE_PATH.'/plugins/'.$this->code); $ok = $DB->execute(' DELETE FROM nv_extensions WHERE id = '.protect($this->id) ); if(method_exists($events, 'trigger')) { $events->trigger( 'extension', 'delete', array( 'extension' => $this ) ); } } return $ok; }",True,PHP,delete,extension.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11832,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_feeds WHERE website = '.protect($website->id), 'object'); $out = $DB->result(); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11833,"public static function generate_feed($id = NULL) { global $current; global $website; global $DB; if(empty($id)) $id = $current['id']; $item = new feed(); $item->load($id); $permission = nvweb_object_enabled($item); if(!$permission) return; $feed = new UniversalFeedCreator(); $feed->encoding = 'UTF-8'; $feed->title = $item->dictionary[$current['lang']]['title']; $feed->description = $item->dictionary[$current['lang']]['description']; $feed->link = $website->absolute_path(); $feed->syndicationURL = $website->absolute_path().$item->paths[$current['lang']]; if(!empty($item->image)) { $image = new FeedImage(); $image->url = $website->absolute_path().'/object?type=image&id='.$item->image; $image->link = $website->absolute_path(); $image->title = $feed->title; $feed->image = $image; } if(!empty($item->categories[0])) { $limit = intval($item->entries); if($limit <= 0) $limit = 10; $DB->query(' SELECT SQL_CALC_FOUND_ROWS i.id, i.permission, i.date_published, i.date_unpublish, i.date_to_display, COALESCE(NULLIF(i.date_to_display, 0), i.date_created) as pdate, d.text as title, i.position as position, i.galleries as galleries, i.template as template FROM nv_items i, nv_structure s, nv_webdictionary d WHERE i.category IN('.implode("","", $item->categories).') AND i.website = '.$website->id.' AND i.permission = 0 AND (i.date_published = 0 OR i.date_published < '.core_time().') AND (i.date_unpublish = 0 OR i.date_unpublish > '.core_time().') AND s.id = i.category AND (s.date_published = 0 OR s.date_published < '.core_time().') AND (s.date_unpublish = 0 OR s.date_unpublish > '.core_time().') AND s.permission = 0 AND (s.access = 0) AND (i.access = 0) AND d.website = i.website AND d.node_type = ""item"" AND d.subtype = ""title"" AND d.node_id = i.id AND d.lang = '.protect($current['lang']).' ORDER BY pdate DESC LIMIT '.$limit.' OFFSET 0'); $rs = $DB->result(); for($x=0; $x < count($rs); $x++) { if(nvweb_object_enabled($rs[$x])) { $texts = webdictionary::load_element_strings('item', $rs[$x]->id); $paths = path::loadElementPaths('item', $rs[$x]->id); $fitem = new FeedItem(); $fitem->title = $texts[$current['lang']]['title']; $encoded_path = implode('/', array_map('urlencode', explode('/', $paths[$current['lang']]))); $fitem->link = $website->absolute_path().$encoded_path; switch($item->content) { case 'title': break; case 'content': $html = $texts[$current['lang']]['section-main']; $html = nvweb_template_tweaks($html); $html = nvweb_template_convert_nv_paths($html); $fitem->description = $html; break; case 'summary': default: $fitem->description = $texts[$current['lang']]['section-main']; $fitem->description = str_replace( array('

    ', '
    ', '
    ', '
    '), array('

    '.""\n"", '
    '.""\n"", '
    '.""\n"", '
    '.""\n""), $fitem->description ); $fitem->description = core_string_cut($fitem->description, 500, '…'); break; } $fitem->date = $rs[$x]->date_to_display; $image = ''; if(!empty($rs[$x]->galleries)) { $galleries = mb_unserialize($rs[$x]->galleries); $photo = @array_shift(array_keys($galleries[0])); if(!empty($photo)) $image = $website->absolute_path(false) . '/object?type=image&id='.$photo; } if(empty($image)) { $properties = property::load_properties(""item"", $rs[$x]->template, ""item"", $rs[$x]->id); for($p=0; $p < count($properties); $p++) { if($properties[$p]->type=='image') { if(!empty($properties[$p]->value)) $image = $properties[$p]->value; else if(!empty($properties[$p]->dvalue)) $image = $properties[$p]->dvalue; if(is_array($image)) { $image = array_values($image); $image = $image[0]; } if(!empty($image)) $image = $website->absolute_path(false) . '/object?type=image&id='.$image; } if(!empty($image)) break; } } if(!empty($image)) { $fitem->image = $image; if(strpos($item->format, 'RSS')!==false) $fitem->description = '
    '.$fitem->description; } $feed->addItem($fitem); } } } $xml = $feed->createFeed($item->format); if($item->format==""RSS2.0"") { $xml = str_replace('', ''.""\n\t\t"".'', $xml); $xml = str_replace('', ''.""\n\t\t"".''.file::file_url($item->image).'', $xml); $xml = str_replace('', ''.""\n\t\t"".''.file::file_url($website->favicon).'', $xml); } return $xml; }",True,PHP,generate_feed,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11836,"$item->delete(); } echo json_encode(true); break; default: $page = intval($_REQUEST['page']); $max = intval($_REQUEST['rows']); $offset = ($page - 1) * $max; $orderby= $_REQUEST['sidx'].' '.$_REQUEST['sord']; $where = "" f.website = "".$website->id; if($_REQUEST['_search']=='true' || isset($_REQUEST['quicksearch'])) { if(isset($_REQUEST['quicksearch'])) $where .= $item->quicksearch($_REQUEST['quicksearch']); else if(isset($_REQUEST['filters'])) $where .= navitable::jqgridsearch($_REQUEST['filters']); else $where .= ' AND '.navitable::jqgridcompare($_REQUEST['searchField'], $_REQUEST['searchOper'], $_REQUEST['searchString']); } $sql = ' SELECT SQL_CALC_FOUND_ROWS f.*, d.text as title FROM nv_feeds f LEFT JOIN nv_webdictionary d ON f.id = d.node_id AND d.node_type = ""feed"" AND d.subtype = ""title"" AND d.lang = ""'.$website->languages_list[0].'"" AND d.website = '.$website->id.' WHERE '.$where.' ORDER BY '.$orderby.' LIMIT '.$max.' OFFSET '.$offset; if(!$DB->query($sql, 'array')) { throw new Exception($DB->get_last_error()); } $dataset = $DB->result(); $total = $DB->foundRows(); $out = array(); $permissions = array( 0 => ' '.t(69, 'Published'), 1 => ' '.t(70, 'Private'), 2 => ' '.t(81, 'Hidden') ); if(empty($dataset)) $rows = 0; else $rows = count($dataset); for($i=0; $i < $rows; $i++) { $out[$i] = array( 0 => $dataset[$i]['id'], 1 => $dataset[$i]['title'], 2 => count(explode(',', $dataset[$i]['categories'])), 3 => $dataset[$i]['format'], 4 => $dataset[$i]['views'], 5 => $permissions[$dataset[$i]['permission']], 6 => (($dataset[$i]['enabled']==1)? '' : '') ); } navitable::jqgridJson($out, $page, $offset, $max, $total); break; } core_terminate(); break; case 2: if(!empty($_REQUEST['id'])) { $item->load(intval($_REQUEST['id'])); } if(isset($_REQUEST['form-sent'])) { $item->load_from_post(); try { $item->save(); $id = $item->id; unset($item); $item = new feed(); $item->load($id); $layout->navigate_notification(t(53, ""Data saved successfully.""), false, false, 'fa fa-check'); } catch(Exception $e) { $layout->navigate_notification($e->getMessage(), true, true); } } $out = feeds_form($item); break; case 4: if(!empty($_REQUEST['id'])) { $item->load(intval($_REQUEST['id'])); if($item->delete() > 0) { $layout->navigate_notification(t(55, 'Item removed successfully.'), false); $out = feeds_list(); } else { $layout->navigate_notification(t(56, 'Unexpected error.'), false); $out = feeds_list(); } } break; case ""path_check"": $path = $_REQUEST['path']; $id = $_REQUEST['id']; $DB->query('SELECT type, object_id, lang FROM nv_paths WHERE path = '.protect($path).' AND website = '.$website->id); $rs = $DB->result(); echo json_encode($rs); core_terminate(); break; case 0: default: $out = feeds_list(); break; } return $out; }",True,PHP,delete,feeds.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11838,"public static function filesBySearch($text, $wid=NULL, $orderby=""name ASC"") { global $DB; global $website; if(empty($wid)) $wid = $website->id; $DB->query(' SELECT * FROM nv_files WHERE name LIKE '.protect('%'.$text.'%').' AND website = '.$wid.' ORDER BY '.$orderby); return $DB->result(); }",True,PHP,filesBySearch,file.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11841,"public static function filesByMedia($media, $offset=0, $limit=-1, $wid=NULL, $text="""", $orderby=""date_added DESC, name ASC"") { global $DB; global $website; if(empty($wid)) $wid = $website->id; if($limit < 1) $limit = 2147483647; if(!empty($text)) $text = ' AND name LIKE '.protect('%'.$text.'%'); $DB->query(' SELECT SQL_CALC_FOUND_ROWS * FROM nv_files WHERE type = '.protect($media).' AND enabled = 1 AND website = '.$wid.' '.$text.' ORDER BY '.$orderby.' LIMIT '.$limit.' OFFSET '.$offset); $total = $DB->foundRows(); $rows = $DB->result(); return array($rows, $total); }",True,PHP,filesByMedia,file.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11842,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_files WHERE website = '.protect($website->id), 'object'); $out = $DB->result(); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,file.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11844,"function files_browser($parent, $search="""") { global $layout; global $DB; global $website; global $events; global $user; global $current_version; $navibars = new navibars(); $naviforms = new naviforms(); $navibrowse = new navibrowse('files'); $navibars->title(t(89, 'Files')); $extra_actions = array(); $events->add_actions( 'files', array( 'navibrowse' => &$navibrowse, 'navibars' => &$navibars ), $extra_actions ); $navibars->add_actions( array( ' '.t(140, 'Upload').'', ' '.t(141, 'Folder').'', ($user->permission(""files.delete"")=='true'? ' '.t(35, 'Delete').'' : '') ) ); $navibars->add_actions( array( ' '.t(18, 'Home').'', 'search_form' ) ); if(!empty($search)) { $path = '/'.t(41, 'Search').': '.$search; $parent = 0; $previous = 0; $files = file::filesBySearch($search); } else { if(empty($parent)) { $parent = 0; $previous = 0; $path = '/'; } else { $previous = $DB->query_single('parent', 'nv_files', ' id = '.intval($parent).' AND website = '.$website->id); $path = file::getFullPathTo($parent); } $files = file::filesOnPath($parent); } $navibrowse->items($files); $navibrowse->path($path, $parent, $previous); $navibrowse->setUrl('?fid='.$_REQUEST['fid'].'&parent='); $navibrowse->onDblClick('navigate_files_dblclick'); $navibrowse->onRightClick('navigate_files_contextmenu'); $navibrowse->onMove('navigate_files_move'); $navibrowse_hierarchy = $navibrowse->generate(); $navibars->add_content($navibrowse_hierarchy); $layout->add_script(' navigate_file_drop( "".navibrowse"", ""'.$parent.'"", { afterAll: function() { location.replace(""'.NAVIGATE_URL.'/'.NAVIGATE_MAIN.'?fid=files&parent='.$parent.'""); } }, true ); '); $extra_contextmenu_actions = array(); $events->trigger( ""files"", ""contextmenu"", array( 'navibars' => &$navibars, 'actions' => &$extra_contextmenu_actions ) ); if(!empty($extra_contextmenu_actions)) array_unshift($extra_contextmenu_actions, '
    '); $navibars->add_content(' ');",True,PHP,files_browser,files.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11847,"public static function summary($dataset, $type, $field_id) { global $DB; global $website; $ids = array(); for($i=0; $i < count($dataset); $i++) $ids[] = intval($dataset[$i][$field_id]); $ids = array_filter($ids); if(!empty($ids)) { $DB->query( 'SELECT gn.id, gn.item_id, gn.background, gn.note, gn.date_created, u.username as creator FROM nv_notes gn, nv_users u WHERE gn.website = '.protect($website->id).' AND gn.item_type = '.protect($type).' AND gn.item_id IN ('.implode("","", $ids).') AND u.id = gn.user ORDER BY gn.item_id ASC, gn.date_created DESC' ); $grid_notes = $DB->result(); } if(!is_array($grid_notes)) $grid_notes = array(); for($i=0; $i < count($dataset); $i++) { $background = ''; $notes = array(); foreach($grid_notes as $gnote) { if($gnote->item_id == $dataset[$i][$field_id]) { if(empty($background)) $background = $gnote->background; if(!empty($gnote->note)) $notes[] = $gnote; } } if(empty($notes)) $dataset[$i]['_grid_notes_html'] = ''; else $dataset[$i]['_grid_notes_html'] = ''.count($notes).''; $dataset[$i]['_grid_notes_html'] .= ' '; $dataset[$i]['_grid_notes_html'] .= ''; } return $dataset; }",True,PHP,summary,grid_notes.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11848,"public static function background($item_type, $item_id, $color) { global $DB; global $website; global $user; $DB->execute(' INSERT INTO nv_notes (id, website, user, item_type, item_id, background, note, date_created) VALUES ( 0, :website, :user, :item_type, :item_id, :background, :note, :date_created )', array( ':website' => $website->id, ':user' => value_or_default($user->id, 0), ':item_type' => value_or_default($item_type, ''), ':item_id' => value_or_default($item_id, 0), ':background' => value_or_default($color, """"), ':note' => """", ':date_created' => time() ) ); $background = $DB->query_single( 'background', 'nv_notes', 'website = '.$website->id.' AND item_type = '.protect($item_type).' AND item_id = '.protect($item_id).' ORDER BY date_created DESC' ); if(empty($background) || $background=='transparent') { $DB->execute(' DELETE FROM nv_notes WHERE website = '.$website->id.' AND item_type = '.protect($item_type).' AND item_id = '.protect($item_id).' AND note = """" '); } }",True,PHP,background,grid_notes.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function manage() { expHistory::set('manageable', $this->params); $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $sql = 'SELECT n.* FROM '.DB_TABLE_PREFIX.'_expSimpleNote n '; $sql .= 'JOIN '.DB_TABLE_PREFIX.'_content_expSimpleNote cnt ON n.id=cnt.expsimplenote_id '; $sql .= 'WHERE cnt.content_id='.$this->params['content_id']."" AND cnt.content_type='"".$this->params['content_type'].""' ""; $sql .= 'AND n.approved=0'; $page = new expPaginator(array( 'sql'=>$sql, 'limit'=>10, 'order'=>'created_at', 'dir'=>'DESC', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->baseclassname, 'action'=>$this->params['action'], 'columns'=>array( gt('Approved')=>'approved', gt('Poster')=>'name', gt('Comment')=>'body' ), )); assign_to_template(array( 'page'=>$page, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'tab'=>$this->params['tab'] )); }" 11849,"public static function remove_all($object_type, $object_id) { global $DB; global $website; $DB->execute(' DELETE FROM nv_notes WHERE website = '.protect($website->id).' AND item_type = '.protect($object_type).' AND item_id = '.protect($object_id).' LIMIT 1' ); return 'true'; }",True,PHP,remove_all,grid_notes.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11851,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query(' SELECT * FROM nv_notes WHERE website = '.protect($website->id), 'object' ); $out = $DB->result(); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,grid_notes.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11853,public static function remove($id) { global $DB; global $website; if(empty($id)) return 'invalid_id'; $DB->execute(' DELETE FROM nv_notes WHERE website = '.protect($website->id).' AND id = '.protect($id).' LIMIT 1' ); return 'true'; },True,PHP,remove,grid_notes.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11856,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_items WHERE website = '.protect($website->id), 'object'); if($type='json') $out = json_encode($DB->result()); return $out; }",True,PHP,backup,item.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11857,"public function comments_count() { global $DB; if(empty($this->_comments_count)) { $DB->query(' SELECT COUNT(*) as total FROM nv_comments WHERE website = ' . protect($this->website) . ' AND object_type = ""item"" AND object_id = ' . protect($this->id) . ' AND status = 0' ); $out = $DB->result('total'); $this->_comments_count = $out[0]; } return $this->_comments_count; }",True,PHP,comments_count,item.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11858,"public function load_template() { global $DB; global $website; $template = new template(); if( $this->association == 'free' || ($this->association == 'category' && $this->embedding == '0')) { $template->load($this->template); } else { $category_template = $DB->query_single( 'template', 'nv_structure', ' id = '.protect($this->category).' AND website = '.$website->id ); $template->load($category_template); } return $template; }",True,PHP,load_template,item.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11862,"public function backup($type='json') { global $DB; global $website; $DB->query('SELECT * FROM nv_orders WHERE website = '.protect($website->id), 'object'); $out = $DB->result(); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,order.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11863,"public static function find_by_reference($reference, $website_id=null) { global $DB; global $website; if(empty($website_id)) $website_id = $website->id; $order_id = $DB->query_single( 'id', 'nv_orders', 'reference = '.protect($reference).' AND website = ""'.$website_id.'""' ); return $order_id; }",True,PHP,find_by_reference,order.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11864,public function load_lines() { global $DB; $DB->query(' SELECT * FROM nv_orders_lines WHERE `order` = '.protect($this->id).' ORDER BY position ASC' ); $this->lines = $DB->result(); },True,PHP,load_lines,order.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11868,"public static function loadElementPaths($type, $object_id, $website_id=null) { global $DB; global $website; if(empty($website_id)) $website_id = $website->id; $ok = $DB->query(' SELECT * FROM nv_paths WHERE type = '.protect($type).' AND object_id = '.protect($object_id).' AND website = '.$website_id ); if(!$ok) throw new Exception($DB->get_last_error()); $data = $DB->result(); if(!is_array($data)) $data = array(); $out = array(); foreach($data as $item) { $out[$item->lang] = $item->path; } return $out; }",True,PHP,loadElementPaths,path.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11870,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query(' SELECT * FROM nv_paths WHERE website = '.protect($website->id), 'object' ); $out = $DB->result(); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,path.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11872,"$ok = $DB->execute(' INSERT INTO nv_paths (id, website, type, object_id, lang, path, cache_file, cache_expires, views) VALUES ( 0, :website, :type, :object_id, :lang, :path, """", 0, :views ) ', array( ':website' => $website_id, ':type' => $type, ':object_id' => $object_id, ':lang' => $lang, ':path' => $path, ':views' => 0, ) ); if(!$ok) throw new Exception($DB->get_last_error()); }",True,PHP,execute,path.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11874,"public function backup($type='json') { global $DB; global $website; $DB->query('SELECT * FROM nv_payment_methods WHERE website = '.protect($website->id), 'object'); $out = $DB->result(); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,payment_method.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11877,"public static function get_values($who='user', $object=NULL, $definitions=NULL, $ws=null) { global $DB; global $website; if(empty($ws)) $ws = $website->id; $scopes = array('system', 'functions', 'settings', 'extensions'); if(empty($definitions)) $definitions = permission::get_definitions(); if($who=='user') { $DB->query(' SELECT * FROM nv_permissions WHERE profile = '.protect($object->profile).' AND (website = 0 OR website = '.protect($ws).')' ); $permissions_profile = $DB->result(); $DB->query(' SELECT * FROM nv_permissions WHERE user = '.protect($object->id).' AND (website = 0 OR website = '.protect($ws).')' ); $permissions_user = $DB->result(); } else if($who=='profile') { $DB->query(' SELECT * FROM nv_permissions WHERE profile = '.protect($object->id).' AND (website = 0 OR website = '.protect($ws).')' ); $permissions_profile = $DB->result(); $permissions_user = array(); } $permissions = array(); foreach($scopes as $scope) { for($i=0; $i < count($definitions[$scope]); $i++) { $def = $definitions[$scope][$i]; $permissions[$def['name']] = (isset($def['dvalue'])? $def['dvalue'] : """"); for($pp=0; $pp < count($permissions_profile); $pp++) { if($permissions_profile[$pp]->name == $def['name']) { $permissions[$def['name']] = json_decode($permissions_profile[$pp]->value, true); break; } } for($pu=0; $pu < count($permissions_user); $pu++) { if($permissions_user[$pu]->name == $def['name']) { $permissions[$def['name']] = json_decode($permissions_user[$pu]->value, true); break; } } } } return $permissions; }",True,PHP,get_values,permission.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11878,"public static function get_definitions() { global $user; $definitions = array(); $definitions['system'] = json_decode(file_get_contents(NAVIGATE_PATH.'/lib/permissions/navigatecms.json'), true); $definitions['functions'] = json_decode(file_get_contents(NAVIGATE_PATH.'/lib/permissions/functions.json'), true); $definitions['settings'] = json_decode(file_get_contents(NAVIGATE_PATH.'/lib/permissions/settings.json'), true); $definitions['extensions'] = array(); $extensions = extension::list_installed(); for($e=0; $e < count($extensions); $e++) { if(!empty($extensions[$e]['permissions'])) { foreach($extensions[$e]['permissions'] as $permission) { $definitions['extensions'][] = (array)$permission; } } } $translations = array(); if(file_exists(NAVIGATE_PATH.'/lib/permissions/i18n/'.$user->language.'.json')) { $translations = @file_get_contents(NAVIGATE_PATH.'/lib/permissions/i18n/'.$user->language.'.json'); if(!empty($translations)) $translations = json_decode($translations, true); } foreach($definitions as $type => $list) { for($i=0; $i < count($list); $i++) { if(!empty($translations[$list[$i]['name']])) $definitions[$type][$i]['description'] = $translations[$list[$i]['name']]; } } return $definitions; } public static function get_definition($name) { global $user; $scopes = array('system', 'functions', 'settings', 'extensions'); $definition = ''; $foo = $user->permission(''); $definitions = $user->permissions['definitions']; foreach($scopes as $scope) { for($i=0; $i < count($definitions[$scope]); $i++) { $def = $definitions[$scope][$i]; if($def['name']==$name) { $definition = $def; break; } } } return $definition; } public static function get_values($who='user', $object=NULL, $definitions=NULL, $ws=null) { global $DB; global $website; if(empty($ws)) $ws = $website->id; $scopes = array('system', 'functions', 'settings', 'extensions'); if(empty($definitions)) $definitions = permission::get_definitions(); if($who=='user') { $DB->query(' SELECT * FROM nv_permissions WHERE profile = '.protect($object->profile).' AND (website = 0 OR website = '.protect($ws).')' ); $permissions_profile = $DB->result(); $DB->query(' SELECT * FROM nv_permissions WHERE user = '.protect($object->id).' AND (website = 0 OR website = '.protect($ws).')' ); $permissions_user = $DB->result(); } else if($who=='profile') { $DB->query(' SELECT * FROM nv_permissions WHERE profile = '.protect($object->id).' AND (website = 0 OR website = '.protect($ws).')' ); $permissions_profile = $DB->result(); $permissions_user = array(); } $permissions = array(); foreach($scopes as $scope) { for($i=0; $i < count($definitions[$scope]); $i++) { $def = $definitions[$scope][$i]; $permissions[$def['name']] = (isset($def['dvalue'])? $def['dvalue'] : """"); for($pp=0; $pp < count($permissions_profile); $pp++) { if($permissions_profile[$pp]->name == $def['name']) { $permissions[$def['name']] = json_decode($permissions_profile[$pp]->value, true); break; } } for($pu=0; $pu < count($permissions_user); $pu++) { if($permissions_user[$pu]->name == $def['name']) { $permissions[$def['name']] = json_decode($permissions_user[$pu]->value, true); break; } } } } return $permissions; } public static function update_permissions($changes=array(), $profile_id=0, $user_id=0) { if(!is_array($changes)) return; foreach($changes as $key => $value) { $key = str_replace(array('[', ']'), '', $key); $ws = null; if(strpos($key, ""wid"") === 0) { list($ws, $key) = explode('.', $key, 2); $ws = str_replace(""wid"", """", $ws); } $permission = new permission(); $permission->load($key, intval($profile_id), intval($user_id), $ws); $permission->value = $value; $permission->save(); } } public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_permissions', 'object'); if($type='json') $out = json_encode($DB->result()); return $out; } }",True,PHP,get_definitions,permission.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11879,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_products WHERE website = '.protect($website->id), 'object'); if($type='json') $out = json_encode($DB->result()); return $out; }",True,PHP,backup,product.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11882,"public function comments_count() { global $DB; if(empty($this->_comments_count)) { $DB->query(' SELECT COUNT(*) as total FROM nv_comments WHERE website = ' . protect($this->website) . ' AND object_type = ""product"" AND object_id = ' . protect($this->id) . ' AND status = 0' ); $out = $DB->result('total'); $this->_comments_count = $out[0]; } return $this->_comments_count; }",True,PHP,comments_count,product.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11885,"public static function country_name_by_code($code, $language="""") { global $DB; $lang = core_get_language($language); $DB->query('SELECT name FROM nv_countries WHERE lang = '.protect($lang).' AND country_code = '.protect($code)); $row = $DB->first(); return $row->name; }",True,PHP,country_name_by_code,property.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11887,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_properties WHERE website = '.protect($website->id), 'object'); if($type='json') $out['nv_properties'] = json_encode($DB->result()); $DB->query('SELECT * FROM nv_properties_items WHERE website = '.protect($website->id), 'object'); if($type='json') $out['nv_properties_items'] = json_encode($DB->result()); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,property.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11889,"public static function load_properties($element, $code, $object_type, $object_id, $item_uid=null) { global $DB; global $website; global $theme; if($element != $object_type) { if($element == 'extension') { $extension = new extension(); $extension->load($code); $e_properties = $extension->definition->options; } } else if($object_type == 'block_group_block') { $block = block::block_group_block($code, $object_id); $e_properties = $block->properties; if(!empty($code)) { $block_group_id = $DB->query_single( 'MAX(id)', 'nv_block_groups', ' code = '.protect($code).' AND website = '.$website->id ); $object_id = $block_group_id; if(empty($block_group_id)) $object_id = 0; } } else if($object_type == 'extension_block') { $extensions_blocks = extension::blocks(); for($eb=0; $eb < count($extensions_blocks); $eb++) { if($extensions_blocks[$eb]->id == $code) { $e_properties = $extensions_blocks[$eb]->properties; break; } } if(empty($object_id)) { $block_group_id = $DB->query_single('id', 'nv_block_groups', ' blocks LIKE '.protect('%'.$item_uid.'%').' AND website = '.$website->id); $object_id = $block_group_id; if(empty($block_group_id)) $object_id = 0; } else if(!empty($code)) { $block_group_id = $DB->query_single('MAX(id)', 'nv_block_groups', ' code = '.protect($object_id).' AND website = '.$website->id); $object_id = $block_group_id; if(empty($block_group_id)) $object_id = 0; } $object_type = ""block_group-extension-block""; } else if($object_type == 'webuser') { $e_properties = $theme->webusers['properties']; } else { $e_properties = property::elements($code, $object_type); } $dictionary = webdictionary::load_element_strings('property-'.$object_type, $object_id, $item_uid); $DB->query(' SELECT * FROM nv_properties_items WHERE element = '.protect($object_type).' AND node_id = '.protect($object_id). (empty($item_uid)? '' : ' AND ( node_uid = '.protect($item_uid).' OR node_uid = """" OR node_uid IS NULL )').' AND website = '.$website->id, 'array' );",True,PHP,load_properties,property.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11892,"public static function country_region_name_by_code($code, $language="""") { global $DB; $DB->query('SELECT name FROM nv_countries_regions WHERE `numeric` = '.protect($code)); $row = $DB->first(); return $row->name; }",True,PHP,country_region_name_by_code,property.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11893,"public static function find($type, $property, $value) { global $DB; global $website; $DB->query(' SELECT * FROM nv_properties_items WHERE website = '.protect($website->id).' AND property_id = '.protect($property).' AND value = '.protect($value), 'object'); return $DB->result(); }",True,PHP,find,property.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11897,"foreach($properties as $property) { if(!isset($properties_assoc[$property->name]) && !isset($properties_assoc[$property->id])) continue; $values_dict = array(); $value = ''; if(isset($properties_assoc[$property->name])) $value = $properties_assoc[$property->name]; if(empty($value)) $value = $properties_assoc[$property->id]; if( in_array($property->type, array('text', 'textarea', 'link', 'rich_textarea')) || @$property->multilanguage=='true' || @$property->multilanguage===true ) { if(isset($properties_assoc[$property->name])) $values_dict = $properties_assoc[$property->name]; if(empty($values_dict)) $values_dict = $properties_assoc[$property->id]; $value = '[dictionary]'; } if($property->type=='coordinates') { if(is_array($value)) $value = $value['latitude'].'#'.$value['longitude']; } if($property->type=='webuser_groups' && !empty($value)) $value = 'g'.implode(',g', $value); if($property->type=='boolean' && empty($value)) $value = 0; if(is_null($value)) $value = """"; $DB->execute(' DELETE FROM nv_properties_items WHERE property_id = '.protect($property->id).' AND element = '.protect($property_object_type).' AND node_id = '.protect($object_id). (empty($node_uid)? '' : ' AND node_uid = '.protect($node_uid)).' AND website = '.$ws->id );",True,PHP,foreach,property.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11898,"public static function remove_properties($element_type, $element_id, $website_id) { global $DB; global $website; if(empty($website_id)) $website_id = $website->id; webdictionary::save_element_strings('property-'.$element_type, $element_id, array()); $DB->execute(' DELETE FROM nv_properties_items WHERE website = '.$website_id.' AND element = '.protect($element_type).' AND node_id = '.intval($element_id).' '); }",True,PHP,remove_properties,property.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11899,(empty($object_uid)? '' : ' AND node_uid = '.protect($object_uid)).' AND website = '.$website->id );,True,PHP,' AND node_uid = '.protect,property.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11900,"public static function countries_regions($country_id="""") { global $DB; $country_query = "" 1=1 ""; if(!empty($country_id)) $country_query = ' AND r.country = '.protect($country_id); $DB->query(' SELECT r.`numeric` AS region_id, c.country_code, r.name FROM nv_countries c, nv_countries_regions r WHERE c.lang = ""en"" AND c.`numeric` = r.country AND r.lang = """" AND '.$country_query.' ORDER BY name ASC '); $rs = $DB->result(); return $rs; }",True,PHP,countries_regions,property.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11901,"public static function countries($lang="""", $alpha3=false) { global $DB; global $user; if(empty($lang)) $lang = $user->language; $code = 'country_code'; if($alpha3) $code = 'alpha3'; $DB->query('SELECT '.$code.' AS country_code, name FROM nv_countries WHERE lang = '.protect($lang).' ORDER BY name ASC'); $rs = $DB->result(); if(empty($rs)) { $DB->query('SELECT '.$code.' AS country_code, name FROM nv_countries WHERE lang = ""en"" ORDER BY name ASC'); $rs = $DB->result(); } $out = array(); foreach($rs as $country) { $out[$country->country_code] = $country->name; } return $out; }",True,PHP,countries,property.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11902,"public function backup($type='json') { global $DB; global $website; $DB->query('SELECT * FROM nv_shipping_methods WHERE website = '.protect($website->id), 'object'); $out = $DB->result(); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,shipping_method.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11904,"$object->delete(); } echo json_encode(true); break; case 'load_regions': $country_code = $_REQUEST['country']; $shipping_method_id = @$_REQUEST['id']; $shipping_method = new shipping_method(); if(!empty($shipping_method_id)) $shipping_method->load($shipping_method_id); $country_id = $DB->query_single('`numeric`', 'nv_countries', 'country_code = '.protect($country_code)); $DB->query(' SELECT `numeric`, name FROM nv_countries_regions WHERE country = '.$country_id.' ORDER BY name ASC '); $data = $DB->result(); echo json_encode($data); break; default: $page = intval($_REQUEST['page']); $max = intval($_REQUEST['rows']); $offset = ($page - 1) * $max; $orderby= $_REQUEST['sidx'].' '.$_REQUEST['sord']; $where = "" sm.website = "".intval($website->id)."" ""; $permissions = array( 0 => ' '.t(69, 'Published'), 1 => ' '.t(70, 'Private'), 2 => ' '.t(81, 'Hidden') ); if($_REQUEST['_search']=='true' || isset($_REQUEST['quicksearch'])) { if(isset($_REQUEST['quicksearch'])) $where .= $object->quicksearch($_REQUEST['quicksearch']); else if(isset($_REQUEST['filters'])) $where .= navitable::jqgridsearch($_REQUEST['filters']); else $where .= ' AND '.navitable::jqgridcompare($_REQUEST['searchField'], $_REQUEST['searchOper'], $_REQUEST['searchString']); } $sql = ' SELECT SQL_CALC_FOUND_ROWS sm.id, sm.codename, sm.image, sm.permission, d.text as title FROM nv_shipping_methods sm LEFT JOIN nv_webdictionary d ON sm.id = d.node_id AND d.node_type = ""shipping_method"" AND d.subtype = ""title"" AND d.lang = ""'.$website->languages_list[0].'"" AND d.website = '.$website->id.' WHERE '.$where.' ORDER BY '.$orderby.' LIMIT '.$max.' OFFSET '.$offset; if(!$DB->query($sql, 'array')) throw new Exception($DB->get_last_error()); $dataset = $DB->result(); $total = $DB->foundRows(); $dataset = grid_notes::summary($dataset, 'shipping_method', 'id'); $out = array(); for($i=0; $i < count($dataset); $i++) { $shipping_method_image = $dataset[$i]['image']; if(!empty($shipping_method_image)) $shipping_method_image = ''; else $shipping_method_image = '-'; $out[$i] = array( 0 => $dataset[$i]['id'], 1 => $dataset[$i]['codename'], 2 => $shipping_method_image, 3 => $dataset[$i]['title'], 4 => $permissions[$dataset[$i]['permission']], 5 => $dataset[$i]['_grid_notes_html'] ); } navitable::jqgridJson($out, $page, $offset, $max, $total); break; } session_write_close(); exit; break; case 'create': case 'edit': if(!empty($_REQUEST['id'])) $object->load(intval($_REQUEST['id'])); if(isset($_REQUEST['form-sent'])) { $object->load_from_post(); try { $object->save(); $layout->navigate_notification(t(53, ""Data saved successfully.""), false, false, 'fa fa-check'); } catch(Exception $e) { $layout->navigate_notification($e->getMessage(), true, true); } } $out = shipping_methods_form($object); break; case 'delete': if(!empty($_REQUEST['id'])) { $object->load(intval($_REQUEST['id'])); if($object->delete() > 0) { $layout->navigate_notification(t(55, 'Item removed successfully.'), false); $out = shipping_methods_list(); } else { $layout->navigate_notification(t(56, 'Unexpected error.'), false); $out = shipping_methods_form($object); } } break; case 'list': default: $out = shipping_methods_list(); break; } return $out; }",True,PHP,delete,shipping_methods.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11906,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_structure WHERE website = '.protect($website->id), 'object'); if($type='json') $out = json_encode($DB->result()); return $out; }",True,PHP,backup,structure.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11909,"public function elements_count() { global $DB; global $webuser; $permission = (!empty($_SESSION['APP_USER $access = 2; if(!empty($current['webuser'])) { $access = 1; if(!empty($webuser->groups)) { $access_groups = array(); foreach($webuser->groups as $wg) { if(empty($wg)) continue; $access_groups[] = 'groups LIKE ""%g'.$wg.'%""'; } if(!empty($access_groups)) $access_extra = ' OR (access = 3 AND ('.implode(' OR ', $access_groups).'))'; } } $out = $DB->query_single( 'COUNT(id)', 'nv_items', ' category = '.protect($this->id).' AND website = '.protect($this->website).' AND permission <= '.$permission.' AND (date_published = 0 OR date_published < '.core_time().') AND (date_unpublish = 0 OR date_unpublish > '.core_time().') AND (access = 0 OR access = '.$access.$access_extra.') '); return $out; }",True,PHP,elements_count,structure.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11911,"public function insert() { global $DB; global $website; global $events; if(empty($this->website)) $this->website = $website->id; if(empty($this->position)) { $DB->query(' SELECT MAX(position) as max_position FROM nv_structure WHERE parent = '.protect($this->parent).' AND website = '.protect($this->website) ); $max = $DB->result('max_position'); $this->position = intval($max[0]) + 1; } $groups = ''; if(is_array($this->groups)) { $this->groups = array_unique($this->groups); $this->groups = array_filter($this->groups); if(!empty($this->groups)) $groups = 'g'.implode(',g', $this->groups); } if($groups == 'g') $groups = ''; $ok = $DB->execute(' INSERT INTO nv_structure ( id, website, parent, position, access, groups, permission, icon, metatags, template, date_published, date_unpublish, visible, views, votes, score ) VALUES ( 0, :website, :parent, :position, :access, :groups, :permission, :icon, :metatags, :template, :date_published, :date_unpublish, :visible, :views, :votes, :score ) ', array( "":website"" => value_or_default($this->website, $website->id), "":parent"" => value_or_default($this->parent, 0), "":position"" => value_or_default($this->position, 0), "":access"" => value_or_default($this->access, 0), "":groups"" => $groups, "":permission"" => value_or_default($this->permission, 0), "":icon"" => value_or_default($this->icon, 0), "":metatags"" => value_or_default($this->metatags, ''), "":template"" => value_or_default($this->template, ''), "":date_published"" => value_or_default($this->date_published, 0), "":date_unpublish"" => value_or_default($this->date_unpublish, 0), "":visible"" => value_or_default($this->visible, 0), "":views"" => 0, "":votes"" => 0, "":score"" => 0 ) ); if(!$ok) throw new Exception($DB->get_last_error()); $this->id = $DB->get_last_id(); webdictionary::save_element_strings('structure', $this->id, $this->dictionary, $this->website); path::saveElementPaths('structure', $this->id, $this->paths, $this->website); if(method_exists($events, 'trigger')) { $events->trigger( 'structure', 'save', array( 'structure' => $this ) ); } return true; }",True,PHP,insert,structure.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11913,"$tags_json[] = json_decode('{ ""id"": ""'.$row['id'].'"", ""label"": ""'.$row['text'].'"", ""value"": ""'.$row['text'].'"" }'); } echo json_encode($tags_json); } core_terminate(); break; case ""search_by_title"": $DB->query(' SELECT node_id as id, text as label, text as value FROM nv_webdictionary WHERE node_type = ""structure"" AND subtype = ""title"" AND lang = '.protect($_REQUEST['lang']).' AND website = '.$website->id.' AND text LIKE '.protect('%'.$_REQUEST['title'].'%').' ORDER BY text ASC LIMIT 30', 'array' ); echo json_encode($DB->result()); core_terminate(); break; case ""copy_from_template_zones"": $item = new structure(); $item->load(intval($_REQUEST['id'])); $template = new template(); $template->load($item->template); $zones = array(); for($ps=0; $ps < count($template->properties); $ps++) { if(!isset($template->properties[$ps]->element) || $template->properties[$ps]->element != 'structure') continue; if(!in_array($template->properties[$ps]->type, array(""text"", ""textarea"", ""rich_textarea""))) continue; $title = $template->properties[$ps]->name; if(!empty($theme)) $title = $theme->t($title); $zones[] = array( 'type' => 'property', 'code' => $template->properties[$ps]->id, 'title' => $title ); } echo json_encode($zones); core_terminate(); break; case ""raw_zone_content"": if($_REQUEST['zone'] == 'property') { $DB->query('SELECT text FROM nv_webdictionary WHERE node_type = ""property-structure"" AND subtype = '.protect('property-'.$_REQUEST['section'].'-'.$_REQUEST['lang']).' AND lang = '.protect($_REQUEST['lang']).' AND website = '.$website->id.' AND node_id = '.protect($_REQUEST['node_id']), 'array'); $data = $DB->first(); echo $data['text']; } core_terminate(); break; case 'votes_reset': webuser_vote::remove_object_votes('structure', intval($_REQUEST['id'])); echo 'true'; core_terminate(); break; case 'votes_by_webuser': if($_POST['oper']=='del') { $ids = explode(',', $_POST['id']); for($i=0; $i < count($ids); $i++) { if($ids[$i] > 0) { $vote = new webuser_vote(); $vote->load($ids[$i]); $vote->delete(); } } webuser_vote::update_object_score('structure', $vote->object_id); echo 'true'; core_terminate(); } $max = intval($_GET['rows']); $page = intval($_GET['page']); $offset = ($page - 1) * $max; if($_REQUEST['_search']=='false') list($dataset, $total) = webuser_vote::object_votes_by_webuser('structure', intval($_REQUEST['id']), $_REQUEST['sidx'].' '.$_REQUEST['sord'], $offset, $max); $out = array(); for($i=0; $i < count($dataset); $i++) { if(empty($dataset[$i])) continue; $out[$i] = array( 0 => $dataset[$i]['id'], 1 => core_ts2date($dataset[$i]['date'], true), 2 => $dataset[$i]['username'] ); } navitable::jqgridJson($out, $page, $offset, $max, $total); core_terminate(); break; case 0: default: $structure = structure::hierarchy(-1); $out = structure_tree($structure); break; } return $out; }",True,PHP,json_decode,structure.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11915,"function structure_form($item) { global $DB; global $website; global $layout; global $events; $navibars = new navibars(); $naviforms = new naviforms(); $layout->navigate_media_browser(); if(empty($item->id)) $navibars->title(t(16, 'Structure').' / '.t(38, 'Create')); else $navibars->title(t(16, 'Structure').' / '.t(170, 'Edit').' ['.$item->id.']'); $navibars->add_actions( array( ' '.t(36, 'Media').'' ) ); if(empty($item->id)) { $navibars->add_actions( array( ' '.t(34, 'Save').'' ) ); } else { $navibars->add_actions( array( ' '.t(34, 'Save').'', ' '.t(35, 'Delete').'' ) ); $delete_html = array(); $delete_html[] = '
    '.t(57, 'Do you really want to delete this item?').'
    '; $delete_html[] = ''; $navibars->add_content(implode(""\n"", $delete_html)); } $extra_actions = array(); if(!empty($item->id)) { $DB->query(' SELECT s.id, wd.text as title, s.position FROM nv_structure s, nv_webdictionary wd WHERE s.website = '.$item->website.' AND s.parent = '.$item->parent.' AND wd.website = '.$item->website.' AND wd.node_type = ""structure"" AND wd.lang = ""'.$website->languages_list[0].'"" AND wd.subtype = ""title"" AND wd.node_id = s.id ORDER BY s.position ASC, s.id ASC '); $brothers = $DB->result(); $previous_brother = NULL; $next_brother = NULL; for($b=0; $b < count($brothers); $b++) { if($brothers[$b]->id == $item->id) { $previous_brother = @$brothers[$b-1]->id; $previous_brother_title = @$brothers[$b-1]->title; $next_brother = @$brothers[$b+1]->id; $next_brother_title = @$brothers[$b+1]->title; } } if(!empty($item->parent)) { $parent = new structure(); $parent->load($item->parent); $extra_actions[] = ' id.'""> ('.strtolower(t(84, 'Parent')).') '.$parent->dictionary[$website->languages_list[0]][""title""]. ''; } if(!empty($previous_brother)) $extra_actions[] = ' ('.strtolower(t(501, 'Previous')).') '.$previous_brother_title. ''; if(!empty($next_brother)) $extra_actions[] = ' ('.strtolower(t(502, 'Next')).') '.$next_brother_title. ''; } $events->add_actions( 'structure', array( 'item' => &$item, 'navibars' => &$navibars ), $extra_actions ); $navibars->add_actions( array( (!empty($item->id)? 'parent.'&template='.$item->template.'""> '.t(38, 'Create').'' : ''), ' '.t(61, 'Tree').'', 'search_form' ) ); $navibars->form(); $navibars->add_tab(t(43, ""Main"")); $navibars->add_tab_content($naviforms->hidden('form-sent', 'true')); $navibars->add_tab_content_row( array( '', ''.(!empty($item->id)? $item->id : t(52, '(new)')).'' ) );",True,PHP,structure_form,structure.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11917,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_templates WHERE website = '.protect($website->id), 'object'); if($type='json') $out = json_encode($DB->result()); return $out; }",True,PHP,backup,template.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11920,"public function t($code='') { global $DB; global $user; global $webuser; global $website; global $session; $out = """"; if(empty($this->dictionary)) { $theme_languages = (array)$this->languages; $file = ''; if(!is_array($theme_languages)) $theme_languages = array(); $current_language = $session['lang']; if(empty($current_language) && !empty($webuser)) $current_language = $webuser->language; if(empty($current_language) && !empty($user)) $current_language = $user->language; foreach($theme_languages as $lcode => $lfile) { if( $lcode==$current_language || empty($file)) $file = $lfile; } $json = @file_get_contents(NAVIGATE_PATH.'/themes/'.$this->name.'/'.$file); if(!empty($json)) $this->dictionary = (array)json_decode($json); if(!empty($website->id)) { $DB->query(' SELECT subtype, lang, text FROM nv_webdictionary WHERE website = '.$website->id.' AND node_type = ""theme"" AND lang = '.protect($current_language).' AND theme = '.protect($this->name) ); $rs = $DB->result(); for($r=0; $r < count($rs); $r++) $this->dictionary[$rs[$r]->subtype] = $rs[$r]->text; } } if(is_string($code)) { $out = $code; if(substr($out, 0, 1)=='@') $out = substr($out, 1); if(!empty($this->dictionary[$out])) $out = $this->dictionary[$out]; } return $out; }",True,PHP,t,theme.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11921,"$property->value[$lang] = theme::import_sample_translate_nv_urls($pvalue, $structure, $items); } } else if(!is_string($property->value)) { $property->value = theme::import_sample_translate_nv_urls($property->value, $structure, $items); } } $el_properties_associative[$property->id] = $property->value; } if(!empty($el_properties_associative)) { if($el=='block_group_block') { $template = $real[$el_id]->code; } else if($el=='block') { $template = $real[$el_id]->type; } else { $template = $real[$el_id]->template; if(empty($template) && $el == 'item' && $real[$el_id]->embedding == 1) { $template = $DB->query_single( 'template', 'nv_structure', ' id = '.protect($real[$el_id]->category).' AND website = '.$ws->id ); } } property::save_properties_from_array($el, $real[$el_id]->id, $template, $el_properties_associative, $ws, $item_uid); } }",True,PHP,import_sample_translate_nv_urls,theme.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11927,"public static function recent_items($limit=5) { global $DB; global $user; global $website; $DB->query(' SELECT DISTINCT nvul.website, nvul.function, nvul.item, nvul.item_title, nvf.lid as function_title, nvf.icon as function_icon, nvul.date FROM nv_users_log nvul, nv_functions nvf WHERE nvul.user = '.protect($user->id).' AND nvul.function = nvf.id AND nvul.item > 0 AND nvul.action = ""load"" AND nvul.website = '.protect($website->id).' AND nvul.item_title <> """" AND nvul.date > '.( core_time() - 30 * 86400).' AND nvul.date = ( SELECT MAX(nvulm.date) FROM nv_users_log nvulm WHERE nvulm.function = nvul.function AND nvulm.item = nvul.item AND nvulm.item_title = nvul.item_title AND nvulm.website = '.protect($website->id).' AND nvulm.user = '.protect($user->id).' ) ORDER BY nvul.date DESC LIMIT '.$limit );",True,PHP,recent_items,users_log.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11928,"public static function recent_actions($function, $action, $limit=8) { global $DB; global $user; global $website; $DB->query(' SELECT DISTINCT nvul.website, nvul.function, nvul.item, nvul.date FROM nv_users_log nvul WHERE nvul.user = '.protect($user->id).' AND nvul.function = '.protect($function).' AND nvul.item > 0 AND nvul.action = '.protect($action).' AND nvul.website = '.protect($website->id).' AND nvul.date > '.( core_time() - 30 * 86400).' AND nvul.date = ( SELECT MAX(nvulm.date) FROM nv_users_log nvulm WHERE nvulm.function = nvul.function AND nvulm.item = nvul.item AND nvulm.item_title = nvul.item_title AND nvulm.website = '.protect($website->id).' AND nvulm.user = '.protect($user->id).' ) ORDER BY nvul.date DESC LIMIT '.$limit );",True,PHP,recent_actions,users_log.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11932,public function save() { global $DB; $node_id_filter = ''; if(!empty($this->node_id)) { if(is_numeric($this->node_id)) $node_id_filter .= ' AND node_id = '.intval($this->node_id); if(is_numeric($this->node_uid)) $node_id_filter .= ' AND node_uid = '.intval($this->node_uid); $DB->execute(' DELETE FROM nv_webdictionary WHERE website = '.protect($this->website).' AND subtype = '.protect($this->subtype).' AND theme = '.protect($this->theme).' AND extension = '.protect($this->extension).' AND node_type = '.protect($this->node_type). $node_id_filter ); } return $this->insert(); },True,PHP,save,webdictionary.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11933,"public function delete() { global $DB; $node_id_filter = """"; if(!empty($this->node_id)) { if(is_numeric($this->node_id)) $node_id_filter .= ' AND node_id = '.intval($this->node_id); if(is_numeric($this->node_uid)) $node_id_filter .= ' AND node_uid = '.intval($this->node_uid); $DB->execute(' DELETE FROM nv_webdictionary WHERE subtype = '.protect($this->subtype).' AND node_type = '.protect($this->node_type).' AND theme = '.protect($this->theme).' AND extension = '.protect($this->extension).' AND website = '.protect($this->website). $node_id_filter ); } return $DB->get_affected_rows(); }",True,PHP,delete,webdictionary.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11934,"AND lang = '.protect($lang).' AND subtype IN ('.implode("","", array_map(function($k){ return protect($k);}, $subtypes)).')' );",True,PHP,"execute.' AND node_id = '.protect.' AND website = '.$website_id.' AND lang = '.protect",webdictionary.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11938,"AND subtype IN ('.implode("","", array_map(function($k){ return protect($k);}, $subtypes)).')'",True,PHP,"execute.' AND node_id = '.protect.' AND website = '.$website_id.' AND lang = '.protect.' AND subtype IN ('.implode",webdictionary.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11939,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_webdictionary WHERE website = '.protect($website->id), 'object'); if($type='json') $out = json_encode($DB->result()); return $out; }",True,PHP,backup,webdictionary.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11941,"public function load($id) { global $DB; global $website; global $theme; if(is_numeric($id)) { if($DB->query('SELECT * FROM nv_webdictionary WHERE node_id = '.intval($id).' AND node_type = '.protect('global').' AND website = '.$website->id)) { $data = $DB->result(); $this->load_from_resultset($data); } } else { $path = explode(""."", $id, 3); if($path[0]=='extension') { $extension = new extension(); $extension->load($path[1]); $id = $path[2]; $extension_dictionary = $extension->get_translations(); $this->id = $id; $this->node_type= 'extension'; $this->extension= $extension->code; $this->extension_name = $extension->title; $this->node_id = $id; $this->subtype = $id; $this->website = $website->id; $this->text = array(); foreach($extension_dictionary as $word) { if($word['node_id']==$id) $this->text[$word['lang']] = $word['text']; } $DB->query(' SELECT lang, text FROM nv_webdictionary WHERE node_type = ""extension"" AND extension = '.protect($this->extension).' AND subtype = '.protect($this->subtype).' AND website = '.$website->id ); $data = $DB->result(); if(!is_array($data)) $data = array(); foreach($data as $item) $this->text[$item->lang] = $item->text; } else { $id = $path[2]; $theme_dictionary = $theme->get_translations(); $this->id = $id; $this->node_type= 'theme'; $this->node_id = $id; $this->theme = $theme->name; $this->subtype = $id; $this->website = $website->id; $this->text = array(); foreach($theme_dictionary as $word) { if($word['node_id']==$id) $this->text[$word['lang']] = $word['text']; } $DB->query(' SELECT lang, text FROM nv_webdictionary WHERE node_type = ""theme"" AND theme = '.protect($theme->name).' AND subtype = '.protect($this->subtype).' AND website = '.$website->id ); $data = $DB->result(); if(!is_array($data)) $data = array(); foreach($data as $item) $this->text[$item->lang] = $item->text; } } }",True,PHP,load,webdictionary.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11942,"public static function load_object_strings($node_type, $node_id, $node_uid=null) { global $DB; $DB->query(' SELECT subtype, lang, text FROM nv_webdictionary WHERE node_type = '.protect($node_type).' AND node_id = '.protect($node_id). (empty($node_uid)? '' : ' AND ( node_uid = '.protect($node_uid).' OR node_uid = """" OR node_uid IS NULL )') );",True,PHP,load_object_strings,webdictionary.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11945,"list($object, $id) = explode(""."", $id, 2); switch($type) { case ""global"": $DB->execute(' DELETE FROM nv_webdictionary WHERE node_id = '.protect($id).' AND node_type = '.protect('global').' AND lang = '.protect($language).' AND website = '.$website->id.' LIMIT 1 '); break; case ""theme"": $DB->execute(' DELETE FROM nv_webdictionary WHERE subtype = '.protect($id).' AND node_type = '.protect(""theme"").' AND theme = '.protect($object).' AND lang = '.protect($language).' AND website = '.$website->id.' LIMIT 1 '); break; case ""extension"": $DB->execute(' DELETE FROM nv_webdictionary WHERE subtype = '.protect($id).' AND node_type = '.protect(""extension"").' AND extension = '.protect($object).' AND lang = '.protect($language).' AND website = '.$website->id.' LIMIT 1 '); break; } if(!empty($text)) { $ok = $DB->execute(' INSERT INTO nv_webdictionary ( id, website, node_type, theme, extension, node_id, node_uid, subtype, lang, `text`) VALUES ( 0, :website, :node_type, :theme, :extension, :node_id, :subtype, :lang, :text )', array( ':website' => $website->id, ':node_type' => $type, ':theme' => ($type=='theme'? $object : """"), ':extension' => ($type=='extension'? $object : """"), ':node_id' => (is_numeric($id)? $id : 0), ':node_uid' => """", ':subtype' => (is_numeric($id)? '' : $id), ':lang' => $language, ':text' => value_or_default($text, """") ) ); if(!$ok) $errors[] = $DB->get_last_error(); } } return (empty($errors)? true : $errors); }",True,PHP,explode,webdictionary.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"public function approve_submit() { global $history; if (empty($this->params['id'])) { flash('error', gt('No ID supplied for comment to approve')); $lastUrl = expHistory::getLast('editable'); } $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->body = $this->params['body']; $simplenote->approved = $this->params['approved']; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11950,"public static function load_element_strings($node_type, $node_id, $savedOn=""latest"") { global $DB; $DB->query(' SELECT subtype, lang, text FROM nv_webdictionary_history WHERE node_type = '.protect($node_type).' AND node_id = '.protect($node_id).' ORDER BY date_created ASC' ); $data = $DB->result(); if(!is_array($data)) $data = array(); $dictionary = array(); foreach($data as $item) { $dictionary[$item->lang][$item->subtype] = $item->text; } return $dictionary; }",True,PHP,load_element_strings,webdictionary_history.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11952,"foreach($item as $subtype => $litem) { if(strpos($subtype, 'section-')===0) { if($litem=='


    ') continue; $last_litem = $DB->query_single( '`text`', 'nv_webdictionary_history', ' node_id = '.protect($node_id).' AND website = '.protect($website_id).' AND lang = '.protect($lang).' AND subtype = '.protect($subtype).' AND node_type = '.protect($node_type).' AND autosave = '.protect(($autosave)? '1' : '0').' ORDER BY date_created DESC ' ); if($last_litem != $litem) { $changed = true; if($autosave) { $DB->execute(' DELETE FROM nv_webdictionary_history WHERE node_id = '.protect($node_id).' AND website = '.protect($website_id).' AND lang = '.protect($lang).' AND subtype = '.protect($subtype).' AND node_type = '.protect($node_type).' AND autosave = 1 AND date_created < '.(core_time() - 86400 * 7) ); } $DB->execute(' INSERT INTO nv_webdictionary_history (id, website, node_type, node_id, subtype, lang, `text`, date_created, autosave) VALUES ( 0, :website, :node_type, :node_id, :subtype, :lang, :text, :date_created, :autosave) ', array( "":website"" => $website_id, "":node_type"" => $node_type, "":node_id"" => $node_id, "":subtype"" => $subtype, "":lang"" => $lang, "":text"" => $litem, "":date_created"" => core_time(), "":autosave"" => ($autosave)? '1' : '0' ) ); } }",True,PHP,foreach,webdictionary_history.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11953,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query(' SELECT * FROM nv_webdictionary_history WHERE website = '.protect($website->id), 'object' ); if($type='json') $out = json_encode($DB->result()); return $out; }",True,PHP,backup,webdictionary_history.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11954,"public static function save_element_strings($node_type, $node_id, $dictionary, $autosave=false, $website_id=null) { global $DB; global $website; if(empty($website_id)) $website_id = $website->id; $changed = false; if(empty($node_id)) throw new Exception('ERROR webdictionary: No ID!'); if(!is_array($dictionary)) $dictionary = array(); foreach($dictionary as $lang => $item) { foreach($item as $subtype => $litem) { if(strpos($subtype, 'section-')===0) { if($litem=='


    ') continue; $last_litem = $DB->query_single( '`text`', 'nv_webdictionary_history', ' node_id = '.protect($node_id).' AND website = '.protect($website_id).' AND lang = '.protect($lang).' AND subtype = '.protect($subtype).' AND node_type = '.protect($node_type).' AND autosave = '.protect(($autosave)? '1' : '0').' ORDER BY date_created DESC ' ); if($last_litem != $litem) { $changed = true; if($autosave) { $DB->execute(' DELETE FROM nv_webdictionary_history WHERE node_id = '.protect($node_id).' AND website = '.protect($website_id).' AND lang = '.protect($lang).' AND subtype = '.protect($subtype).' AND node_type = '.protect($node_type).' AND autosave = 1 AND date_created < '.(core_time() - 86400 * 7) ); } $DB->execute(' INSERT INTO nv_webdictionary_history (id, website, node_type, node_id, subtype, lang, `text`, date_created, autosave) VALUES ( 0, :website, :node_type, :node_id, :subtype, :lang, :text, :date_created, :autosave) ', array( "":website"" => $website_id, "":node_type"" => $node_type, "":node_id"" => $node_id, "":subtype"" => $subtype, "":lang"" => $lang, "":text"" => $litem, "":date_created"" => core_time(), "":autosave"" => ($autosave)? '1' : '0' ) ); } } } }",True,PHP,save_element_strings,webdictionary_history.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11956,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_websites WHERE id = '.protect($website->id), 'object'); if($type='json') $out = json_encode($DB->result()); return $out; }",True,PHP,backup,website.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11959,"public static function calculate_object_score($object, $object_id) { global $DB; global $website; $DB->query('SELECT COUNT(*) as votes, SUM(value) as score FROM nv_webuser_votes WHERE object_id = '.protect($object_id).' AND object = '.protect($object).' AND website = '.$website->id); $data = $DB->first(); return array($data->votes, $data->score); }",True,PHP,calculate_object_score,webuser_vote.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11962,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_webuser_votes WHERE website = '.protect($website->id), 'object'); if($type='json') $out = json_encode($DB->result()); return $out; }",True,PHP,backup,webuser_vote.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11963,"public static function object_votes_by_score($object, $object_id) { global $DB; global $website; $DB->query(' SELECT value, COUNT(*) as votes FROM nv_webuser_votes WHERE website = '.protect($website->id).' AND object = '.protect($object).' AND object_id = '.protect($object_id).' GROUP BY value ORDER BY value ASC '); $data = $DB->result(); return $data; }",True,PHP,object_votes_by_score,webuser_vote.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11965,"public static function update_object_score($object, $object_id) { global $DB; list($votes, $score) = webuser_vote::calculate_object_score($object, $object_id); $table = array( 'item' => 'nv_items', 'structure' => 'nv_structure', 'product' => 'nv_products' ); if(empty($table[$object])) return false; $DB->execute(' UPDATE '.$table[$object].' SET votes = '.protect($votes).', score = '.protect($score).' WHERE id = '.protect($object_id) ); return true; }",True,PHP,update_object_score,webuser_vote.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11967,"public static function update_object_votes($webuser, $object, $object_id, $value, $replace=false) { global $DB; global $website; global $events; $status = false; $voted = false; $webuser_vote_id = null; if($DB->query(' SELECT * FROM nv_webuser_votes WHERE webuser = '.intval($webuser).' AND object = '.protect($object).' AND object_id = '.protect($object_id) ) ) { $data = $DB->result(); $data = $data[0]; $voted = ($data->webuser == $webuser); $webuser_vote_id = $data->id; } if($voted && $replace) { $ok = $DB->execute(' UPDATE nv_webuser_votes SET `value` = '.protect($value).', date = '.protect(core_time()).' WHERE id = '.$webuser_vote_id ); if(!$ok) throw new Exception($DB->get_last_error()); else $status = true; } else if($voted) { $status = 'already_voted'; } else { $wv = new webuser_vote(); $wv->website = $website->id; $wv->webuser = $webuser; $wv->object = $object; $wv->object_id = $object_id; $wv->value = $value; $wv->insert(); $webuser_vote_id = $wv->id; $status = true; } if($status === true) webuser_vote::update_object_score($object, $object_id); $events->trigger( 'webuser', 'vote', array( 'status' => $status, 'webuser_vote_id' => $webuser_vote_id, 'webuser' => $webuser, 'object' => $object, 'object_id' => $object_id, 'value' => $value, 'replace' => $replace ) ); return $status; }",True,PHP,update_object_votes,webuser_vote.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11969,"public static function object_votes_by_webuser($object, $object_id, $orderby='date desc', $offset=0, $limit=PHP_INT_MAX) { global $DB; global $website; $DB->queryLimit('wuv.id AS id, wuv.date AS date, wuv.webuser AS webuser, wu.username AS username', 'nv_webuser_votes wuv, nv_webusers wu', ' wuv.website = '.protect($website->id).' AND wuv.object = '.protect($object).' AND wuv.object_id = '.protect($object_id).' AND wu.id = wuv.webuser', $orderby, $offset, $limit); return array($DB->result(), $DB->foundRows()); }",True,PHP,object_votes_by_webuser,webuser_vote.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11972,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_webusers WHERE website = '.protect($website->id), 'object'); if($type='json') $out['nv_webusers'] = json_encode($DB->result()); $DB->query('SELECT nwp.* FROM nv_webuser_profiles nwp, nv_webusers nw WHERE nwp.webuser = nw.id AND nw.website = '.protect($website->id), 'object'); if($type='json') $out['nv_webuser_profiles'] = json_encode($DB->result()); if($type='json') $out = json_encode($out); return $out; }",True,PHP,backup,webuser.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11976,"public static function export($type='csv') { global $DB; global $website; $out = array(); $DB->query(' SELECT id, website, username, email, groups, fullname, gender, '.' birthdate, language, country, timezone, address, zipcode, location, phone, social_website, joindate, lastseen, newsletter, private_comment, access, access_begin, access_end FROM nv_webusers WHERE website = '.protect($website->id), 'array'); $fields = array( ""id"", t(177, 'Website').' [NV]', t(1, 'User'), t(44, 'E-Mail'), t(506, 'Groups'), t(159, 'Name'), t(304, 'Gender'), t(248, 'Birthdate'), t(46, 'Language'), t(224, 'Country'), t(97, 'Timezone'), t(233, 'Address'), t(318, 'Zip code'), t(319, 'Location'), t(320, 'Phone'), t(177, 'Website'), t(247, 'Date joined'), t(563, 'Last seen'), t(249, 'Newsletter'), t(538, 'Private comment'), t(364, 'Access'), t(364, 'Access').' / '.t(623, 'Begin'), t(364, 'Access').' / '.t(624, 'End') ); $out = $DB->result(); $temp_file = tempnam("""", 'nv_'); $fp = fopen($temp_file, 'w'); fputcsv($fp, $fields); foreach ($out as $fields) fputcsv($fp, $fields); header('Content-Description: File Transfer'); header('Content-Type: text/csv'); header('Content-Disposition: attachment; filename='.basename('webusers.csv')); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($temp_file)); ob_clean(); flush(); fclose($fp); readfile($temp_file); @unlink($temp_file); core_terminate(); }",True,PHP,export,webuser.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11980,"public static function email_verification($email, $hash) { global $DB; $status = false; if(strpos($hash, ""-"") > 0) { list($foo, $expiry) = explode(""-"", $hash); if(time() > $expiry) { return $status; } } $DB->query(' SELECT id, activation_key FROM nv_webusers WHERE email = '.protect($email).' AND activation_key = '.protect($hash).' '); $rs = $DB->first(); if(!empty($rs->id)) { $wu = new webuser(); $wu->load($rs->id); if($wu->access==1 && empty($wu->password) && empty($wu->email_verification_date)) { $wu->email_verification_date = time(); $wu->access = 0; $wu->activation_key = """"; $status = $wu->save(); } } return $status; }",True,PHP,email_verification,webuser.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11983,"public static function remove_old_unconfirmed_accounts() { global $DB; global $website; $ok = false; $DB->query(' SELECT ex.id FROM ( SELECT id, activation_key, SUBSTRING_INDEX(activation_key, ""-"", -1) AS expiration_time FROM nv_webusers WHERE website = ' . protect($website->id) . ' AND access = 1 AND activation_key != """" ) ex WHERE ex.activation_key <> ex.expiration_time AND '.time().' > ex.expiration_time '); $rs = $DB->result('id'); if(!empty($rs)) { $ok = $DB->execute(' DELETE FROM nv_webusers wu WHERE wu.id IN ('.implode("","", $rs).') '); } if($ok) return count($rs); else return 0; }",True,PHP,remove_old_unconfirmed_accounts,webuser.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11984,"public static function account_verification($email, $hash) { global $DB; $status = false; if(strpos($hash, ""-"") > 0) { list($foo, $expiry) = explode(""-"", $hash); if(time() > $expiry) { return $status; } } $DB->query(' SELECT id, activation_key FROM nv_webusers WHERE email = '.protect($email).' AND activation_key = '.protect($hash).' '); $rs = $DB->first(); if(!empty($rs->id)) { $wu = new webuser(); $wu->load($rs->id); if($wu->access==1 && !empty($wu->password)) { if(empty($wu->email_verification_date)) $wu->email_verification_date = time(); $wu->access = 0; $wu->activation_key = """"; $status = $wu->save(); } } if(!$status) return $status; else return $wu->id; }",True,PHP,account_verification,webuser.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11985,"public function authenticate($website, $username, $password) { global $DB; global $events; $username = trim($username); $username = mb_strtolower($username); $A1 = md5($username.':'.APP_REALM.':'.$password); $website_check = ''; if($website > 0) $website_check = 'AND website = '.protect($website); if($DB->query('SELECT * FROM nv_webusers WHERE ( access = 0 OR (access = 2 AND (access_begin = 0 OR access_begin < '.time().') AND (access_end = 0 OR access_end > '.time().') ) ) '.$website_check.' AND LOWER(username) = '.protect($username)) ) { $data = $DB->result(); if(!empty($data)) { if($data[0]->password==$A1) { $this->load_from_resultset($data); if(method_exists($events, 'trigger')) { $events->trigger( 'webuser', 'sign_in', array( 'webuser' => $this, 'by' => 'authenticate' ) ); } return true; } } } return false; }",True,PHP,authenticate,webuser.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11986,"public function authenticate_by_email($website, $email, $password) { global $DB; $username = $DB->query_single( 'username', 'nv_webusers', 'website = '.intval($website).' AND email = '.protect($email) ); if(empty($username)) return false; return $this->authenticate($website, $username, $password); }",True,PHP,authenticate_by_email,webuser.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11987,"public function load_by_profile($network, $network_user_id) { global $DB; global $session; $swuser = $DB->query_single( 'webuser', 'nv_webuser_profiles', ' network = '.protect($network).' AND '. ' network_user_id = '.protect($network_user_id) ); if(!empty($swuser)) $this->load($swuser); }",True,PHP,load_by_profile,webuser.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11988,"public static function available($username, $website_id) { global $DB; $username = trim($username); $username = mb_strtolower($username); $data = NULL; if($DB->query('SELECT COUNT(*) as total FROM nv_webusers WHERE LOWER(username) = '.protect($username).' AND website = '.$website_id)) { $data = $DB->first(); } return ($data->total <= 0); }",True,PHP,available,webuser.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11990,"public function load_by_hash($hash) { global $DB; global $session; global $events; $ok = $DB->query('SELECT * FROM nv_webusers WHERE cookie_hash = '.protect($hash)); if($ok) $data = $DB->result(); if(!empty($data)) { $this->load_from_resultset($data); $blocked = 1; if( $this->access == 0 || ( $this->access == 2 && ($this->access_begin==0 || $this->access_begin < time()) && ($this->access_end==0 || $this->access_end > time()) ) ) { $blocked = 0; } if($blocked==1) return false; $session['webuser'] = $this->id; if(method_exists($events, 'trigger')) { $events->trigger( 'webuser', 'sign_in', array( 'webuser' => $this, 'by' => 'cookie' ) ); } } }",True,PHP,load_by_hash,webuser.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11992,public static function all_in_array() { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_webuser_groups WHERE website = '.protect($website->id)); $rs = $DB->result(); foreach($rs as $row) $out[$row->id] = $row->name; return $out; },True,PHP,all_in_array,webuser_group.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11993,"public function backup($type='json') { global $DB; global $website; $out = array(); $DB->query('SELECT * FROM nv_webuser_groups WHERE website = '.protect($website->id), 'object'); $out = $DB->result(); return $out; }",True,PHP,backup,webuser_group.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11995,public static function all() { global $DB; global $website; $DB->query('SELECT * FROM nv_webuser_groups WHERE website = '.protect($website->id)); return $DB->result(); },True,PHP,all,webuser_group.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11997,"function nvweb_website_comments_list($offset=0, $limit=2147483647, $permission=NULL, $order='oldest') { global $DB; global $website; global $current; if($order=='newest') $orderby = ""nvc.date_created DESC""; else $orderby = ""nvc.date_created ASC""; $DB->query('SELECT SQL_CALC_FOUND_ROWS nvc.*, nvwu.username, nvwu.avatar, nvwd.text as item_title FROM nv_comments nvc LEFT OUTER JOIN nv_webusers nvwu ON nvwu.id = nvc.user LEFT OUTER JOIN nv_webdictionary nvwd ON nvwd.node_id = nvc.object_id AND nvwd.website = nvc.website AND nvwd.node_type = nvc.object_type AND nvwd.subtype = ""title"" AND nvwd.lang = '.protect($current['lang']).' WHERE nvc.website = '.protect($website->id).' AND status = 0 ORDER BY '.$orderby.' LIMIT '.$limit.' OFFSET '.$offset); $rs = $DB->result(); $total = $DB->foundRows(); return array($rs, $total); }",True,PHP,nvweb_website_comments_list,comments.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 11998,"function nvweb_comments_list($offset=0, $limit=NULL, $permission=NULL, $order='oldest') { global $DB; global $website; global $current; $limit = value_or_default($limit, 2147483647); if($order=='newest' || $order=='hierarchy_newest') $orderby = ""nvc.date_created DESC""; else $orderby = ""nvc.date_created ASC""; $object = $current['object']; $object_id = $current['id']; $object_type = $current['type']; if($object_type == 'structure') { $object = $object->elements(0); $object_id = $object->id; $object_type = ""item""; } if(strpos($order, 'hierarchy')!==false) { $DB->query(' SELECT SQL_CALC_FOUND_ROWS nvc.*, nvwu.username, nvwu.avatar, (SELECT COUNT(nvcr.id) FROM nv_comments nvcr WHERE nvcr.reply_to = nvc.id AND nvcr.status = 0 ) AS replies FROM nv_comments nvc LEFT OUTER JOIN nv_webusers nvwu ON nvwu.id = nvc.user WHERE nvc.website = '.protect($website->id).' AND nvc.object_type = '.protect($object_type).' AND nvc.object_id = '.protect($object_id).' AND nvc.status = 0 AND nvc.reply_to = 0 ORDER BY ' . $orderby . ' LIMIT ' . $limit . ' OFFSET ' . $offset ); $rs = $DB->result(); $out = array(); for($r=0; $r < count($rs); $r++) { $rows_to_add = array(); if($rs[$r]->replies > 0) { $c = new comment(); $c->load_from_resultset(array($rs[$r])); $rows_to_add = $c->get_replies(); } $out[] = $rs[$r]; if(!empty($rows_to_add)) { foreach($rows_to_add as $rta) $out[] = $rta; } } $rs = $out; $total = count($rs); } else { $DB->query(' SELECT SQL_CALC_FOUND_ROWS nvc.*, nvwu.username, nvwu.avatar FROM nv_comments nvc LEFT OUTER JOIN nv_webusers nvwu ON nvwu.id = nvc.user WHERE nvc.website = ' . protect($website->id) . ' AND nvc.object_type = '.protect($object_type).' AND nvc.object_id = '.protect($object_id).' AND nvc.status = 0 ORDER BY ' . $orderby . ' LIMIT ' . $limit . ' OFFSET ' . $offset ); $rs = $DB->result(); $total = $DB->foundRows(); } return array($rs, $total); }",True,PHP,nvweb_comments_list,comments.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12002,"function nvweb_content_comments_count($object_id = NULL, $object_type = ""item"") { global $DB; global $website; global $current; $element = $current['object']; if($current['type']=='structure' && $object_type == ""item"") $element = $element->elements(0); if(empty($object_id)) $object_id = $element->id; $DB->query('SELECT COUNT(*) as total FROM nv_comments WHERE website = '.protect($website->id).' AND object_type = ""'.$object_type.'"" AND object_id = '.protect($object_id).' AND status = 0' ); $out = $DB->result('total'); return $out[0]; }",True,PHP,nvweb_content_comments_count,content.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12004,"function nvweb_liveedit_render($vars) { global $website; global $current; global $DB; global $lang; global $theme; global $session; global $webuser; $out = array(); $url = ''; switch($current['type']) { case 'product': $url = NAVIGATE_URL.'/'.NAVIGATE_MAIN.'?fid=products&act=edit&id='.$current['object']->id.'&tab=2&tab_language='.$current['lang'].'&quickedit=true&wid='.$website->id; break; case 'item': $url = NAVIGATE_URL.'/'.NAVIGATE_MAIN.'?fid=items&act=edit&id='.$current['object']->id.'&tab=2&tab_language='.$current['lang'].'&quickedit=true&wid='.$website->id; break; case 'structure': $DB->query(' SELECT id FROM nv_items WHERE category = '.protect($current['category']).' AND permission < 2 AND website = '.$website->id.' '); $rs = $DB->first(); $url = NAVIGATE_URL.'/'.NAVIGATE_MAIN.'?fid=items&act=edit&id='.$rs->id.'&tab=2&quickedit=true&wid='.$website->id; break; default: } if(empty($lang)) { $lang = new language(); $lang->load($current['lang']); } if(strpos($vars['html'], 'jquery')===false) $out[] = ''; $out[] = ''; $comments = comment::pending_count(); $out[] = '
    '; $out[] = ' '; $out[] = ' '; $out[] = ' '.$comments.''; $out[] = '
    x
    '; if(!empty($url)) $out []= ' '.t(456, 'Edit in Navigate CMS').' '; $out[] = '
    '.t(457, 'Information').'
    '; $page_type = array( 'item' => t(180, 'Item'), 'structure' => t(16, 'Structure') ); $page_type = $page_type[$current['type']]; $out[] = '
    '; $out[] = ' '.t(368, 'Theme').' '.$theme->title.''; $out[] = ' '.t(79, 'Template').' '.$theme->template_title($current['template'], false).''; $out[] = ' '.t(160, 'Type').' '.$page_type.''; $out[] = ' ID '.$current['id'].''; $out[] = ' '.t(46, 'Language').' '.language::name_by_code($session['lang']).''; $out[] = ' '.t(647, 'Webuser').' '.(empty($webuser->id)? '('.mb_strtolower(t(581, ""None"")).')' : $webuser->username.' ('.$webuser->id.')').'';",True,PHP,nvweb_liveedit_render,liveedit.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12006,"function nvweb_menu_load_actions() { global $DB; global $structure; global $current; global $website; if(empty($structure['actions'])) { $structure['actions'] = array(); $DB->query(' SELECT node_id, subtype, text FROM nv_webdictionary WHERE node_type = ""structure"" AND lang = '.protect($current['lang']).' AND subtype IN(""action-type"", ""action-jump-item"", ""action-jump-branch"", ""action-new-window"") AND website = '.$website->id ); $data = $DB->result(); if(!is_array($data)) $data = array(); foreach($data as $row) { $structure['actions'][$row->node_id][$row->subtype] = $row->text; } } }",True,PHP,nvweb_menu_load_actions,menu.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12008,"function nvweb_menu_load_dictionary() { global $DB; global $structure; global $current; global $website; if(empty($structure['dictionary'])) { $structure['dictionary'] = array(); $DB->query('SELECT node_id, text FROM nv_webdictionary WHERE node_type = ""structure"" AND subtype = ""title"" AND lang = '.protect($current['lang']).' AND website = '.$website->id); $data = $DB->result(); if(!is_array($data)) $data = array(); $dictionary = array(); foreach($data as $item) { $structure['dictionary'][$item->node_id] = $item->text; } } }",True,PHP,nvweb_menu_load_dictionary,menu.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12010,"function nvweb_menu_load_routes() { global $DB; global $structure; global $current; global $website; if(empty($structure['routes'])) { $structure['routes'] = array(); $DB->query('SELECT object_id, path FROM nv_paths WHERE type = ""structure"" AND lang = '.protect($current['lang']).' AND website = '.$website->id); $data = $DB->result(); if(!is_array($data)) $data = array(); $dictionary = array(); foreach($data as $item) { $structure['routes'][$item->object_id] = $item->path; } } }",True,PHP,nvweb_menu_load_routes,menu.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12011,"function nvweb_product_comments_count($object_id = NULL) { global $DB; global $website; global $current; if(empty($object_id)) $object_id = $current['object']->id; $DB->query('SELECT COUNT(*) as total FROM nv_comments WHERE website = '.protect($website->id).' AND object_type = ""product"" AND object_id = '.protect($object_id).' AND status = 0' ); $out = $DB->result('total'); return $out[0]; }",True,PHP,nvweb_product_comments_count,product.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12015,"function nvweb_webuser_generate_username($email) { global $DB; global $website; $username = strtolower(substr($email, 0, strpos($email, '@'))); if(!empty($username) && !in_array($username, array('info', 'admin', 'contact', 'demo', 'test'))) { $wu_id = $DB->query_single( 'id', 'nv_webusers', ' LOWER(username) = '.protect($username).' AND website = '.$website->id ); } if(empty($wu_id)) { } else if(!empty($wu_id) || empty($username)) { $username = $email; $wu_id = $DB->query_single( 'id', 'nv_webusers', ' LOWER(username) = ' . protect($email) . ' AND website = ' . $website->id ); if(empty($wu_id)) { } else { $username = uniqid($username . '-'); } } return $username; }",True,PHP,nvweb_webuser_generate_username,webuser.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12019,"$alias_parsed = parse_url($alias); if( $alias_parsed['host'] == $host ) { if(!isset($alias_parsed['path'])) $alias_parsed['path'] = """"; $rud_path = rawurldecode($alias_parsed['path']); if( ($path == $alias_parsed['path']) || ($path == '/nvweb.home' && empty($alias_parsed['path'])) || (!empty($path) && !empty($rud_path) && strpos($path, $rud_path, 0) !== false) ) { $extra = substr($path, strlen($alias_parsed['path'])); $real_parsed = parse_url($real); $real_path = explode('/', $real_parsed['path']); $extra_path = explode('/', $extra); if (!is_array($extra_path)) $extra_path = array(); $add_to_real = ''; foreach ($extra_path as $part) { if ($part == 'nvweb.home') continue; if (in_array($part, $real_path)) continue; $add_to_real .= '/' . $part; } $url = $real . $add_to_real; header('location: ' . $idn->encodeUri($url)); nvweb_clean_exit(); } } } $isIP = filter_var($host, FILTER_VALIDATE_IP); if($isIP) { $domain = $host; $subdomain = """"; } else { preg_match('/(?:http[s]*\:\/\/)*(.*?)\.(?=[^\/]*\..{2,5})/i', $url, $parts); $subdomain = $parts[1]; $domain = $host; if(empty($subdomain)) $subdomain = """"; else $domain = substr($host, strlen($subdomain)+1); } $DB->query(' SELECT id, folder FROM nv_websites WHERE subdomain = '.protect($subdomain).' AND ( domain = '.protect($domain).' OR domain = '.protect($idn->encode($domain)).' ) ORDER BY folder DESC '); $websites = $DB->result(); if(empty($websites)) { if($subdomain == 'nv') { $nvweb_absolute = NAVIGATE_PARENT.NAVIGATE_FOLDER; header('location: '.$nvweb_absolute); nvweb_clean_exit(); } else { header(""HTTP/1.1 404 Not Found""); if($exit) { nvweb_clean_exit(); } else { return false; } } } foreach($websites as $web) { if(empty($web->folder)) { $website->load($web->id); break; } else { $path_segments = explode('/', $path); $folder_segments = explode('/', $web->folder); $folder_coincidence = true; for($fs=0; $fs < count($folder_segments); $fs++) $folder_coincidence = $folder_coincidence && ($folder_segments[$fs]==$path_segments[$fs]); if($folder_coincidence) { $website->load($web->id); break; } } } if(empty($website->id)) $website->load(); return $website; }",True,PHP,parse_url,nvweb_routes.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12022,"function nvweb_source_url($type, $id, $lang='') { global $DB; global $website; global $current; global $theme; if(empty($lang)) $lang = $current['lang']; if($type=='theme') { $template_type = $id; $id = ''; if(empty($id)) { if(!empty($id)) $type = 'product'; } if(empty($id)) { $id = $DB->query_single( 'id', 'nv_items', 'website = '.protect($website->id).' AND template = '.protect($template_type).' AND permission = 0 AND access = 0 AND (date_published = 0 OR date_published < '.core_time().') AND (date_unpublish = 0 OR date_unpublish > '.core_time().')' ); if(!empty($id)) $type = 'item'; } if(empty($id)) { $id = $DB->query_single( 'id', 'nv_structure', 'website = '.protect($website->id).' AND template = '.protect($template_type).' AND permission = 0 AND access = 0 AND (date_published = 0 OR date_published < '.core_time().') AND (date_unpublish = 0 OR date_unpublish > '.core_time().')' ); if(!empty($id)) $type = 'structure'; } if(empty($id)) return """"; } if($type=='element') $type = 'item'; $url = $DB->query_single( 'path', 'nv_paths', ' type = '.protect($type).' AND object_id = '.protect($id).' AND lang = '.protect($lang).' AND website = '.$website->id ); if(empty($url)) { if($type=='item') $url = '/node/' . $id; } $url = nvweb_prepare_link($url); return $url; }",True,PHP,nvweb_source_url,nvweb_routes.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12023,"function nvweb_dictionary_load() { global $DB; global $session; global $website; global $theme; $dictionary = array(); if(!empty($theme)) { $theme->dictionary = array(); $theme->t(); } if(!empty($theme->dictionary)) $dictionary = $theme->dictionary; $DB->query('SELECT node_id, text FROM nv_webdictionary WHERE node_type = ""global"" AND lang = '.protect($session['lang']).' AND website = '.$website->id.' UNION SELECT subtype AS node_id, text FROM nv_webdictionary WHERE node_type = ""theme"" AND theme = '.protect($website->theme).' AND lang = '.protect($session['lang']).' AND website = '.$website->id ); $data = $DB->result(); if(!is_array($data)) $data = array(); foreach($data as $item) { $dictionary[$item->node_id] = $item->text; } return $dictionary; }",True,PHP,nvweb_dictionary_load,nvweb_templates.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12025,"function metaWeblog_newPost($args) { global $DB; global $session; $out = array(); list($website_id, $username, $password, $post, $publish) = $args; if(metaWeblog_userAllowed($username, $password, $website_id)) { $category_name = $post['categories']; $category = """"; if(is_array($category_name)) { $category_name = array_shift($category_name); $DB->query(' SELECT s.id FROM nv_structure s WHERE s.website = '.intval($website_id).' AND s.id IN ( SELECT w.node_id FROM nv_webdictionary w WHERE w.website = '.intval($website_id).' AND w.node_type = ""structure"" AND w.subtype = ""title"" AND w.text LIKE '.protect($category_name).' ) '); $category = $DB->result('id'); $category = $category[0]; if(!isset($post['post_type']) || empty($post['post_type'])) $post['post_type'] = 'post'; } $template = 'content'; $association = 'free'; $embedded = '1'; if($post['post_type'] == 'post') { $template = 'blog_entry'; $association = 'category'; $embedded = '0'; } if(empty($post['dateCreated'])) $post['dateCreated'] = date(""c"", time()); if(!isset($post['mt_text_more'])) $post['mt_text_more'] = """"; $item = new item(); $item->association = $association; $item->template = $template; $item->category = $category; $item->embedding = $embedded; $item->permission = ($publish? '0' : '1'); $item->dictionary = array($session['lang'] => array()); $item->paths = array($session['lang'] => array()); $item->date_to_display = strtotime($post['dateCreated']); $item->dictionary[$session['lang']]['title'] = html_entity_decode($post['title']); $item->dictionary[$session['lang']]['section-main'] = $post['description'] . $post['mt_text_more']; $item->dictionary[$session['lang']]['tags'] = $post['mt_keywords']; $item->comments_enabled_to = ($post['mt_allow_comments']=='1'? 2 : 0); $item->save(); $out = $item->id; } else { $out = new IXR_Error(401, ""User not allowed.""); } return $out; }",True,PHP,metaWeblog_newPost,nvweb_xmlrpc.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,Navigate CMS,2018-09-24 10:29:24+02:00,* security fix: replace string filtering by parameterization in almost all queries,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-17552,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12027,"public function load_from_post() { $this->title = $_REQUEST['title']; $this->file = $_REQUEST['file']; $this->permission = intval($_REQUEST['permission']); $this->enabled = intval($_REQUEST['enabled']); $this->sections = array(); for($s = 0; $s < count($_REQUEST['template-sections-code']); $s++) { if(empty($_REQUEST['template-sections-code'][$s])) continue; $this->sections[] = array( 'code' => $_REQUEST['template-sections-code'][$s], 'name' => $_REQUEST['template-sections-name'][$s], 'editor' => $_REQUEST['template-sections-editor'][$s], 'width' => $_REQUEST['template-sections-width'][$s] ); } if(empty($this->sections)) { $this->sections = array( 0 => array( 'code' => 'id', 'name' => '#main 'editor' => 'tinymce', 'width' => '960' ) ); } $this->gallery = intval($_REQUEST['gallery']); $this->comments = intval($_REQUEST['comments']); $this->tags = intval($_REQUEST['tags']); $this->statistics = intval($_REQUEST['statistics']); }",True,PHP,load_from_post,template.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-09 08:50:51+02:00,* template.class: filter file location path,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-13795,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12028,public function save() { if(!empty($this->id)) return $this->update(); else return $this->insert(); },True,PHP,save,template.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-09 08:50:51+02:00,* template.class: filter file location path,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-13795,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12031,"public function load_from_theme($id, $theme_name=null) { global $theme; global $website; $ws_theme = $theme; if(empty($ws_theme) && !empty($theme_name)) { $ws_theme = new theme(); $ws_theme->load($theme_name); } $template = NULL; for($t=0; $t < count($ws_theme->templates); $t++) { if($ws_theme->templates[$t]->type == $id) $template = $ws_theme->templates[$t]; } if(!$template) return; $defaults = array( 'sections' => array( 0 => array( 'id' => 'main', 'name' => '#main 'editor' => 'tinymce', 'width' => '960' ) ), 'gallery' => 0, 'comments' => 0, 'tags' => 0, 'statistics' => 1, 'permission' => 0, 'enabled' => 1, 'properties' => array() ); $this->id = $template->type; $this->website = $website->id; $this->title = $ws_theme->template_title($template->type); $this->file = NAVIGATE_PATH.'/themes/'.$ws_theme->name.'/'.$template->file; $this->sections = (isset($template->sections)? json_decode(json_encode($template->sections), true) : $defaults['sections']); $this->gallery = (isset($template->gallery)? $template->gallery : $defaults['gallery']); $this->comments = (isset($template->comments)? $template->comments : $defaults['comments']); $this->tags = (isset($template->tags)? $template->tags : $defaults['tags']); $this->statistics = (isset($template->statistics)? $template->statistics : $defaults['statistics']); $this->permission = (isset($template->permission)? $template->permission : $defaults['permission']); $this->enabled = (isset($template->enabled)? $template->enabled : $defaults['enabled']); $this->properties = (isset($template->properties)? (array)$template->properties : $defaults['properties']); for($p=0; $p < count($this->properties); $p++) { if($this->properties[$p]->type == 'option') { $poptions = array(); foreach($this->properties[$p]->options as $key => $value) $poptions[$key] = $ws_theme->t($value); $this->properties[$p]->options = $poptions; } } }",True,PHP,load_from_theme,template.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-09 08:50:51+02:00,* template.class: filter file location path,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-13795,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12034,public function load_from_resultset($rs) { $main = $rs[0]; $this->id = $main->id; $this->website = $main->website; $this->title = $main->title; $this->file = $main->file; $this->sections = mb_unserialize($main->sections); $this->gallery = $main->gallery; $this->comments = $main->comments; $this->tags = $main->tags; $this->statistics = $main->statistics; $this->permission = $main->permission; $this->enabled = $main->enabled; },True,PHP,load_from_resultset,template.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-09 08:50:51+02:00,* template.class: filter file location path,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-13795,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12036,"function templates_form($item) { global $user; global $DB; global $website; global $layout; $navibars = new navibars(); $naviforms = new naviforms(); if(empty($item->id)) $navibars->title(t(20, 'Templates').' / '.t(38, 'Create')); else $navibars->title(t(20, 'Templates').' / '.t(170, 'Edit').' ['.$item->id.']'); $readonly = false; if(!empty($item->id) && !is_numeric($item->id)) { $layout->navigate_notification(t(432, ""Read only mode""), false, true); $readonly = true; } else if(empty($item->id)) { $navibars->add_actions( array( ' '.t(34, 'Save').'' ) ); } else { $navibars->add_actions( array( ' '.t(34, 'Save').'', ' '.t(35, 'Delete').'' ) ); $delete_html = array(); $delete_html[] = '
    '.t(57, 'Do you really want to delete this item?').'
    '; $delete_html[] = ''; $navibars->add_content(implode(""\n"", $delete_html)); } $navibars->add_actions( array( (!empty($item->id)? ' '.t(38, 'Create').'' : ''), ' '.t(39, 'List').'', 'search_form' )); $navibars->form(); $navibars->add_tab(t(43, ""Main"")); $navibars->add_tab_content($naviforms->hidden('form-sent', 'true')); $navibars->add_tab_content($naviforms->hidden('id', $item->id)); $navibars->add_tab_content_row(array( '', ''.(!empty($item->id)? $item->id : t(52, '(new)')).'' ));",True,PHP,templates_form,templates.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-09 08:50:51+02:00,* template.class: filter file location path,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-13795,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12038,"if(!is_array($sections)) $sections = array(); foreach($sections as $section) { if(!empty($section['width']) && !in_array($section['width'], $widths)) array_push($widths, $section['width']); } } return $widths; }",True,PHP,array,templates.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-09 08:50:51+02:00,* template.class: filter file location path,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-13795,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12044,"public static function generate_feed($id = NULL) { global $current; global $website; global $DB; if(empty($id)) $id = $current['id']; $item = new feed(); $item->load($id); $permission = nvweb_object_enabled($item); if(!$permission) return; $feed = new UniversalFeedCreator(); $feed->encoding = 'UTF-8'; $feed->title = $item->dictionary[$current['lang']]['title']; $feed->description = $item->dictionary[$current['lang']]['description']; $feed->link = $website->absolute_path(); $feed->syndicationURL = $website->absolute_path().$item->paths[$current['lang']]; if(!empty($item->image)) { $image = new FeedImage(); $image->url = $website->absolute_path().'/object?type=image&id='.$item->image; $image->link = $website->absolute_path(); $image->title = $feed->title; $feed->image = $image; } if(!empty($item->categories[0])) { $limit = intval($item->entries); if($limit <= 0) $limit = 10; $DB->query(' SELECT SQL_CALC_FOUND_ROWS i.id, i.permission, i.date_published, i.date_unpublish, i.date_to_display, COALESCE(NULLIF(i.date_to_display, 0), i.date_created) as pdate, d.text as title, i.position as position, i.galleries as galleries, i.template as template FROM nv_items i, nv_structure s, nv_webdictionary d WHERE i.category IN('.implode("","", $item->categories).') AND i.website = '.$website->id.' AND i.permission = 0 AND (i.date_published = 0 OR i.date_published < '.core_time().') AND (i.date_unpublish = 0 OR i.date_unpublish > '.core_time().') AND s.id = i.category AND (s.date_published = 0 OR s.date_published < '.core_time().') AND (s.date_unpublish = 0 OR s.date_unpublish > '.core_time().') AND s.permission = 0 AND (s.access = 0) AND (i.access = 0) AND d.website = i.website AND d.node_type = ""item"" AND d.subtype = ""title"" AND d.node_id = i.id AND d.lang = :lang ORDER BY pdate DESC LIMIT '.$limit.' OFFSET 0', 'object', array( ':lang' => $current['lang'] ) ); $rs = $DB->result(); for($x=0; $x < count($rs); $x++) { if(nvweb_object_enabled($rs[$x])) { $texts = webdictionary::load_element_strings('item', $rs[$x]->id); $paths = path::loadElementPaths('item', $rs[$x]->id); $fitem = new FeedItem(); $fitem->title = $texts[$current['lang']]['title']; $encoded_path = implode('/', array_map('urlencode', explode('/', $paths[$current['lang']]))); $fitem->link = $website->absolute_path().$encoded_path; switch($item->content) { case 'title': break; case 'content': $html = $texts[$current['lang']]['section-main']; $html = nvweb_template_tweaks($html); $html = nvweb_template_convert_nv_paths($html); $fitem->description = $html; break; case 'summary': default: $fitem->description = $texts[$current['lang']]['section-main']; $fitem->description = str_replace( array('

    ', '
    ', '
    ', '
    '), array('

    '.""\n"", '
    '.""\n"", '
    '.""\n"", '
    '.""\n""), $fitem->description ); $fitem->description = core_string_cut($fitem->description, 500, '…'); break; } $fitem->date = $rs[$x]->date_to_display; $image = ''; if(!empty($rs[$x]->galleries)) { $galleries = mb_unserialize($rs[$x]->galleries); $photo = @array_shift(array_keys($galleries[0])); if(!empty($photo)) $image = $website->absolute_path(false) . '/object?type=image&id='.$photo; } if(empty($image)) { $properties = property::load_properties(""item"", $rs[$x]->template, ""item"", $rs[$x]->id); for($p=0; $p < count($properties); $p++) { if($properties[$p]->type=='image') { if(!empty($properties[$p]->value)) $image = $properties[$p]->value; else if(!empty($properties[$p]->dvalue)) $image = $properties[$p]->dvalue; if(is_array($image)) { $image = array_values($image); $image = $image[0]; } if(!empty($image)) $image = $website->absolute_path(false) . '/object?type=image&id='.$image; } if(!empty($image)) break; } } if(!empty($image)) { $fitem->image = $image; if(strpos($item->format, 'RSS')!==false) $fitem->description = '
    '.$fitem->description; } $feed->addItem($fitem); } } } $xml = $feed->createFeed($item->format); if($item->format==""RSS2.0"") { $xml = str_replace('', ''.""\n\t\t"".'', $xml); $xml = str_replace('', ''.""\n\t\t"".''.file::file_url($item->image).'', $xml); $xml = str_replace('', ''.""\n\t\t"".''.file::file_url($website->favicon).'', $xml); } return $xml; }",True,PHP,generate_feed,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12045,"public static function generate_feed($id = NULL) { global $current; global $website; global $DB; if(empty($id)) $id = $current['id']; $item = new feed(); $item->load($id); $permission = nvweb_object_enabled($item); if(!$permission) return; $feed = new UniversalFeedCreator(); $feed->encoding = 'UTF-8'; $feed->title = $item->dictionary[$current['lang']]['title']; $feed->description = $item->dictionary[$current['lang']]['description']; $feed->link = $website->absolute_path(); $feed->syndicationURL = $website->absolute_path().$item->paths[$current['lang']]; if(!empty($item->image)) { $image = new FeedImage(); $image->url = $website->absolute_path().'/object?type=image&id='.$item->image; $image->link = $website->absolute_path(); $image->title = $feed->title; $feed->image = $image; } if(!empty($item->categories[0])) { $limit = intval($item->entries); if($limit <= 0) $limit = 10; $DB->query(' SELECT SQL_CALC_FOUND_ROWS i.id, i.permission, i.date_published, i.date_unpublish, i.date_to_display, COALESCE(NULLIF(i.date_to_display, 0), i.date_created) as pdate, d.text as title, i.position as position, i.galleries as galleries, i.template as template FROM nv_items i, nv_structure s, nv_webdictionary d WHERE i.category IN('.implode("","", $item->categories).') AND i.website = '.$website->id.' AND i.permission = 0 AND (i.date_published = 0 OR i.date_published < '.core_time().') AND (i.date_unpublish = 0 OR i.date_unpublish > '.core_time().') AND s.id = i.category AND (s.date_published = 0 OR s.date_published < '.core_time().') AND (s.date_unpublish = 0 OR s.date_unpublish > '.core_time().') AND s.permission = 0 AND (s.access = 0) AND (i.access = 0) AND d.website = i.website AND d.node_type = ""item"" AND d.subtype = ""title"" AND d.node_id = i.id AND d.lang = :lang ORDER BY pdate DESC LIMIT '.$limit.' OFFSET 0', 'object', array( ':lang' => $current['lang'] ) ); $rs = $DB->result(); for($x=0; $x < count($rs); $x++) { if(nvweb_object_enabled($rs[$x])) { $texts = webdictionary::load_element_strings('item', $rs[$x]->id); $paths = path::loadElementPaths('item', $rs[$x]->id); $fitem = new FeedItem(); $fitem->title = $texts[$current['lang']]['title']; $encoded_path = implode('/', array_map('urlencode', explode('/', $paths[$current['lang']]))); $fitem->link = $website->absolute_path().$encoded_path; switch($item->content) { case 'title': break; case 'content': $html = $texts[$current['lang']]['section-main']; $html = nvweb_template_tweaks($html); $html = nvweb_template_convert_nv_paths($html); $fitem->description = $html; break; case 'summary': default: $fitem->description = $texts[$current['lang']]['section-main']; $fitem->description = str_replace( array('

    ', '
    ', '
    ', '
    '), array('

    '.""\n"", '
    '.""\n"", '
    '.""\n"", '
    '.""\n""), $fitem->description ); $fitem->description = core_string_cut($fitem->description, 500, '…'); break; } $fitem->date = $rs[$x]->date_to_display; $image = ''; if(!empty($rs[$x]->galleries)) { $galleries = mb_unserialize($rs[$x]->galleries); $photo = @array_shift(array_keys($galleries[0])); if(!empty($photo)) $image = $website->absolute_path(false) . '/object?type=image&id='.$photo; } if(empty($image)) { $properties = property::load_properties(""item"", $rs[$x]->template, ""item"", $rs[$x]->id); for($p=0; $p < count($properties); $p++) { if($properties[$p]->type=='image') { if(!empty($properties[$p]->value)) $image = $properties[$p]->value; else if(!empty($properties[$p]->dvalue)) $image = $properties[$p]->dvalue; if(is_array($image)) { $image = array_values($image); $image = $image[0]; } if(!empty($image)) $image = $website->absolute_path(false) . '/object?type=image&id='.$image; } if(!empty($image)) break; } } if(!empty($image)) { $fitem->image = $image; if(strpos($item->format, 'RSS')!==false) $fitem->description = '
    '.$fitem->description; } $feed->addItem($fitem); } } } $xml = $feed->createFeed($item->format); if($item->format==""RSS2.0"") { $xml = str_replace('', ''.""\n\t\t"".'', $xml); $xml = str_replace('', ''.""\n\t\t"".''.file::file_url($item->image).'', $xml); $xml = str_replace('', ''.""\n\t\t"".''.file::file_url($website->favicon).'', $xml); } return $xml; }",True,PHP,generate_feed,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"function update() { global $db, $user, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (!empty($user->id)) { $this->params['name'] = $user->firstname."" "".$user->lastname; $this->params['email'] = $user->email; } $this->expSimpleNote->approved = ($require_approval == 1 && !$user->isAdmin()) ? 0 : 1; $this->expSimpleNote->update($this->params); $this->expSimpleNote->attachNote($this->params['content_type'], $this->params['content_id'], $this->params['subtype']); $msg = gt('Your note has been added.'); if ($require_approval == 1 && !$user->isAdmin()) { $msg .= ' '.gt('Your note is now pending approval. You will receive an email to').' '; $msg .= $this->expSimpleNote->email.' '.gt('letting you know when it has been approved.'); } if ($require_notification && !$user->isAdmin()) { $this->sendNotification($this->expComment); } flash('message', $msg); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12046,"public static function generate_feed($id = NULL) { global $current; global $website; global $DB; if(empty($id)) $id = $current['id']; $item = new feed(); $item->load($id); $permission = nvweb_object_enabled($item); if(!$permission) return; $feed = new UniversalFeedCreator(); $feed->encoding = 'UTF-8'; $feed->title = $item->dictionary[$current['lang']]['title']; $feed->description = $item->dictionary[$current['lang']]['description']; $feed->link = $website->absolute_path(); $feed->syndicationURL = $website->absolute_path().$item->paths[$current['lang']]; if(!empty($item->image)) { $image = new FeedImage(); $image->url = $website->absolute_path().'/object?type=image&id='.$item->image; $image->link = $website->absolute_path(); $image->title = $feed->title; $feed->image = $image; } if(!empty($item->categories[0])) { $limit = intval($item->entries); if($limit <= 0) $limit = 10; $DB->query(' SELECT SQL_CALC_FOUND_ROWS i.id, i.permission, i.date_published, i.date_unpublish, i.date_to_display, COALESCE(NULLIF(i.date_to_display, 0), i.date_created) as pdate, d.text as title, i.position as position, i.galleries as galleries, i.template as template FROM nv_items i, nv_structure s, nv_webdictionary d WHERE i.category IN('.implode("","", $item->categories).') AND i.website = '.$website->id.' AND i.permission = 0 AND (i.date_published = 0 OR i.date_published < '.core_time().') AND (i.date_unpublish = 0 OR i.date_unpublish > '.core_time().') AND s.id = i.category AND (s.date_published = 0 OR s.date_published < '.core_time().') AND (s.date_unpublish = 0 OR s.date_unpublish > '.core_time().') AND s.permission = 0 AND (s.access = 0) AND (i.access = 0) AND d.website = i.website AND d.node_type = ""item"" AND d.subtype = ""title"" AND d.node_id = i.id AND d.lang = :lang ORDER BY pdate DESC LIMIT '.$limit.' OFFSET 0', 'object', array( ':lang' => $current['lang'] ) ); $rs = $DB->result(); for($x=0; $x < count($rs); $x++) { if(nvweb_object_enabled($rs[$x])) { $texts = webdictionary::load_element_strings('item', $rs[$x]->id); $paths = path::loadElementPaths('item', $rs[$x]->id); $fitem = new FeedItem(); $fitem->title = $texts[$current['lang']]['title']; $encoded_path = implode('/', array_map('urlencode', explode('/', $paths[$current['lang']]))); $fitem->link = $website->absolute_path().$encoded_path; switch($item->content) { case 'title': break; case 'content': $html = $texts[$current['lang']]['section-main']; $html = nvweb_template_tweaks($html); $html = nvweb_template_convert_nv_paths($html); $fitem->description = $html; break; case 'summary': default: $fitem->description = $texts[$current['lang']]['section-main']; $fitem->description = str_replace( array('

    ', '
    ', '
    ', '
    '), array('

    '.""\n"", '
    '.""\n"", '
    '.""\n"", '
    '.""\n""), $fitem->description ); $fitem->description = core_string_cut($fitem->description, 500, '…'); break; } $fitem->date = $rs[$x]->date_to_display; $image = ''; if(!empty($rs[$x]->galleries)) { $galleries = mb_unserialize($rs[$x]->galleries); $photo = @array_shift(array_keys($galleries[0])); if(!empty($photo)) $image = $website->absolute_path(false) . '/object?type=image&id='.$photo; } if(empty($image)) { $properties = property::load_properties(""item"", $rs[$x]->template, ""item"", $rs[$x]->id); for($p=0; $p < count($properties); $p++) { if($properties[$p]->type=='image') { if(!empty($properties[$p]->value)) $image = $properties[$p]->value; else if(!empty($properties[$p]->dvalue)) $image = $properties[$p]->dvalue; if(is_array($image)) { $image = array_values($image); $image = $image[0]; } if(!empty($image)) $image = $website->absolute_path(false) . '/object?type=image&id='.$image; } if(!empty($image)) break; } } if(!empty($image)) { $fitem->image = $image; if(strpos($item->format, 'RSS')!==false) $fitem->description = '
    '.$fitem->description; } $feed->addItem($fitem); } } } $xml = $feed->createFeed($item->format); if($item->format==""RSS2.0"") { $xml = str_replace('', ''.""\n\t\t"".'', $xml); $xml = str_replace('', ''.""\n\t\t"".''.file::file_url($item->image).'', $xml); $xml = str_replace('', ''.""\n\t\t"".''.file::file_url($website->favicon).'', $xml); } return $xml; }",True,PHP,generate_feed,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12053,"foreach($fields as $field) { if(substr($key, 0, strlen($field.'-'))==$field.'-') $this->dictionary[substr($key, strlen($field.'-'))][$field] = $value; }",True,PHP,foreach,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12054,"foreach($fields as $field) { if(substr($key, 0, strlen($field.'-'))==$field.'-') $this->dictionary[substr($key, strlen($field.'-'))][$field] = $value; }",True,PHP,foreach,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12055,"foreach($fields as $field) { if(substr($key, 0, strlen($field.'-'))==$field.'-') $this->dictionary[substr($key, strlen($field.'-'))][$field] = $value; }",True,PHP,foreach,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12059,"$this->paths[substr($key, strlen('path-'))] = $value; }",True,PHP,substr,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12060,"$this->paths[substr($key, strlen('path-'))] = $value; }",True,PHP,substr,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12061,"$this->paths[substr($key, strlen('path-'))] = $value; }",True,PHP,substr,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12065,"public function update() { global $DB; global $events; if(!is_array($this->categories)) $this->categories = array(); $ok = $DB->execute(' UPDATE nv_feeds SET categories = :categories, format = :format, image = :image, entries = :entries, content = :content, views = :views, permission = :permission, enabled = :enabled WHERE id = :id AND website = :website', array( 'id' => $this->id, 'website' => $this->website, 'categories' => implode(',', $this->categories), 'format' => $this->format, 'image' => value_or_default($this->image, 0), 'entries' => value_or_default($this->entries, 10), 'content' => $this->content, 'views' => value_or_default($this->views, 0), 'permission' => value_or_default($this->permission, 0), 'enabled' => value_or_default($this->enabled, 0) ) ); if(!$ok) throw new Exception($DB->get_last_error()); webdictionary::save_element_strings('feed', $this->id, $this->dictionary); path::saveElementPaths('feed', $this->id, $this->paths); if(method_exists($events, 'trigger')) { $events->trigger( 'feed', 'save', array( 'feed' => $this ) ); } return true; }",True,PHP,update,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12066,"public function update() { global $DB; global $events; if(!is_array($this->categories)) $this->categories = array(); $ok = $DB->execute(' UPDATE nv_feeds SET categories = :categories, format = :format, image = :image, entries = :entries, content = :content, views = :views, permission = :permission, enabled = :enabled WHERE id = :id AND website = :website', array( 'id' => $this->id, 'website' => $this->website, 'categories' => implode(',', $this->categories), 'format' => $this->format, 'image' => value_or_default($this->image, 0), 'entries' => value_or_default($this->entries, 10), 'content' => $this->content, 'views' => value_or_default($this->views, 0), 'permission' => value_or_default($this->permission, 0), 'enabled' => value_or_default($this->enabled, 0) ) ); if(!$ok) throw new Exception($DB->get_last_error()); webdictionary::save_element_strings('feed', $this->id, $this->dictionary); path::saveElementPaths('feed', $this->id, $this->paths); if(method_exists($events, 'trigger')) { $events->trigger( 'feed', 'save', array( 'feed' => $this ) ); } return true; }",True,PHP,update,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12067,"public function update() { global $DB; global $events; if(!is_array($this->categories)) $this->categories = array(); $ok = $DB->execute(' UPDATE nv_feeds SET categories = :categories, format = :format, image = :image, entries = :entries, content = :content, views = :views, permission = :permission, enabled = :enabled WHERE id = :id AND website = :website', array( 'id' => $this->id, 'website' => $this->website, 'categories' => implode(',', $this->categories), 'format' => $this->format, 'image' => value_or_default($this->image, 0), 'entries' => value_or_default($this->entries, 10), 'content' => $this->content, 'views' => value_or_default($this->views, 0), 'permission' => value_or_default($this->permission, 0), 'enabled' => value_or_default($this->enabled, 0) ) ); if(!$ok) throw new Exception($DB->get_last_error()); webdictionary::save_element_strings('feed', $this->id, $this->dictionary); path::saveElementPaths('feed', $this->id, $this->paths); if(method_exists($events, 'trigger')) { $events->trigger( 'feed', 'save', array( 'feed' => $this ) ); } return true; }",True,PHP,update,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12077,"public function quicksearch($text) { global $DB; global $website; $like = ' LIKE '.protect('%'.$text.'%'); $DB->query('SELECT DISTINCT (nvw.node_id) FROM nv_webdictionary nvw WHERE nvw.node_type = ""feed"" AND nvw.website = '.$website->id.' AND nvw.text '.$like, 'array'); $dict_ids = $DB->result(""node_id""); $cols[] = 'i.id' . $like; if(!empty($dict_ids)) $cols[] = 'i.id IN ('.implode(',', $dict_ids).')'; $where = ' AND ( '; $where.= implode( ' OR ', $cols); $where .= ')'; return $where; }",True,PHP,quicksearch,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12078,"public function quicksearch($text) { global $DB; global $website; $like = ' LIKE '.protect('%'.$text.'%'); $DB->query('SELECT DISTINCT (nvw.node_id) FROM nv_webdictionary nvw WHERE nvw.node_type = ""feed"" AND nvw.website = '.$website->id.' AND nvw.text '.$like, 'array'); $dict_ids = $DB->result(""node_id""); $cols[] = 'i.id' . $like; if(!empty($dict_ids)) $cols[] = 'i.id IN ('.implode(',', $dict_ids).')'; $where = ' AND ( '; $where.= implode( ' OR ', $cols); $where .= ')'; return $where; }",True,PHP,quicksearch,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12079,"public function quicksearch($text) { global $DB; global $website; $like = ' LIKE '.protect('%'.$text.'%'); $DB->query('SELECT DISTINCT (nvw.node_id) FROM nv_webdictionary nvw WHERE nvw.node_type = ""feed"" AND nvw.website = '.$website->id.' AND nvw.text '.$like, 'array'); $dict_ids = $DB->result(""node_id""); $cols[] = 'i.id' . $like; if(!empty($dict_ids)) $cols[] = 'i.id IN ('.implode(',', $dict_ids).')'; $where = ' AND ( '; $where.= implode( ' OR ', $cols); $where .= ')'; return $where; }",True,PHP,quicksearch,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12080,public function save() { global $DB; if(!empty($this->id)) return $this->update(); else return $this->insert(); },True,PHP,save,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12081,public function save() { global $DB; if(!empty($this->id)) return $this->update(); else return $this->insert(); },True,PHP,save,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12082,public function save() { global $DB; if(!empty($this->id)) return $this->update(); else return $this->insert(); },True,PHP,save,feed.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12083,"public function insert() { global $DB; $ok = $DB->execute(' INSERT INTO nv_menus (id, codename, icon, lid, notes, functions, enabled) VALUES ( 0, :codename, :icon, :lid, :notes, :functions, :enabled)', array( 'codename' => value_or_default($this->codename, """"), 'icon' => value_or_default($this->icon, """"), 'lid' => value_or_default($this->lid, 0), 'notes' => value_or_default($this->notes, """"), 'functions' => json_encode($this->functions), 'enabled' => value_or_default($this->enabled, 0) ) ); if(!$ok) throw new Exception($DB->get_last_error()); $this->id = $DB->get_last_id(); return true; }",True,PHP,insert,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12084,"public function insert() { global $DB; $ok = $DB->execute(' INSERT INTO nv_menus (id, codename, icon, lid, notes, functions, enabled) VALUES ( 0, :codename, :icon, :lid, :notes, :functions, :enabled)', array( 'codename' => value_or_default($this->codename, """"), 'icon' => value_or_default($this->icon, """"), 'lid' => value_or_default($this->lid, 0), 'notes' => value_or_default($this->notes, """"), 'functions' => json_encode($this->functions), 'enabled' => value_or_default($this->enabled, 0) ) ); if(!$ok) throw new Exception($DB->get_last_error()); $this->id = $DB->get_last_id(); return true; }",True,PHP,insert,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12085,"public function insert() { global $DB; $ok = $DB->execute(' INSERT INTO nv_menus (id, codename, icon, lid, notes, functions, enabled) VALUES ( 0, :codename, :icon, :lid, :notes, :functions, :enabled)', array( 'codename' => value_or_default($this->codename, """"), 'icon' => value_or_default($this->icon, """"), 'lid' => value_or_default($this->lid, 0), 'notes' => value_or_default($this->notes, """"), 'functions' => json_encode($this->functions), 'enabled' => value_or_default($this->enabled, 0) ) ); if(!$ok) throw new Exception($DB->get_last_error()); $this->id = $DB->get_last_id(); return true; }",True,PHP,insert,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12086,"public function update() { global $DB; $ok = $DB->execute(' UPDATE nv_menus SET codename = :codename, icon = :icon, lid = :lid, notes = :notes, functions = :functions, enabled = :enabled WHERE id = :id', array( 'id' => $this->id, 'codename' => value_or_default($this->codename, """"), 'icon' => value_or_default($this->icon, """"), 'lid' => value_or_default($this->lid, 0), 'notes' => value_or_default($this->notes, """"), 'functions' => json_encode($this->functions), 'enabled' => value_or_default($this->enabled, 0) ) ); if(!$ok) throw new Exception($DB->get_last_error()); return true; }",True,PHP,update,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12087,"public function update() { global $DB; $ok = $DB->execute(' UPDATE nv_menus SET codename = :codename, icon = :icon, lid = :lid, notes = :notes, functions = :functions, enabled = :enabled WHERE id = :id', array( 'id' => $this->id, 'codename' => value_or_default($this->codename, """"), 'icon' => value_or_default($this->icon, """"), 'lid' => value_or_default($this->lid, 0), 'notes' => value_or_default($this->notes, """"), 'functions' => json_encode($this->functions), 'enabled' => value_or_default($this->enabled, 0) ) ); if(!$ok) throw new Exception($DB->get_last_error()); return true; }",True,PHP,update,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12088,"public function update() { global $DB; $ok = $DB->execute(' UPDATE nv_menus SET codename = :codename, icon = :icon, lid = :lid, notes = :notes, functions = :functions, enabled = :enabled WHERE id = :id', array( 'id' => $this->id, 'codename' => value_or_default($this->codename, """"), 'icon' => value_or_default($this->icon, """"), 'lid' => value_or_default($this->lid, 0), 'notes' => value_or_default($this->notes, """"), 'functions' => json_encode($this->functions), 'enabled' => value_or_default($this->enabled, 0) ) ); if(!$ok) throw new Exception($DB->get_last_error()); return true; }",True,PHP,update,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12089,public function save() { global $DB; if(!empty($this->id)) return $this->update(); else return $this->insert(); },True,PHP,save,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12090,public function save() { global $DB; if(!empty($this->id)) return $this->update(); else return $this->insert(); },True,PHP,save,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12091,public function save() { global $DB; if(!empty($this->id)) return $this->update(); else return $this->insert(); },True,PHP,save,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12095,public function load_from_resultset($rs) { global $DB; $main = $rs[0]; $this->id = $main->id; $this->codename = $main->codename; $this->icon = $main->icon; $this->lid = $main->lid; $this->notes = $main->notes; $this->enabled = $main->enabled; $this->functions = json_decode($main->functions); if(empty($this->functions)) $this->functions = array(); },True,PHP,load_from_resultset,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12096,public function load_from_resultset($rs) { global $DB; $main = $rs[0]; $this->id = $main->id; $this->codename = $main->codename; $this->icon = $main->icon; $this->lid = $main->lid; $this->notes = $main->notes; $this->enabled = $main->enabled; $this->functions = json_decode($main->functions); if(empty($this->functions)) $this->functions = array(); },True,PHP,load_from_resultset,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12097,public function load_from_resultset($rs) { global $DB; $main = $rs[0]; $this->id = $main->id; $this->codename = $main->codename; $this->icon = $main->icon; $this->lid = $main->lid; $this->notes = $main->notes; $this->enabled = $main->enabled; $this->functions = json_decode($main->functions); if(empty($this->functions)) $this->functions = array(); },True,PHP,load_from_resultset,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12107,"public function load_from_post() { $this->codename = $_REQUEST['codename']; $this->icon = $_REQUEST['icon']; $this->lid = $_REQUEST['lid']; $this->notes = $_REQUEST['notes']; $this->enabled = ($_REQUEST['enabled']=='1'? '1' : '0'); $functions = explode('#', $_REQUEST['menu-functions']); $this->functions = array(); foreach($functions as $function) { if(!empty($function)) $this->functions[] = $function; } }",True,PHP,load_from_post,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12108,"public function load_from_post() { $this->codename = $_REQUEST['codename']; $this->icon = $_REQUEST['icon']; $this->lid = $_REQUEST['lid']; $this->notes = $_REQUEST['notes']; $this->enabled = ($_REQUEST['enabled']=='1'? '1' : '0'); $functions = explode('#', $_REQUEST['menu-functions']); $this->functions = array(); foreach($functions as $function) { if(!empty($function)) $this->functions[] = $function; } }",True,PHP,load_from_post,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12109,"public function load_from_post() { $this->codename = $_REQUEST['codename']; $this->icon = $_REQUEST['icon']; $this->lid = $_REQUEST['lid']; $this->notes = $_REQUEST['notes']; $this->enabled = ($_REQUEST['enabled']=='1'? '1' : '0'); $functions = explode('#', $_REQUEST['menu-functions']); $this->functions = array(); foreach($functions as $function) { if(!empty($function)) $this->functions[] = $function; } }",True,PHP,load_from_post,menu.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12119,"$item->delete(); } echo json_encode(true); break; default: $page = intval($_REQUEST['page']); $max = intval($_REQUEST['rows']); $offset = ($page - 1) * $max; $where = "" 1=1 ""; if($_REQUEST['_search']=='true' || isset($_REQUEST['quicksearch'])) { if(isset($_REQUEST['quicksearch'])) { $where .= $item->quicksearch($_REQUEST['quicksearch']); } else if(isset($_REQUEST['filters'])) { $where .= navitable::jqgridsearch($_REQUEST['filters']); } else { $where .= ' AND '.navitable::jqgridcompare($_REQUEST['searchField'], $_REQUEST['searchOper'], $_REQUEST['searchString']); } } if( !in_array($_REQUEST['sord'], array('', 'desc', 'DESC', 'asc', 'ASC')) || !in_array($_REQUEST['sidx'], array('id', 'codename', 'icon', 'lid', 'enabled')) ) { return false; } $orderby = $_REQUEST['sidx'].' '.$_REQUEST['sord']; $DB->queryLimit('id,lid,codename,icon,enabled', 'nv_menus', $where, $orderby, $offset, $max); $dataset = $DB->result(); $total = $DB->foundRows(); $out = array(); for($i=0; $i < count($dataset); $i++) { $out[$i] = array( 0 => $dataset[$i]['id'], 1 => $dataset[$i]['codename'], 2 => '', 3 => '['.$dataset[$i]['lid'].'] '.t($dataset[$i]['lid'], $dataset[$i]['lid']), 4 => (($dataset[$i]['enabled']==1)? '' : '') ); } navitable::jqgridJson($out, $page, $offset, $max, $total); break; } session_write_close(); exit; break; case 'edit': case 2: if(!empty($_REQUEST['id'])) { $item->load(intval($_REQUEST['id'])); } if(isset($_REQUEST['form-sent'])) { $item->load_from_post(); try { naviforms::check_csrf_token(); $item->save(); $layout->navigate_notification(t(53, ""Data saved successfully.""), false, false, 'fa fa-check'); } catch(Exception $e) { $layout->navigate_notification($e->getMessage(), true, true); } } $out = functions_form($item); break; case 'delete': case 4: if(!empty($_REQUEST['id'])) { $item->load(intval($_REQUEST['id'])); if($item->delete() > 0) { $layout->navigate_notification(t(55, 'Item removed successfully.'), false); $out = functions_list(); } else { $layout->navigate_notification(t(56, 'Unexpected error.'), false); $out = functions_form($item); } } break; case 'list': case 0: default: $out = functions_list(); break; } return $out; }",True,PHP,delete,menus.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12120,"$item->delete(); } echo json_encode(true); break; default: $page = intval($_REQUEST['page']); $max = intval($_REQUEST['rows']); $offset = ($page - 1) * $max; $where = "" 1=1 ""; if($_REQUEST['_search']=='true' || isset($_REQUEST['quicksearch'])) { if(isset($_REQUEST['quicksearch'])) { $where .= $item->quicksearch($_REQUEST['quicksearch']); } else if(isset($_REQUEST['filters'])) { $where .= navitable::jqgridsearch($_REQUEST['filters']); } else { $where .= ' AND '.navitable::jqgridcompare($_REQUEST['searchField'], $_REQUEST['searchOper'], $_REQUEST['searchString']); } } if( !in_array($_REQUEST['sord'], array('', 'desc', 'DESC', 'asc', 'ASC')) || !in_array($_REQUEST['sidx'], array('id', 'codename', 'icon', 'lid', 'enabled')) ) { return false; } $orderby = $_REQUEST['sidx'].' '.$_REQUEST['sord']; $DB->queryLimit('id,lid,codename,icon,enabled', 'nv_menus', $where, $orderby, $offset, $max); $dataset = $DB->result(); $total = $DB->foundRows(); $out = array(); for($i=0; $i < count($dataset); $i++) { $out[$i] = array( 0 => $dataset[$i]['id'], 1 => $dataset[$i]['codename'], 2 => '', 3 => '['.$dataset[$i]['lid'].'] '.t($dataset[$i]['lid'], $dataset[$i]['lid']), 4 => (($dataset[$i]['enabled']==1)? '' : '') ); } navitable::jqgridJson($out, $page, $offset, $max, $total); break; } session_write_close(); exit; break; case 'edit': case 2: if(!empty($_REQUEST['id'])) { $item->load(intval($_REQUEST['id'])); } if(isset($_REQUEST['form-sent'])) { $item->load_from_post(); try { naviforms::check_csrf_token(); $item->save(); $layout->navigate_notification(t(53, ""Data saved successfully.""), false, false, 'fa fa-check'); } catch(Exception $e) { $layout->navigate_notification($e->getMessage(), true, true); } } $out = functions_form($item); break; case 'delete': case 4: if(!empty($_REQUEST['id'])) { $item->load(intval($_REQUEST['id'])); if($item->delete() > 0) { $layout->navigate_notification(t(55, 'Item removed successfully.'), false); $out = functions_list(); } else { $layout->navigate_notification(t(56, 'Unexpected error.'), false); $out = functions_form($item); } } break; case 'list': case 0: default: $out = functions_list(); break; } return $out; }",True,PHP,delete,menus.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12121,"$item->delete(); } echo json_encode(true); break; default: $page = intval($_REQUEST['page']); $max = intval($_REQUEST['rows']); $offset = ($page - 1) * $max; $where = "" 1=1 ""; if($_REQUEST['_search']=='true' || isset($_REQUEST['quicksearch'])) { if(isset($_REQUEST['quicksearch'])) { $where .= $item->quicksearch($_REQUEST['quicksearch']); } else if(isset($_REQUEST['filters'])) { $where .= navitable::jqgridsearch($_REQUEST['filters']); } else { $where .= ' AND '.navitable::jqgridcompare($_REQUEST['searchField'], $_REQUEST['searchOper'], $_REQUEST['searchString']); } } if( !in_array($_REQUEST['sord'], array('', 'desc', 'DESC', 'asc', 'ASC')) || !in_array($_REQUEST['sidx'], array('id', 'codename', 'icon', 'lid', 'enabled')) ) { return false; } $orderby = $_REQUEST['sidx'].' '.$_REQUEST['sord']; $DB->queryLimit('id,lid,codename,icon,enabled', 'nv_menus', $where, $orderby, $offset, $max); $dataset = $DB->result(); $total = $DB->foundRows(); $out = array(); for($i=0; $i < count($dataset); $i++) { $out[$i] = array( 0 => $dataset[$i]['id'], 1 => $dataset[$i]['codename'], 2 => '', 3 => '['.$dataset[$i]['lid'].'] '.t($dataset[$i]['lid'], $dataset[$i]['lid']), 4 => (($dataset[$i]['enabled']==1)? '' : '') ); } navitable::jqgridJson($out, $page, $offset, $max, $total); break; } session_write_close(); exit; break; case 'edit': case 2: if(!empty($_REQUEST['id'])) { $item->load(intval($_REQUEST['id'])); } if(isset($_REQUEST['form-sent'])) { $item->load_from_post(); try { naviforms::check_csrf_token(); $item->save(); $layout->navigate_notification(t(53, ""Data saved successfully.""), false, false, 'fa fa-check'); } catch(Exception $e) { $layout->navigate_notification($e->getMessage(), true, true); } } $out = functions_form($item); break; case 'delete': case 4: if(!empty($_REQUEST['id'])) { $item->load(intval($_REQUEST['id'])); if($item->delete() > 0) { $layout->navigate_notification(t(55, 'Item removed successfully.'), false); $out = functions_list(); } else { $layout->navigate_notification(t(56, 'Unexpected error.'), false); $out = functions_form($item); } } break; case 'list': case 0: default: $out = functions_list(); break; } return $out; }",True,PHP,delete,menus.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12122,"foreach($functions as $function) { if($function->id == $f) { if($function->enabled=='1') $sortable_assigned[] = '
  • id.'"" category=""'.$function->category.'"">icon.'"" align=""absmiddle"" /> '.t($function->lid, $function->lid).'
    • '; else $sortable_assigned[] = '
  • id.'"" category=""'.$function->category.'"">icon.'"" align=""absmiddle"" /> '.t($function->lid, $function->lid).'
    • '; } }",True,PHP,foreach,menus.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12123,"foreach($functions as $function) { if($function->id == $f) { if($function->enabled=='1') $sortable_assigned[] = '
  • id.'"" category=""'.$function->category.'"">icon.'"" align=""absmiddle"" /> '.t($function->lid, $function->lid).'
    • '; else $sortable_assigned[] = '
  • id.'"" category=""'.$function->category.'"">icon.'"" align=""absmiddle"" /> '.t($function->lid, $function->lid).'
    • '; } }",True,PHP,foreach,menus.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12124,"foreach($functions as $function) { if($function->id == $f) { if($function->enabled=='1') $sortable_assigned[] = '
  • id.'"" category=""'.$function->category.'"">icon.'"" align=""absmiddle"" /> '.t($function->lid, $function->lid).'
    • '; else $sortable_assigned[] = '
  • id.'"" category=""'.$function->category.'"">icon.'"" align=""absmiddle"" /> '.t($function->lid, $function->lid).'
    • '; } }",True,PHP,foreach,menus.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12125,"function functions_list() { $navibars = new navibars(); $navitable = new navitable(""functions_list""); $navibars->title(t(244, 'Menus')); $navibars->add_actions( array( ' '.t(38, 'Create').'', ' '.t(39, 'List').'', 'search_form' )); if($_REQUEST['quicksearch']=='true') { $navitable->setInitialURL(""?fid="".$_REQUEST['fid'].'&act=json&_search=true&quicksearch='.$_REQUEST['navigate-quicksearch']); } $navitable->setURL('?fid='.$_REQUEST['fid'].'&act=json'); $navitable->sortBy('id'); $navitable->setDataIndex('id'); $navitable->setEditUrl('id', '?fid='.$_REQUEST['fid'].'&act=edit&id='); $navitable->addCol(""ID"", 'id', ""80"", ""true"", ""left""); $navitable->addCol(t(237, 'Code'), 'codename', ""100"", ""true"", ""left""); $navitable->addCol(t(242, 'Icon'), 'icon', ""50"", ""true"", ""center""); $navitable->addCol(t(67, 'Title'), 'lid', ""200"", ""true"", ""left""); $navitable->addCol(t(65, 'Enabled'), 'enabled', ""80"", ""true"", ""center""); $navibars->add_content($navitable->generate()); return $navibars->generate(); }",True,PHP,functions_list,menus.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12126,"function functions_list() { $navibars = new navibars(); $navitable = new navitable(""functions_list""); $navibars->title(t(244, 'Menus')); $navibars->add_actions( array( ' '.t(38, 'Create').'', ' '.t(39, 'List').'', 'search_form' )); if($_REQUEST['quicksearch']=='true') { $navitable->setInitialURL(""?fid="".$_REQUEST['fid'].'&act=json&_search=true&quicksearch='.$_REQUEST['navigate-quicksearch']); } $navitable->setURL('?fid='.$_REQUEST['fid'].'&act=json'); $navitable->sortBy('id'); $navitable->setDataIndex('id'); $navitable->setEditUrl('id', '?fid='.$_REQUEST['fid'].'&act=edit&id='); $navitable->addCol(""ID"", 'id', ""80"", ""true"", ""left""); $navitable->addCol(t(237, 'Code'), 'codename', ""100"", ""true"", ""left""); $navitable->addCol(t(242, 'Icon'), 'icon', ""50"", ""true"", ""center""); $navitable->addCol(t(67, 'Title'), 'lid', ""200"", ""true"", ""left""); $navitable->addCol(t(65, 'Enabled'), 'enabled', ""80"", ""true"", ""center""); $navibars->add_content($navitable->generate()); return $navibars->generate(); }",True,PHP,functions_list,menus.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12127,"function functions_list() { $navibars = new navibars(); $navitable = new navitable(""functions_list""); $navibars->title(t(244, 'Menus')); $navibars->add_actions( array( ' '.t(38, 'Create').'', ' '.t(39, 'List').'', 'search_form' )); if($_REQUEST['quicksearch']=='true') { $navitable->setInitialURL(""?fid="".$_REQUEST['fid'].'&act=json&_search=true&quicksearch='.$_REQUEST['navigate-quicksearch']); } $navitable->setURL('?fid='.$_REQUEST['fid'].'&act=json'); $navitable->sortBy('id'); $navitable->setDataIndex('id'); $navitable->setEditUrl('id', '?fid='.$_REQUEST['fid'].'&act=edit&id='); $navitable->addCol(""ID"", 'id', ""80"", ""true"", ""left""); $navitable->addCol(t(237, 'Code'), 'codename', ""100"", ""true"", ""left""); $navitable->addCol(t(242, 'Icon'), 'icon', ""50"", ""true"", ""center""); $navitable->addCol(t(67, 'Title'), 'lid', ""200"", ""true"", ""left""); $navitable->addCol(t(65, 'Enabled'), 'enabled', ""80"", ""true"", ""center""); $navibars->add_content($navitable->generate()); return $navibars->generate(); }",True,PHP,functions_list,menus.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12134,"function functions_form($item) { global $user; global $DB; global $website; global $layout; $navibars = new navibars(); $naviforms = new naviforms(); if(empty($item->id)) $navibars->title(t(244, 'Menus').' / '.t(38, 'Create')); else $navibars->title(t(244, 'Menus').' / '.t(170, 'Edit').' ['.$item->id.']'); if(empty($item->id)) { $navibars->add_actions( array( ' '.t(34, 'Save').'' ) ); } else { $navibars->add_actions( array( ' '.t(34, 'Save').'', ' '.t(35, 'Delete').'' ) ); $layout->add_script(' function navigate_delete_dialog() { navigate_confirmation_dialog( function() { window.location.href = ""?fid=menus&act=delete&id='.$item->id.'""; }, null, null, ""'.t(35, 'Delete').'"" ); } '); } $navibars->add_actions( array( (!empty($item->id)? ' '.t(38, 'Create').'' : ''), ' '.t(39, 'List').'', 'search_form' )); $navibars->form(); $navibars->add_tab(t(43, ""Main"")); $navibars->add_tab_content($naviforms->hidden('form-sent', 'true')); $navibars->add_tab_content($naviforms->hidden('id', $item->id)); $navibars->add_tab_content($naviforms->csrf_token()); $navibars->add_tab_content_row( array( '', ''.(!empty($item->id)? $item->id : t(52, '(new)')).'' ) );",True,PHP,functions_form,menus.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12135,"function functions_form($item) { global $user; global $DB; global $website; global $layout; $navibars = new navibars(); $naviforms = new naviforms(); if(empty($item->id)) $navibars->title(t(244, 'Menus').' / '.t(38, 'Create')); else $navibars->title(t(244, 'Menus').' / '.t(170, 'Edit').' ['.$item->id.']'); if(empty($item->id)) { $navibars->add_actions( array( ' '.t(34, 'Save').'' ) ); } else { $navibars->add_actions( array( ' '.t(34, 'Save').'', ' '.t(35, 'Delete').'' ) ); $layout->add_script(' function navigate_delete_dialog() { navigate_confirmation_dialog( function() { window.location.href = ""?fid=menus&act=delete&id='.$item->id.'""; }, null, null, ""'.t(35, 'Delete').'"" ); } '); } $navibars->add_actions( array( (!empty($item->id)? ' '.t(38, 'Create').'' : ''), ' '.t(39, 'List').'', 'search_form' )); $navibars->form(); $navibars->add_tab(t(43, ""Main"")); $navibars->add_tab_content($naviforms->hidden('form-sent', 'true')); $navibars->add_tab_content($naviforms->hidden('id', $item->id)); $navibars->add_tab_content($naviforms->csrf_token()); $navibars->add_tab_content_row( array( '', ''.(!empty($item->id)? $item->id : t(52, '(new)')).'' ) );",True,PHP,functions_form,menus.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12136,"function functions_form($item) { global $user; global $DB; global $website; global $layout; $navibars = new navibars(); $naviforms = new naviforms(); if(empty($item->id)) $navibars->title(t(244, 'Menus').' / '.t(38, 'Create')); else $navibars->title(t(244, 'Menus').' / '.t(170, 'Edit').' ['.$item->id.']'); if(empty($item->id)) { $navibars->add_actions( array( ' '.t(34, 'Save').'' ) ); } else { $navibars->add_actions( array( ' '.t(34, 'Save').'', ' '.t(35, 'Delete').'' ) ); $layout->add_script(' function navigate_delete_dialog() { navigate_confirmation_dialog( function() { window.location.href = ""?fid=menus&act=delete&id='.$item->id.'""; }, null, null, ""'.t(35, 'Delete').'"" ); } '); } $navibars->add_actions( array( (!empty($item->id)? ' '.t(38, 'Create').'' : ''), ' '.t(39, 'List').'', 'search_form' )); $navibars->form(); $navibars->add_tab(t(43, ""Main"")); $navibars->add_tab_content($naviforms->hidden('form-sent', 'true')); $navibars->add_tab_content($naviforms->hidden('id', $item->id)); $navibars->add_tab_content($naviforms->csrf_token()); $navibars->add_tab_content_row( array( '', ''.(!empty($item->id)? $item->id : t(52, '(new)')).'' ) );",True,PHP,functions_form,menus.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12143,"public function load_from_post() { if(intval($_REQUEST['parent'])!=$this->id) { $this->parent = intval($_REQUEST['parent']); } $this->template = $_REQUEST['template']; $this->access = intval($_REQUEST['access']); $this->groups = $_REQUEST['groups']; if($this->access < 3) { $this->groups = array(); } $this->permission = intval($_REQUEST['permission']); $this->visible = intval($_REQUEST['visible']); $this->date_published = (empty($_REQUEST['date_published'])? '' : core_date2ts($_REQUEST['date_published'])); $this->date_unpublish = (empty($_REQUEST['date_unpublish'])? '' : core_date2ts($_REQUEST['date_unpublish'])); $this->dictionary = array(); $this->paths = array(); $fields = array('title', 'action-type', 'action-jump-item', 'action-jump-branch', 'action-new-window', 'action-masked-redirect'); foreach($_REQUEST as $key => $value) { if(empty($value)) { continue; } foreach($fields as $field) { if(substr($key, 0, strlen($field.'-'))==$field.'-') { $this->dictionary[substr($key, strlen($field.'-'))][$field] = $value; } } if(substr($key, 0, strlen('path-'))=='path-') { $this->paths[substr($key, strlen('path-'))] = $value; } } }",True,PHP,load_from_post,structure.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12144,"public function load_from_post() { if(intval($_REQUEST['parent'])!=$this->id) { $this->parent = intval($_REQUEST['parent']); } $this->template = $_REQUEST['template']; $this->access = intval($_REQUEST['access']); $this->groups = $_REQUEST['groups']; if($this->access < 3) { $this->groups = array(); } $this->permission = intval($_REQUEST['permission']); $this->visible = intval($_REQUEST['visible']); $this->date_published = (empty($_REQUEST['date_published'])? '' : core_date2ts($_REQUEST['date_published'])); $this->date_unpublish = (empty($_REQUEST['date_unpublish'])? '' : core_date2ts($_REQUEST['date_unpublish'])); $this->dictionary = array(); $this->paths = array(); $fields = array('title', 'action-type', 'action-jump-item', 'action-jump-branch', 'action-new-window', 'action-masked-redirect'); foreach($_REQUEST as $key => $value) { if(empty($value)) { continue; } foreach($fields as $field) { if(substr($key, 0, strlen($field.'-'))==$field.'-') { $this->dictionary[substr($key, strlen($field.'-'))][$field] = $value; } } if(substr($key, 0, strlen('path-'))=='path-') { $this->paths[substr($key, strlen('path-'))] = $value; } } }",True,PHP,load_from_post,structure.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12145,"public function load_from_post() { if(intval($_REQUEST['parent'])!=$this->id) { $this->parent = intval($_REQUEST['parent']); } $this->template = $_REQUEST['template']; $this->access = intval($_REQUEST['access']); $this->groups = $_REQUEST['groups']; if($this->access < 3) { $this->groups = array(); } $this->permission = intval($_REQUEST['permission']); $this->visible = intval($_REQUEST['visible']); $this->date_published = (empty($_REQUEST['date_published'])? '' : core_date2ts($_REQUEST['date_published'])); $this->date_unpublish = (empty($_REQUEST['date_unpublish'])? '' : core_date2ts($_REQUEST['date_unpublish'])); $this->dictionary = array(); $this->paths = array(); $fields = array('title', 'action-type', 'action-jump-item', 'action-jump-branch', 'action-new-window', 'action-masked-redirect'); foreach($_REQUEST as $key => $value) { if(empty($value)) { continue; } foreach($fields as $field) { if(substr($key, 0, strlen($field.'-'))==$field.'-') { $this->dictionary[substr($key, strlen($field.'-'))][$field] = $value; } } if(substr($key, 0, strlen('path-'))=='path-') { $this->paths[substr($key, strlen('path-'))] = $value; } } }",True,PHP,load_from_post,structure.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12146,"foreach($fields as $field) { if(substr($key, 0, strlen($field.'-'))==$field.'-') { $this->dictionary[substr($key, strlen($field.'-'))][$field] = $value; } }",True,PHP,foreach,structure.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13796,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12147,"foreach($fields as $field) { if(substr($key, 0, strlen($field.'-'))==$field.'-') { $this->dictionary[substr($key, strlen($field.'-'))][$field] = $value; } }",True,PHP,foreach,structure.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13797,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12148,"foreach($fields as $field) { if(substr($key, 0, strlen($field.'-'))==$field.'-') { $this->dictionary[substr($key, strlen($field.'-'))][$field] = $value; } }",True,PHP,foreach,structure.class.php,https://github.com/NavigateCMS/Navigate-CMS,NavigateCMS,NavigateCMS,2020-05-17 16:16:05+02:00,+ HTML Purify some fields to prevent XSS attacks,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-13798,"public function delete() { global $db, $history; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['id'])) { flash('error', gt('Missing id for the comment you would like to delete')); $lastUrl = expHistory::getLast('editable'); } $simplenote = new expSimpleNote($this->params['id']); $rows = $simplenote->delete(); $db->delete($simplenote->attachable_table, 'expsimplenote_id='.$this->params['id']); $lastUrl = expHistory::getLast('editable'); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12157,"$sort = in_array(strtolower($val), array('asc', 'desc')) ? ' ' . $val : ''; $array[] = $this->parseKey($key, true) . $sort; } }",True,PHP,array,Driver.class.php,https://github.com/top-think/thinkphp,top-think,thinkphp,2018-10-08 21:54:51+08:00,改进,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-18546,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12158,"public function loginAction() { $t = Zend_Registry::get('translate'); $this->view->headTitle($t->_('login')); $this->view->layout()->setLayout('basic'); $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $this->_redirect('/index'); } $request = $this->getRequest(); $redirect = $request->getPost('redirect'); if (strlen($redirect) == 0) $redirect = $request->getServer('REQUEST_URI'); if (strlen($redirect) == 0) $redirect = '/index'; $request = $this->getRequest(); $form = new Default_Form_Login(); if ($this->getRequest()->getParam('message')) { $form->addErrorMessage($this->getRequest()->getParam('message')); } if ($this->getRequest()->isPost() && $form->isValid($request->getPost())) { $authAdapter = new Zend_Auth_Adapter_DbTable( Zend_Registry::get('writedb'), 'administrator', 'username', 'password', 'ENCRYPT(?, SUBSTRING(password,1,2))' ); $authAdapter2 = new Zend_Auth_Adapter_DbTable( Zend_Registry::get('writedb'), 'administrator', 'username', 'password', 'ENCRYPT(?, SUBSTR(password, 1,12))' ); $authAdapter4 = new Zend_Auth_Adapter_DbTable( Zend_Registry::get('writedb'), 'administrator', 'username', 'password', 'ENCRYPT(?, SUBSTR(password, 1, LOCATE(\'$\', password, LOCATE(\'$\', password, 4)+1)))' ); $authAdapter3 = new Zend_Auth_Adapter_DbTable( Zend_Registry::get('writedb'), 'administrator', 'username', 'password', 'MD5(?)' ); $givenusername = $this->getRequest()->getParam('username'); $givenpassword = $this->getRequest()->getParam('password'); $authAdapter->setIdentity($givenusername)->setCredential($givenpassword); $authAdapter2->setIdentity($givenusername)->setCredential($givenpassword); $authAdapter3->setIdentity($givenusername)->setCredential($givenpassword); $authAdapter4->setIdentity($givenusername)->setCredential($givenpassword); $authpassed = false; $result = $auth->authenticate($authAdapter4); if ($result->isValid()) { $authpassed = true; } else { $result = $auth->authenticate($authAdapter3); if ($result->isValid()) { $authpassed = true; } else { $result = $auth->authenticate($authAdapter2); if ($result->isValid()) { $authpassed = true; } else { $result = $auth->authenticate($authAdapter); if ($result->isValid()) { $authpassed = true; } } } } if ($authpassed) { $user = new Default_Model_Administrator(); $user->find($givenusername); Zend_Registry::set('user', $user); $user->checkPasswordEncryptionSheme($givenpassword); $this->_redirect($redirect); } else { $form->addError('badCredentials'); } } else { if ($this->getRequest()->isPost()) { $form->addError('badDataGiven'); } } $this->view->error = ''; if (count($form->getErrorMessages() > 0)) { $this->view->error = $t->_(array_pop($form->getErrorMessages())); } $this->view->form = $form; $this->view->headLink()->appendStylesheet($this->view->css_path.'/login.css'); }",True,PHP,loginAction,UserController.php,https://github.com/MailCleaner/MailCleaner,MailCleaner,GitHub,2018-10-24 11:47:23+02:00,"Bug fix - Issue #53 Bug fix of a XSS issue on MailCleaner login (administration) interface. See issue #53 The ""message"" parameter was only used for the logoutAction(). However, the parameter was not checked and not escaped.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-18635,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12161,"public function save(){ $cat_name = I(""cat_name""); $s_number = I(""s_number/d"") ? I(""s_number/d"") : 99 ; $cat_id = I(""cat_id/d"")? I(""cat_id/d"") : 0; $parent_cat_id = I(""parent_cat_id/d"")? I(""parent_cat_id/d"") : 0; $item_id = I(""item_id/d""); $login_user = $this->checkLogin(); if (!$this->checkItemPermn($login_user['uid'] , $item_id)) { $this->sendError(10103); return; } if (!$cat_name) { return; } if ($parent_cat_id && $parent_cat_id == $cat_id) { $this->sendError(10101,""上级目录不能选择自身""); return; } $data['cat_name'] = $cat_name ; $data['s_number'] = $s_number ; $data['item_id'] = $item_id ; $data['parent_cat_id'] = $parent_cat_id ; if ($parent_cat_id > 0 ) { $row = D(""Catalog"")->where("" cat_id = '$parent_cat_id' "")->find() ; $data['level'] = $row['level'] +1 ; }else{ $data['level'] = 2; } if ($cat_id > 0 ) { if (D(""Catalog"")->where("" parent_cat_id = '$cat_id' "")->find() && $data['level'] == 4 ) { $this->sendError(10101,""该目录含有子目录,不允许转为底层目录。""); return; } $ret = D(""Catalog"")->where("" cat_id = '$cat_id' "")->save($data); $return = D(""Catalog"")->where("" cat_id = '$cat_id' "")->find(); }else{ $data['addtime'] = time(); $cat_id = D(""Catalog"")->add($data); $return = D(""Catalog"")->where("" cat_id = '$cat_id' "")->find(); } if (!$return) { $return['error_code'] = 10103 ; $return['error_message'] = 'request fail' ; } $this->sendResult($return); }",True,PHP,save,CatalogController.class.php,https://github.com/star7th/showdoc,star7th,GitHub,2018-11-28 10:13:59+08:00,Update CatalogController.class.php,CWE-425,Direct Request ('Forced Browsing'),"The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.",https://cwe.mitre.org/data/definitions/425.html,CVE-2018-19620,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12162,"public function addUser(){ $login_user = $this->checkLogin(); $this->checkAdmin(); $username = I(""post.username""); $password = I(""post.password""); $uid = I(""post.uid""); $name = I(""post.name""); if(!$username){ $this->sendError(10101,'用户名不允许为空'); return ; } if($uid){ if($password){ D(""User"")->updatePwd($uid, $password); } if($name){ D(""User"")->where("" uid = '$uid' "")->save(array(""name""=>$name)); } $this->sendResult(array()); }else{ if (D(""User"")->isExist($username)) { $this->sendError(10101,L('username_exists')); return ; } $new_uid = D(""User"")->register($username,$password); if (!$new_uid) { $this->sendError(10101); }else{ if($name){ D(""User"")->where("" uid = '$new_uid' "")->save(array(""name""=>$name)); } $this->sendResult($return); } } }",True,PHP,addUser,AdminUserController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-01-25 20:34:52+08:00,bug,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-0362,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12164,"public function upload($_files , $file_key , $uid , $item_id = 0 , $page_id = 0 ){ $uploadFile = $_files[$file_key] ; if (strstr(strip_tags(strtolower($uploadFile['name'])), "".php"") || strstr(strip_tags(strtolower($uploadFile['name'])), "".php"") || strstr(strip_tags(strtolower($uploadFile['name'])), "".svg"") ) { return false; } $oss_open = D(""Options"")->get(""oss_open"" ) ; if ($oss_open) { $url = $this->uploadOss($uploadFile); if ($url) { $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } }else{ $upload = new \Think\Upload(); $upload->maxSize = 1003145728 ; $upload->rootPath = './../Public/Uploads/'; $upload->savePath = ''; $info = $upload->uploadOne($uploadFile) ; if(!$info) { var_dump($upload->getError()); return; }else{ $url = site_url().'/Public/Uploads/'.$info['savepath'].$info['savename'] ; $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } } return false; }",True,PHP,upload,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-01-26 20:38:00+08:00,File upload vulnerability,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-0409,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12176,"public function upload($_files , $file_key , $uid , $item_id = 0 , $page_id = 0 ){ $uploadFile = $_files[$file_key] ; if($this->isDangerFilename($uploadFile['name'])){ return false; } $oss_open = D(""Options"")->get(""oss_open"" ) ; if ($oss_open) { $url = $this->uploadOss($uploadFile); if ($url) { $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } }else{ $upload = new \Think\Upload(); $upload->maxSize = 1003145728 ; $upload->rootPath = './../Public/Uploads/'; $upload->savePath = ''; $info = $upload->uploadOne($uploadFile) ; if(!$info) { var_dump($upload->getError()); return; }else{ $url = site_url().'/Public/Uploads/'.$info['savepath'].$info['savename'] ; $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } } return false; }",True,PHP,upload,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 17:46:33+08:00,file upload bug,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-0950,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12177,"public function upload($_files , $file_key , $uid , $item_id = 0 , $page_id = 0 ){ $uploadFile = $_files[$file_key] ; if($this->isDangerFilename($uploadFile['name'])){ return false; } $oss_open = D(""Options"")->get(""oss_open"" ) ; if ($oss_open) { $url = $this->uploadOss($uploadFile); if ($url) { $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } }else{ $upload = new \Think\Upload(); $upload->maxSize = 1003145728 ; $upload->rootPath = './../Public/Uploads/'; $upload->savePath = ''; $info = $upload->uploadOne($uploadFile) ; if(!$info) { var_dump($upload->getError()); return; }else{ $url = site_url().'/Public/Uploads/'.$info['savepath'].$info['savename'] ; $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } } return false; }",True,PHP,upload,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 17:46:33+08:00,file upload bug,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0951,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12178,"public function isAllowedFilename($filename){ $allow_array = array( '.jpg','.jpeg','.png','.bmp','.gif','.ico','.webp', '.mp3','.wav','.m4a','.ogg','.webma','.mp4','.flv', '.mov','.webmv','.m3u8a','.flac','.mkv', '.zip','.tar','.gz','.tgz','.ipa','.apk','.rar','.iso','.bz2','.epub', '.pdf','.ofd','.swf','.epub','.xps', '.doc','.docx','.odt','.rtf','.docm','.dotm','.dot','.dotx','.wps','.wpt', '.ppt','.pptx','.xls','.xlsx','.txt','.md','.psd','.csv', '.cer','.ppt','.pub','.properties','.json','.css', ) ; $ext = strtolower(substr($filename,strripos($filename,'.')) ); if(in_array( $ext , $allow_array ) ){ return true ; } return false; }",True,PHP,isAllowedFilename,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 20:15:13+08:00,file upload bug,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0956,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12181,"public function isAllowedFilename($filename){ $allow_array = array( '.jpg','.jpeg','.png','.bmp','.gif','.ico','.webp', '.mp3','.wav','.m4a','.ogg','.webma','.mp4','.flv', '.mov','.webmv','.flac','.mkv', '.zip','.tar','.gz','.tgz','.ipa','.apk','.rar','.iso','.bz2','.epub', '.pdf','.ofd','.swf','.epub','.xps', '.doc','.docx','.odt','.rtf','.docm','.dotm','.dot','.dotx','.wps', '.ppt','.pptx','.xls','.xlsx','.txt','.psd','.csv', '.cer','.ppt','.pub','.properties','.json','.css', ) ; $ext = strtolower(substr($filename,strripos($filename,'.')) ); if(in_array( $ext , $allow_array ) ){ return true ; } return false; }",True,PHP,isAllowedFilename,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 22:36:28+08:00,file upload bug,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0960,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12182,"public function isAllowedFilename($filename){ $allow_array = array( '.jpg','.jpeg','.png','.bmp','.gif','.ico','.webp', '.mp3','.wav','.mp4', '.mov','.webmv','.flac','.mkv', '.zip','.tar','.gz','.tgz','.ipa','.apk','.rar','.iso', '.pdf','.ofd','.swf','.epub','.xps', '.doc','.docx','.wps', '.ppt','.pptx','.xls','.xlsx','.txt','.psd','.csv', '.cer','.ppt','.pub','.json','.css', ) ; $ext = strtolower(substr($filename,strripos($filename,'.')) ); if(in_array( $ext , $allow_array ) ){ return true ; } return false; }",True,PHP,isAllowedFilename,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 23:26:49+08:00,Upload file vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0942,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12183,"public function isAllowedFilename($filename){ $allow_array = array( '.jpg','.jpeg','.png','.bmp','.gif','.ico','.webp', '.mp3','.wav','.mp4', '.mov','.webmv','.flac','.mkv', '.zip','.tar','.gz','.tgz','.ipa','.apk','.rar','.iso', '.pdf','.ofd','.swf','.epub','.xps', '.doc','.docx','.wps', '.ppt','.pptx','.xls','.xlsx','.txt','.psd','.csv', '.cer','.ppt','.pub','.json','.css', ) ; $ext = strtolower(substr($filename,strripos($filename,'.')) ); if(in_array( $ext , $allow_array ) ){ return true ; } return false; }",True,PHP,isAllowedFilename,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 23:26:49+08:00,Upload file vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0962,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12184,"public function isAllowedFilename($filename){ $allow_array = array( '.jpg','.jpeg','.png','.bmp','.gif','.ico','.webp', '.mp3','.wav','.mp4', '.mov','.webmv','.flac','.mkv', '.zip','.tar','.gz','.tgz','.ipa','.apk','.rar','.iso', '.pdf','.ofd','.swf','.epub','.xps', '.doc','.docx','.wps', '.ppt','.pptx','.xls','.xlsx','.txt','.psd','.csv', '.cer','.ppt','.pub','.json','.css', ) ; $ext = strtolower(substr($filename,strripos($filename,'.')) ); if(in_array( $ext , $allow_array ) ){ return true ; } return false; }",True,PHP,isAllowedFilename,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 23:26:49+08:00,Upload file vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0964,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12185,"public function isAllowedFilename($filename){ $allow_array = array( '.jpg','.jpeg','.png','.bmp','.gif','.ico','.webp', '.mp3','.wav','.mp4', '.mov','.webmv','.flac','.mkv', '.zip','.tar','.gz','.tgz','.ipa','.apk','.rar','.iso', '.pdf','.ofd','.swf','.epub','.xps', '.doc','.docx','.wps', '.ppt','.pptx','.xls','.xlsx','.txt','.psd','.csv', '.cer','.ppt','.pub','.json','.css', ) ; $ext = strtolower(substr($filename,strripos($filename,'.')) ); if(in_array( $ext , $allow_array ) ){ return true ; } return false; }",True,PHP,isAllowedFilename,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 23:26:49+08:00,Upload file vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0965,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12186,"public function isAllowedFilename($filename){ $allow_array = array( '.jpg','.jpeg','.png','.bmp','.gif','.ico','.webp', '.mp3','.wav','.mp4', '.mov','.webmv','.flac','.mkv', '.zip','.tar','.gz','.tgz','.ipa','.apk','.rar','.iso', '.pdf','.ofd','.swf','.epub','.xps', '.doc','.docx','.wps', '.ppt','.pptx','.xls','.xlsx','.txt','.psd','.csv', '.cer','.ppt','.pub','.json','.css', ) ; $ext = strtolower(substr($filename,strripos($filename,'.')) ); if(in_array( $ext , $allow_array ) ){ return true ; } return false; }",True,PHP,isAllowedFilename,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 23:26:49+08:00,Upload file vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0966,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12187,"public function isAllowedFilename($filename){ $allow_array = array( '.jpg','.jpeg','.png','.bmp','.gif','.ico','.webp', '.mp3','.wav','.mp4', '.mov','.webmv','.flac','.mkv', '.zip','.tar','.gz','.tgz','.ipa','.apk','.rar','.iso', '.pdf','.ofd','.swf','.epub','.xps', '.doc','.docx','.wps', '.ppt','.pptx','.xls','.xlsx','.txt','.psd','.csv', '.cer','.ppt','.pub','.json','.css', ) ; $ext = strtolower(substr($filename,strripos($filename,'.')) ); if(in_array( $ext , $allow_array ) ){ return true ; } return false; }",True,PHP,isAllowedFilename,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 23:26:49+08:00,Upload file vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0967,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12200,"public function upload($_files , $file_key , $uid , $item_id = 0 , $page_id = 0 ){ $uploadFile = $_files[$file_key] ; if( !$this->isAllowedFilename($_files[$file_key]['name']) ){ return false; } $oss_open = D(""Options"")->get(""oss_open"" ) ; if ($oss_open) { $url = $this->uploadOss($uploadFile); if ($url) { $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } }else{ $upload = new \Think\Upload(); $upload->maxSize = 1003145728 ; $upload->rootPath = './../Public/Uploads/'; $upload->savePath = ''; $info = $upload->uploadOne($uploadFile) ; if(!$info) { var_dump($upload->getError()); return; }else{ $url = site_url().'/Public/Uploads/'.$info['savepath'].$info['savename'] ; $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } } return false; }",True,PHP,upload,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 23:26:49+08:00,Upload file vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0942,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12201,"public function upload($_files , $file_key , $uid , $item_id = 0 , $page_id = 0 ){ $uploadFile = $_files[$file_key] ; if( !$this->isAllowedFilename($_files[$file_key]['name']) ){ return false; } $oss_open = D(""Options"")->get(""oss_open"" ) ; if ($oss_open) { $url = $this->uploadOss($uploadFile); if ($url) { $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } }else{ $upload = new \Think\Upload(); $upload->maxSize = 1003145728 ; $upload->rootPath = './../Public/Uploads/'; $upload->savePath = ''; $info = $upload->uploadOne($uploadFile) ; if(!$info) { var_dump($upload->getError()); return; }else{ $url = site_url().'/Public/Uploads/'.$info['savepath'].$info['savename'] ; $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } } return false; }",True,PHP,upload,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 23:26:49+08:00,Upload file vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0962,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12202,"public function upload($_files , $file_key , $uid , $item_id = 0 , $page_id = 0 ){ $uploadFile = $_files[$file_key] ; if( !$this->isAllowedFilename($_files[$file_key]['name']) ){ return false; } $oss_open = D(""Options"")->get(""oss_open"" ) ; if ($oss_open) { $url = $this->uploadOss($uploadFile); if ($url) { $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } }else{ $upload = new \Think\Upload(); $upload->maxSize = 1003145728 ; $upload->rootPath = './../Public/Uploads/'; $upload->savePath = ''; $info = $upload->uploadOne($uploadFile) ; if(!$info) { var_dump($upload->getError()); return; }else{ $url = site_url().'/Public/Uploads/'.$info['savepath'].$info['savename'] ; $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } } return false; }",True,PHP,upload,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 23:26:49+08:00,Upload file vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0964,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12203,"public function upload($_files , $file_key , $uid , $item_id = 0 , $page_id = 0 ){ $uploadFile = $_files[$file_key] ; if( !$this->isAllowedFilename($_files[$file_key]['name']) ){ return false; } $oss_open = D(""Options"")->get(""oss_open"" ) ; if ($oss_open) { $url = $this->uploadOss($uploadFile); if ($url) { $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } }else{ $upload = new \Think\Upload(); $upload->maxSize = 1003145728 ; $upload->rootPath = './../Public/Uploads/'; $upload->savePath = ''; $info = $upload->uploadOne($uploadFile) ; if(!$info) { var_dump($upload->getError()); return; }else{ $url = site_url().'/Public/Uploads/'.$info['savepath'].$info['savename'] ; $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } } return false; }",True,PHP,upload,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 23:26:49+08:00,Upload file vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0965,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12204,"public function upload($_files , $file_key , $uid , $item_id = 0 , $page_id = 0 ){ $uploadFile = $_files[$file_key] ; if( !$this->isAllowedFilename($_files[$file_key]['name']) ){ return false; } $oss_open = D(""Options"")->get(""oss_open"" ) ; if ($oss_open) { $url = $this->uploadOss($uploadFile); if ($url) { $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } }else{ $upload = new \Think\Upload(); $upload->maxSize = 1003145728 ; $upload->rootPath = './../Public/Uploads/'; $upload->savePath = ''; $info = $upload->uploadOne($uploadFile) ; if(!$info) { var_dump($upload->getError()); return; }else{ $url = site_url().'/Public/Uploads/'.$info['savepath'].$info['savename'] ; $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } } return false; }",True,PHP,upload,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 23:26:49+08:00,Upload file vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0966,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12205,"public function upload($_files , $file_key , $uid , $item_id = 0 , $page_id = 0 ){ $uploadFile = $_files[$file_key] ; if( !$this->isAllowedFilename($_files[$file_key]['name']) ){ return false; } $oss_open = D(""Options"")->get(""oss_open"" ) ; if ($oss_open) { $url = $this->uploadOss($uploadFile); if ($url) { $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } }else{ $upload = new \Think\Upload(); $upload->maxSize = 1003145728 ; $upload->rootPath = './../Public/Uploads/'; $upload->savePath = ''; $info = $upload->uploadOne($uploadFile) ; if(!$info) { var_dump($upload->getError()); return; }else{ $url = site_url().'/Public/Uploads/'.$info['savepath'].$info['savename'] ; $sign = md5($url.time().rand()) ; $insert = array( ""sign"" => $sign, ""uid"" => $uid, ""item_id"" => $item_id, ""page_id"" => $page_id, ""display_name"" => $uploadFile['name'], ""file_type"" => $uploadFile['type'], ""file_size"" => $uploadFile['size'], ""real_url"" => $url, ""addtime"" => time(), ); $file_id = D(""UploadFile"")->add($insert); $insert = array( ""file_id"" => $file_id, ""item_id"" => $item_id, ""page_id"" => $page_id, ""addtime"" => time(), ); $ret = D(""FilePage"")->add($insert); $url = server_url(""api/attachment/visitFile"",array(""sign"" => $sign)); return $url ; } } return false; }",True,PHP,upload,AttachmentModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-14 23:26:49+08:00,Upload file vulnerability,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0967,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12206,"public function download(){ $this->checkLogin(); $this->checkAdmin(); set_time_limit(1000); ini_set('memory_limit','500M'); $new_version = I(""new_version"") ; $file_url = I(""file_url"") ; $version_num = str_replace(""v"","""",$new_version) ; $showdoc_path = ""../"" ; if(!$this->new_is_writeable($showdoc_path) || !$this->new_is_writeable($showdoc_path.""Sqlite/"" ) || !$this->new_is_writeable($showdoc_path.""web/"" ) || !$this->new_is_writeable($showdoc_path.""web/index.php"" ) || !$this->new_is_writeable($showdoc_path.""server/"" ) || !$this->new_is_writeable($showdoc_path.""server/vendor/autoload.php"" ) || !$this->new_is_writeable($showdoc_path.""server/Application/Api"" ) ){ $this->sendError(10101,'请手动给showdoc安装目录下的所有文件可写权限,否则程序无法覆盖旧文件'); return ; } $temp_dir = sys_get_temp_dir().""/showdoc_update/""; $zip_file = $temp_dir.'showdoc-'.$version_num.'.zip' ; mkdir($temp_dir) ; unlink($zip_file); $file = file_get_contents($file_url); file_put_contents($zip_file,$file); $zip = new \ZipArchive(); $flag = $zip->open($zip_file); if($flag!==true){ $this->sendError(10101,'下载更新压缩包失败'); return ; } $zip->extractTo($temp_dir); $flag = $zip->close(); $zip_file_subpath = $temp_dir.'showdoc-'.$version_num.""/"" ; if(file_exists($zip_file_subpath.'composer.json') && file_exists($zip_file_subpath.'web/index.php') && file_exists($zip_file_subpath.'server/vendor/autoload.php') ){ $this->copydir($zip_file_subpath ,$showdoc_path.'Public/Uploads/update/' ); $this->deldir($temp_dir); $this->sendResult(array()); }else{ $this->sendError(10101,'下载更新压缩包后,解压的文件缺失'); return ; } }",True,PHP,download,AdminUpdateController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2022-03-20 16:07:48+08:00,Security update / 安全性更新,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-1034,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12209,"public function saveLdapConfig(){ $login_user = $this->checkLogin(); $this->checkAdmin(); $ldap_open = intval(I(""ldap_open"")) ; $ldap_form = I(""ldap_form"") ; if ($ldap_open) { if (!$ldap_form['user_field']) { $ldap_form['user_field'] = 'cn'; } if( !extension_loaded( 'ldap' ) ) { $this->sendError(10011,""你尚未安装php-ldap扩展。如果是普通PHP环境,请手动安装之。如果是使用之前官方docker镜像,则需要重新安装镜像。方法是:备份 /showdoc_data 整个目录,然后全新安装showdoc,接着用备份覆盖/showdoc_data 。然后递归赋予777可写权限。""); return ; } $ldap_conn = ldap_connect($ldap_form['host'], $ldap_form['port']); if (!$ldap_conn) { $this->sendError(10011,""Can't connect to LDAP server""); return ; } ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $ldap_form['version']); $rs=ldap_bind($ldap_conn, $ldap_form['bind_dn'], $ldap_form['bind_password']); if (!$rs) { $this->sendError(10011,""Can't bind to LDAP server""); return ; } $result = ldap_search($ldap_conn,$ldap_form['base_dn'],""(cn=*)""); $data = ldap_get_entries($ldap_conn, $result); for ($i=0; $i<$data[""count""]; $i++) { $ldap_user = $data[$i][$ldap_form['user_field']][0] ; if (!$ldap_user) { continue ; } if(!D(""User"")->isExist($ldap_user)){ D(""User"")->register($ldap_user,$ldap_user.time()); } } D(""Options"")->set(""ldap_form"" , json_encode( $ldap_form)) ; } D(""Options"")->set(""ldap_open"" ,$ldap_open) ; $this->sendResult(array()); }",True,PHP,saveLdapConfig,AdminSettingController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-11-20 20:58:35+08:00,Enhanced LDAP user password / 增强ldap用户密码,CWE-338,Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG),"The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.",https://cwe.mitre.org/data/definitions/338.html,CVE-2021-3990,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12211,"public function checkLdapLogin(){ $username = 'admin'; $password = '123456'; $ldap_open = D(""Options"")->get(""ldap_open"" ) ; $ldap_form = D(""Options"")->get(""ldap_form"" ) ; $ldap_form = json_decode($ldap_form,1); if (!$ldap_open) { return ; } if (!$ldap_form['user_field']) { $ldap_form['user_field'] = 'cn'; } $ldap_conn = ldap_connect($ldap_form['host'], $ldap_form['port']); if (!$ldap_conn) { $this->sendError(10011,""Can't connect to LDAP server""); return ; } ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $ldap_form['version']); $rs=ldap_bind($ldap_conn, $ldap_form['bind_dn'], $ldap_form['bind_password']); if (!$rs) { $this->sendError(10011,""Can't bind to LDAP server""); return ; } $result = ldap_search($ldap_conn,$ldap_form['base_dn'],""(cn=*)""); $data = ldap_get_entries($ldap_conn, $result); for ($i=0; $i<$data[""count""]; $i++) { $ldap_user = $data[$i][$ldap_form['user_field']][0] ; $dn = $data[$i][""dn""] ; if ($ldap_user == $username) { $userInfo = D(""User"")->isExist($username) ; if(!$userInfo){ D(""User"")->register($ldap_user,$ldap_user.time()); } $rs2=ldap_bind($ldap_conn, $dn , $password); if ($rs2) { D(""User"")->updatePwd($userInfo['uid'], $password); $this->sendResult(array()); return ; } } } $this->sendError(10011,""用户名或者密码错误""); }",True,PHP,checkLdapLogin,AdminSettingController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-11-20 20:58:35+08:00,Enhanced LDAP user password / 增强ldap用户密码,CWE-338,Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG),"The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.",https://cwe.mitre.org/data/definitions/338.html,CVE-2021-3990,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12212,"public function checkLdapLogin($username ,$password ){ $ldap_open = D(""Options"")->get(""ldap_open"" ) ; $ldap_form = D(""Options"")->get(""ldap_form"" ) ; $ldap_form = json_decode($ldap_form,1); if (!$ldap_open) { return false; } if (!$ldap_form['user_field']) { $ldap_form['user_field'] = 'cn'; } $ldap_conn = ldap_connect($ldap_form['host'], $ldap_form['port']); if (!$ldap_conn) { return false; } ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $ldap_form['version']); $rs=ldap_bind($ldap_conn, $ldap_form['bind_dn'], $ldap_form['bind_password']); if (!$rs) { return false ; } $result = ldap_search($ldap_conn,$ldap_form['base_dn'],""(cn=*)""); $data = ldap_get_entries($ldap_conn, $result); for ($i=0; $i<$data[""count""]; $i++) { $ldap_user = $data[$i][$ldap_form['user_field']][0] ; $dn = $data[$i][""dn""] ; if ($ldap_user == $username) { $userInfo = D(""User"")->isExist($username) ; if(!$userInfo){ D(""User"")->register($ldap_user,$ldap_user.time()); } $rs2=ldap_bind($ldap_conn, $dn , $password); if ($rs2) { D(""User"")->updatePwd($userInfo['uid'], $password); return $this->checkLogin($username,$password); } } } return false ; }",True,PHP,checkLdapLogin,UserModel.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-11-20 20:58:35+08:00,Enhanced LDAP user password / 增强ldap用户密码,CWE-338,Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG),"The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.",https://cwe.mitre.org/data/definitions/338.html,CVE-2021-3990,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12216,"public function attorn(){ $login_user = $this->checkLogin(); $this->checkAdmin(); $username = I(""username""); $item_id = I(""item_id/d""); $item = D(""Item"")->where(""item_id = '$item_id' "")->find(); $member = D(""User"")->where("" username = '%s' "",array($username))->find(); if (!$member) { $this->sendError(10209); return ; } $data['username'] = $member['username'] ; $data['uid'] = $member['uid'] ; $id = D(""Item"")->where("" item_id = '$item_id' "")->save($data); $return = D(""Item"")->where(""item_id = '$item_id' "")->find(); if (!$return) { $this->sendError(10101); return ; } $this->sendResult($return); }",True,PHP,attorn,AdminItemController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12217,"public function deleteItem(){ $login_user = $this->checkLogin(); $this->checkAdmin(); $item_id = I(""item_id/d""); $return = D(""Item"")->soft_delete_item($item_id); if (!$return) { $this->sendError(10101); }else{ $this->sendResult($return); } }",True,PHP,deleteItem,AdminItemController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12221,"public function deleteUser(){ $login_user = $this->checkLogin(); $this->checkAdmin(); $uid = I(""uid/d""); if (D(""Item"")->where(""uid = '$uid' and is_del = 0 "")->find()) { $this->sendError(10101,""该用户名下还有项目,不允许删除。请先将其项目删除或者重新分配/转让""); return ; } $return = D(""User"")->delete_user($uid); if (!$return) { $this->sendError(10101); }else{ $this->sendResult($return); } }",True,PHP,deleteUser,AdminUserController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12222,"public function changePassword(){ $login_user = $this->checkLogin(); $this->checkAdmin(); $uid = I(""uid/d""); $new_password = I(""new_password""); $return = D(""User"")->updatePwd($uid, $new_password); if (!$return) { $this->sendError(10101); }else{ $this->sendResult($return); } }",True,PHP,changePassword,AdminUserController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12225,"public function addUser(){ $login_user = $this->checkLogin(); $this->checkAdmin(); $username = I(""username""); $password = I(""password""); $uid = I(""uid""); $name = I(""name""); if(!$username){ $this->sendError(10101,'用户名不允许为空'); return ; } if($uid){ if($password){ D(""User"")->updatePwd($uid, $password); } if($name){ D(""User"")->where("" uid = '$uid' "")->save(array(""name""=>$name)); } $this->sendResult(array()); }else{ if (D(""User"")->isExist($username)) { $this->sendError(10101,L('username_exists')); return ; } $new_uid = D(""User"")->register($username,$password); if (!$new_uid) { $this->sendError(10101); }else{ if($name){ D(""User"")->where("" uid = '$new_uid' "")->save(array(""name""=>$name)); } $this->sendResult($return); } } }",True,PHP,addUser,AdminUserController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12226,"public function delete(){ $cat_id = I(""cat_id/d"")? I(""cat_id/d"") : 0; $cat = D(""Catalog"")->where("" cat_id = '$cat_id' "")->find(); $item_id = $cat['item_id']; $login_user = $this->checkLogin(); if (!$this->checkItemEdit($login_user['uid'] , $item_id)) { $return['error_code'] = -1 ; $return['error_message'] = L('no_permissions'); $this->sendResult($return); return; } if ($cat_id > 0 ) { $ret = D(""Catalog"")->deleteCat($cat_id); } if ($ret) { $this->sendResult($ret); }else{ $return['error_code'] = -1 ; $return['error_message'] = 'request fail' ; $this->sendResult($return); } }",True,PHP,delete,CatalogController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12228,"public function batUpdate(){ $cats = I(""cats""); $item_id = I(""item_id/d""); $login_user = $this->checkLogin(); if (!$this->checkItemEdit($login_user['uid'] , $item_id)) { $this->sendError(10103); return ; } $ret = ''; $data_array = json_decode(htmlspecialchars_decode($cats) , true) ; if ($data_array) { foreach ($data_array as $key => $value) { if ($value['cat_name']) { $ret = D(""Catalog"")->where("" cat_id = '%d' and item_id = '%d' "",array($value['cat_id'],$item_id) )->save(array( ""cat_name"" => $value['cat_name'] , ""parent_cat_id"" => $value['parent_cat_id'] , ""level"" => $value['level'] , ""s_number"" => $value['s_number'] , )); } if ($value['page_id'] > 0) { $ret = D(""Page"")->where("" page_id = '%d' and item_id = '%d' "" ,array($value['page_id'],$item_id) )->save(array( ""cat_id"" => $value['parent_cat_id'] , ""s_number"" => $value['s_number'] , )); } } } $this->sendResult(array()); }",True,PHP,batUpdate,CatalogController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12231,"public function resetKey(){ $login_user = $this->checkLogin(); $item_id = I(""item_id/d""); $item = D(""Item"")->where(""item_id = '$item_id' "")->find(); if(!$this->checkItemManage($login_user['uid'] , $item['item_id'])){ $this->sendError(10303); return ; } $ret = D(""ItemToken"")->where(""item_id = '$item_id' "")->delete(); if ($ret) { $this->getKey(); }else{ $this->sendError(10101); } }",True,PHP,resetKey,ItemController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12232,"public function update(){ $login_user = $this->checkLogin(); $item_id = I(""item_id/d""); $item_name = I(""item_name""); $item_description = I(""item_description""); $item_domain = I(""item_domain""); $password = I(""password""); $uid = $login_user['uid'] ; if(!$this->checkItemManage($uid , $item_id)){ $this->sendError(10303); return ; } if ($item_domain) { if(!ctype_alnum($item_domain) || is_numeric($item_domain) ){ $this->sendError(10305); return false; } $item = D(""Item"")->where(""item_domain = '%s' and item_id !='%s' "",array($item_domain,$item_id))->find(); if ($item) { $this->sendError(10304); return false; } } $save_data = array( ""item_name"" => $item_name , ""item_description"" => $item_description , ""item_domain"" => $item_domain , ""password"" => $password , ); $items = D(""Item"")->where(""item_id = '$item_id' "")->save($save_data); $items = $items ? $items : array(); $this->sendResult($items); }",True,PHP,update,ItemController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12234,"public function add(){ $login_user = $this->checkLogin(); $item_name = I(""item_name""); $item_domain = I(""item_domain"") ? I(""item_domain"") : ''; $copy_item_id = I(""copy_item_id""); $password = I(""password""); $item_description = I(""item_description""); $item_type = I(""item_type"") ? I(""item_type"") : 1 ; if ($item_domain) { if(!ctype_alnum($item_domain) || is_numeric($item_domain) ){ $this->sendError(10305); return false; } $item = D(""Item"")->where(""item_domain = '%s' "",array($item_domain))->find(); if ($item) { $this->sendError(10304); return false; } } if ($copy_item_id > 0) { if (!$this->checkItemEdit($login_user['uid'] , $copy_item_id)) { $this->sendError(10103); return; } $item_id = D(""Item"")->copy($copy_item_id,$login_user['uid'],$item_name,$item_description,$password,$item_domain); if ($item_id) { $this->sendResult(array(""item_id""=>$item_id)); }else{ $this->sendError(10101); } return ; } $insert = array( ""uid"" => $login_user['uid'] , ""username"" => $login_user['username'] , ""item_name"" => $item_name , ""password"" => $password , ""item_description"" => $item_description , ""item_domain"" => $item_domain , ""item_type"" => $item_type , ""addtime"" =>time() ); $item_id = D(""Item"")->add($insert); if ($item_id) { if ($item_type == 2 ) { $insert = array( 'author_uid' => $login_user['uid'] , 'author_username' => $login_user['username'], ""page_title"" => $item_name , ""item_id"" => $item_id , ""cat_id"" => 0 , ""page_content"" => '欢迎使用showdoc。点击右上方的编辑按钮进行编辑吧!' , ""addtime"" =>time() ); $page_id = D(""Page"")->add($insert); } if ($item_type == 4 ) { $insert = array( 'author_uid' => $login_user['uid'] , 'author_username' => $login_user['username'], ""page_title"" => $item_name , ""item_id"" => $item_id , ""cat_id"" => 0 , ""page_content"" => '' , ""addtime"" =>time() ); $page_id = D(""Page"")->add($insert); } $this->sendResult(array(""item_id""=>$item_id)); }else{ $this->sendError(10101); } }",True,PHP,add,ItemController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12236,"public function pwd(){ $item_id = I(""item_id/d""); $password = I(""password""); $v_code = I(""v_code""); $refer_url = I('refer_url'); $key= 'item_pwd_fail_times_'.$item_id; if(!D(""VerifyCode"")->_check_times($key,10)){ if (!$v_code || $v_code != session('v_code')) { $this->sendError(10206,L('verification_code_are_incorrect')); return; } } session('v_code',null) ; $item = D(""Item"")->where(""item_id = '$item_id' "")->find(); if ($item['password'] == $password) { session(""visit_item_"".$item_id , 1 ); $this->sendResult(array(""refer_url""=>base64_decode($refer_url))); }else{ D(""VerifyCode"")->_ins_times($key); if(D(""VerifyCode"")->_check_times($key,10)){ $error_code = 10307 ; }else{ $error_code = 10308 ; } $this->sendError($error_code,L('access_password_are_incorrect')); } }",True,PHP,pwd,ItemController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12238,"public function attorn(){ $login_user = $this->checkLogin(); $username = I(""username""); $item_id = I(""item_id/d""); $password = I(""password""); $item = D(""Item"")->where(""item_id = '$item_id' "")->find(); if(!$this->checkItemManage($login_user['uid'] , $item['item_id'])){ $this->sendError(10303); return ; } if(! D(""User"")-> checkLogin($item['username'],$password)){ $this->sendError(10208); return ; } $member = D(""User"")->where("" username = '%s' "",array($username))->find(); if (!$member) { $this->sendError(10209); return ; } $data['username'] = $member['username'] ; $data['uid'] = $member['uid'] ; $id = D(""Item"")->where("" item_id = '$item_id' "")->save($data); $return = D(""Item"")->where(""item_id = '$item_id' "")->find(); if (!$return) { $this->sendError(10101); } $this->sendResult($return); }",True,PHP,attorn,ItemController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12239,"public function archive(){ $login_user = $this->checkLogin(); $item_id = I(""item_id/d""); $password = I(""password""); $item = D(""Item"")->where(""item_id = '$item_id' "")->find(); if(!$this->checkItemManage($login_user['uid'] , $item['item_id'])){ $this->sendError(10303); return ; } if(! D(""User"")-> checkLogin($item['username'],$password)){ $this->sendError(10208); return ; } $return = D(""Item"")->where(""item_id = '$item_id' "")->save(array(""is_archived""=>1)); if (!$return) { $this->sendError(10101); }else{ $this->sendResult($return); } }",True,PHP,archive,ItemController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12242,"public function delete(){ $item_id = I(""item_id/d""); $id = I(""id/d""); $login_user = $this->checkLogin(); $uid = $login_user['uid'] ; if(!$this->checkItemEdit($uid , $item_id)){ $this->sendError(10303); return ; } $ret = D(""ItemVariable"")->where("" item_id = '%d' and id = '%d' "",array($item_id,$id))->delete(); if ($ret) { $this->sendResult($ret); }else{ $this->sendError(10101); } }",True,PHP,delete,ItemVariableController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12245,"public function deleteByName(){ $item_id = I(""item_id/d""); $env_id = I(""env_id/d""); $var_name = I(""var_name""); $login_user = $this->checkLogin(); $uid = $login_user['uid'] ; if(!$this->checkItemEdit($uid , $item_id)){ $this->sendError(10303); return ; } $ret = D(""ItemVariable"")->where("" item_id = '%d' and env_id = '%d' and var_name = '%s' "",array($item_id,$env_id,$var_name))->delete(); if ($ret) { $this->sendResult($ret); }else{ $this->sendError(10101); } }",True,PHP,deleteByName,ItemVariableController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12246,"public function delete(){ $item_id = I(""item_id/d""); $login_user = $this->checkLogin(); $uid = $login_user['uid'] ; if(!$this->checkItemManage($uid , $item_id)){ $this->sendError(10303); return ; } $item_member_id = I(""item_member_id/d""); if ($item_member_id) { $member_array = D(""ItemMember"")->where("" item_id = '%d' and item_member_id = '%d' "",array($item_id,$item_member_id))->find(); $ret = D(""ItemMember"")->where("" item_id = '%d' and item_member_id = '%d' "",array($item_id,$item_member_id))->delete(); } if ($ret) { $this->sendResult($ret); }else{ $this->sendError(10101); } }",True,PHP,delete,MemberController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12248,"public function delete(){ $page_id = I(""page_id/d"")? I(""page_id/d"") : 0; $page = D(""Page"")->where("" page_id = '$page_id' "")->find(); $login_user = $this->checkLogin(); if (!$this->checkItemManage($login_user['uid'] , $page['item_id']) && $login_user['uid'] != $page['author_uid']) { $this->sendError(10303); return ; } if ($page) { $ret = D(""Page"")->softDeletePage($page_id); D(""Item"")->where("" item_id = '$page[item_id]' "")->save(array(""last_update_time""=>time())); } if ($ret) { $this->sendResult(array()); }else{ $this->sendError(10101); } }",True,PHP,delete,PageController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12251,"public function delete(){ $id = I(""id/d"")? I(""id/d"") : 0; $login_user = $this->checkLogin(); if ($id && $login_user['uid']) { $ret = D(""Team"")->where("" id = '$id' and uid = '$login_user[uid]'"")->delete(); } if ($ret) { D(""TeamItem"")->where("" team_id = '$id' "")->delete(); D(""TeamItemMember"")->where("" team_id = '$id' "")->delete(); D(""TeamMember"")->where("" team_id = '$id' "")->delete(); $this->sendResult($ret); }else{ $return['error_code'] = 10103 ; $return['error_message'] = 'request fail' ; $this->sendResult($return); } }",True,PHP,delete,TeamController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12253,"public function save(){ $login_user = $this->checkLogin(); $team_name = I(""team_name""); $id = I(""id/d""); if ($id) { D(""Team"")->where("" id = '$id' "")->save(array(""team_name""=>$team_name)); }else{ $data['username'] = $login_user['username'] ; $data['uid'] = $login_user['uid'] ; $data['team_name'] = $team_name ; $data['addtime'] = time() ; $id = D(""Team"")->add($data); } $return = D(""Team"")->where("" id = '$id' "")->find(); if (!$return) { $return['error_code'] = 10103 ; $return['error_message'] = 'request fail' ; } $this->sendResult($return); }",True,PHP,save,TeamController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12254,"public function delete(){ $login_user = $this->checkLogin(); $uid = $login_user['uid'] ; $id = I(""id/d"")? I(""id/d"") : 0; $teamItemInfo = D(""TeamItem"")->where("" id = '$id' "")->find(); $item_id = $teamItemInfo['item_id'] ; $team_id = $teamItemInfo['team_id'] ; if(!$this->checkItemManage($uid , $item_id)){ $this->sendError(10303); return ; } $ret = D(""TeamItemMember"")->where("" item_id = '$item_id' and team_id = '$team_id' "")->delete(); $ret = D(""TeamItem"")->where("" id = '$id' "")->delete(); if ($ret) { $this->sendResult($ret); }else{ $return['error_code'] = 10103 ; $return['error_message'] = 'request fail' ; $this->sendResult($return); } }",True,PHP,delete,TeamItemController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12257,"public function save(){ $login_user = $this->checkLogin(); $uid = $login_user['uid'] ; $id = I(""id/d""); $member_group_id = I(""member_group_id/d""); $cat_id = I(""cat_id/d""); $teamItemMemberInfo = D(""TeamItemMember"")->where("" id = '$id' "")->find(); $item_id = $teamItemMemberInfo['item_id'] ; $team_id = $teamItemMemberInfo['team_id'] ; if(!$this->checkItemManage($uid , $item_id)){ $this->sendError(10303); return ; } $teamInfo = D(""Team"")->where("" id = '$team_id' and uid = '$login_user[uid]' "")->find(); if (!$teamInfo) { $this->sendError(10209,""无此团队或者你无管理此团队的权限""); return ; } if(isset($_POST['member_group_id'])){ $return = D(""TeamItemMember"")->where("" id = '$id' "")->save(array(""member_group_id""=>$member_group_id)); } if(isset($_POST['cat_id'])){ $return = D(""TeamItemMember"")->where("" id = '$id' "")->save(array(""cat_id""=>$cat_id)); } $this->sendResult($return); }",True,PHP,save,TeamItemMemberController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12258,"public function logout(){ $login_user = $this->checkLogin(); D(""UserToken"")->where("" uid = '$login_user[uid]' "")->save(array(""token_expire""=>0)); session(""login_user"" , NULL); cookie('cookie_token',NULL); session(null); $this->sendResult(array()); }",True,PHP,logout,UserController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"function edit() { global $user; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; if (empty($this->params['formtitle'])) { if (empty($this->params['id'])) { $formtitle = gt(""Add New Note""); } else { $formtitle = gt(""Edit Note""); } } else { $formtitle = $this->params['formtitle']; } $id = empty($this->params['id']) ? null : $this->params['id']; $simpleNote = new expSimpleNote($id); assign_to_template(array( 'simplenote'=>$simpleNote, 'user'=>$user, 'require_login'=>$require_login, 'require_approval'=>$require_approval, 'require_notification'=>$require_notification, 'notification_email'=>$notification_email, 'formtitle'=>$formtitle, 'content_type'=>$this->params['content_type'], 'content_id'=>$this->params['content_id'], 'tab'=>empty($this->params['tab'])?0:$this->params['tab'] )); }" 12261,"public function updateInfo(){ $user = $this->checkLogin(); $uid = $user['uid']; $name = I(""name""); D(""User"")->where("" uid = '$uid' "")->save(array(""name""=>$name)); $this->sendResult(array()); }",True,PHP,updateInfo,UserController.class.php,https://github.com/star7th/showdoc,star7th,star7th,2021-12-25 22:27:02+08:00,Security update / 安全更新,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4168,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12264,"$extraFields[] = ['field' => $rule->field, 'id' => $field_option['id']];",True,PHP,],extra_field.lib.php,https://github.com/chamilo/chamilo-lms,chamilo,Julio Montoya,2021-05-28 09:09:43+02:00,"Fix database field from 1.11.x https://github.com/chamilo/chamilo-lms/commit/f7f93579ed64765c2667910b9c24d031b0a00571",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-34187,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12267,"public function AddHidden(){ global $langmessage, $gp_index; $_REQUEST += array('title'=>''); $_REQUEST['gpx_content'] = 'gpabox'; ob_start(); echo '

    '; echo ''; echo ''; echo '

    '; echo '
    '; echo ''; echo ''; echo ''; echo ''; $content .= ''; $content .= ''; } else { $content .= 'defaultUrl . '&action=show&id=' . $parent->getId() . '"">' . $parent->getTitle() . ''; } $content .= ''; $content .= ''; $content .= ''; } }",True,PHP,getItemFromDb,Docman_View_Admin_LockInfos.class.php,https://github.com/Enalean/tuleap,Enalean,Nicolas Terray,2022-06-14 10:59:47+02:00,"request #27173: XSS via the title of a document Change-Id: Ibdae4792b76c297bf8d553ab9b37f5ae3d76cb2a",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-31063,function selectBillingOptions() { } 12490,"public function __construct(private \Git_Exec $git_exec, private BranchCreationExecutor $branch_creation_executor) { }",True,PHP,__construct,BranchCreator.php,https://github.com/Enalean/tuleap,Enalean,Yannis ROSSETTO,2022-07-05 17:49:53+02:00,"fix: Fine grained permissions must be well handled in POST git/:id/branches This fixes request #27538 Fine grained permissions are not checked when creating a branch with REST API The fine grained permissions were not taken into account in the previous checks. Change-Id: I1fa72ab34e4f41d5ea3ec9dd21e990ce330d780f",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-31128,function selectBillingOptions() { } 12492,public function __construct(OtherSemanticTooltipEntryFetcher ...$other_semantic_tooltip_entry_fetchers) { $this->other_semantic_tooltip_entry_fetchers = $other_semantic_tooltip_entry_fetchers; },True,PHP,__construct,TooltipFetcher.php,https://github.com/Enalean/tuleap,Enalean,Nicolas Terray,2023-04-20 18:16:19+02:00,"Fix request #31586: XSS in the tooltip via an artifact title Next step for the current story #26777 is to display the xref on top of the title so in order to prepare the field we use mustache to escape the title instead of DOMPurifier. Part of story #26777: have artifact tooltips on roadmap Change-Id: I534ead8a88361b364f5ee81556251dc3dc4c0bf6",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-30619,function selectBillingOptions() { } 12495,"public function __construct(GitRepository $repository, $url, array $hooklogs, CSRFSynchronizerToken $csrf) { $use_default_edit_modal = false; parent::__construct($repository, 'jenkins', $url, [], $csrf, $use_default_edit_modal); $this->remove_form_action = '/plugins/hudson_git/?group_id=' . (int) $repository->getProjectId();",True,PHP,__construct,JenkinsWebhookPresenter.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2023-05-05 15:45:25+02:00,"Fix request #31923 Broken link when more than 10 Jenkins jobs are triggered by one Jenkins hook Given a Git repository that have a Jenkins webhook configured to trigger Git polling jobs, and if there are more than 10 polling jobs triggered after a push, then there is a returned by Jenkins after the 10th triggered job. This must not be clickable in the job list. Change-Id: Ia8283f57c4352a85f65318a34980d028668ae95a",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-32072,function selectBillingOptions() { } 12496,"$purfied_job_url = $hp->purify($triggered_job_url); $purified_information .= '' . $purfied_job_url . '
    '; } $purified_information .= ''; } if ($log->getStatusCode() !== null) { $purified_information .= '
    '; $purified_information .= '

    ' . dgettext(""tuleap-hudson_git"", ""Branch source plugin:"") . '

    '; $purified_information .= $log->getStatusCode(); $purified_information .= '
    '; } $this->hooklogs[] = new WebhookLogPresenter($log->getFormattedPushDate(), $purified_information); }",True,PHP,purify,JenkinsWebhookPresenter.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2023-05-05 15:45:25+02:00,"Fix request #31923 Broken link when more than 10 Jenkins jobs are triggered by one Jenkins hook Given a Git repository that have a Jenkins webhook configured to trigger Git polling jobs, and if there are more than 10 polling jobs triggered after a push, then there is a returned by Jenkins after the 10th triggered job. This must not be clickable in the job list. Change-Id: Ia8283f57c4352a85f65318a34980d028668ae95a",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-32072,function selectBillingOptions() { } 12499,"public function plugin_git_settings_additional_webhooks(array $params) { if ($this->isAllowed($params['repository']->getProjectId())) { $xzibit = new GitWebhooksSettingsEnhancer( new Hook\HookDao(), new LogFactory( new JobDao(), new ProjectJobDao(), new GitRepositoryFactory( new GitDao(), ProjectManager::instance() ) ), $this->getCSRF(), self::getJenkinsServerFactory() ); $xzibit->pimp($params); } }",True,PHP,plugin_git_settings_additional_webhooks,hudson_gitPlugin.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2023-05-05 15:45:25+02:00,"Fix request #31923 Broken link when more than 10 Jenkins jobs are triggered by one Jenkins hook Given a Git repository that have a Jenkins webhook configured to trigger Git polling jobs, and if there are more than 10 polling jobs triggered after a push, then there is a returned by Jenkins after the 10th triggered job. This must not be clickable in the job list. Change-Id: Ia8283f57c4352a85f65318a34980d028668ae95a",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-32072,function selectBillingOptions() { } 12501,"private function getUserRemover() { return new UserRemover( ProjectManager::instance(), EventManager::instance(), new ArtifactTypeFactory(false), new UserRemoverDao(), UserManager::instance(), new ProjectHistoryDao(), new UGroupManager() ); }",True,PHP,getUserRemover,LDAP_DirectorySynchronization.class.php,https://github.com/Enalean/tuleap,Enalean,Yannis ROSSETTO,2023-06-07 15:30:18+02:00,"Close request #32278 Removed restricted users are not remove at project visibility switch When switching from a project visibility that allows restricted users to Private without restricted, then restricted users that are project administrators keep this access right, meaning that they can continue to go to project and do some administration actions. At project visibility switch to Private without restricted, we have to remove the project administration right to restricted users. If this will remove the last administrator, then the project visibility switch must be refused. If the visibility change is triggered and a system events is logged, then restricted adminsitrators are always removed if restricted users are no more part of the project. Note: Nothing is done for Public visibility without restricted as the current code and implementation does nothing special for this visibility. This can be handled in a dedicated commit if needed. Change-Id: I42e2ef7c06e5e5e8af186a19139c532624b6e761",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2023-35938,function selectBillingOptions() { } 12502,"private function getUserRemover() { return new UserRemover( ProjectManager::instance(), EventManager::instance(), new ArtifactTypeFactory(false), new UserRemoverDao(), UserManager::instance(), new ProjectHistoryDao(), new UGroupManager() ); }",True,PHP,getUserRemover,ldapPlugin.php,https://github.com/Enalean/tuleap,Enalean,Yannis ROSSETTO,2023-06-07 15:30:18+02:00,"Close request #32278 Removed restricted users are not remove at project visibility switch When switching from a project visibility that allows restricted users to Private without restricted, then restricted users that are project administrators keep this access right, meaning that they can continue to go to project and do some administration actions. At project visibility switch to Private without restricted, we have to remove the project administration right to restricted users. If this will remove the last administrator, then the project visibility switch must be refused. If the visibility change is triggered and a system events is logged, then restricted adminsitrators are always removed if restricted users are no more part of the project. Note: Nothing is done for Public visibility without restricted as the current code and implementation does nothing special for this visibility. This can be handled in a dedicated commit if needed. Change-Id: I42e2ef7c06e5e5e8af186a19139c532624b6e761",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2023-35938,function selectBillingOptions() { } 12505,public static function areRestrictedUsersAllowed() { return self::get(ForgeAccess::CONFIG) === ForgeAccess::RESTRICTED; },True,PHP,areRestrictedUsersAllowed,ForgeConfig.php,https://github.com/Enalean/tuleap,Enalean,Yannis ROSSETTO,2023-06-07 15:30:18+02:00,"Close request #32278 Removed restricted users are not remove at project visibility switch When switching from a project visibility that allows restricted users to Private without restricted, then restricted users that are project administrators keep this access right, meaning that they can continue to go to project and do some administration actions. At project visibility switch to Private without restricted, we have to remove the project administration right to restricted users. If this will remove the last administrator, then the project visibility switch must be refused. If the visibility change is triggered and a system events is logged, then restricted adminsitrators are always removed if restricted users are no more part of the project. Note: Nothing is done for Public visibility without restricted as the current code and implementation does nothing special for this visibility. This can be handled in a dedicated commit if needed. Change-Id: I42e2ef7c06e5e5e8af186a19139c532624b6e761",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2023-35938,function selectBillingOptions() { } 12507,"private function updateProjectVisibility(PFUser $user, Project $project, HTTPRequest $request) { if ($this->project_visibility_configuration->canUserConfigureProjectVisibility($user, $project)) { if ($project->getAccess() !== $request->get('project_visibility')) { if ($request->get('term_of_service')) { $this->project_manager->setAccess($project, $request->get('project_visibility')); $this->project_manager->clear($project->getID()); $this->ugroup_binding->reloadUgroupBindingInProject($project); } else { $GLOBALS['Response']->addFeedback(Feedback::ERROR, _(""Please accept term of service"")); } } } }",True,PHP,updateProjectVisibility,ProjectDetailsController.php,https://github.com/Enalean/tuleap,Enalean,Yannis ROSSETTO,2023-06-07 15:30:18+02:00,"Close request #32278 Removed restricted users are not remove at project visibility switch When switching from a project visibility that allows restricted users to Private without restricted, then restricted users that are project administrators keep this access right, meaning that they can continue to go to project and do some administration actions. At project visibility switch to Private without restricted, we have to remove the project administration right to restricted users. If this will remove the last administrator, then the project visibility switch must be refused. If the visibility change is triggered and a system events is logged, then restricted adminsitrators are always removed if restricted users are no more part of the project. Note: Nothing is done for Public visibility without restricted as the current code and implementation does nothing special for this visibility. This can be handled in a dedicated commit if needed. Change-Id: I42e2ef7c06e5e5e8af186a19139c532624b6e761",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2023-35938,function selectBillingOptions() { } 12511,"public function __construct( BaseLanguage $language, $platform_allows_restricted, $project_visibility, int $number_of_restricted_users_in_project, ProjectVisibilityOptionsForPresenterGenerator $project_visibility_options_generator, ) { $this->platform_allows_restricted = (bool) $platform_allows_restricted; $this->restricted_warning_message = $language->getText( 'project_admin_editgroupinfo', 'restricted_warning' ); $this->general_warning_message = $language->getText( 'project_admin_editgroupinfo', 'general_warning' ); $this->purified_term_of_service_message = Codendi_HTMLPurifier::instance()->purify( $language->getOverridableText('project_admin_editgroupinfo', 'term_of_service'), CODENDI_PURIFIER_LIGHT ); $this->project_visibility_label = _('Project visibility'); $this->accept_tos_message = _(""Please accept term of service""); $this->options = $project_visibility_options_generator->generateVisibilityOptions( $this->platform_allows_restricted, $project_visibility ); $this->number_of_restricted_users_in_project = $number_of_restricted_users_in_project; }",True,PHP,__construct,ProjectVisibilityPresenter.class.php,https://github.com/Enalean/tuleap,Enalean,Yannis ROSSETTO,2023-06-07 15:30:18+02:00,"Close request #32278 Removed restricted users are not remove at project visibility switch When switching from a project visibility that allows restricted users to Private without restricted, then restricted users that are project administrators keep this access right, meaning that they can continue to go to project and do some administration actions. At project visibility switch to Private without restricted, we have to remove the project administration right to restricted users. If this will remove the last administrator, then the project visibility switch must be refused. If the visibility change is triggered and a system events is logged, then restricted adminsitrators are always removed if restricted users are no more part of the project. Note: Nothing is done for Public visibility without restricted as the current code and implementation does nothing special for this visibility. This can be handled in a dedicated commit if needed. Change-Id: I42e2ef7c06e5e5e8af186a19139c532624b6e761",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2023-35938,function selectBillingOptions() { } 12517,"public function getAdmins(?UGroupManager $ugm = null) { if (is_null($ugm)) { $ugm = $this->getUGroupManager(); } return $ugm->getDynamicUGroupsMembers(ProjectUGroup::PROJECT_ADMIN, $this->getID()); }",True,PHP,getAdmins,Project.class.php,https://github.com/Enalean/tuleap,Enalean,Yannis ROSSETTO,2023-06-07 15:30:18+02:00,"Close request #32278 Removed restricted users are not remove at project visibility switch When switching from a project visibility that allows restricted users to Private without restricted, then restricted users that are project administrators keep this access right, meaning that they can continue to go to project and do some administration actions. At project visibility switch to Private without restricted, we have to remove the project administration right to restricted users. If this will remove the last administrator, then the project visibility switch must be refused. If the visibility change is triggered and a system events is logged, then restricted adminsitrators are always removed if restricted users are no more part of the project. Note: Nothing is done for Public visibility without restricted as the current code and implementation does nothing special for this visibility. This can be handled in a dedicated commit if needed. Change-Id: I42e2ef7c06e5e5e8af186a19139c532624b6e761",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2023-35938,function selectBillingOptions() { } 12518,"public function __construct( string $project_default_visibility, array $trove_categories, array $field_list, array $company_templates, array $tuleap_templates, array $external_templates, ) { $this->tuleap_templates = json_encode($tuleap_templates); $this->are_restricted_users_allowed = (bool) ForgeConfig::areRestrictedUsersAllowed(); $this->project_default_visibility = $project_default_visibility; $this->projects_must_be_approved = (bool) ForgeConfig::get( ProjectManager::CONFIG_PROJECT_APPROVAL, true ); $this->trove_categories = json_encode($trove_categories, JSON_THROW_ON_ERROR); $this->is_description_mandatory = ProjectDescriptionUsageRetriever::isDescriptionMandatory(); $this->field_list = json_encode($field_list); $this->company_templates = json_encode($company_templates); $this->company_name = ForgeConfig::get('sys_org_name'); $this->can_user_choose_privacy = (bool) ForgeConfig::get( ProjectManager::SYS_USER_CAN_CHOOSE_PROJECT_PRIVACY ); $this->external_templates = json_encode($external_templates); }",True,PHP,__construct,ProjectRegistrationPresenter.php,https://github.com/Enalean/tuleap,Enalean,Yannis ROSSETTO,2023-06-07 15:30:18+02:00,"Close request #32278 Removed restricted users are not remove at project visibility switch When switching from a project visibility that allows restricted users to Private without restricted, then restricted users that are project administrators keep this access right, meaning that they can continue to go to project and do some administration actions. At project visibility switch to Private without restricted, we have to remove the project administration right to restricted users. If this will remove the last administrator, then the project visibility switch must be refused. If the visibility change is triggered and a system events is logged, then restricted adminsitrators are always removed if restricted users are no more part of the project. Note: Nothing is done for Public visibility without restricted as the current code and implementation does nothing special for this visibility. This can be handled in a dedicated commit if needed. Change-Id: I42e2ef7c06e5e5e8af186a19139c532624b6e761",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2023-35938,function selectBillingOptions() { } 12520,"private function getUserRemover() { return new UserRemover( ProjectManager::instance(), $this->getEventManager(), new ArtifactTypeFactory(false), new UserRemoverDao(), UserManager::instance(), new ProjectHistoryDao(), new UGroupManager() ); }",True,PHP,getUserRemover,UGroupManager.class.php,https://github.com/Enalean/tuleap,Enalean,Yannis ROSSETTO,2023-06-07 15:30:18+02:00,"Close request #32278 Removed restricted users are not remove at project visibility switch When switching from a project visibility that allows restricted users to Private without restricted, then restricted users that are project administrators keep this access right, meaning that they can continue to go to project and do some administration actions. At project visibility switch to Private without restricted, we have to remove the project administration right to restricted users. If this will remove the last administrator, then the project visibility switch must be refused. If the visibility change is triggered and a system events is logged, then restricted adminsitrators are always removed if restricted users are no more part of the project. Note: Nothing is done for Public visibility without restricted as the current code and implementation does nothing special for this visibility. This can be handled in a dedicated commit if needed. Change-Id: I42e2ef7c06e5e5e8af186a19139c532624b6e761",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2023-35938,function selectBillingOptions() { } 12523,"public function removeUserFromProject($project_id, $user_id, $admin_action = true) { $project = $this->getProject($project_id); if (! $this->dao->removeUserFromProject($project_id, $user_id)) { $GLOBALS['Response']->addFeedback( Feedback::ERROR, $GLOBALS['Language']->getText('project_admin_index', 'user_not_removed') ); return false; } $this->event_manager->processEvent('project_admin_remove_user', [ 'group_id' => $project_id, 'user_id' => $user_id, ]); $this->removeUserFromTrackerV3($project_id, $user_id); if (! $this->removeUserFromProjectUgroups($project, $user_id)) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('project_admin_index', 'del_user_from_ug_fail')); } $user_name = $this->getUserName($user_id); $this->displayFeedback($project, $user_name, $admin_action); $this->project_history_dao->groupAddHistory( 'removed_user', $user_name . "" ($user_id)"", $project_id ); return true; }",True,PHP,removeUserFromProject,UserRemover.php,https://github.com/Enalean/tuleap,Enalean,Yannis ROSSETTO,2023-06-07 15:30:18+02:00,"Close request #32278 Removed restricted users are not remove at project visibility switch When switching from a project visibility that allows restricted users to Private without restricted, then restricted users that are project administrators keep this access right, meaning that they can continue to go to project and do some administration actions. At project visibility switch to Private without restricted, we have to remove the project administration right to restricted users. If this will remove the last administrator, then the project visibility switch must be refused. If the visibility change is triggered and a system events is logged, then restricted adminsitrators are always removed if restricted users are no more part of the project. Note: Nothing is done for Public visibility without restricted as the current code and implementation does nothing special for this visibility. This can be handled in a dedicated commit if needed. Change-Id: I42e2ef7c06e5e5e8af186a19139c532624b6e761",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2023-35938,function selectBillingOptions() { } 12524,"public function removeUserFromProject($project_id, $user_id) { $project_id = $this->da->escapeInt($project_id); $user_id = $this->da->escapeInt($user_id); $admin_flag = $this->da->quoteSmart('A'); $sql = ""DELETE FROM user_group WHERE group_id = $project_id AND user_id = $user_id AND admin_flags <> $admin_flag""; return $this->update($sql); }",True,PHP,removeUserFromProject,UserRemoverDao.php,https://github.com/Enalean/tuleap,Enalean,Yannis ROSSETTO,2023-06-07 15:30:18+02:00,"Close request #32278 Removed restricted users are not remove at project visibility switch When switching from a project visibility that allows restricted users to Private without restricted, then restricted users that are project administrators keep this access right, meaning that they can continue to go to project and do some administration actions. At project visibility switch to Private without restricted, we have to remove the project administration right to restricted users. If this will remove the last administrator, then the project visibility switch must be refused. If the visibility change is triggered and a system events is logged, then restricted adminsitrators are always removed if restricted users are no more part of the project. Note: Nothing is done for Public visibility without restricted as the current code and implementation does nothing special for this visibility. This can be handled in a dedicated commit if needed. Change-Id: I42e2ef7c06e5e5e8af186a19139c532624b6e761",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2023-35938,function selectBillingOptions() { } 12530,"$ugroup_with_restricted->shouldReceive('removeUser')->with( $restricted_user_in_ugroup_only, \Mockery::on( function (PFUser $user) { return (int) $user->getId() === 0; }",True,PHP,with,SystemEventPROJECTISPRIVATETest.php,https://github.com/Enalean/tuleap,Enalean,Yannis ROSSETTO,2023-06-07 15:30:18+02:00,"Close request #32278 Removed restricted users are not remove at project visibility switch When switching from a project visibility that allows restricted users to Private without restricted, then restricted users that are project administrators keep this access right, meaning that they can continue to go to project and do some administration actions. At project visibility switch to Private without restricted, we have to remove the project administration right to restricted users. If this will remove the last administrator, then the project visibility switch must be refused. If the visibility change is triggered and a system events is logged, then restricted adminsitrators are always removed if restricted users are no more part of the project. Note: Nothing is done for Public visibility without restricted as the current code and implementation does nothing special for this visibility. This can be handled in a dedicated commit if needed. Change-Id: I42e2ef7c06e5e5e8af186a19139c532624b6e761",CWE-281,Improper Preservation of Permissions,"The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",https://cwe.mitre.org/data/definitions/281.html,CVE-2023-35938,function selectBillingOptions() { } 12533,"$artifact = $art_factory->getArtifactById($artifact_link->getArtifactId()); $this->artifact_links[] = new ArtifactInTypeTablePresenter( $artifact, $html_classes, $field, $this->are_links_deletable, ); }",True,PHP,getArtifactById,TypeTablePresenter.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2023-07-25 15:21:28+02:00,"Fixes request #33608: Preview of a linked artifact with a type does not respect permissions Change-Id: I94bab99f318a79e91f42b5fb67a6c2d45075ccba",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2023-38508,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12534,"$artifact = $art_factory->getArtifactById(trim($id)); $are_links_deletable = $this->areLinksDeletable( $type_presenter, $is_reverse_artifact_links, ); if (! is_null($artifact) && $artifact->getTracker()->isActive()) { $type_html .= $this->getTemplateRenderer()->renderToString( 'artifactlink-type-table-row', new ArtifactInTypeTablePresenter( $artifact, $artifact_html_classes, $this, $are_links_deletable, ) ); } }",True,PHP,getArtifactById,Tracker_FormElement_Field_ArtifactLink.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2023-07-25 15:21:28+02:00,"Fixes request #33608: Preview of a linked artifact with a type does not respect permissions Change-Id: I94bab99f318a79e91f42b5fb67a6c2d45075ccba",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2023-38508,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12535,"$removed[] = $fi->getFilename(); } if ($removed = implode(', ', $removed)) { $result .= $removed . ' ' . dgettext('tuleap-tracker', 'removed'); } $added = $this->fetchAddedFiles(array_diff($this->files, $changeset_value->getFiles()), $format, $is_for_mail); if ($added && $result) { $result .= $format === 'html' ? '; ' : PHP_EOL; } $result .= $added; return $result; } return false; }",True,PHP,getFilename,Tracker_Artifact_ChangesetValue_File.class.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2021-07-26 13:46:58+02:00,"request #22570: XSS via the name of a deleted attachment Change-Id: I3b7289c719ed8eacb836237fc186f59898b627bc",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-41142,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12537,"$sanitized_description = $hp->purify($fileinfo->getDescription(), CODENDI_PURIFIER_CONVERT_HTML); $link_show = 'getVisioningAttributeForLink($fileinfo, $read_only, $lytebox_id) . ' title=""' . $sanitized_description . '"">'; $add = '
    '; if (! $read_only) { $add .= $this->fetchDeleteCheckbox($fileinfo, $submitted_values); } $add .= ''; if ($fileinfo->isImage()) { $query_add = $this->getFileHTMLPreviewUrl($fileinfo); $add .= '
    '; $add .= '
    '; $add .= '
    '; } else { $add .= '
    '; } $link_goto = ''; $add .= ''; if ($sanitized_description) { $add .= '
    ' . $sanitized_description . '
    '; } $add .= '
    '; $added[] = $add; } $html .= implode('', $added); }",True,PHP,purify,Tracker_FormElement_Field_File.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2021-07-26 13:46:58+02:00,"request #22570: XSS via the name of a deleted attachment Change-Id: I3b7289c719ed8eacb836237fc186f59898b627bc",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-41142,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12539,"function cvs_get_revisions($project, $offset, $chunksz, $_tag = 100, $_branch = 100, $_commit_id = '', $_commiter = 100, $_srch = '', array $order_by = [], $pv = 0) { if ($_branch != 100) { $branch_str = ""AND cvs_checkins.branchid="" . db_ei($_branch); } else { $branch_str = ''; } if ($_commit_id != '') { $_commit_id = db_ei($_commit_id); $commit_str = ""AND cvs_commits.id=$_commit_id AND cvs_checkins.commitid != 0 ""; } else { $commit_str = ''; } if ($_commiter != 100) { $_commiter = db_es($_commiter); $commiter_str = ""AND user.user_id=cvs_checkins.whoid "" . ""AND user.user_name='$_commiter' ""; } else { $commiter_str = ''; } if ($_srch != '') { $_srch = db_es('%' . $_srch . '%'); $srch_str = ""AND cvs_descs.description like '$_srch' ""; } else { $srch_str = """"; } $cvs_repository = db_es('/cvsroot/' . $project->getUnixName(false)); $query = ""SELECT id from cvs_repositories where cvs_repositories.repository='$cvs_repository' ""; $rs = db_query($query); $repo_id = db_result($rs, 0, 0); $repo_id = $repo_id ? $repo_id : -1; $select = 'SELECT distinct cvs_checkins.commitid as id, cvs_checkins.commitid as revision, cvs_descs.id as did, cvs_descs.description, cvs_commits.comm_when as c_when, cvs_commits.comm_when as date, cvs_commits.comm_when as f_when, user.user_name as who '; $from = ""FROM cvs_descs, cvs_checkins, user, cvs_commits ""; $where = ""WHERE cvs_checkins.descid=cvs_descs.id "" . ""AND "" . (check_cvs_access(user_getname(), $project->getUnixName(false), '') ? 1 : 0) . "" "" .",True,PHP,cvs_get_revisions,commit_utils.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2021-12-07 16:05:44+01:00,"request #24202: SQL injection via the user settings of the CVS commits browser Change-Id: I9dff1d45d703de5c9a55182d673a70c21ea53d89",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-43806,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12541,"public function getChart($renderer, $id, $store_in_session = true) { $c = null; $chart_data = null; if ($renderer != null && $store_in_session) { $session = new Tracker_Report_Session($renderer->report->id); $session->changeSessionNamespace(""renderers.{$renderer->id}""); $chart_data = $session->get(""charts.$id""); } if (! $chart_data) { $dao = new GraphOnTrackersV5_ChartDao(CodendiDataAccess::instance()); $chart_data = $dao->searchById($id)->getRow(); } if ($chart_data) { if (! $renderer) { $report = null; $renderer = Tracker_Report_RendererFactory::instance()->getReportRendererById($chart_data['report_graphic_id'], $report, $store_in_session); } if ($renderer) { $c = $this->instanciateChart($chart_data, $renderer, $store_in_session); } } return $c; }",True,PHP,getChart,GraphOnTrackersV5_ChartFactory.class.php,https://github.com/Enalean/tuleap,Enalean,Romain LORENTZ,2022-04-27 17:27:14+02:00,"request #26729 Tracker report renderer and chart widgets leak information user cannot access Tracker report renderer and chart widgets leak information user cannot access Change-Id: Ibdd7d1b8e72dd44bbb2b747b7d8f264603f98024",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-24896,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12546,"private function getProjectForUser($id) { $project = $this->project_manager->getProject($id); $user = $this->user_manager->getCurrentUser(); ProjectAuthorization::userCanAccessProject($user, $project, new URLVerification()); return $project; }",True,PHP,getProjectForUser,ProjectResource.class.php,https://github.com/Enalean/tuleap,Enalean,Romain LORENTZ,2022-06-02 11:14:01+02:00,"request #26816 Resources of private projects can be accessed by non project members Authorizations are not properly verified when creating projects or trackers from projects marked as templates : A classic user should not be able create a project from a private template that he is not a member. Change-Id: Id8b599432923b32551379041a26d2acf0035a59d",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-31032,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12547,"private function userCanSeeUserGroups($project_id) { $project = $this->project_manager->getProject($project_id); $user = $this->user_manager->getCurrentUser(); ProjectAuthorization::userCanAccessProject($user, $project, new URLVerification()); return true; }",True,PHP,userCanSeeUserGroups,ProjectResource.class.php,https://github.com/Enalean/tuleap,Enalean,Romain LORENTZ,2022-06-02 11:14:01+02:00,"request #26816 Resources of private projects can be accessed by non project members Authorizations are not properly verified when creating projects or trackers from projects marked as templates : A classic user should not be able create a project from a private template that he is not a member. Change-Id: Id8b599432923b32551379041a26d2acf0035a59d",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-31032,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12550,public function __construct(Project $project) { parent::__construct('Project $this->project = $project; },True,PHP,__construct,ProjectTemplateNotActiveException.php,https://github.com/Enalean/tuleap,Enalean,Romain LORENTZ,2022-06-02 11:14:01+02:00,"request #26816 Resources of private projects can be accessed by non project members Authorizations are not properly verified when creating projects or trackers from projects marked as templates : A classic user should not be able create a project from a private template that he is not a member. Change-Id: Id8b599432923b32551379041a26d2acf0035a59d",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-31032,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12552,"foreach ($project_templates as $project_template) { if ((int) $project_template->getGroupId() === \Project::ADMIN_PROJECT_ID) { continue; } $company_templates[] = new CompanyTemplate($project_template, $this->glyph_finder); }",True,PHP,foreach,TemplateFactory.php,https://github.com/Enalean/tuleap,Enalean,Romain LORENTZ,2022-06-02 11:14:01+02:00,"request #26816 Resources of private projects can be accessed by non project members Authorizations are not properly verified when creating projects or trackers from projects marked as templates : A classic user should not be able create a project from a private template that he is not a member. Change-Id: Id8b599432923b32551379041a26d2acf0035a59d",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-31032,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12554,"public function __construct( GlyphFinder $glyph_finder, ProjectXMLMerger $project_xml_merger, ConsistencyChecker $consistency_checker, TemplateDao $template_dao, ProjectManager $project_manager, EventDispatcherInterface $event_dispatcher, ) { $this->template_dao = $template_dao; $this->templates = [ AgileALMTemplate::NAME => new AgileALMTemplate($glyph_finder, $project_xml_merger, $consistency_checker), ScrumTemplate::NAME => new ScrumTemplate($glyph_finder, $project_xml_merger, $consistency_checker), KanbanTemplate::NAME => new KanbanTemplate($glyph_finder, $project_xml_merger, $consistency_checker), IssuesTemplate::NAME => new IssuesTemplate($glyph_finder, $consistency_checker, $event_dispatcher), EmptyTemplate::NAME => new EmptyTemplate($glyph_finder), ]; $this->project_manager = $project_manager; $this->glyph_finder = $glyph_finder; $this->external_templates = self::getExternalTemplatesByName($event_dispatcher); }",True,PHP,__construct,TemplateFactory.php,https://github.com/Enalean/tuleap,Enalean,Romain LORENTZ,2022-06-02 11:14:01+02:00,"request #26816 Resources of private projects can be accessed by non project members Authorizations are not properly verified when creating projects or trackers from projects marked as templates : A classic user should not be able create a project from a private template that he is not a member. Change-Id: Id8b599432923b32551379041a26d2acf0035a59d",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-31032,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12556,"public function testPOSTForRegularUser() { $post_resource = json_encode([ 'label' => 'Test Request 9747 regular user', 'shortname' => 'test9747-regular-user', 'description' => 'Test of Request 9747 for REST API Project Creation', 'is_public' => true, 'template_id' => 100, ]); $response = $this->getResponseByName( REST_TestDataBuilder::TEST_USER_2_NAME, $this->request_factory->createRequest( 'POST', 'projects' )->withBody( $this->stream_factory->createStream($post_resource) ) ); self::assertEquals(201, $response->getStatusCode()); $create_project_id = json_decode($response->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR)['id']; $this->removeAdminFromProjectMembers( $create_project_id, REST_TestDataBuilder::TEST_USER_2_NAME, ); }",True,PHP,testPOSTForRegularUser,ProjectTest.php,https://github.com/Enalean/tuleap,Enalean,Romain LORENTZ,2022-06-02 11:14:01+02:00,"request #26816 Resources of private projects can be accessed by non project members Authorizations are not properly verified when creating projects or trackers from projects marked as templates : A classic user should not be able create a project from a private template that he is not a member. Change-Id: Id8b599432923b32551379041a26d2acf0035a59d",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-31032,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12559,"public function testPOSTForRestProjectManager() { $post_resource = json_encode([ 'label' => 'Test Request 9748', 'shortname' => 'test9748', 'description' => 'Test of Request 9748 for REST API Project Creation', 'is_public' => true, 'template_id' => 100, ]); $response = $this->getResponseByName( REST_TestDataBuilder::TEST_USER_DELEGATED_REST_PROJECT_MANAGER_NAME, $this->request_factory->createRequest( 'POST', 'projects' )->withBody( $this->stream_factory->createStream( $post_resource ) ) ); $project = json_decode($response->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR); self::assertEquals(201, $response->getStatusCode()); self::assertArrayHasKey(""id"", $project); }",True,PHP,testPOSTForRestProjectManager,ProjectTest.php,https://github.com/Enalean/tuleap,Enalean,Romain LORENTZ,2022-06-02 11:14:01+02:00,"request #26816 Resources of private projects can be accessed by non project members Authorizations are not properly verified when creating projects or trackers from projects marked as templates : A classic user should not be able create a project from a private template that he is not a member. Change-Id: Id8b599432923b32551379041a26d2acf0035a59d",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-31032,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12564,"protected function getJobIdFromWidgetConfiguration() { $sql = ""SELECT * FROM plugin_hudson_widget WHERE widget_name = '"" . db_es($this->widget_id) . ""' AND owner_id = "" . db_ei($this->owner_id) . "" AND owner_type = '"" . db_es($this->owner_type) . ""' AND id = "" . db_ei($this->content_id); $res = db_query($sql); if ($res && db_numrows($res)) { $data = db_fetch_array($res); return $data['job_id']; } return null; }",True,PHP,getJobIdFromWidgetConfiguration,HudsonJobWidget.class.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2020-06-26 15:53:36+02:00,"request #15028: The update of the CI job targeted by a widget is vulnerable to blind SQL injections Change-Id: Ib02a01586740b990feb675a8728a006ea20f7777",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41148,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12566,"public function updatePreferences(Codendi_Request $request) { $request->valid(new Valid_String('cancel')); if (!$request->exist('cancel')) { $job_id = $request->get($this->widget_id . '_job_id'); $sql = ""UPDATE plugin_hudson_widget SET job_id="" . $job_id . "" WHERE owner_id = "" . $this->owner_id . "" AND owner_type = '"" . $this->owner_type . ""' AND id = "" . (int) $request->get('content_id'); $res = db_query($sql); }",True,PHP,updatePreferences,HudsonJobWidget.class.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2020-06-26 15:53:36+02:00,"request #15028: The update of the CI job targeted by a widget is vulnerable to blind SQL injections Change-Id: Ib02a01586740b990feb675a8728a006ea20f7777",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41148,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12567,"public function create(Codendi_Request $request) { $content_id = false; $vId = new Valid_UInt($this->widget_id . '_job_id'); $vId->setErrorMessage(""Can't add empty job id""); $vId->required(); if ($request->valid($vId)) { $job_id = $request->get($this->widget_id . '_job_id'); $sql = 'INSERT INTO plugin_hudson_widget (widget_name, owner_id, owner_type, job_id) VALUES (""' . $this->id . '"", ' . $this->owner_id . "", '"" . $this->owner_type . ""', "" . db_escape_int($job_id) . "" )""; $res = db_query($sql); $content_id = db_insertid($res); } return $content_id; }",True,PHP,create,HudsonJobWidget.class.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2020-06-26 15:53:36+02:00,"request #15028: The update of the CI job targeted by a widget is vulnerable to blind SQL injections Change-Id: Ib02a01586740b990feb675a8728a006ea20f7777",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41148,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12568,"public function destroy($id) { $sql = 'DELETE FROM plugin_hudson_widget WHERE id = ' . $id . ' AND owner_id = ' . $this->owner_id . "" AND owner_type = '"" . $this->owner_type . ""'""; db_query($sql); }",True,PHP,destroy,HudsonJobWidget.class.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2020-06-26 15:53:36+02:00,"request #15028: The update of the CI job targeted by a widget is vulnerable to blind SQL injections Change-Id: Ib02a01586740b990feb675a8728a006ea20f7777",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41148,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12572,"function commit_criteria_list_to_query($criteria_list) { $criteria_list = str_replace('>', ' ASC', $criteria_list); $criteria_list = str_replace('<', ' DESC', $criteria_list); return $criteria_list; }",True,PHP,commit_criteria_list_to_query,commit_utils.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2020-08-12 12:57:32+02:00,"request #16214: SQL injection in CVS revisions browser Also fixes a reflected XSS via the same injection point. Change-Id: I4e4d5132e748f57db46f4b685cc18e577ed5496f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41155,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12575,"function cvs_get_revisions(&$project, $offset, $chunksz, $_tag = 100, $_branch = 100, $_commit_id = '', $_commiter = 100, $_srch = '', $order_by = '', $pv = 0) { if ($_branch != 100) { $branch_str = ""AND cvs_checkins.branchid="" . db_ei($_branch); } else { $branch_str = ''; } if ($_commit_id != '') { $_commit_id = db_ei($_commit_id); $commit_str = ""AND cvs_commits.id=$_commit_id AND cvs_checkins.commitid != 0 ""; } else { $commit_str = ''; } if ($_commiter != 100) { $_commiter = db_es($_commiter); $commiter_str = ""AND user.user_id=cvs_checkins.whoid "" . ""AND user.user_name='$_commiter' ""; } else { $commiter_str = ''; } if ($_srch != '') { $_srch = db_es('%' . $_srch . '%'); $srch_str = ""AND cvs_descs.description like '$_srch' ""; } else { $srch_str = """"; } $cvs_repository = db_es('/cvsroot/' . $project->getUnixName(false)); $query = ""SELECT id from cvs_repositories where cvs_repositories.repository='$cvs_repository' ""; $rs = db_query($query); $repo_id = db_result($rs, 0, 0); $repo_id = $repo_id ? $repo_id : -1; $select = 'SELECT distinct cvs_checkins.commitid as id, cvs_checkins.commitid as revision, cvs_descs.id as did, cvs_descs.description, cvs_commits.comm_when as c_when, cvs_commits.comm_when as date, cvs_commits.comm_when as f_when, user.user_name as who '; $from = ""FROM cvs_descs, cvs_checkins, user, cvs_commits ""; $where = ""WHERE cvs_checkins.descid=cvs_descs.id "" . ""AND "" . (check_cvs_access(user_getname(), $project->getUnixName(false), '') ? 1 : 0) . "" "" .",True,PHP,cvs_get_revisions,commit_utils.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2020-08-12 12:57:32+02:00,"request #16214: SQL injection in CVS revisions browser Also fixes a reflected XSS via the same injection point. Change-Id: I4e4d5132e748f57db46f4b685cc18e577ed5496f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41155,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12577,"$project = $pm->getProject($project_id); if ($project->usesSVN()) { $html .= '
    '; list($hide_now,$count_diff,$hide_url) = my_hide_url('my_svn_group', $project_id, $request->get('hide_item_id'), count($project_ids), $request->get('hide_my_svn_group'), $request->get('dashboard_id')); $html .= $hide_url; $html .= '' . $hp->purify($project->getPublicName()) . ''; if (! $hide_now) { list($latest_revisions, $nb_revisions) = svn_get_revisions($project, 0, $this->_nb_svn_commits, '', $user->getUserName(), '', '', 0, false); $revision_total += $nb_revisions; if (db_numrows($latest_revisions) > 0) { $i = 0; while ($data = db_fetch_array($latest_revisions)) { $html .= '
    _getLinkToCommit($project->getGroupId(), $data['revision']) . '"">rev $html .= ' ' . $GLOBALS['Language']->getText('my_index', 'my_latest_svn_commit_on') . ' '; $html .= format_date($GLOBALS['Language']->getText('system', 'datefmt'), (is_numeric($data['date']) ? $data['date'] : strtotime($data['date']))); $html .= ' ' . $GLOBALS['Language']->getText('my_index', 'my_latest_svn_commit_by') . ' '; if (isset($data['whoid'])) { $name = $uh->getDisplayNameFromUserId($data['whoid']); } else { $name = $uh->getDisplayNameFromUserName($data['who']); } $html .= $hp->purify($name, CODENDI_PURIFIER_CONVERT_HTML); $html .= '
    '; $html .= '
    purify(substr($data['description'], 0, 255), CODENDI_PURIFIER_BASIC_NOBR, $project->getGroupId()); if (strlen($data['description']) > 255) { $html .= ' [...]'; } $html .= '
    '; $html .= '
    '; } $html .= ''; } else { $html .= '
    ' . $GLOBALS['Language']->getText('my_index', 'my_latest_commit_empty') . '
    '; } } else { $html .= '
    '; } $html .= ''; } } if ($revision_total === 0) { $html .= $GLOBALS['Language']->getText('my_index', 'my_latest_commit_empty'); } return $html; }",True,PHP,getProject,Widget_MyLatestSvnCommits.class.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2020-08-12 13:01:20+02:00,"request #16213: SQL injection in the ""SVN core"" commits browser Also fixes a XSS via the same injection point. Change-Id: Ib33199b7d0ec5f8a07a65d74766477f23df4a75b",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41154,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12578,"public function getLatestRevisions() { if (! $this->latest_revisions) { $pm = ProjectManager::instance(); $project = $pm->getProject($this->group_id); if ($project && $this->canBeUsedByProject($project)) { list($this->latest_revisions,) = svn_get_revisions($project, 0, 5, '', '', '', '', 0, false); } } return $this->latest_revisions; }",True,PHP,getLatestRevisions,Widget_ProjectLatestSvnCommits.class.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2020-08-12 13:01:20+02:00,"request #16213: SQL injection in the ""SVN core"" commits browser Also fixes a XSS via the same injection point. Change-Id: Ib33199b7d0ec5f8a07a65d74766477f23df4a75b",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41154,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12580,"public function getRawRevisionsAndCount($limit, PFUser $author) { return svn_get_revisions( $this->project, 0, $limit, '', $author->getUserName(), '', '', 0, false ); }",True,PHP,getRawRevisionsAndCount,SVN_LogFactory.class.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2020-08-12 13:01:20+02:00,"request #16213: SQL injection in the ""SVN core"" commits browser Also fixes a XSS via the same injection point. Change-Id: Ib33199b7d0ec5f8a07a65d74766477f23df4a75b",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41154,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12584,"function svn_utils_criteria_list_to_query($criteria_list) { $criteria_list = str_replace('>', ' ASC', $criteria_list); $criteria_list = str_replace('<', ' DESC', $criteria_list); return $criteria_list; }",True,PHP,svn_utils_criteria_list_to_query,svn_utils.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2020-08-12 13:01:20+02:00,"request #16213: SQL injection in the ""SVN core"" commits browser Also fixes a XSS via the same injection point. Change-Id: Ib33199b7d0ec5f8a07a65d74766477f23df4a75b",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41154,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12586,"public static function validateSignature(array $data, XMLSecurityKey $key) { assert('array_key_exists(""Query"", $data)'); assert('array_key_exists(""SigAlg"", $data)'); assert('array_key_exists(""Signature"", $data)'); $query = $data['Query']; $sigAlg = $data['SigAlg']; $signature = $data['Signature']; $signature = base64_decode($signature); if ($key->type !== XMLSecurityKey::RSA_SHA1) { throw new \Exception('Invalid key type for validating signature on query string.'); } if ($key->type !== $sigAlg) { $key = Utils::castKey($key, $sigAlg); } if (!$key->verifySignature($query, $signature)) { throw new \Exception('Unable to validate signature on query string.'); } }",True,PHP,validateSignature,HTTPRedirect.php,https://github.com/simplesamlphp/saml2,simplesamlphp,Jaime Pérez Crespo,2018-03-02 15:30:38+01:00,Be strict when checking return values.,CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2018-7711,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12588,"public function column_description( $item ) { $return = $item->object_name; switch ( $item->object_type ) { case 'Post' : $return = sprintf( '%s', get_edit_post_link( $item->object_id ), $item->object_name ); break; case 'Taxonomy' : if ( ! empty( $item->object_id ) ) $return = sprintf( '%s', get_edit_term_link( $item->object_id, $item->object_subtype ), $item->object_name ); break; case 'Comments' : if ( ! empty( $item->object_id ) && $comment = get_comment( $item->object_id ) ) { $return = sprintf( '%s } break; case 'Export' : if ( 'all' === $item->object_name ) { $return = __( 'All', 'aryo-activity-log' ); } else { $pt = get_post_type_object( $item->object_name ); $return = ! empty( $pt->label ) ? $pt->label : $item->object_name; } break; case 'Options' : case 'Core' : $return = __( $item->object_name, 'aryo-activity-log' ); break; } $return = apply_filters( 'aal_table_list_column_description', $return, $item ); return $return; }",True,PHP,column_description,class-aal-activity-log-list-table.php,https://github.com/pojome/activity-log,pojome,Yakir Sitbon,2018-03-08 13:37:03+02:00,Fix potential security issue,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-8729,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12590,"protected function _add_log_attachment( $action, $attachment_id ) { $post = get_post( $attachment_id ); aal_insert_log( array( 'action' => $action, 'object_type' => 'Attachment', 'object_subtype' => $post->post_type, 'object_id' => $attachment_id, 'object_name' => get_the_title( $post->ID ), ) ); }",True,PHP,_add_log_attachment,class-aal-hook-attachment.php,https://github.com/pojome/activity-log,pojome,Yakir Sitbon,2018-03-08 13:37:03+02:00,Fix potential security issue,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-8729,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12592,"protected function _add_comment_log( $id, $action, $comment = null ) { if ( is_null( $comment ) ) $comment = get_comment( $id ); aal_insert_log( array( 'action' => $action, 'object_type' => 'Comments', 'object_subtype' => get_post_type( $comment->comment_post_ID ), 'object_name' => get_the_title( $comment->comment_post_ID ), 'object_id' => $id, ) ); }",True,PHP,_add_comment_log,class-aal-hook-comments.php,https://github.com/pojome/activity-log,pojome,Yakir Sitbon,2018-03-08 13:37:03+02:00,Fix potential security issue,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-8729,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12595,"protected function _draft_or_post_title( $post = 0 ) { $title = get_the_title( $post ); if ( empty( $title ) ) $title = __( '(no title)', 'aryo-activity-log' ); return $title; }",True,PHP,_draft_or_post_title,class-aal-hook-posts.php,https://github.com/pojome/activity-log,pojome,Yakir Sitbon,2018-03-08 13:37:03+02:00,Fix potential security issue,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-8729,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12597,app('files')->delete(LaravelLogViewer::pathToLogFile(base64_decode($this->request->input('del'))));,True,PHP,delete,LogViewerController.php,https://github.com/rap2hpoutre/laravel-log-viewer,rap2hpoutre,rap2h,2018-03-07 10:16:17+01:00,security fix,CWE-312,Cleartext Storage of Sensitive Information,The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.,https://cwe.mitre.org/data/definitions/312.html,CVE-2018-8947,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12600,"$tmpfname = $tempDir . DIRECTORY_SEPARATOR . 'ELF_FATCH_' . md5($url . microtime(true)); $GLOBALS['elFinderTempFiles'][$tmpfname] = true; $_name = ''; if (substr($url, 0, 5) === 'data:') { list($data, $args['name'][$i]) = $this->parse_data_scheme($url, $extTable, $args); } else { $fp = fopen($tmpfname, 'wb'); $data = $this->get_remote_contents($url, 30, 5, 'Mozilla/5.0', $fp); elFinder::checkAborted(); $_name = preg_replace('~^.*?([^/ if ($data && ($headers = get_headers($url, true)) && !empty($headers['Content-Disposition'])) { if (preg_match('/filename\*=(?:([a-zA-Z0-9_-]+?)\'\')""?([a-z0-9_.~%-]+)""?/i', $headers['Content-Disposition'], $m)) { $_name = rawurldecode($m[2]); if ($m[1] && strtoupper($m[1]) !== 'UTF-8' && function_exists('mb_convert_encoding')) { $_name = mb_convert_encoding($_name, 'UTF-8', $m[1]); } } else if (preg_match('/filename=""?([ a-z0-9_.~%-]+)""?/i', $headers['Content-Disposition'], $m)) { $_name = rawurldecode($m[1]); } } } if ($data) { if (isset($args['name'][$i])) { $_name = $args['name'][$i]; } if ($_name) { $_ext = ''; if (preg_match('/(\.[a-z0-9]{1,7})$/', $_name, $_match)) { $_ext = $_match[1]; } if ((is_resource($data) && fclose($data)) || file_put_contents($tmpfname, $data)) { $GLOBALS['elFinderTempFiles'][$tmpfname] = true; $_name = preg_replace($ngReg, '_', $_name); list($_a, $_b) = array_pad(explode('.', $_name, 2), 2, ''); if ($_b === '') { if ($_ext) { rename($tmpfname, $tmpfname . $_ext); $tmpfname = $tmpfname . $_ext; } $_b = $this->detectFileExtension($volume, $tmpfname, $_name); $_name = $_a . $_b; } else { $_b = '.' . $_b; } if (isset($names[$_name])) { $_name = $_a . '_' . $names[$_name]++ . $_b; } else { $names[$_name] = 1; } $files['tmp_name'][$i] = $tmpfname; $files['name'][$i] = $_name; $files['error'][$i] = 0; $volume->setUploadOverwrite(false); } else { unlink($tmpfname); } } } } } if (empty($files)) { return array_merge(array('error' => $this->error(self::ERROR_UPLOAD, self::ERROR_UPLOAD_NO_FILES)), $header); } }",True,PHP,$tempDir.DIRECTORY_SEPARATOR.'ELF_FATCH_'.md5,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,nao-pon,2019-01-09 16:59:37+09:00,"[php:core:security] fix information leakage vulnerability elFinder <= 2.1.44 PHP connector has high severity security vulnerability to information leakage. This vulnerability is affected on environments in which the curl extension of PHP is enabled and safe_mode or open_basedir is not set. To fix this vulnerability with this commit. We would like to express our special thanks to Ravindra Rajaram (ravindra.rajaram@broadcom.com) and Hamsalekha Madiraju (hamsalekha.madiraju@broadcom.com) who reported this vulnerability.",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2019-5884,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12601,"protected function get_remote_contents(&$url, $timeout = 30, $redirect_max = 5, $ua = 'Mozilla/5.0', $fp = null) { $method = (function_exists('curl_exec') && !ini_get('safe_mode') && !ini_get('open_basedir')) ? 'curl_get_contents' : 'fsock_get_contents'; return $this->$method($url, $timeout, $redirect_max, $ua, $fp); }",True,PHP,get_remote_contents,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,nao-pon,2019-01-09 16:59:37+09:00,"[php:core:security] fix information leakage vulnerability elFinder <= 2.1.44 PHP connector has high severity security vulnerability to information leakage. This vulnerability is affected on environments in which the curl extension of PHP is enabled and safe_mode or open_basedir is not set. To fix this vulnerability with this commit. We would like to express our special thanks to Ravindra Rajaram (ravindra.rajaram@broadcom.com) and Hamsalekha Madiraju (hamsalekha.madiraju@broadcom.com) who reported this vulnerability.",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2019-5884,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12603,"protected function get_remote_contents(&$url, $timeout = 30, $redirect_max = 5, $ua = 'Mozilla/5.0', $fp = null) { if (preg_match('~^(?:ht|f)tps?: $info = parse_url($url); $host = strtolower($info['host']); if (preg_match('/^\[.*\]$/', $host)) { return false; } if (strpos($host, '.') === false) { return false; } if (strpos($host, 'localhost') !== false) { return false; } if (preg_match('/^(?:127|0177|0x7f)\.[0-9a-fx.]+$/', $host)) { return false; } if ($this->urlUploadFilter && is_callable($this->urlUploadFilter)) { if (!call_user_func_array($this->urlUploadFilter, array($url, $this))) { return false; } } $method = (function_exists('curl_exec') && !ini_get('safe_mode') && !ini_get('open_basedir')) ? 'curl_get_contents' : 'fsock_get_contents'; return $this->$method($url, $timeout, $redirect_max, $ua, $fp); } return false; }",True,PHP,get_remote_contents,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,nao-pon,2019-01-13 18:51:30+09:00,"[php:core:security] fix SSRF vulnerability of `get_remote_contents()` We express special gratitude to Do Ha Anh of Viettel Cyber Security Center, the reporter of this vulnerability.",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2019-6257,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12607,"protected function get_remote_contents(&$url, $timeout = 30, $redirect_max = 5, $ua = 'Mozilla/5.0', $fp = null) { if (preg_match('~^(?:ht|f)tps?: $info = parse_url($url); $host = trim(strtolower($info['host']), '.'); if (preg_match('/^\[.*\]$/', $host)) { return false; } if (strpos($host, '.') === false) { return false; } if (strpos($host, '%') !== false) { return false; } if (preg_match('/\b(?:localhost|localdomain)\b/', $host)) { return false; } if (preg_match('/0x[0-9a-f]+|[0-9]+(?:\.(?:0x[0-9a-f]+|[0-9]+)){1,3}/', $host)) { $host = gethostbyname($host); } if (preg_match('/^0x[0-9a-f]+|[0-9]+(?:\.(?:0x[0-9a-f]+|[0-9]+)){1,3}$/', $host, $m)) { $long = (int)sprintf('%u', ip2long($host)); if (!$long) { return false; } $local = (int)sprintf('%u', ip2long('127.255.255.255')) >> 24; $prv1 = (int)sprintf('%u', ip2long('10.255.255.255')) >> 24; $prv2 = (int)sprintf('%u', ip2long('172.31.255.255')) >> 20; $prv3 = (int)sprintf('%u', ip2long('192.168.255.255')) >> 16; $link = (int)sprintf('%u', ip2long('169.254.255.255')) >> 16; if ($long >> 24 === $local || $long >> 24 === $prv1 || $long >> 20 === $prv2 || $long >> 16 === $prv3 || $long >> 16 === $link) { return false; } } $url = $info['scheme'].':",True,PHP,get_remote_contents,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12608,"protected function get_remote_contents(&$url, $timeout = 30, $redirect_max = 5, $ua = 'Mozilla/5.0', $fp = null) { if (preg_match('~^(?:ht|f)tps?: $info = parse_url($url); $host = trim(strtolower($info['host']), '.'); if (preg_match('/^\[.*\]$/', $host)) { return false; } if (strpos($host, '.') === false) { return false; } if (strpos($host, '%') !== false) { return false; } if (preg_match('/\b(?:localhost|localdomain)\b/', $host)) { return false; } if (preg_match('/0x[0-9a-f]+|[0-9]+(?:\.(?:0x[0-9a-f]+|[0-9]+)){1,3}/', $host)) { $host = gethostbyname($host); } if (preg_match('/^0x[0-9a-f]+|[0-9]+(?:\.(?:0x[0-9a-f]+|[0-9]+)){1,3}$/', $host, $m)) { $long = (int)sprintf('%u', ip2long($host)); if (!$long) { return false; } $local = (int)sprintf('%u', ip2long('127.255.255.255')) >> 24; $prv1 = (int)sprintf('%u', ip2long('10.255.255.255')) >> 24; $prv2 = (int)sprintf('%u', ip2long('172.31.255.255')) >> 20; $prv3 = (int)sprintf('%u', ip2long('192.168.255.255')) >> 16; $link = (int)sprintf('%u', ip2long('169.254.255.255')) >> 16; if ($long >> 24 === $local || $long >> 24 === $prv1 || $long >> 20 === $prv2 || $long >> 16 === $prv3 || $long >> 16 === $link) { return false; } } $url = $info['scheme'].':",True,PHP,get_remote_contents,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12609,"protected function get_remote_contents(&$url, $timeout = 30, $redirect_max = 5, $ua = 'Mozilla/5.0', $fp = null) { if (preg_match('~^(?:ht|f)tps?: $info = parse_url($url); $host = trim(strtolower($info['host']), '.'); if (preg_match('/^\[.*\]$/', $host)) { return false; } if (strpos($host, '.') === false) { return false; } if (strpos($host, '%') !== false) { return false; } if (preg_match('/\b(?:localhost|localdomain)\b/', $host)) { return false; } if (preg_match('/0x[0-9a-f]+|[0-9]+(?:\.(?:0x[0-9a-f]+|[0-9]+)){1,3}/', $host)) { $host = gethostbyname($host); } if (preg_match('/^0x[0-9a-f]+|[0-9]+(?:\.(?:0x[0-9a-f]+|[0-9]+)){1,3}$/', $host, $m)) { $long = (int)sprintf('%u', ip2long($host)); if (!$long) { return false; } $local = (int)sprintf('%u', ip2long('127.255.255.255')) >> 24; $prv1 = (int)sprintf('%u', ip2long('10.255.255.255')) >> 24; $prv2 = (int)sprintf('%u', ip2long('172.31.255.255')) >> 20; $prv3 = (int)sprintf('%u', ip2long('192.168.255.255')) >> 16; $link = (int)sprintf('%u', ip2long('169.254.255.255')) >> 16; if ($long >> 24 === $local || $long >> 24 === $prv1 || $long >> 20 === $prv2 || $long >> 16 === $prv3 || $long >> 16 === $link) { return false; } } $url = $info['scheme'].':",True,PHP,get_remote_contents,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12613,"protected function curl_get_contents(&$url, $timeout, $redirect_max, $ua, $outfp) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, false); if ($outfp) { curl_setopt($ch, CURLOPT_FILE, $outfp); } else { curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); } curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 1); curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, $timeout); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_MAXREDIRS, $redirect_max); curl_setopt($ch, CURLOPT_USERAGENT, $ua); $result = curl_exec($ch); $url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL); curl_close($ch); return $outfp ? $outfp : $result; }",True,PHP,curl_get_contents,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12614,"protected function curl_get_contents(&$url, $timeout, $redirect_max, $ua, $outfp) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, false); if ($outfp) { curl_setopt($ch, CURLOPT_FILE, $outfp); } else { curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); } curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 1); curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, $timeout); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_MAXREDIRS, $redirect_max); curl_setopt($ch, CURLOPT_USERAGENT, $ua); $result = curl_exec($ch); $url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL); curl_close($ch); return $outfp ? $outfp : $result; }",True,PHP,curl_get_contents,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12615,"protected function curl_get_contents(&$url, $timeout, $redirect_max, $ua, $outfp) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, false); if ($outfp) { curl_setopt($ch, CURLOPT_FILE, $outfp); } else { curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); } curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 1); curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, $timeout); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_MAXREDIRS, $redirect_max); curl_setopt($ch, CURLOPT_USERAGENT, $ua); $result = curl_exec($ch); $url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL); curl_close($ch); return $outfp ? $outfp : $result; }",True,PHP,curl_get_contents,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12622,"protected function itemLock($hashes, $autoUnlock = true) { if (!elFinder::$commonTempPath) { return; } if (!is_array($hashes)) { $hashes = array($hashes); } foreach ($hashes as $hash) { $lock = elFinder::$commonTempPath . DIRECTORY_SEPARATOR . $hash . '.lock'; if ($this->itemLocked($hash)) { $cnt = file_get_contents($lock) + 1; } else { $cnt = 1; } if (file_put_contents($lock, $cnt, LOCK_EX)) { if ($autoUnlock) { $this->autoUnlocks[] = $hash; } } } }",True,PHP,itemLock,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12623,"protected function itemLock($hashes, $autoUnlock = true) { if (!elFinder::$commonTempPath) { return; } if (!is_array($hashes)) { $hashes = array($hashes); } foreach ($hashes as $hash) { $lock = elFinder::$commonTempPath . DIRECTORY_SEPARATOR . $hash . '.lock'; if ($this->itemLocked($hash)) { $cnt = file_get_contents($lock) + 1; } else { $cnt = 1; } if (file_put_contents($lock, $cnt, LOCK_EX)) { if ($autoUnlock) { $this->autoUnlocks[] = $hash; } } } }",True,PHP,itemLock,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12624,"protected function itemLock($hashes, $autoUnlock = true) { if (!elFinder::$commonTempPath) { return; } if (!is_array($hashes)) { $hashes = array($hashes); } foreach ($hashes as $hash) { $lock = elFinder::$commonTempPath . DIRECTORY_SEPARATOR . $hash . '.lock'; if ($this->itemLocked($hash)) { $cnt = file_get_contents($lock) + 1; } else { $cnt = 1; } if (file_put_contents($lock, $cnt, LOCK_EX)) { if ($autoUnlock) { $this->autoUnlocks[] = $hash; } } } }",True,PHP,itemLock,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12628,"protected function fsock_get_contents(&$url, $timeout, $redirect_max, $ua, $outfp) { $connect_timeout = 3; $connect_try = 3; $method = 'GET'; $readsize = 4096; $ssl = ''; $getSize = null; $headers = ''; $arr = parse_url($url); if (!$arr) { return false; } if ($arr['scheme'] === 'https') { $ssl = 'ssl: } $arr['query'] = isset($arr['query']) ? '?' . $arr['query'] : ''; $port = isset($arr['port']) ? $arr['port'] : ''; $arr['port'] = $port ? $port : ($ssl ? 443 : 80); $url_base = $arr['scheme'] . ':",True,PHP,fsock_get_contents,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12629,"protected function fsock_get_contents(&$url, $timeout, $redirect_max, $ua, $outfp) { $connect_timeout = 3; $connect_try = 3; $method = 'GET'; $readsize = 4096; $ssl = ''; $getSize = null; $headers = ''; $arr = parse_url($url); if (!$arr) { return false; } if ($arr['scheme'] === 'https') { $ssl = 'ssl: } $arr['query'] = isset($arr['query']) ? '?' . $arr['query'] : ''; $port = isset($arr['port']) ? $arr['port'] : ''; $arr['port'] = $port ? $port : ($ssl ? 443 : 80); $url_base = $arr['scheme'] . ':",True,PHP,fsock_get_contents,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12630,"protected function fsock_get_contents(&$url, $timeout, $redirect_max, $ua, $outfp) { $connect_timeout = 3; $connect_try = 3; $method = 'GET'; $readsize = 4096; $ssl = ''; $getSize = null; $headers = ''; $arr = parse_url($url); if (!$arr) { return false; } if ($arr['scheme'] === 'https') { $ssl = 'ssl: } $arr['query'] = isset($arr['query']) ? '?' . $arr['query'] : ''; $port = isset($arr['port']) ? $arr['port'] : ''; $arr['port'] = $port ? $port : ($ssl ? 443 : 80); $url_base = $arr['scheme'] . ':",True,PHP,fsock_get_contents,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12631,protected function itemLocked($hash) { if (!elFinder::$commonTempPath) { return false; } $lock = elFinder::$commonTempPath . DIRECTORY_SEPARATOR . $hash . '.lock'; if (file_exists($lock)) { if (filemtime($lock) + $this->itemLockExpire < time()) { unlink($lock); return false; } return true; } return false; },True,PHP,itemLocked,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12632,protected function itemLocked($hash) { if (!elFinder::$commonTempPath) { return false; } $lock = elFinder::$commonTempPath . DIRECTORY_SEPARATOR . $hash . '.lock'; if (file_exists($lock)) { if (filemtime($lock) + $this->itemLockExpire < time()) { unlink($lock); return false; } return true; } return false; },True,PHP,itemLocked,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12633,protected function itemLocked($hash) { if (!elFinder::$commonTempPath) { return false; } $lock = elFinder::$commonTempPath . DIRECTORY_SEPARATOR . $hash . '.lock'; if (file_exists($lock)) { if (filemtime($lock) + $this->itemLockExpire < time()) { unlink($lock); return false; } return true; } return false; },True,PHP,itemLocked,elFinder.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12646,"$arcs['create']['application/x-rar'] = array('cmd' => ELFINDER_RAR_PATH, 'argc' => 'a -inul' . (defined('ELFINDER_RAR_MA4') && ELFINDER_RAR_MA4? ' -ma4' : ''), 'ext' => 'rar');",True,PHP,],elFinderVolumeDriver.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12647,"$arcs['create']['application/x-rar'] = array('cmd' => ELFINDER_RAR_PATH, 'argc' => 'a -inul' . (defined('ELFINDER_RAR_MA4') && ELFINDER_RAR_MA4? ' -ma4' : ''), 'ext' => 'rar');",True,PHP,],elFinderVolumeDriver.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function update_option_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $opt = new option_master($id); $oldtitle = $opt->title; $opt->update($this->params); if ($oldtitle != $opt->title) { }$db->sql('UPDATE '.$db->prefix.'option SET title=""'.$opt->title.'"" WHERE option_master_id='.$opt->id); expHistory::back(); }" 12648,"$arcs['create']['application/x-rar'] = array('cmd' => ELFINDER_RAR_PATH, 'argc' => 'a -inul' . (defined('ELFINDER_RAR_MA4') && ELFINDER_RAR_MA4? ' -ma4' : ''), 'ext' => 'rar');",True,PHP,],elFinderVolumeDriver.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12652,"$files[$i] = '.' . DIRECTORY_SEPARATOR . basename($file); } $files = array_map('escapeshellarg', $files); $cmd = $arc['cmd'] . ' ' . $arc['argc'] . ' ' . escapeshellarg($name) . ' ' . implode(' ', $files); $err_out = ''; $this->procExec($cmd, $o, $c, $err_out, $dir); chdir($cwd); } else { return false; } } $path = $dir . DIRECTORY_SEPARATOR . $name; return file_exists($path) ? $path : false; }",True,PHP,'.'.DIRECTORY_SEPARATOR.basename,elFinderVolumeDriver.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12653,"$files[$i] = '.' . DIRECTORY_SEPARATOR . basename($file); } $files = array_map('escapeshellarg', $files); $cmd = $arc['cmd'] . ' ' . $arc['argc'] . ' ' . escapeshellarg($name) . ' ' . implode(' ', $files); $err_out = ''; $this->procExec($cmd, $o, $c, $err_out, $dir); chdir($cwd); } else { return false; } } $path = $dir . DIRECTORY_SEPARATOR . $name; return file_exists($path) ? $path : false; }",True,PHP,'.'.DIRECTORY_SEPARATOR.basename,elFinderVolumeDriver.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12654,"$files[$i] = '.' . DIRECTORY_SEPARATOR . basename($file); } $files = array_map('escapeshellarg', $files); $cmd = $arc['cmd'] . ' ' . $arc['argc'] . ' ' . escapeshellarg($name) . ' ' . implode(' ', $files); $err_out = ''; $this->procExec($cmd, $o, $c, $err_out, $dir); chdir($cwd); } else { return false; } } $path = $dir . DIRECTORY_SEPARATOR . $name; return file_exists($path) ? $path : false; }",True,PHP,'.'.DIRECTORY_SEPARATOR.basename,elFinderVolumeDriver.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12655,"protected function remove($path, $force = false) { $stat = $this->stat($path); if (empty($stat)) { return $this->setError(elFinder::ERROR_RM, $path, elFinder::ERROR_FILE_NOT_FOUND); } $stat['realpath'] = $path; $this->rmTmb($stat); $this->clearcache(); if (!$force && !empty($stat['locked'])) { return $this->setError(elFinder::ERROR_LOCKED, $this->path($stat['hash'])); } if ($stat['mime'] == 'directory' && empty($stat['thash'])) { $ret = $this->delTree($this->convEncIn($path)); $this->convEncOut(); if (!$ret) { return $this->setError(elFinder::ERROR_RM, $this->path($stat['hash'])); } } else { if ($this->convEncOut(!$this->_unlink($this->convEncIn($path)))) { return $this->setError(elFinder::ERROR_RM, $this->path($stat['hash'])); } $this->clearstatcache(); } $this->removed[] = $stat; return true; }",True,PHP,remove,elFinderVolumeDriver.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12656,"protected function remove($path, $force = false) { $stat = $this->stat($path); if (empty($stat)) { return $this->setError(elFinder::ERROR_RM, $path, elFinder::ERROR_FILE_NOT_FOUND); } $stat['realpath'] = $path; $this->rmTmb($stat); $this->clearcache(); if (!$force && !empty($stat['locked'])) { return $this->setError(elFinder::ERROR_LOCKED, $this->path($stat['hash'])); } if ($stat['mime'] == 'directory' && empty($stat['thash'])) { $ret = $this->delTree($this->convEncIn($path)); $this->convEncOut(); if (!$ret) { return $this->setError(elFinder::ERROR_RM, $this->path($stat['hash'])); } } else { if ($this->convEncOut(!$this->_unlink($this->convEncIn($path)))) { return $this->setError(elFinder::ERROR_RM, $this->path($stat['hash'])); } $this->clearstatcache(); } $this->removed[] = $stat; return true; }",True,PHP,remove,elFinderVolumeDriver.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12657,"protected function remove($path, $force = false) { $stat = $this->stat($path); if (empty($stat)) { return $this->setError(elFinder::ERROR_RM, $path, elFinder::ERROR_FILE_NOT_FOUND); } $stat['realpath'] = $path; $this->rmTmb($stat); $this->clearcache(); if (!$force && !empty($stat['locked'])) { return $this->setError(elFinder::ERROR_LOCKED, $this->path($stat['hash'])); } if ($stat['mime'] == 'directory' && empty($stat['thash'])) { $ret = $this->delTree($this->convEncIn($path)); $this->convEncOut(); if (!$ret) { return $this->setError(elFinder::ERROR_RM, $this->path($stat['hash'])); } } else { if ($this->convEncOut(!$this->_unlink($this->convEncIn($path)))) { return $this->setError(elFinder::ERROR_RM, $this->path($stat['hash'])); } $this->clearstatcache(); } $this->removed[] = $stat; return true; }",True,PHP,remove,elFinderVolumeDriver.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12661,"public function __construct() { $this->options['alias'] = ''; $this->options['dirMode'] = 0755; $this->options['fileMode'] = 0644; $this->options['quarantine'] = '.quarantine'; $this->options['rootCssClass'] = 'elfinder-navbar-root-local'; $this->options['followSymLinks'] = true; $this->options['detectDirIcon'] = ''; $this->options['keepTimestamp'] = array('copy', 'move'); $this->options['substituteImg'] = true; $this->options['statCorrector'] = null; }",True,PHP,__construct,elFinderVolumeLocalFileSystem.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12662,"public function __construct() { $this->options['alias'] = ''; $this->options['dirMode'] = 0755; $this->options['fileMode'] = 0644; $this->options['quarantine'] = '.quarantine'; $this->options['rootCssClass'] = 'elfinder-navbar-root-local'; $this->options['followSymLinks'] = true; $this->options['detectDirIcon'] = ''; $this->options['keepTimestamp'] = array('copy', 'move'); $this->options['substituteImg'] = true; $this->options['statCorrector'] = null; }",True,PHP,__construct,elFinderVolumeLocalFileSystem.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12663,"public function __construct() { $this->options['alias'] = ''; $this->options['dirMode'] = 0755; $this->options['fileMode'] = 0644; $this->options['quarantine'] = '.quarantine'; $this->options['rootCssClass'] = 'elfinder-navbar-root-local'; $this->options['followSymLinks'] = true; $this->options['detectDirIcon'] = ''; $this->options['keepTimestamp'] = array('copy', 'move'); $this->options['substituteImg'] = true; $this->options['statCorrector'] = null; }",True,PHP,__construct,elFinderVolumeLocalFileSystem.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12667,"protected function _joinPath($dir, $name) { return rtrim($dir, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . $name; }",True,PHP,_joinPath,elFinderVolumeLocalFileSystem.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12668,"protected function _joinPath($dir, $name) { return rtrim($dir, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . $name; }",True,PHP,_joinPath,elFinderVolumeLocalFileSystem.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12669,"protected function _joinPath($dir, $name) { return rtrim($dir, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . $name; }",True,PHP,_joinPath,elFinderVolumeLocalFileSystem.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12679,"protected function _move($source, $targetDir, $name) { $target = $this->_joinPath($targetDir, $name); return $this->connect->rename($source, $target) ? $target : false; }",True,PHP,_move,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12680,"protected function _move($source, $targetDir, $name) { $target = $this->_joinPath($targetDir, $name); return $this->connect->rename($source, $target) ? $target : false; }",True,PHP,_move,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12681,"protected function _move($source, $targetDir, $name) { $target = $this->_joinPath($targetDir, $name); return $this->connect->rename($source, $target) ? $target : false; }",True,PHP,_move,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12688,"protected function _mkdir($path, $name) { $path = $this->_joinPath($path, $name); if ($this->connect->mkdir($path) === false) { return false; } $this->options['dirMode'] && $this->connect->chmod($this->options['dirMode'], $path); return $path; }",True,PHP,_mkdir,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12689,"protected function _mkdir($path, $name) { $path = $this->_joinPath($path, $name); if ($this->connect->mkdir($path) === false) { return false; } $this->options['dirMode'] && $this->connect->chmod($this->options['dirMode'], $path); return $path; }",True,PHP,_mkdir,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12690,"protected function _mkdir($path, $name) { $path = $this->_joinPath($path, $name); if ($this->connect->mkdir($path) === false) { return false; } $this->options['dirMode'] && $this->connect->chmod($this->options['dirMode'], $path); return $path; }",True,PHP,_mkdir,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12691,"protected function _mkfile($path, $name) { $path = $this->_joinPath($path, $name); return $this->connect->put($path, '') ? $path : false; }",True,PHP,_mkfile,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12692,"protected function _mkfile($path, $name) { $path = $this->_joinPath($path, $name); return $this->connect->put($path, '') ? $path : false; }",True,PHP,_mkfile,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12693,"protected function _mkfile($path, $name) { $path = $this->_joinPath($path, $name); return $this->connect->put($path, '') ? $path : false; }",True,PHP,_mkfile,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12694,"protected function _save($fp, $dir, $name, $stat) { $path = $this->_joinPath($dir, $name); return $this->connect->put($path, $fp) ? $path : false; }",True,PHP,_save,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12695,"protected function _save($fp, $dir, $name, $stat) { $path = $this->_joinPath($dir, $name); return $this->connect->put($path, $fp) ? $path : false; }",True,PHP,_save,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12696,"protected function _save($fp, $dir, $name, $stat) { $path = $this->_joinPath($dir, $name); return $this->connect->put($path, $fp) ? $path : false; }",True,PHP,_save,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12697,"protected function _copy($source, $targetDir, $name) { $res = false; $target = $this->_joinPath($targetDir, $name); if ($this->tmp) { $local = $this->getTempFile(); if ($this->connect->get($source, $local) && $this->connect->put($target, $local, NET_SFTP_LOCAL_FILE)) { $res = true; } unlink($local); } else { $res = $this->_filePutContents($target, $this->_getContents($source)); } return $res; }",True,PHP,_copy,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12698,"protected function _copy($source, $targetDir, $name) { $res = false; $target = $this->_joinPath($targetDir, $name); if ($this->tmp) { $local = $this->getTempFile(); if ($this->connect->get($source, $local) && $this->connect->put($target, $local, NET_SFTP_LOCAL_FILE)) { $res = true; } unlink($local); } else { $res = $this->_filePutContents($target, $this->_getContents($source)); } return $res; }",True,PHP,_copy,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12699,"protected function _copy($source, $targetDir, $name) { $res = false; $target = $this->_joinPath($targetDir, $name); if ($this->tmp) { $local = $this->getTempFile(); if ($this->connect->get($source, $local) && $this->connect->put($target, $local, NET_SFTP_LOCAL_FILE)) { $res = true; } unlink($local); } else { $res = $this->_filePutContents($target, $this->_getContents($source)); } return $res; }",True,PHP,_copy,elFinderVolumeSFTPphpseclib.class.php,https://github.com/Studio-42/elFinder,Studio-42,GitHub,2021-06-13 23:38:02+09:00,"Merge pull request from GHSA-wph3-44rj-92pr * [php] fix multiple vulnerabilities * fix archiver args * fix remote Code Execution of zip command * re-fix remote Code Execution of zip command * re-fix Improper hostname validation in upload and put * re-fix Directory traversal in the actions mkfile and mkdir * Add check targets in archive()",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32682,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12700,"protected function getFullPath($path, $base) { $separator = $this->separator; $systemroot = $this->systemRoot; $base = (string)$base; if ($base[0] === $separator && substr($base, 0, strlen($systemroot)) !== $systemroot) { $base = $systemroot . substr($base, 1); } if ($base !== $systemroot) { $base = rtrim($base, $separator); } if ($path === '' || $path === '.' . $separator) return $base; $sepquoted = preg_quote($separator, '#'); if (substr($path, 0, 3) === '..' . $separator) { $path = $base . $separator . $path; } $normreg = '#(' . $sepquoted . ')[^' . $sepquoted . ']+' . $sepquoted . '\.\.' . $sepquoted . '#'; while (preg_match($normreg, $path)) { $path = preg_replace($normreg, '$1', $path, 1); } if ($path !== $systemroot) { $path = rtrim($path, $separator); } if ($path[0] === $separator || strpos($path, $systemroot) === 0) { return $path; } $preg_separator = '#' . $sepquoted . '#'; if (substr($path, 0, 2) === '.' . $separator || $path[0] !== '.') { $arrn = preg_split($preg_separator, $path, -1, PREG_SPLIT_NO_EMPTY); if ($arrn[0] !== '.') { array_unshift($arrn, '.'); } $arrn[0] = rtrim($base, $separator); return join($separator, $arrn); } return $path; }",True,PHP,getFullPath,elFinderVolumeDriver.class.php,https://github.com/Studio-42/elFinder,Studio-42,nao-pon,2022-03-14 20:59:19+09:00,"[security:CVE-2022-26960] fix a path traversal issue Fixed a paste traversal vulnerability. The problem was getting out of the configured directory and allowing the hosting server's file system to read and write ""arbitrary"" files. Special thanks to Gaetan Ferry (Synacktiv) for reporting this issue.",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-26960,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12705,"static function authenticate() { if (isset($_REQUEST['backend_login'])) { $user = DB_DataObject::factory('users'); $user->active = true; $user->name = $_REQUEST['username']; $user->find(true); $proffered_password = $_REQUEST['password']; if (in_array( $user->password, self::password_hashes($proffered_password, $user->password_salt) )) { if(!preg_match('/(?i)msie /', $_SERVER['HTTP_USER_AGENT'])) { session_regenerate_id(); } $user->login(); return $user; } else { Log::warn(""Failed login for user name '"".$_REQUEST['username'].""' from "" . $_SERVER['REMOTE_ADDR'].' user-agent '.$_SERVER['HTTP_USER_AGENT']); return -1; } } return false; }",True,PHP,authenticate,Users.php,https://github.com/aquaverde/aquarius-core,aquaverde,Stephan Balmer,2015-09-17 14:51:08+02:00,allow login without password in DEV mode,CWE-522,Insufficiently Protected Credentials,"The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.",https://cwe.mitre.org/data/definitions/522.html,CVE-2019-1010308,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12706,"function log($level, $leveltext, $msg) { if ($level >= min($this->loglevel, $this->echolevel, $this->firelevel) && $this->enabled) { $logmessage = """"; $backtrace = """"; $showrequest = false; if ($msg instanceof Exception || $msg instanceof Error) { $excmessage = method_exists($msg, 'getDetailMessage') ? $msg->getDetailMessage() : $msg->getMessage(); $logmessage = $leveltext."": "".$excmessage.""\n"".Log::prettybacktrace($msg->getTrace()); $showrequest = true; } else { $logmessage = $leveltext."": "". print_r($msg,true).""\n""; if ($level == Log::BACKTRACE || $level >= Log::FAIL) { $backtrace = ""\n"".Log::prettybacktrace(); $showrequest = true; } } if (!headers_sent() && $level >= $this->firelevel) { $this->log_firephp($msg,$level); } if ($showrequest && count($_REQUEST) > 0) $logmessage .= ""REQUEST "".print_r($_REQUEST, true); if ($this->file && $level >= $this->loglevel) { $logfile = fopen($this->file, 'a'); if ($logfile) { fwrite($logfile, date(""d.m.Y-H:i:s"")."": $logmessage$backtrace""); fclose($logfile); } } if ($level >= $this->echolevel) { $zeroed = '-​-'; $esc = str_replace('--', $zeroed, str_replace('--', $zeroed, ""$logmessage$backtrace"")); echo """"; } } }",True,PHP,log,log.php,https://github.com/aquaverde/aquarius-core,aquaverde,GitHub,2019-03-15 21:00:06+01:00,Fix CVE-2019-9734,CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2019-9734,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12708,"$ds = AuthLdap::connectToServer($ldap_method[""host""], $ldap_method[""port""], $ldap_method[""rootdn""], Toolbox::decrypt($ldap_method[""rootdn_passwd""], GLPIKEY), $ldap_method[""use_tls""], $ldap_method[""deref_option""]); if ($ds) { $ldapservers_status = true; $params = [ 'method' => AuthLdap::IDENTIFIER_LOGIN, 'fields' => [ AuthLdap::IDENTIFIER_LOGIN => $ldap_method[""login_field""], ], ]; try { $user_dn = AuthLdap::searchUserDn($ds, [ 'basedn' => $ldap_method[""basedn""], 'login_field' => $ldap_method['login_field'], 'search_parameters' => $params, 'condition' => $ldap_method[""condition""], 'user_params' => [ 'method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $login_name ], ]); } catch (\RuntimeException $e) { Toolbox::logError($e->getMessage()); $user_dn = false; } if ($user_dn) { $this->user->fields['auths_id'] = $ldap_method['id']; $this->user->getFromLDAP($ds, $ldap_method, $user_dn['dn'], $login_name, !$this->user_present); break; } } } } if ((count($ldapservers) == 0) && ($authtype == self::EXTERNAL)) { $this->user->getFromSSO(); } else { if ($this->user->fields['authtype'] == self::LDAP) { if (!$ldapservers_status) { $this->auth_succeded = false; $this->addToError(_n('Connection to LDAP directory failed', 'Connection to LDAP directories failed', count($ldapservers))); } else if (!$user_dn && $this->user_present) { $user_deleted_ldap = true; $this->user_deleted_ldap = true; $this->addToError(_n('User not found in LDAP directory', 'User not found in LDAP directories', count($ldapservers))); } } } $this->user->fields['name'] = $login_name; $this->user->fields[""last_login""] = $_SESSION[""glpi_currenttime""]; } else { $this->addToError(__('Empty login or password')); } }",True,PHP,connectToServer,auth.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12711,"static function testLDAPConnection($auths_id, $replicate_id = -1) { $config_ldap = new self(); $res = $config_ldap->getFromDB($auths_id); if (!$res) { return false; } if ($replicate_id != -1) { $replicate = new AuthLdapReplicate(); $replicate->getFromDB($replicate_id); $host = $replicate->fields[""host""]; $port = $replicate->fields[""port""]; } else { $host = $config_ldap->fields['host']; $port = $config_ldap->fields['port']; } $ds = self::connectToServer($host, $port, $config_ldap->fields['rootdn'], Toolbox::decrypt($config_ldap->fields['rootdn_passwd'], GLPIKEY), $config_ldap->fields['use_tls'], $config_ldap->fields['deref_option']); if ($ds) { return true; } return false; }",True,PHP,testLDAPConnection,authldap.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12712,"function prepareInputForAdd($input) { if (!self::getNumberOfServers()) { $input['is_default'] = 1; } if (isset($input[""rootdn_passwd""]) && !empty($input[""rootdn_passwd""])) { $input[""rootdn_passwd""] = Toolbox::encrypt(stripslashes($input[""rootdn_passwd""]), GLPIKEY); } return $input; }",True,PHP,prepareInputForAdd,authldap.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12713,"function prepareInputForUpdate($input) { if (isset($input[""rootdn_passwd""])) { if (empty($input[""rootdn_passwd""])) { unset($input[""rootdn_passwd""]); } else { $input[""rootdn_passwd""] = Toolbox::encrypt(stripslashes($input[""rootdn_passwd""]), GLPIKEY); } } if (isset($input[""_blank_passwd""]) && $input[""_blank_passwd""]) { $input['rootdn_passwd'] = ''; } if (count($input)) { foreach ($input as $key => $val) { if (preg_match('/_field$/', $key)) { $input[$key] = Toolbox::strtolower($val); } } } if ($this->isSyncFieldEnabled() && isset($input['sync_field']) && $this->isSyncFieldUsed() ) { if ($input['sync_field'] == $this->fields['sync_field']) { unset($input['sync_field']); } else { Session::addMessageAfterRedirect( __('Synchronization field cannot be changed once in use.'), false, ERROR ); return false; }; } return $input; }",True,PHP,prepareInputForUpdate,authldap.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12715,"function connect() { return $this->connectToServer($this->fields['host'], $this->fields['port'], $this->fields['rootdn'], Toolbox::decrypt($this->fields['rootdn_passwd'], GLPIKEY), $this->fields['use_tls'], $this->fields['deref_option']); }",True,PHP,connect,authldap.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12717,"$ds = self::connectToServer($replicate[""host""], $replicate[""port""], $ldap_method['rootdn'], Toolbox::decrypt($ldap_method['rootdn_passwd'], GLPIKEY), $ldap_method['use_tls'], $ldap_method['deref_option']); if (!$ds && !empty($login)) { $ds = self::connectToServer($replicate[""host""], $replicate[""port""], $login, $password, $ldap_method['use_tls'], $ldap_method['deref_option']); } if ($ds) { return $ds; } } }",True,PHP,connectToServer,authldap.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12718,"static function searchUser(AuthLDAP $authldap) { if (self::connectToServer($authldap->getField('host'), $authldap->getField('port'), $authldap->getField('rootdn'), Toolbox::decrypt($authldap->getField('rootdn_passwd'), GLPIKEY), $authldap->getField('use_tls'), $authldap->getField('deref_option'))) { self::showLdapUsers(); } else { echo ""
    "".__('Unable to connect to the LDAP directory'); } }",True,PHP,searchUser,authldap.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12722,"function prepareInputForUpdate($input) { global $CFG_GLPI; unset($input['_no_history']); if (isset($input['context'])) { return $input; } if (!empty($input['config_context'])) { $config_context = $input['config_context']; unset($input['id']); unset($input['_glpi_csrf_token']); unset($input['update']); unset($input['config_context']); if ((!empty($input['config_class'])) && (class_exists($input['config_class'])) && (method_exists ($input['config_class'], 'configUpdate'))) { $config_method = $input['config_class'].'::configUpdate'; unset($input['config_class']); $input = call_user_func($config_method, $input); } $this->setConfigurationValues($config_context, $input); return false; } if (isset($input[""url_base""]) && !empty($input[""url_base""])) { $input[""url_base""] = rtrim($input[""url_base""], '/'); } if (isset($input['allow_search_view']) && !$input['allow_search_view']) { $input['allow_search_global'] = 0; } if (isset($input[""smtp_passwd""])) { if (empty($input[""smtp_passwd""])) { unset($input[""smtp_passwd""]); } else { $input[""smtp_passwd""] = Toolbox::encrypt(stripslashes($input[""smtp_passwd""]), GLPIKEY); } } if (isset($input[""_blank_smtp_passwd""]) && $input[""_blank_smtp_passwd""]) { $input['smtp_passwd'] = ''; } if (isset($input[""proxy_passwd""])) { if (empty($input[""proxy_passwd""])) { unset($input[""proxy_passwd""]); } else { $input[""proxy_passwd""] = Toolbox::encrypt(stripslashes($input[""proxy_passwd""]), GLPIKEY); } } if (isset($input[""_blank_proxy_passwd""]) && $input[""_blank_proxy_passwd""]) { $input['proxy_passwd'] = ''; } if (isset($input['_dbslave_status'])) { $already_active = DBConnection::isDBSlaveActive(); if ($input['_dbslave_status']) { DBConnection::changeCronTaskStatus(true); if (!$already_active) { DBConnection::createDBSlaveConfig(); } else if (isset($input[""_dbreplicate_dbhost""])) { DBConnection::saveDBSlaveConf($input[""_dbreplicate_dbhost""], $input[""_dbreplicate_dbuser""], $input[""_dbreplicate_dbpassword""], $input[""_dbreplicate_dbdefault""]); } } if (!$input['_dbslave_status'] && $already_active) { DBConnection::deleteDBSlaveConfig(); DBConnection::changeCronTaskStatus(false); } } if (isset($input['_matrix'])) { $tab = []; for ($urgency=1; $urgency<=5; $urgency++) { for ($impact=1; $impact<=5; $impact++) { $priority = $input[""_matrix_${urgency}_${impact}""]; $tab[$urgency][$impact] = $priority; } } $input['priority_matrix'] = exportArrayToDB($tab); $input['urgency_mask'] = 0; $input['impact_mask'] = 0; for ($i=1; $i<=5; $i++) { if ($input[""_urgency_${i}""]) { $input['urgency_mask'] += (1<<$i); } if ($input[""_impact_${i}""]) { $input['impact_mask'] += (1<<$i); } } } if (isset( $input['lock_use_lock_item'])) { $input['lock_item_list'] = exportArrayToDB((isset($input['lock_item_list']) ? $input['lock_item_list'] : [])); } unset($input['id']); unset($input['_glpi_csrf_token']); unset($input['update']); if (isset($input['maintenance_mode']) && $input['maintenance_mode']) { $_SESSION['glpiskipMaintenance'] = 1; $url = $CFG_GLPI['root_doc'].""/index.php?skipMaintenance=1""; Session::addMessageAfterRedirect(sprintf(__('Maintenance mode activated. Backdoor using: %s'), ""$url""), false, WARNING); } $this->setConfigurationValues('core', $input); return false; }",True,PHP,prepareInputForUpdate,config.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12733,"function prepareInputForAdd($input) { if (isset($input[""passwd""])) { if (empty($input[""passwd""])) { unset($input[""passwd""]); } else { $input[""passwd""] = Toolbox::encrypt(stripslashes($input[""passwd""]), GLPIKEY); } } if (isset($input['mail_server']) && !empty($input['mail_server'])) { $input[""host""] = Toolbox::constructMailServerConfig($input); } if (!NotificationMailing::isUserAddressValid($input['name'])) { Session::addMessageAfterRedirect(__('Invalid email address'), false, ERROR); } return $input; }",True,PHP,prepareInputForAdd,mailcollector.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12738,"function prepareInputForUpdate($input) { if (isset($input[""passwd""])) { if (empty($input[""passwd""])) { unset($input[""passwd""]); } else { $input[""passwd""] = Toolbox::encrypt(stripslashes($input[""passwd""]), GLPIKEY); } } if (isset($input[""_blank_passwd""]) && $input[""_blank_passwd""]) { $input['passwd'] = ''; } if (isset($input['mail_server']) && !empty($input['mail_server'])) { $input[""host""] = Toolbox::constructMailServerConfig($input); } if (isset($input['name']) && !NotificationMailing::isUserAddressValid($input['name'])) { Session::addMessageAfterRedirect(__('Invalid email address'), false, ERROR); } return $input; }",True,PHP,prepareInputForUpdate,mailcollector.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12740,"static function getRSSFeed($url, $cache_duration = DAY_TIMESTAMP) { global $CFG_GLPI; $feed = new SimplePie(); $feed->set_cache_location(GLPI_RSS_DIR); $feed->set_cache_duration($cache_duration); if (!empty($CFG_GLPI[""proxy_name""])) { $prx_opt = []; $prx_opt[CURLOPT_PROXY] = $CFG_GLPI[""proxy_name""]; $prx_opt[CURLOPT_PROXYPORT] = $CFG_GLPI[""proxy_port""]; if (!empty($CFG_GLPI[""proxy_user""])) { $prx_opt[CURLOPT_HTTPAUTH] = CURLAUTH_ANYSAFE; $prx_opt[CURLOPT_PROXYUSERPWD] = $CFG_GLPI[""proxy_user""]."":"". Toolbox::decrypt($CFG_GLPI[""proxy_passwd""], GLPIKEY); } $feed->set_curl_options($prx_opt); } $feed->enable_cache(true); $feed->set_feed_url($url); $feed->force_feed(true); $feed->init(); $feed->handle_content_type(); if ($feed->error()) { return false; } return $feed; }",True,PHP,getRSSFeed,rssfeed.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12741,"public static function callCurl($url, array $eopts = [], &$msgerr = null) { global $CFG_GLPI; $content = """"; $taburl = parse_url($url); $hostscheme = ''; $defaultport = 80; if ((isset($taburl[""scheme""]) && $taburl[""scheme""]=='https') || (isset($taburl[""port""]) && $taburl[""port""]=='443')) { $hostscheme = 'ssl: $defaultport = 443; } $ch = curl_init($url); $opts = [ CURLOPT_URL => $url, CURLOPT_USERAGENT => ""GLPI/"".trim($CFG_GLPI[""version""]), CURLOPT_RETURNTRANSFER => 1 ] + $eopts; if (!empty($CFG_GLPI[""proxy_name""])) { $opts += [ CURLOPT_PROXY => $CFG_GLPI['proxy_name'], CURLOPT_PROXYPORT => $CFG_GLPI['proxy_port'], CURLOPT_PROXYTYPE => CURLPROXY_HTTP ]; if (!empty($CFG_GLPI[""proxy_user""])) { $opts += [ CURLOPT_PROXYAUTH => CURLAUTH_BASIC, CURLOPT_PROXYUSERPWD => $CFG_GLPI[""proxy_user""] . "":"" . self::decrypt($CFG_GLPI[""proxy_passwd""], GLPIKEY), ]; } if ($defaultport == 443) { $opts += [ CURLOPT_HTTPPROXYTUNNEL => 1 ]; } } curl_setopt_array($ch, $opts); $content = curl_exec($ch); $errstr = curl_error($ch); curl_close($ch); if ($errstr) { if (empty($CFG_GLPI[""proxy_name""])) { $msgerr = sprintf( __('Connection failed. If you use a proxy, please configure it. (%s)'), $errstr ); } else { $msgerr = sprintf( __('Failed to connect to the proxy server (%s)'), $errstr ); } return ''; } if (empty($content)) { $msgerr = __('No data available on the web site'); } if (!empty($msgerr)) { Toolbox::logError($msgerr); } return $content; }",True,PHP,callCurl,toolbox.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12742,"static function decrypt($string, $key) { $result = ''; $string = base64_decode($string); for ($i=0; $iparams); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12745,"static function encrypt($string, $key) { $result = ''; for ($i=0; $iparams); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12751,"$input = ['name' => 'ldap', 'rootdn_passwd' => $password]; $result = $ldap->prepareInputForUpdate($input); $expected = \Toolbox::encrypt(stripslashes($password), GLPIKEY); $this->string($result['rootdn_passwd'])->isIdenticalTo($expected); $input['_blank_passwd'] = 1; $result = $ldap->prepareInputForUpdate($input); $this->string($result['rootdn_passwd'])->isEmpty(); $input['_login_field'] = 'TEST'; $result = $ldap->prepareInputForUpdate($input); $this->string($result['_login_field'])->isIdenticalTo('test'); $input['sync_field'] = 'sync_field'; $result = $ldap->prepareInputForUpdate($input); $this->string($result['sync_field'])->isIdenticalTo('sync_field'); $ldap->fields['sync_field'] = 'sync_field'; $result = $ldap->prepareInputForUpdate($input); $this->array($result)->notHasKey('sync_field'); $this->calling($ldap)->isSyncFieldUsed = false; $result = $ldap->prepareInputForUpdate($input); $this->array($result)->hasKey('sync_field'); $this->calling($ldap)->isSyncFieldUsed = true; $input['sync_field'] = 'another_field'; $result = $ldap->prepareInputForUpdate($input); $this->boolean($result)->isFalse(); }",True,PHP,$input,AuthLdap.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-23 09:55:31+02:00,"Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to register fields or configuration entries to be handled when updating db.",CWE-798,Use of Hard-coded Credentials,"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",https://cwe.mitre.org/data/definitions/798.html,CVE-2020-5248,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12754,"protected function execute(InputInterface $input, OutputInterface $output) { $allow_unstable = $input->getOption('allow-unstable'); $force = $input->getOption('force'); $no_interaction = $input->getOption('no-interaction'); $update = new Update($this->db); $_SESSION['glpidefault_entity'] = 0; Session::initEntityProfiles(2); Session::changeProfile(4); $currents = $update->getCurrents(); $current_version = $currents['version']; $current_db_version = $currents['dbversion']; global $migration; $migration = new CliMigration(GLPI_SCHEMA_VERSION); $migration->setOutput($output); $update->setMigration($migration); $informations = new Table($output); $informations->setHeaders(['', __('Current'), __('Target')]); $informations->addRow([__('Database host'), $this->db->dbhost, '']); $informations->addRow([__('Database name'), $this->db->dbdefault, '']); $informations->addRow([__('Database user'), $this->db->dbuser, '']); $informations->addRow([__('GLPI version'), $current_version, GLPI_VERSION]); $informations->addRow([__('GLPI database version'), $current_db_version, GLPI_SCHEMA_VERSION]); $informations->render(); if (defined('GLPI_PREVER')) { if (!$allow_unstable && version_compare($current_db_version, GLPI_SCHEMA_VERSION, 'ne')) { $output->writeln( sprintf( '' . __('%s is not a stable release. Please upgrade manually or add --allow-unstable option.') . '', GLPI_SCHEMA_VERSION ), OutputInterface::VERBOSITY_QUIET ); return self::ERROR_NO_UNSTABLE_UPDATE; } } if (version_compare($current_db_version, GLPI_SCHEMA_VERSION, 'eq') && !$force) { $output->writeln('' . __('No migration needed.') . ''); return 0; } if (!$no_interaction) { $question_helper = $this->getHelper('question'); $run = $question_helper->ask( $input, $output, new ConfirmationQuestion(__('Do you want to continue ?') . ' [Yes/no]', true) ); if (!$run) { $output->writeln( '' . __('Update aborted.') . '', OutputInterface::VERBOSITY_VERBOSE ); return 0; } } if (substr($current_version, -4) === '-dev') { $current_version = str_replace('-dev', '', $current_version); } $update->doUpdates($current_version); if (version_compare($current_db_version, GLPI_SCHEMA_VERSION, 'ne')) { $output->writeln('' . __('Migration done.') . ''); } else if ($force) { include_once(GLPI_ROOT . '/install/update_943_945.php'); update943to945(); $output->writeln('' . __('Last migration replayed.') . ''); } return 0; }",True,PHP,execute,updatecommand.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-28 11:49:37+02:00,"Drop xml backup; check new versions from config closes #7182",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-11060,"function configure() { expHistory::set('editable', $this->params); $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $pullable_modules = expModules::listInstalledControllers($this->baseclassname, $this->loc); $views = expTemplate::get_config_templates($this, $this->loc); $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all'); assign_to_template(array( 'config'=>$this->config, 'pullable_modules'=>$pullable_modules, 'views'=>$views, 'countries'=>$countries, 'regions'=>$regions, 'title'=>static::displayname() )); }" 12756,static function cronCheckUpdate($task) { $result = Toolbox::checkNewVersionAvailable(1); $task->log($result); return 1; },True,PHP,cronCheckUpdate,crontask.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-28 11:49:37+02:00,"Drop xml backup; check new versions from config closes #7182",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-11060,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12757,"function showFormAdmin($openform = true, $closeform = true) { global $DB; if (!self::canView()) { return false; } echo ""
    ""; if (($canedit = Session::haveRightsOr(self::$rightname, [CREATE, UPDATE, PURGE])) && $openform) { echo ""
    ""; } $matrix_options = ['canedit' => $canedit, 'default_class' => 'tab_bg_4']; $rights = [['itemtype' => 'User', 'label' => _n('User', 'Users', Session::getPluralNumber()), 'field' => 'user', 'row_class' => 'tab_bg_2'], ['itemtype' => 'Entity', 'label' => _n('Entity', 'Entities', Session::getPluralNumber()), 'field' => 'entity'], ['itemtype' => 'Group', 'label' => _n('Group', 'Groups', Session::getPluralNumber()), 'field' => 'group'], ['itemtype' => 'Profile', 'label' => _n('Profile', 'Profiles', Session::getPluralNumber()), 'field' => 'profile'], ['itemtype' => 'QueuedNotification', 'label' => __('Notification queue'), 'field' => 'queuednotification'], ['itemtype' => 'Backup', 'label' => __('Maintenance'), 'field' => 'backup'], ['itemtype' => 'Log', 'label' => _n('Log', 'Logs', Session::getPluralNumber()), 'field' => 'logs']]; $matrix_options['title'] = __('Administration'); $this->displayRightsChoiceMatrix($rights, $matrix_options); $rights = [['itemtype' => 'Rule', 'label' => __('Authorizations assignment rules'), 'field' => 'rule_ldap'], ['itemtype' => 'RuleImportComputer', 'label' => __('Rules for assigning a computer to an entity'), 'field' => 'rule_import'], ['itemtype' => 'RuleMailCollector', 'label' => __('Rules for assigning a ticket created through a mails receiver'), 'field' => 'rule_mailcollector'], ['itemtype' => 'RuleSoftwareCategory', 'label' => __('Rules for assigning a category to a software'), 'field' => 'rule_softwarecategories'], ['itemtype' => 'RuleTicket', 'label' => __('Business rules for tickets (entity)'), 'field' => 'rule_ticket', 'row_class' => 'tab_bg_2'], ['itemtype' => 'RuleAsset', 'label' => __('Business rules for assets'), 'field' => 'rule_asset', 'row_class' => 'tab_bg_2'], ['itemtype' => 'Transfer', 'label' => __('Transfer'), 'field' => 'transfer']]; $matrix_options['title'] = _n('Rule', 'Rules', Session::getPluralNumber()); $this->displayRightsChoiceMatrix($rights, $matrix_options); $rights = [['itemtype' => 'RuleDictionnaryDropdown', 'label' => __('Dropdowns dictionary'), 'field' => 'rule_dictionnary_dropdown'], ['itemtype' => 'RuleDictionnarySoftware', 'label' => __('Software dictionary'), 'field' => 'rule_dictionnary_software'], ['itemtype' => 'RuleDictionnaryPrinter', 'label' => __('Printers dictionnary'), 'field' => 'rule_dictionnary_printer']]; $matrix_options['title'] = __('Dropdowns dictionary'); $this->displayRightsChoiceMatrix($rights, $matrix_options); if ($canedit && $closeform) { echo ""
    ""; echo """"; echo """"; echo ""
    \n""; Html::closeForm(); } echo ""
    ""; $this->showLegend(); }",True,PHP,showFormAdmin,profile.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-28 11:49:37+02:00,"Drop xml backup; check new versions from config closes #7182",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-11060,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12758,"static function checkNewVersionAvailable($auto = true, $messageafterredirect = false) { global $CFG_GLPI; if (!$auto && !Session::haveRight('backup', Backup::CHECKUPDATE)) { return false; } if (!$auto && !$messageafterredirect) { echo ""
    ""; } $error = """"; $json_gh_releases = self::getURLContent(""https: $all_gh_releases = json_decode($json_gh_releases, true); $released_tags = []; foreach ($all_gh_releases as $release) { if ($release['prerelease'] == false) { $released_tags[] = $release['tag_name']; } } usort($released_tags, 'version_compare'); $latest_version = array_pop($released_tags); if (strlen(trim($latest_version)) == 0) { if (!$auto) { if ($messageafterredirect) { Session::addMessageAfterRedirect($error, true, ERROR); } else { echo ""
    $error
    ""; } } else { return $error; } } else { if (version_compare($CFG_GLPI[""version""], $latest_version, '<')) { Config::setConfigurationValues('core', ['founded_new_version' => $latest_version]); if (!$auto) { if ($messageafterredirect) { Session::addMessageAfterRedirect(sprintf(__('A new version is available: %s.'), $latest_version)); Session::addMessageAfterRedirect(__('You will find it on the GLPI-PROJECT.org site.')); } else { echo ""
    "".sprintf(__('A new version is available: %s.'), $latest_version).""
    ""; echo ""
    "".__('You will find it on the GLPI-PROJECT.org site.'). ""
    ""; } } else { if ($messageafterredirect) { Session::addMessageAfterRedirect(sprintf(__('A new version is available: %s.'), $latest_version)); } else { return sprintf(__('A new version is available: %s.'), $latest_version); } } } else { if (!$auto) { if ($messageafterredirect) { Session::addMessageAfterRedirect(__('You have the latest available version')); } else { echo ""
    "".__('You have the latest available version').""
    ""; } } else { if ($messageafterredirect) { Session::addMessageAfterRedirect(__('You have the latest available version')); } else { return __('You have the latest available version'); } } } } return 1; }",True,PHP,checkNewVersionAvailable,toolbox.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-28 11:49:37+02:00,"Drop xml backup; check new versions from config closes #7182",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-11060,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12761,"$values = [READ => __('Read'), CREATE => __('Create'),",True,PHP,$values,update_945_946.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-28 11:49:37+02:00,"Drop xml backup; check new versions from config closes #7182",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-11060,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12762,"function getRights($interface = 'central') { $values = [READ => __('Read'), CREATE => __('Create'), PURGE => _x('button', 'Delete permanently'), self::CHECKUPDATE => __('Check for upgrade')]; return $values; }",True,PHP,getRights,update_945_946.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-28 11:49:37+02:00,"Drop xml backup; check new versions from config closes #7182",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-11060,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12763,static function getTypeName($nb = 0) { return __('Maintenance'); },True,PHP,getTypeName,update_945_946.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-28 11:49:37+02:00,"Drop xml backup; check new versions from config closes #7182",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-11060,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12765,"static function canView() { return Session::haveRight(self::$rightname, READ); }",True,PHP,canView,update_945_946.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-28 11:49:37+02:00,"Drop xml backup; check new versions from config closes #7182",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-11060,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12766,"public function testGetMenuInfos() { $menu = \Html::getMenuInfos(); $this->integer(count($menu))->isIdenticalTo(8); $expected = [ 'assets', 'helpdesk', 'management', 'tools', 'plugins', 'admin', 'config', 'preference' ]; $this->array($menu) ->hasSize(count($expected)) ->hasKeys($expected); $expected = [ 'Computer', 'Monitor', 'Software', 'NetworkEquipment', 'Peripheral', 'Printer', 'CartridgeItem', 'ConsumableItem', 'Phone', 'Rack', 'Enclosure', 'PDU' ]; $this->string($menu['assets']['title'])->isIdenticalTo('Assets'); $this->array($menu['assets']['types'])->isIdenticalTo($expected); $expected = [ 'Ticket', 'Problem', 'Change', 'Planning', 'Stat', 'TicketRecurrent' ]; $this->string($menu['helpdesk']['title'])->isIdenticalTo('Assistance'); $this->array($menu['helpdesk']['types'])->isIdenticalTo($expected); $expected = [ 'SoftwareLicense', 'Budget', 'Supplier', 'Contact', 'Contract', 'Document', 'Line', 'Certificate', 'Datacenter', ]; $this->string($menu['management']['title'])->isIdenticalTo('Management'); $this->array($menu['management']['types'])->isIdenticalTo($expected); $expected = [ 'Project', 'Reminder', 'RSSFeed', 'KnowbaseItem', 'ReservationItem', 'Report', 'MigrationCleaner', 'SavedSearch' ]; $this->string($menu['tools']['title'])->isIdenticalTo('Tools'); $this->array($menu['tools']['types'])->isIdenticalTo($expected); $expected = []; $this->string($menu['plugins']['title'])->isIdenticalTo('Plugins'); $this->array($menu['plugins']['types'])->isIdenticalTo($expected); $expected = [ 'User', 'Group', 'Entity', 'Rule', 'Profile', 'QueuedNotification', 'Backup', 'Glpi\\Event' ]; $this->string($menu['admin']['title'])->isIdenticalTo('Administration'); $this->array($menu['admin']['types'])->isIdenticalTo($expected); $expected = [ 'CommonDropdown', 'CommonDevice', 'Notification', 'SLM', 'Config', 'FieldUnicity', 'Crontask', 'Auth', 'MailCollector', 'Link', 'Plugin' ]; $this->string($menu['config']['title'])->isIdenticalTo('Setup'); $this->array($menu['config']['types'])->isIdenticalTo($expected); $this->string($menu['preference']['title'])->isIdenticalTo('My settings'); $this->array($menu['preference'])->notHasKey('types'); $this->string($menu['preference']['default'])->isIdenticalTo('/front/preference.php'); }",True,PHP,testGetMenuInfos,Html.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2020-04-28 11:49:37+02:00,"Drop xml backup; check new versions from config closes #7182",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-11060,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12767,"$ds = AuthLDAP::connectToServer($ldap_method[""host""], $ldap_method[""port""], $ldap_method[""rootdn""], Toolbox::decrypt($ldap_method[""rootdn_passwd""], GLPIKEY), $ldap_method[""use_tls""], $ldap_method[""deref_option""]); if ($ds) { $ldapservers_status = true; $params = [ 'method' => AuthLDAP::IDENTIFIER_LOGIN, 'fields' => [ AuthLDAP::IDENTIFIER_LOGIN => $ldap_method[""login_field""], ], ]; try { $user_dn = AuthLDAP::searchUserDn($ds, [ 'basedn' => $ldap_method[""basedn""], 'login_field' => $ldap_method['login_field'], 'search_parameters' => $params, 'condition' => $ldap_method[""condition""], 'user_params' => [ 'method' => AuthLDAP::IDENTIFIER_LOGIN, 'value' => $login_name ], ]); } catch (\RuntimeException $e) { Toolbox::logError($e->getMessage()); $user_dn = false; } if ($user_dn) { $this->user->fields['auths_id'] = $ldap_method['id']; $this->user->getFromLDAP($ds, $ldap_method, $user_dn['dn'], $login_name, !$this->user_present); break; } } } } if ((count($ldapservers) == 0) && ($authtype == self::EXTERNAL)) { $this->user->getFromSSO(); } else { if ($this->user->fields['authtype'] == self::LDAP) { if (!$ldapservers_status) { $this->auth_succeded = false; $this->addToError(_n('Connection to LDAP directory failed', 'Connection to LDAP directories failed', count($ldapservers))); } else if (!$user_dn && $this->user_present) { $user_deleted_ldap = true; $this->user_deleted_ldap = true; $this->addToError(_n('User not found in LDAP directory', 'User not found in LDAP directories', count($ldapservers))); } } } $this->user->fields['name'] = $login_name; $this->user->fields[""last_login""] = $_SESSION[""glpi_currenttime""]; } else { $this->addToError(__('Empty login or password')); } }",True,PHP,connectToServer,auth.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12769,"function prepareInputForAdd($input) { if (!self::getNumberOfServers()) { $input['is_default'] = 1; } if (isset($input[""rootdn_passwd""]) && !empty($input[""rootdn_passwd""])) { $input[""rootdn_passwd""] = Toolbox::encrypt(stripslashes($input[""rootdn_passwd""]), GLPIKEY); } return $input; }",True,PHP,prepareInputForAdd,authldap.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12771,"static function testLDAPConnection($auths_id, $replicate_id = -1) { $config_ldap = new self(); $res = $config_ldap->getFromDB($auths_id); if (!$res) { return false; } if ($replicate_id != -1) { $replicate = new AuthLdapReplicate(); $replicate->getFromDB($replicate_id); $host = $replicate->fields[""host""]; $port = $replicate->fields[""port""]; } else { $host = $config_ldap->fields['host']; $port = $config_ldap->fields['port']; } $ds = self::connectToServer($host, $port, $config_ldap->fields['rootdn'], Toolbox::decrypt($config_ldap->fields['rootdn_passwd'], GLPIKEY), $config_ldap->fields['use_tls'], $config_ldap->fields['deref_option']); if ($ds) { return true; } return false; }",True,PHP,testLDAPConnection,authldap.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12774,"function connect() { return $this->connectToServer($this->fields['host'], $this->fields['port'], $this->fields['rootdn'], Toolbox::decrypt($this->fields['rootdn_passwd'], GLPIKEY), $this->fields['use_tls'], $this->fields['deref_option']); }",True,PHP,connect,authldap.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12775,"function prepareInputForUpdate($input) { if (isset($input[""rootdn_passwd""])) { if (empty($input[""rootdn_passwd""])) { unset($input[""rootdn_passwd""]); } else { $input[""rootdn_passwd""] = Toolbox::encrypt(stripslashes($input[""rootdn_passwd""]), GLPIKEY); } } if (isset($input[""_blank_passwd""]) && $input[""_blank_passwd""]) { $input['rootdn_passwd'] = ''; } if (count($input)) { foreach ($input as $key => $val) { if (preg_match('/_field$/', $key)) { $input[$key] = Toolbox::strtolower($val); } } } if ($this->isSyncFieldEnabled() && isset($input['sync_field']) && $this->isSyncFieldUsed() ) { if ($input['sync_field'] == $this->fields['sync_field']) { unset($input['sync_field']); } else { Session::addMessageAfterRedirect( __('Synchronization field cannot be changed once in use.'), false, ERROR ); return false; }; } return $input; }",True,PHP,prepareInputForUpdate,authldap.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12776,"$ds = self::connectToServer($replicate[""host""], $replicate[""port""], $ldap_method['rootdn'], Toolbox::decrypt($ldap_method['rootdn_passwd'], GLPIKEY), $ldap_method['use_tls'], $ldap_method['deref_option']); if (!$ds && !empty($login)) { $ds = self::connectToServer($replicate[""host""], $replicate[""port""], $login, $password, $ldap_method['use_tls'], $ldap_method['deref_option']); } if ($ds) { return $ds; } } }",True,PHP,connectToServer,authldap.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12778,"static function searchUser(AuthLDAP $authldap) { if (self::connectToServer($authldap->getField('host'), $authldap->getField('port'), $authldap->getField('rootdn'), Toolbox::decrypt($authldap->getField('rootdn_passwd'), GLPIKEY), $authldap->getField('use_tls'), $authldap->getField('deref_option'))) { self::showLdapUsers(); } else { echo ""
    "".__('Unable to connect to the LDAP directory'); } }",True,PHP,searchUser,authldap.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12782,"function prepareInputForUpdate($input) { global $CFG_GLPI; unset($input['_no_history']); if (isset($input['context'])) { return $input; } if (!empty($input['config_context'])) { $config_context = $input['config_context']; unset($input['id']); unset($input['_glpi_csrf_token']); unset($input['update']); unset($input['config_context']); if ((!empty($input['config_class'])) && (class_exists($input['config_class'])) && (method_exists ($input['config_class'], 'configUpdate'))) { $config_method = $input['config_class'].'::configUpdate'; unset($input['config_class']); $input = call_user_func($config_method, $input); } $this->setConfigurationValues($config_context, $input); return false; } if (isset($input[""url_base""]) && !empty($input[""url_base""])) { $input[""url_base""] = rtrim($input[""url_base""], '/'); } if (isset($input['allow_search_view']) && !$input['allow_search_view']) { $input['allow_search_global'] = 0; } if (isset($input[""smtp_passwd""])) { if (empty($input[""smtp_passwd""])) { unset($input[""smtp_passwd""]); } else { $input[""smtp_passwd""] = Toolbox::encrypt(stripslashes($input[""smtp_passwd""]), GLPIKEY); } } if (isset($input[""_blank_smtp_passwd""]) && $input[""_blank_smtp_passwd""]) { $input['smtp_passwd'] = ''; } if (isset($input[""proxy_passwd""])) { if (empty($input[""proxy_passwd""])) { unset($input[""proxy_passwd""]); } else { $input[""proxy_passwd""] = Toolbox::encrypt(stripslashes($input[""proxy_passwd""]), GLPIKEY); } } if (isset($input[""_blank_proxy_passwd""]) && $input[""_blank_proxy_passwd""]) { $input['proxy_passwd'] = ''; } if (isset($input['_dbslave_status'])) { $already_active = DBConnection::isDBSlaveActive(); if ($input['_dbslave_status']) { DBConnection::changeCronTaskStatus(true); if (!$already_active) { DBConnection::createDBSlaveConfig(); } else if (isset($input[""_dbreplicate_dbhost""])) { DBConnection::saveDBSlaveConf($input[""_dbreplicate_dbhost""], $input[""_dbreplicate_dbuser""], $input[""_dbreplicate_dbpassword""], $input[""_dbreplicate_dbdefault""]); } } if (!$input['_dbslave_status'] && $already_active) { DBConnection::deleteDBSlaveConfig(); DBConnection::changeCronTaskStatus(false); } } if (isset($input['_matrix'])) { $tab = []; for ($urgency=1; $urgency<=5; $urgency++) { for ($impact=1; $impact<=5; $impact++) { $priority = $input[""_matrix_${urgency}_${impact}""]; $tab[$urgency][$impact] = $priority; } } $input['priority_matrix'] = exportArrayToDB($tab); $input['urgency_mask'] = 0; $input['impact_mask'] = 0; for ($i=1; $i<=5; $i++) { if ($input[""_urgency_${i}""]) { $input['urgency_mask'] += (1<<$i); } if ($input[""_impact_${i}""]) { $input['impact_mask'] += (1<<$i); } } } if (isset($input['_update_devices_in_menu'])) { $input['devices_in_menu'] = exportArrayToDB( (isset($input['devices_in_menu']) ? $input['devices_in_menu'] : []) ); } if (isset( $input['lock_use_lock_item'])) { $input['lock_item_list'] = exportArrayToDB((isset($input['lock_item_list']) ? $input['lock_item_list'] : [])); } unset($input['id']); unset($input['_glpi_csrf_token']); unset($input['update']); if (isset($input['maintenance_mode']) && $input['maintenance_mode']) { $_SESSION['glpiskipMaintenance'] = 1; $url = $CFG_GLPI['root_doc'].""/index.php?skipMaintenance=1""; Session::addMessageAfterRedirect(sprintf(__('Maintenance mode activated. Backdoor using: %s'), ""$url""), false, WARNING); } $this->setConfigurationValues('core', $input); return false; }",True,PHP,prepareInputForUpdate,config.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12797,"function __construct(bool $connect = false) { global $CFG_GLPI; $options = [ 'base_uri' => GLPI_MARKETPLACE_PLUGINS_API_URI, 'connect_timeout' => self::TIMEOUT, ]; if (!empty($CFG_GLPI[""proxy_name""])) { $proxy_creds = !empty($CFG_GLPI[""proxy_user""]) ? $CFG_GLPI[""proxy_user""]."":"".Toolbox::decrypt($CFG_GLPI[""proxy_passwd""], GLPIKEY).""@"" : """"; $proxy_string = ""http: $options['proxy'] = $proxy_string; } $this->httpClient = new Guzzle_Client($options); }",True,PHP,__construct,plugins.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12799,"static function getRSSFeed($url, $cache_duration = DAY_TIMESTAMP) { global $CFG_GLPI; $feed = new SimplePie(); $feed->set_cache_location(GLPI_RSS_DIR); $feed->set_cache_duration($cache_duration); if (!empty($CFG_GLPI[""proxy_name""])) { $prx_opt = []; $prx_opt[CURLOPT_PROXY] = $CFG_GLPI[""proxy_name""]; $prx_opt[CURLOPT_PROXYPORT] = $CFG_GLPI[""proxy_port""]; if (!empty($CFG_GLPI[""proxy_user""])) { $prx_opt[CURLOPT_HTTPAUTH] = CURLAUTH_ANYSAFE; $prx_opt[CURLOPT_PROXYUSERPWD] = $CFG_GLPI[""proxy_user""]."":"". Toolbox::decrypt($CFG_GLPI[""proxy_passwd""], GLPIKEY); } $feed->set_curl_options($prx_opt); } $feed->enable_cache(true); $feed->set_feed_url($url); $feed->force_feed(true); $feed->init(); $feed->handle_content_type(); if ($feed->error()) { return false; } return $feed; }",True,PHP,getRSSFeed,rssfeed.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12800,"public static function callCurl($url, array $eopts = [], &$msgerr = null) { global $CFG_GLPI; $content = """"; $taburl = parse_url($url); $defaultport = 80; if ((isset($taburl[""scheme""]) && $taburl[""scheme""]=='https') || (isset($taburl[""port""]) && $taburl[""port""]=='443')) { $defaultport = 443; } $ch = curl_init($url); $opts = [ CURLOPT_URL => $url, CURLOPT_USERAGENT => ""GLPI/"".trim($CFG_GLPI[""version""]), CURLOPT_RETURNTRANSFER => 1 ] + $eopts; if (!empty($CFG_GLPI[""proxy_name""])) { $opts += [ CURLOPT_PROXY => $CFG_GLPI['proxy_name'], CURLOPT_PROXYPORT => $CFG_GLPI['proxy_port'], CURLOPT_PROXYTYPE => CURLPROXY_HTTP ]; if (!empty($CFG_GLPI[""proxy_user""])) { $opts += [ CURLOPT_PROXYAUTH => CURLAUTH_BASIC, CURLOPT_PROXYUSERPWD => $CFG_GLPI[""proxy_user""] . "":"" . self::decrypt($CFG_GLPI[""proxy_passwd""], GLPIKEY), ]; } if ($defaultport == 443) { $opts += [ CURLOPT_HTTPPROXYTUNNEL => 1 ]; } } curl_setopt_array($ch, $opts); $content = curl_exec($ch); $errstr = curl_error($ch); curl_close($ch); if ($errstr) { if (empty($CFG_GLPI[""proxy_name""])) { $msgerr = sprintf( __('Connection failed. If you use a proxy, please configure it. (%s)'), $errstr ); } else { $msgerr = sprintf( __('Failed to connect to the proxy server (%s)'), $errstr ); } $content = ''; } else if (empty($content)) { $msgerr = __('No data available on the web site'); } if (!empty($msgerr)) { Toolbox::logError($msgerr); } return $content; }",True,PHP,callCurl,toolbox.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12803,"static function decrypt($string, $key) { $result = ''; $string = base64_decode($string); for ($i=0; $iloc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12805,"static function encrypt($string, $key) { $result = ''; for ($i=0; $iloc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12814,"$input = ['name' => 'ldap', 'rootdn_passwd' => $password];",True,PHP,$input,AuthLdap.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12817,"public function testDecrypt($expected, $key, $string) { $this->string(\Toolbox::decrypt($string, $key))->isIdenticalTo($expected); }",True,PHP,testDecrypt,Toolbox.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12819,"public function testEncrypt($string, $key, $expected) { $this->string(\Toolbox::encrypt($string, $key))->isIdenticalTo($expected); }",True,PHP,testEncrypt,Toolbox.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-05-06 09:50:25+02:00,"Merge pull request from GHSA-7xwm-4vjr-jvqh * Deprecate GLPIKEY usage CVE-2020-5248 Deprecate GLPIKEY usage, and replace it with key file per instance. Add a command to generate new key, and update database. Add plugins hooks to rgister fields or configuration entries to be handled when updating db. * Rely on sodium compat for encryption/decryption New name for key file, handle migration Add not required sodium extension Deprecate, fill changelog, drop old keyfile Key must be generated from dedicated method",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-11031,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12820,function duplicate($options = []) { $input = $this->fields; unset($input['id']); if (is_array($options) && count($options)) { foreach ($options as $key => $val) { if (isset($this->fields[$key])) { $input[$key] = $val; } } } if ($newID = $this->clone($input)) { $this->updateDurationCache($newID); return true; } return false; },True,PHP,duplicate,calendar.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-07-16 08:42:46+02:00,"Merge pull request from GHSA-qv6w-68gq-wx2v CVE-2020-15108 Add test to reproduce error Add test on calendar duplication",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-15108,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12823,"function clone(array $override_input = [], bool $history = true) { global $DB, $CFG_GLPI; if ($DB->isSlave()) { return false; } $new_item = new static(); $input = $this->fields; foreach ($override_input as $key => $value) { $input[$key] = $value; } $input = $new_item->prepareInputForClone($input); if (isset($input['id'])) { $input['_oldID'] = $input['id']; unset($input['id']); } unset($input['date_creation']); unset($input['date_mod']); if (isset($input['template_name'])) { unset($input['template_name']); } if (isset($input['is_template'])) { unset($input['is_template']); } $input['clone'] = true; $newID = $new_item->add($input, [], $history); $new_item->post_clone($this, $history); return $newID; }",True,PHP,clone,commondbtm.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-07-16 08:42:46+02:00,"Merge pull request from GHSA-qv6w-68gq-wx2v CVE-2020-15108 Add test to reproduce error Add test on calendar duplication",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-15108,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12824,"private function getNewPrinter() { $printer = getItemByTypeName('Printer', '_test_printer_all'); $pfields = $printer->fields; unset($pfields['id']); unset($pfields['date_creation']); unset($pfields['date_mod']); $pfields['name'] = $this->getUniqueString(); $this->integer((int)$printer->add($pfields))->isGreaterThan(0); return $printer; }",True,PHP,getNewPrinter,Computer.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-07-16 08:42:46+02:00,"Merge pull request from GHSA-qv6w-68gq-wx2v CVE-2020-15108 Add test to reproduce error Add test on calendar duplication",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-15108,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12826,"private function getNewComputer() { $computer = getItemByTypeName('Computer', '_test_pc01'); $fields = $computer->fields; unset($fields['id']); unset($fields['date_creation']); unset($fields['date_mod']); $fields['name'] = $this->getUniqueString(); $this->integer((int)$computer->add($fields))->isGreaterThan(0); return $computer; }",True,PHP,getNewComputer,Computer.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-07-16 08:42:46+02:00,"Merge pull request from GHSA-qv6w-68gq-wx2v CVE-2020-15108 Add test to reproduce error Add test on calendar duplication",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-15108,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12829,"foreach ($criteria as $criterion) { if (isset($criterion['criteria'])) { return $check_criteria($criterion['criteria']); } if (!isset($criterion['field']) || !isset($criterion['searchtype']) || !isset($criterion['value'])) { return __(""Malformed search criteria""); } if (!ctype_digit((string) $criterion['field']) || !array_key_exists($criterion['field'], $soptions)) { return __(""Bad field ID in search criteria""); } if (isset($soptions[$criterion['field']]) && isset($soptions[$criterion['field']]['nosearch']) && $soptions[$criterion['field']]['nosearch']) { return __(""Forbidden field ID in search criteria""); } }",True,PHP,foreach,api.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-10-06 13:37:23+02:00,"Merge pull request from GHSA-jwpv-7m4h-5gvc * Prevent SQL injection through search API * better solution",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-15226,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12832,"$WHERE[] = ['NOT' => ['name' => $locks]]; } $WHERE[] = ['OR' => [ ['AND' => [ ['hourmin' => ['<', $DB->quoteName('hourmax')]], 'hourmin' => ['<=', $hour], 'hourmax' => ['>', $hour] ]], ['AND' => [ 'hourmin' => ['>', $DB->quoteName('hourmax')], 'OR' => [ 'hourmin' => ['<=', $hour], 'hourmax' => ['>', $hour] ] ]] ]]; $WHERE[] = ['OR' => [ 'lastrun' => null, new \QueryExpression('unix_timestamp(' . $DB->quoteName('lastrun') . ') + ' . $DB->quoteName('frequency') . ' <= unix_timestamp(now())') ]]; } $iterator = $DB->request([ 'SELECT' => [ '*', new \QueryExpression(""LOCATE('Plugin', "" . $DB->quoteName('itemtype') . "") AS ISPLUGIN"") ], 'FROM' => $this->getTable(), 'WHERE' => $WHERE, 'ORDER' => [ 'ISPLUGIN', new \QueryExpression('unix_timestamp(' . $DB->quoteName('lastrun') . ')+' . $DB->quoteName('frequency') . '') ] ]); if (count($iterator)) { $this->fields = $iterator->next(); return true; } return false; }",True,PHP,],crontask.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-10-06 13:51:37+02:00,"Merge pull request from GHSA-x93w-64x9-58qw * Remove ability to use SQL expressions as string in criterion values * Fix iterator syntax Co-authored-by: Johan Cwiklinski ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-15176,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12834,"public static function quoteValue($value) { if ($value instanceof QueryParam || $value instanceof QueryExpression) { $value = $value->getValue(); } else if ($value === null || $value === 'NULL' || $value === 'null') { $value = 'NULL'; } else if (!preg_match(""/^`.*?`$/"", $value)) { $value = ""'$value'""; } return $value; }",True,PHP,quoteValue,dbmysql.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-10-06 13:51:37+02:00,"Merge pull request from GHSA-x93w-64x9-58qw * Remove ability to use SQL expressions as string in criterion values * Fix iterator syntax Co-authored-by: Johan Cwiklinski ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-15176,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12835,private function getCriterionValue($value) { if ($value instanceof \AbstractQuery) { return $value->getQuery(); } else if ($value instanceof \QueryExpression) { return $value->getValue(); } else if (DBmysql::isNameQuoted($value)) { return $value; } else if ($value instanceof \QueryParam) { return $value->getValue(); } else { return $this->analyseCriterionValue($value); } },True,PHP,getCriterionValue,dbmysqliterator.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-10-06 13:51:37+02:00,"Merge pull request from GHSA-x93w-64x9-58qw * Remove ability to use SQL expressions as string in criterion values * Fix iterator syntax Co-authored-by: Johan Cwiklinski ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-15176,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12838,"protected function dataValue() { return [ ['foo', ""'foo'""], ['bar', ""'bar'""], ['42', ""'42'""], ['+33', ""'+33'""], [null, 'NULL'], ['null', 'NULL'], ['NULL', 'NULL'], ['`field`', '`field`'], ['`field', ""'`field'""] ]; }",True,PHP,dataValue,DB.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-10-06 13:51:37+02:00,"Merge pull request from GHSA-x93w-64x9-58qw * Remove ability to use SQL expressions as string in criterion values * Fix iterator syntax Co-authored-by: Johan Cwiklinski ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-15176,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12842,"AGAINST("" . $DB->quote($search_wilcard) . "" IN BOOLEAN MODE)"" ) ]; } } $search_where = ['OR' => $ors]; $visibility_crit = [ [ 'OR' => [ ['glpi_knowbaseitems.begin_date' => null], ['glpi_knowbaseitems.begin_date' => ['<', new QueryExpression('NOW()')]] ] ], [ 'OR' => [ ['glpi_knowbaseitems.end_date' => null], ['glpi_knowbaseitems.end_date' => ['>', new QueryExpression('NOW()')]] ] ] ]; $search_where[] = $visibility_crit; $criteria['ORDERBY'] = ['SCORE DESC']; $search_criteria = [ 'COUNT' => 'cpt', 'LEFT JOIN' => $criteria['LEFT JOIN'], 'FROM' => 'glpi_knowbaseitems', 'WHERE' => $search_where ]; $search_iterator = $DB->request($search_criteria); $numrows_search = $search_iterator->next()['cpt']; if ($numrows_search <= 0) { $search1 = [ '/\\\""/', ""/\+/"", ""/\*/"", ""/~/"", ""//"", ""/\(/"", ""/\)/"", ""/\-/""]; $contains = preg_replace($search1, """", $params[""contains""]); $ors = [ [""glpi_knowbaseitems.name"" => ['LIKE', Search::makeTextSearchValue($contains)]], [""glpi_knowbaseitems.answer"" => ['LIKE', Search::makeTextSearchValue($contains)]] ]; if (KnowbaseItemTranslation::isKbTranslationActive() && (countElementsInTable('glpi_knowbaseitemtranslations') > 0)) { $ors[] = [""glpi_knowbaseitemtranslations.name"" => ['LIKE', Search::makeTextSearchValue($contains)]]; $ors[] = [""glpi_knowbaseitemtranslations.answer"" => ['LIKE', Search::makeTextSearchValue($contains)]]; } $criteria['WHERE'][] = ['OR' => $ors]; $criteria['WHERE'][] = $visibility_crit; } else { $criteria['WHERE'] = $search_where; } } break; case 'browse' : $criteria['WHERE']['glpi_knowbaseitems.knowbaseitemcategories_id'] = $params['knowbaseitemcategories_id']; if (!Session::haveRight(self::$rightname, self::KNOWBASEADMIN)) { $criteria['WHERE'][] = [ 'OR' => [ ['glpi_knowbaseitems.begin_date' => null], ['glpi_knowbaseitems.begin_date' => ['<', new QueryExpression('NOW()')]] ] ]; $criteria['WHERE'][] = [ 'OR' => [ ['glpi_knowbaseitems.end_date' => null], ['glpi_knowbaseitems.end_date' => ['>', new QueryExpression('NOW()')]] ] ]; } $criteria['ORDERBY'] = ['glpi_knowbaseitems.name ASC']; break; }",True,PHP,quote,knowbaseitem.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-10-06 13:58:51+02:00,Merge pull request from GHSA-x9hg-j29f-wvvv,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-15217,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12843,$search_where = ['OR' => $ors];,True,PHP,$search_where,knowbaseitem.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-10-06 13:58:51+02:00,Merge pull request from GHSA-x9hg-j29f-wvvv,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-15217,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12844,"public function getAcl($node) { if (is_string($node)) { $node = $this->server->tree->getNodeForPath($node); } $acl = parent::getAcl($node); $acl[] = [ 'principal' => '{DAV:}authenticated', 'privilege' => '{DAV:}read', 'protected' => true, ]; if ($node instanceof Calendar && \Session::haveRight(\PlanningExternalEvent::$rightname, UPDATE)) { $acl[] = [ 'principal' => '{DAV:}authenticated', 'privilege' => '{DAV:}write', 'protected' => true, ]; } else if ($node instanceof CalendarObject) { $item = $this->getCalendarItemForPath($node->getName()); if ($item instanceof \CommonDBTM && $item->can($item->fields['id'], UPDATE)) { $acl[] = [ 'principal' => '{DAV:}authenticated', 'privilege' => '{DAV:}write', 'protected' => true, ]; } } return $acl; }",True,PHP,getAcl,acl.class.php,https://github.com/glpi-project/glpi,glpi-project,GitHub,2020-11-25 09:18:56+01:00,Merge pull request from GHSA-qmw3-87hr-5wgx,CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-26212,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12852,"static function dropdownConnect($itemtype, $fromtype, $myname, $entity_restrict = -1, $onlyglobal = 0, $used = []) { global $CFG_GLPI; $rand = mt_rand(); $field_id = Html::cleanId(""dropdown_"".$myname.$rand); $param = [ 'entity_restrict' => $entity_restrict, 'fromtype' => $fromtype, 'itemtype' => $itemtype, 'onlyglobal' => $onlyglobal, 'used' => $used, '_idor_token' => Session::getNewIDORToken($itemtype), ]; echo Html::jsAjaxDropdown($myname, $field_id, $CFG_GLPI['root_doc'].""/ajax/getDropdownConnect.php"", $param); return $rand; }",True,PHP,dropdownConnect,computer_item.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2021-03-02 09:06:34+01:00,validate entity_restrict when available with idor tokens,CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2021-21255,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12853,"static function dropdownConnect($itemtype, $fromtype, $myname, $entity_restrict = -1, $onlyglobal = 0, $used = []) { global $CFG_GLPI; $rand = mt_rand(); $field_id = Html::cleanId(""dropdown_"".$myname.$rand); $param = [ 'entity_restrict' => $entity_restrict, 'fromtype' => $fromtype, 'itemtype' => $itemtype, 'onlyglobal' => $onlyglobal, 'used' => $used, '_idor_token' => Session::getNewIDORToken($itemtype), ]; echo Html::jsAjaxDropdown($myname, $field_id, $CFG_GLPI['root_doc'].""/ajax/getDropdownConnect.php"", $param); return $rand; }",True,PHP,dropdownConnect,computer_item.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2021-03-02 09:06:34+01:00,validate entity_restrict when available with idor tokens,CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2021-21324,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12858,"static function dropdown($options = []) { global $CFG_GLPI; $p = [ 'name' => 'users_id', 'value' => '', 'values' => [], 'right' => 'id', 'all' => 0, 'display_emptychoice' => true, 'placeholder' => '', 'on_change' => '', 'comments' => 1, 'width' => '80%', 'entity' => -1, 'entity_sons' => false, 'used' => [], 'ldap_import' => false, 'toupdate' => '', 'rand' => mt_rand(), 'display' => true, '_user_index' => 0, 'specific_tags' => [], 'url' => $CFG_GLPI['root_doc'] . ""/ajax/getDropdownUsers.php"", 'inactive_deleted' => 0, ]; if (is_array($options) && count($options)) { foreach ($options as $key => $val) { $p[$key] = $val; } } if (is_array($p['value'])) { $p['value'] = $p['value'][$p['_user_index']] ?? 0; } if ((strlen($p['value']) == 0) || !is_numeric($p['value'])) { $p['value'] = 0; } $output = ''; if (!($p['entity'] < 0) && $p['entity_sons']) { if (is_array($p['entity'])) { $output .= ""entity_sons options is not available with array of entity""; } else { $p['entity'] = getSonsOf('glpi_entities', $p['entity']); } } $user = getUserName($p['value'], 2); $view_users = self::canView(); if (!empty($p['value']) && ($p['value'] > 0)) { $default = $user[""name""]; } else { if ($p['all']) { $default = __('All'); } else { $default = Dropdown::EMPTY_VALUE; } } $valuesnames = []; foreach ($p['values'] as $value) { if (!empty($value) && ($value > 0)) { $user = getUserName($value, 2); $valuesnames[] = $user[""name""]; } } $field_id = Html::cleanId(""dropdown_"" . $p['name'] . $p['rand']); $param = [ 'value' => $p['value'], 'values' => $p['values'], 'valuename' => $default, 'valuesnames' => $valuesnames, 'width' => $p['width'], 'all' => $p['all'], 'display_emptychoice' => $p['display_emptychoice'], 'placeholder' => $p['placeholder'], 'right' => $p['right'], 'on_change' => $p['on_change'], 'used' => $p['used'], 'inactive_deleted' => $p['inactive_deleted'], 'entity_restrict' => (is_array($p['entity']) ? json_encode(array_values($p['entity'])) : $p['entity']), 'specific_tags' => $p['specific_tags'], '_idor_token' => Session::getNewIDORToken(__CLASS__, ['right' => $p['right']]), ]; $output = Html::jsAjaxDropdown($p['name'], $field_id, $p['url'], $param); if ($p['comments']) { $comment_id = Html::cleanId(""comment_"".$p['name'].$p['rand']); $link_id = Html::cleanId(""comment_link_"".$p[""name""].$p['rand']); if (!$view_users) { $user[""link""] = ''; } else if (empty($user[""link""])) { $user[""link""] = $CFG_GLPI['root_doc'].""/front/user.php""; } if (empty($user['comment'])) { $user['comment'] = Toolbox::ucfirst( sprintf( __('Show %1$s'), self::getTypeName(Session::getPluralNumber()) ) ); } $output .= "" "".Html::showToolTip($user[""comment""], ['contentid' => $comment_id, 'display' => false, 'link' => $user[""link""], 'linkid' => $link_id]); $paramscomment = [ 'value' => '__VALUE__', 'itemtype' => User::getType() ]; if ($view_users) { $paramscomment['withlink'] = $link_id; } $output .= Ajax::updateItemOnSelectEvent($field_id, $comment_id, $CFG_GLPI[""root_doc""].""/ajax/comments.php"", $paramscomment, false); } $output .= Ajax::commonDropdownUpdateItem($p, false); if (Session::haveRight('user', self::IMPORTEXTAUTHUSERS) && $p['ldap_import'] && Entity::isEntityDirectoryConfigured($_SESSION['glpiactive_entity'])) { $output .= "" "" . __s('Import a user') . """"; $output .= Ajax::createIframeModalWindow('userimport'.$p['rand'], $CFG_GLPI[""root_doc""]. ""/front/ldap.import.php?entity="". $_SESSION['glpiactive_entity'], ['title' => __('Import a user'), 'display' => false]); } if ($p['display']) { echo $output; return $p['rand']; } return $output; }",True,PHP,dropdown,user.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2021-03-02 09:06:34+01:00,validate entity_restrict when available with idor tokens,CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2021-21255,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12859,"static function dropdown($options = []) { global $CFG_GLPI; $p = [ 'name' => 'users_id', 'value' => '', 'values' => [], 'right' => 'id', 'all' => 0, 'display_emptychoice' => true, 'placeholder' => '', 'on_change' => '', 'comments' => 1, 'width' => '80%', 'entity' => -1, 'entity_sons' => false, 'used' => [], 'ldap_import' => false, 'toupdate' => '', 'rand' => mt_rand(), 'display' => true, '_user_index' => 0, 'specific_tags' => [], 'url' => $CFG_GLPI['root_doc'] . ""/ajax/getDropdownUsers.php"", 'inactive_deleted' => 0, ]; if (is_array($options) && count($options)) { foreach ($options as $key => $val) { $p[$key] = $val; } } if (is_array($p['value'])) { $p['value'] = $p['value'][$p['_user_index']] ?? 0; } if ((strlen($p['value']) == 0) || !is_numeric($p['value'])) { $p['value'] = 0; } $output = ''; if (!($p['entity'] < 0) && $p['entity_sons']) { if (is_array($p['entity'])) { $output .= ""entity_sons options is not available with array of entity""; } else { $p['entity'] = getSonsOf('glpi_entities', $p['entity']); } } $user = getUserName($p['value'], 2); $view_users = self::canView(); if (!empty($p['value']) && ($p['value'] > 0)) { $default = $user[""name""]; } else { if ($p['all']) { $default = __('All'); } else { $default = Dropdown::EMPTY_VALUE; } } $valuesnames = []; foreach ($p['values'] as $value) { if (!empty($value) && ($value > 0)) { $user = getUserName($value, 2); $valuesnames[] = $user[""name""]; } } $field_id = Html::cleanId(""dropdown_"" . $p['name'] . $p['rand']); $param = [ 'value' => $p['value'], 'values' => $p['values'], 'valuename' => $default, 'valuesnames' => $valuesnames, 'width' => $p['width'], 'all' => $p['all'], 'display_emptychoice' => $p['display_emptychoice'], 'placeholder' => $p['placeholder'], 'right' => $p['right'], 'on_change' => $p['on_change'], 'used' => $p['used'], 'inactive_deleted' => $p['inactive_deleted'], 'entity_restrict' => (is_array($p['entity']) ? json_encode(array_values($p['entity'])) : $p['entity']), 'specific_tags' => $p['specific_tags'], '_idor_token' => Session::getNewIDORToken(__CLASS__, ['right' => $p['right']]), ]; $output = Html::jsAjaxDropdown($p['name'], $field_id, $p['url'], $param); if ($p['comments']) { $comment_id = Html::cleanId(""comment_"".$p['name'].$p['rand']); $link_id = Html::cleanId(""comment_link_"".$p[""name""].$p['rand']); if (!$view_users) { $user[""link""] = ''; } else if (empty($user[""link""])) { $user[""link""] = $CFG_GLPI['root_doc'].""/front/user.php""; } if (empty($user['comment'])) { $user['comment'] = Toolbox::ucfirst( sprintf( __('Show %1$s'), self::getTypeName(Session::getPluralNumber()) ) ); } $output .= "" "".Html::showToolTip($user[""comment""], ['contentid' => $comment_id, 'display' => false, 'link' => $user[""link""], 'linkid' => $link_id]); $paramscomment = [ 'value' => '__VALUE__', 'itemtype' => User::getType() ]; if ($view_users) { $paramscomment['withlink'] = $link_id; } $output .= Ajax::updateItemOnSelectEvent($field_id, $comment_id, $CFG_GLPI[""root_doc""].""/ajax/comments.php"", $paramscomment, false); } $output .= Ajax::commonDropdownUpdateItem($p, false); if (Session::haveRight('user', self::IMPORTEXTAUTHUSERS) && $p['ldap_import'] && Entity::isEntityDirectoryConfigured($_SESSION['glpiactive_entity'])) { $output .= "" "" . __s('Import a user') . """"; $output .= Ajax::createIframeModalWindow('userimport'.$p['rand'], $CFG_GLPI[""root_doc""]. ""/front/ldap.import.php?entity="". $_SESSION['glpiactive_entity'], ['title' => __('Import a user'), 'display' => false]); } if ($p['display']) { echo $output; return $p['rand']; } return $output; }",True,PHP,dropdown,user.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2021-03-02 09:06:34+01:00,validate entity_restrict when available with idor tokens,CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2021-21324,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12862,"public function testGetDropdownValue($params, $expected, $session_params = []) { $this->login(); $bkp_params = []; if (count($session_params)) { foreach ($session_params as $param => $value) { if (isset($_SESSION[$param])) { $bkp_params[$param] = $_SESSION[$param]; } $_SESSION[$param] = $value; } } $params['_idor_token'] = \Session::getNewIDORToken($params['itemtype'] ?? ''); $result = \Dropdown::getDropdownValue($params, false); if (count($session_params)) { foreach ($session_params as $param => $value) { if (isset($bkp_params[$param])) { $_SESSION[$param] = $bkp_params[$param]; } else { unset($_SESSION[$param]); } } } $this->array($result)->isIdenticalTo($expected); }",True,PHP,testGetDropdownValue,Dropdown.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2021-03-02 09:06:34+01:00,validate entity_restrict when available with idor tokens,CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2021-21255,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12863,"public function testGetDropdownValue($params, $expected, $session_params = []) { $this->login(); $bkp_params = []; if (count($session_params)) { foreach ($session_params as $param => $value) { if (isset($_SESSION[$param])) { $bkp_params[$param] = $_SESSION[$param]; } $_SESSION[$param] = $value; } } $params['_idor_token'] = \Session::getNewIDORToken($params['itemtype'] ?? ''); $result = \Dropdown::getDropdownValue($params, false); if (count($session_params)) { foreach ($session_params as $param => $value) { if (isset($bkp_params[$param])) { $_SESSION[$param] = $bkp_params[$param]; } else { unset($_SESSION[$param]); } } } $this->array($result)->isIdenticalTo($expected); }",True,PHP,testGetDropdownValue,Dropdown.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2021-03-02 09:06:34+01:00,validate entity_restrict when available with idor tokens,CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2021-21324,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12866,"public function testGetDropdownConnect($params, $expected, $session_params = []) { $this->login(); $bkp_params = []; if (count($session_params)) { foreach ($session_params as $param => $value) { if (isset($_SESSION[$param])) { $bkp_params[$param] = $_SESSION[$param]; } $_SESSION[$param] = $value; } } $params['_idor_token'] = \Session::getNewIDORToken($params['itemtype'] ?? ''); $result = \Dropdown::getDropdownConnect($params, false); if (count($session_params)) { foreach ($session_params as $param => $value) { if (isset($bkp_params[$param])) { $_SESSION[$param] = $bkp_params[$param]; } else { unset($_SESSION[$param]); } } } $this->array($result)->isIdenticalTo($expected); }",True,PHP,testGetDropdownConnect,Dropdown.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2021-03-02 09:06:34+01:00,validate entity_restrict when available with idor tokens,CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2021-21255,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12867,"public function testGetDropdownConnect($params, $expected, $session_params = []) { $this->login(); $bkp_params = []; if (count($session_params)) { foreach ($session_params as $param => $value) { if (isset($_SESSION[$param])) { $bkp_params[$param] = $_SESSION[$param]; } $_SESSION[$param] = $value; } } $params['_idor_token'] = \Session::getNewIDORToken($params['itemtype'] ?? ''); $result = \Dropdown::getDropdownConnect($params, false); if (count($session_params)) { foreach ($session_params as $param => $value) { if (isset($bkp_params[$param])) { $_SESSION[$param] = $bkp_params[$param]; } else { unset($_SESSION[$param]); } } } $this->array($result)->isIdenticalTo($expected); }",True,PHP,testGetDropdownConnect,Dropdown.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2021-03-02 09:06:34+01:00,validate entity_restrict when available with idor tokens,CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2021-21324,"function manage_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $gc = new geoCountry(); $countries = $gc->find('all'); $gr = new geoRegion(); $regions = $gr->find('all',null,'rank asc,name asc'); assign_to_template(array( 'countries'=>$countries, 'regions'=>$regions, 'upcharge'=>!empty($this->config['upcharge'])?$this->config['upcharge']:'' )); }" 12872,"static function showPasswordForgetChangeForm($token) { global $CFG_GLPI, $DB; $token_ok = false; $iterator = $DB->request([ 'FROM' => self::getTable(), 'WHERE' => [ 'password_forget_token' => $token, new \QueryExpression('NOW() < ADDDATE(password_forget_token_date, INTERVAL 1 DAY))') ] ]); if (count($iterator) == 1) { $token_ok = true; } echo ""
    ""; if ($token_ok) { echo """"; echo ""
    '.$langmessage['options'].'
    '; echo $langmessage['label']; echo ''; echo ''; echo '
    '; echo $langmessage['Copy']; echo ''; $gp_index_no_special = array(); foreach( $gp_index as $title => $index ){ if( strpos(strtolower($index),'special_') !== 0 ){ $gp_index_no_special[$title] = $index; } } \gp\admin\Menu\Tools::ScrollList($gp_index_no_special); echo sprintf($format_bottom,'CopyPage',$langmessage['create_new_file']); echo '
    '; echo str_replace(' ',' ',$langmessage['Content Type']); echo ''; echo '
    '; \gp\Page\Edit::NewSections(true); echo '
    '; echo sprintf($format_bottom,'NewFile',$langmessage['create_new_file']); echo ''; echo ''; }",True,PHP,AddHidden,Ajax.php,https://github.com/Typesetter/Typesetter,Typesetter,juek,2018-05-23 21:55:50+02:00,"prevent code injection (XSS) fix for reflected XSS vulnerability spotted by Mithat Gögebakan, www.netsparker.com",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-20837,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12269,"public static function linktrail( $data, $params, $parser ) { $lang = self::languageObject( $params ); $regex = $lang->linkTrail(); $inside = ''; if ( '' != $data ) { $predata = []; preg_match( '/^\[\[([^\]|]+)(\|[^\]]+)?\]\](.*)$/sDu', $data, $predata ); $m = []; if ( preg_match( $regex, $predata[3], $m ) ) { $inside = $m[1]; $data = $m[2]; } } $predata = isset( $predata[2] ) ? $predata[2] : isset( $predata[1] ) ? $predata[1] : $predata[0]; return ""$predata$inside$data""; }",True,PHP,linktrail,I18nTags_body.php,https://github.com/wikimedia/mediawiki-extensions-I18nTags,wikimedia,Niklas Laxström,2018-08-06 14:03:40+02:00,"SECURITY: Parse tag function input as wikitext to prevent XSS Unlike parser functions, tag functions' output is unescaped by default. Bug: T200973 Change-Id: I63ea5b7b1edd96a4b9fe8837eb7979faa80b5f78",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-25065,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12270,"public static function formatNumber( $data, $params, $parser ) { $lang = self::languageObject( $params ); return $lang->formatNum( $data ); }",True,PHP,formatNumber,I18nTags_body.php,https://github.com/wikimedia/mediawiki-extensions-I18nTags,wikimedia,Niklas Laxström,2018-08-06 14:03:40+02:00,"SECURITY: Parse tag function input as wikitext to prevent XSS Unlike parser functions, tag functions' output is unescaped by default. Bug: T200973 Change-Id: I63ea5b7b1edd96a4b9fe8837eb7979faa80b5f78",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-25065,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12271,"public static function plural( $data, $params, $parser ) { list( $from, $to ) = self::getRange( isset( $params['n'] ) ? $params['n'] : '' ); $args = explode( '|', $data ); $lang = self::languageObject( $params ); $format = isset( $params['format'] ) ? $params['format'] : '%s'; $format = str_replace( '\n', ""\n"", $format ); $s = ''; for ( $i = $from; $i <= $to; $i++ ) { $t = $lang->convertPlural( $i, $args ); $fmtn = $lang->formatNum( $i ); $s .= str_replace( [ '%d', '%s' ], [ $i, wfMsgReplaceArgs( $t, [ $fmtn ] ) ], $format ); } return $s; }",True,PHP,plural,I18nTags_body.php,https://github.com/wikimedia/mediawiki-extensions-I18nTags,wikimedia,Niklas Laxström,2018-08-06 14:03:40+02:00,"SECURITY: Parse tag function input as wikitext to prevent XSS Unlike parser functions, tag functions' output is unescaped by default. Bug: T200973 Change-Id: I63ea5b7b1edd96a4b9fe8837eb7979faa80b5f78",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-25065,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12272,"public static function grammar( $data, $params, $parser ) { $case = isset( $params['case'] ) ? $params['case'] : ''; $lang = self::languageObject( $params ); return $lang->convertGrammar( $data, $case ); }",True,PHP,grammar,I18nTags_body.php,https://github.com/wikimedia/mediawiki-extensions-I18nTags,wikimedia,Niklas Laxström,2018-08-06 14:03:40+02:00,"SECURITY: Parse tag function input as wikitext to prevent XSS Unlike parser functions, tag functions' output is unescaped by default. Bug: T200973 Change-Id: I63ea5b7b1edd96a4b9fe8837eb7979faa80b5f78",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-25065,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12276,"array_push($checklist, $item['itemID']); } if ($this->ESI->getDEBUG()) inform(get_class(), ""List of itemIDs: "". json_encode($checklist)); inform(get_class(), 'Getting ' . count($checklist) . ' Asset names from ESI...'); if (count($checklist) > 0) { $this->setRoute('/v1/corporations/' . $this->ESI->getCorporationID() . '/assets/names/'); $this->setCacheInterval(0); if (count($checklist) > 0) { for ($i = 0; $i < count($checklist) / $MAX_IDS; $i++) { if ($this->ESI->getDEBUG()) inform(get_class(), ""Getting page $i""); $names = array_merge($names, $this->post('',json_encode(array_slice($checklist, $i * $MAX_IDS, $MAX_IDS)))); } } } else { return FALSE; } return $names; }",True,PHP,array_push,Assets.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12278,"function getTypeIDicon($typeID, $size=32, $type=null) { if (!is_numeric($typeID)) $typeID=0; if (!is_numeric($size) || ($size!=32 && $size!=64 && $size!=128 && $size!=256 && $size!=512)) $size=32; $bp = getBlueprint($typeID); if ($bp === FALSE) { if (is_null($type) || ($type != 'icon' && $type != 'render')) { $type = 'icon'; } if ($size >= 512) { $type = 'render'; } } else { if (is_null($type) || ($type != 'bp' && $type != 'bpc')) { if ($bp['techLevel'] == 1) { $type = 'bp'; } else { $type = 'bpc'; } } } if ($size != 512) { if (file_exists(""../wwwroot/ccp_img/${typeID}_${size}.png"")) { $icon=getUrl().""ccp_img/${typeID}_${size}.png""; } else { $icon=""https: } } else { if (file_exists(""../wwwroot/ccp_renders/${typeID}.png"")) { $icon=getUrl().""ccp_renders/${typeID}.png""; } else { $icon=""https: } } return($icon); }",True,PHP,getTypeIDicon,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12279,"function asoc_row($tablica,$field,$id) { foreach($tablica as $row) { if ($row[$field]==$id) return $row; } return array(); }",True,PHP,asoc_row,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12280,"function generate_title($subtitle = null) { global $LM_APP_NAME, $lmver; $main_title = ""$LM_APP_NAME $lmver""; if (is_null($subtitle)) $title=""$main_title""; else $title=""$main_title - $subtitle""; return $title; }",True,PHP,generate_title,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12281,"function db_read($nazwa_pliku) { $uchwyt = fopen($nazwa_pliku, ""r""); $tresc = fread($uchwyt, filesize($nazwa_pliku)); fclose($uchwyt); $tresc=stripslashes($tresc); $data=explode(',',$tresc); return $data; }",True,PHP,db_read,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12286,"function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; }",True,PHP,stripslashes_deep,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12292,"function db_query($sql) { global $LM_DEBUG,$LM_DBENGINE; $my_link=db_connect(); $i=0; $result=array(); try { $stmt = $my_link->query($sql); $result = $stmt->fetchAll(PDO::FETCH_NUM); } catch(PDOException $ex) { loguj(dirname(__FILE__).'/../var/error.txt',""Error in query: $sql MySQL reply: "".$ex->getMessage()); if ($LM_DEBUG==1) { printerr(""Error in query: $sql
    MySQL reply: "".$ex->getMessage()); } else { printerr(""Database error. Contact your administrator and report the problem.
    ""); } die(); } return($result); }",True,PHP,db_query,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12293,"function filter_description($description) { return preg_replace('/[\x7F-\xFF]/','',$description); }",True,PHP,filter_description,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12294,"function secureGETnum($field) { $what=$_REQUEST[$field]; if (!empty($what) && !preg_match('/^(\-){0,1}([\d]+)(\.\d+){0,1}$/',$what)) { printerr(""Niepoprawny parametr $field.""); die(''); } return $what; }",True,PHP,secureGETnum,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12298,"function applycss($css) { printf('',getUrl().$css); }",True,PHP,applycss,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12299,"function message($opcje='') { global $USERSTABLE; $sql=""SELECT m.*, a1.login AS od, a2.login AS do FROM `message` AS m LEFT JOIN `$USERSTABLE` AS a1 ON m.msgfrom = a1.`userID` LEFT JOIN `$USERSTABLE` AS a2 ON m.msgto = a2.`userID` $opcje ORDER BY m.id DESC""; $result=db_asocquery($sql); return($result); }",True,PHP,message,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12301,"function secureGETstr($field,$len=32768,$http=false) { if (!$http) { $what=htmlspecialchars($_REQUEST[$field]); } else { $what=$_GET[$field]; } $what=addslashes($what); $what=substr($what,0,$len); return $what; }",True,PHP,secureGETstr,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12303,"function getCorporationLogo($corporationID,$size=64) { if (!is_numeric($corporationID)) return """"; if (!is_numeric($size) || ($size!=32 && $size!=64 && $size!=128 && $size!=256 && $size!=512)) $size=64; $icon=""https: return($icon); }",True,PHP,getCorporationLogo,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12304,"function getUrl(){ $a=parse_url(sprintf( ""%s: isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http', $_SERVER['SERVER_NAME'], $_SERVER['REQUEST_URI'] )); if (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT']!=80 && $_SERVER['SERVER_PORT']!=443) { $port="":${_SERVER['SERVER_PORT']}""; } else { $port=''; } $path=preg_split('/[\w]+\.php/',$a['path']); return $a['scheme'].': }",True,PHP,getUrl,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12306,"function db_write($nazwa_pliku,$data) { include('../config/config.php'); if ($LM_READONLY==0) { $uchwyt = fopen($nazwa_pliku, ""w""); if (count($data)>0) { $tresc=implode(',',$data); } fwrite($uchwyt, $tresc); fclose($uchwyt); } }",True,PHP,db_write,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12307,function get_remote_addr() { if (isset($_SERVER['HTTP_X_REAL_IP'])) return $_SERVER['HTTP_X_REAL_IP']; if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) return $_SERVER['HTTP_X_FORWARDED_FOR']; if (isset($_SERVER['REMOTE_ADDR'])) return $_SERVER['REMOTE_ADDR']; return FALSE; },True,PHP,get_remote_addr,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12308,"function db_asocquery($sql) { global $LM_DEBUG,$LM_DBENGINE; $my_link=db_connect(); $i=0; $result=array(); try { $stmt = $my_link->query($sql); $result = $stmt->fetchAll(PDO::FETCH_ASSOC); } catch(PDOException $ex) { loguj(dirname(__FILE__).'/../var/error.txt',""Error in query: $sql MySQL reply: "".$ex->getMessage()); if ($LM_DEBUG==1) { printerr(""Error in query: $sql
    MySQL reply: "".$ex->getMessage()); } else { printerr(""Database error. Contact your administrator and report the problem.
    ""); } die(); } return($result); }",True,PHP,db_asocquery,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12310,"function printerr($text) { echo(""
    $text
    ""); echo(''); }",True,PHP,printerr,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12312,function admini($opcje='') { },True,PHP,admini,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12315,"function db_write2($nazwa_pliku,$data) { include('../config/config.php'); if ($LM_READONLY==0) { $uchwyt = fopen($nazwa_pliku, ""w""); if (count($data)>0) { $tresc=implode('|',$data); } fwrite($uchwyt, $tresc); fclose($uchwyt); } }",True,PHP,db_write2,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12316,"function db_uquery($sql) { global $LM_DEBUG, $LM_READONLY,$LM_DBENGINE; if ($LM_READONLY==1) { echo(""Read only mode.
    ""); return; } $my_link=db_connect(); $i=0; $result=array(); try { $stmt = $my_link->query($sql); } catch(PDOException $ex) { loguj(dirname(__FILE__).'/../var/error.txt',""Error in query: $sql MySQL reply: "".$ex->getMessage()); if ($LM_DEBUG==1) { printerr(""Error in query: $sql
    MySQL reply: "".$ex->getMessage()); } else { printerr(""Database error. Contact your administrator and report the problem.
    ""); } die(); } error_reporting(E_ALL & ~E_NOTICE); return($stmt->rowCount()); }",True,PHP,db_uquery,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12319,"function getCharacterPortrait($characterID,$size=64) { if (!is_numeric($characterID) || $characterID == 0) { if ($size == 32) { return getUrl().""img/character_32.png""; } else if ($size == 64) { return getUrl().""img/character_64.png""; } else { return """"; } } if (!is_numeric($size) || ($size!=32 && $size!=64 && $size!=128 && $size!=256 && $size!=512)) $size=64; $icon=""https: return($icon); }",True,PHP,getCharacterPortrait,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12324,"function getAllianceLogo($allianceID,$size=64) { if (!is_numeric($allianceID)) return """"; if (!is_numeric($size) || ($size!=32 && $size!=64 && $size!=128 && $size!=256 && $size!=512)) $size=64; $icon=""https: return($icon); }",True,PHP,getAllianceLogo,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12327,"function message_sent($opcje='') { global $USERSTABLE; $sql=""SELECT m.*, a1.login AS od, a2.login AS do FROM `message_sent` AS m LEFT JOIN `$USERSTABLE` AS a1 ON m.msgfrom = a1.`userID` LEFT JOIN `$USERSTABLE` AS a2 ON m.msgto = a2.`userID` $opcje ORDER BY m.id DESC""; $result=db_asocquery($sql); return($result); }",True,PHP,message_sent,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12328,"function db_read2($nazwa_pliku) { $uchwyt = fopen($nazwa_pliku, ""r""); $tresc = fread($uchwyt, filesize($nazwa_pliku)); fclose($uchwyt); $tresc=stripslashes($tresc); $data=explode('|',$tresc); return $data; }",True,PHP,db_read2,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12329,"function getTypeID($typeName) { global $LM_EVEDB; $data = db_asocquery(""SELECT * FROM `$LM_EVEDB`.`invTypes` WHERE `typeName`='$typeName';""); if (count($data) > 0) { return($data[0]['typeID']); } else return FALSE; }",True,PHP,getTypeID,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12332,"function getTypeName($typeID) { global $LM_EVEDB; if (!is_numeric($typeID)) return FALSE; $data = db_asocquery(""SELECT * FROM `$LM_EVEDB`.`invTypes` WHERE `typeID`=$typeID;""); if (count($data) > 0) { return($data[0]['typeName']); } else return FALSE; }",True,PHP,getTypeName,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12333,"function db_count($sql) { global $LM_DEBUG,$LM_DBENGINE; $my_link=db_connect(); $i=0; $result=array(); try { $stmt = $my_link->query($sql); $rows = count($stmt->fetchAll(PDO::FETCH_NUM)); } catch(PDOException $ex) { loguj(dirname(__FILE__).'/../var/error.txt',""Error in query: $sql MySQL reply: "".$ex->getMessage()); if ($LM_DEBUG==1) { printerr(""Error in query: $sql
    MySQL reply: "".$ex->getMessage()); } else { printerr(""Database error. Contact your administrator and report the problem.
    ""); } die(); } return($rows); }",True,PHP,db_count,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12335,"function db_connect() { global $LM_DEBUG,$LM_DBENGINE,$LM_dbhost,$LM_dbname,$LM_dbuser,$LM_dbpass,$PDO_CONNECTION; if (!is_null($PDO_CONNECTION)) return($PDO_CONNECTION); if ($LM_DBENGINE==""MYSQL"") { $dsn='mysql'; } else if ($LM_DBENGINE==""PGSQL"") { $dsn='pgsql'; } else { die('Error: $LM_DBENGINE setting is missing in config.php'); } try { $ret = new PDO(""$dsn:host=$LM_dbhost;dbname=$LM_dbname;charset=utf8"", $LM_dbuser, $LM_dbpass, array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); $ret->exec(""SET CHARACTER SET utf8""); $ret->exec(""SET SESSION sql_mode=(SELECT REPLACE(@@sql_mode,'ONLY_FULL_GROUP_BY',''));""); } catch(PDOException $ex) { if ($LM_DEBUG==1) { printerr(""No connection to the database.
    MySQL reply: "".$ex->getMessage()); } else { printerr(""No connection to the database. Contact your administrator and report the problem.
    ""); } loguj(dirname(__FILE__).'/../var/error.txt',""Error connecting to the database. MySQL reply: "".$ex->getMessage()); die(); } $PDO_CONNECTION=$ret; return($ret); }",True,PHP,db_connect,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12336,"function generate_meta($description=null, $title=null ,$image=null) { global $META, $TITLE, $LM_APP_NAME, $lmver; if (is_null($description)) $description=""LMeve: Industry Contribution and Mass Production Tracker.""; else $description = htmlentities($description); if (is_null($title)) $title = generate_title(); else $title = htmlentities($title); if (is_null($image)) $image = getUrl() . ""img/lmeve-social.jpg""; $url = parse_url(getUrl()); $domain = $url['scheme'] . ': $site = $url['host']; $meta = ' ' . $title . ' '; $META = $meta; return $meta; }",True,PHP,generate_meta,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12337,"function str2num($z) { settype($z,'integer'); return $z; }",True,PHP,str2num,db.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12341,"function esiUpdateApiContractItems() { $table = db_asocquery(""DESCRIBE `apicontractitems`;""); $found = FALSE; foreach ($table as $column) { if ($column['Field']=='rawQuantity' && $column['Type']=='int(11)') { $found = TRUE; } } if ($found === FALSE) { return db_uquery(""ALTER TABLE `apicontractitems` ADD COLUMN `rawQuantity` int(11) NULL DEFAULT NULL AFTER `quantity`;""); } return TRUE; }",True,PHP,esiUpdateApiContractItems,dbcatalog.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12342,"function esiUpdateApiIndustryJobsCrius() { $table = db_asocquery(""DESCRIBE `apiindustryjobscrius`;""); $found = FALSE; foreach ($table as $column) { if ($column['Field']=='status' && $column['Type']=='int(11)') { $found = TRUE; } } if ($found === TRUE) { return db_uquery(""ALTER TABLE `apiindustryjobscrius` CHANGE COLUMN `status` `status` VARCHAR(255) NULL DEFAULT NULL;""); } return TRUE; }",True,PHP,esiUpdateApiIndustryJobsCrius,dbcatalog.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12343,"function esiUpdateApimarketorders() { $table = db_asocquery(""DESCRIBE `apimarketorders`;""); $found = FALSE; foreach ($table as $column) { if ($column['Field']=='range' && $column['Type']=='int(11)') { $found = TRUE; } } if ($found === TRUE) { db_uquery(""ALTER TABLE `apimarketorders` CHANGE COLUMN `range` `range` VARCHAR(12) NULL DEFAULT NULL;""); } $found = FALSE; foreach ($table as $column) { if ($column['Field']=='stationID' && $column['Type']=='int(11)') { $found = TRUE; } } if ($found === TRUE) { db_uquery(""ALTER TABLE `apimarketorders` CHANGE COLUMN `stationID` `stationID` bigint(11) NOT NULL;""); } return TRUE; }",True,PHP,esiUpdateApimarketorders,dbcatalog.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12345,"function esiUpdateApiCorpMembers() { $table = db_asocquery(""DESCRIBE `apicorpmembers`;""); $found = FALSE; foreach ($table as $column) { if ( ($column['Field']=='logonDateTime' && $column['Type']=='datetime') || ($column['Field']=='logoffDateTime' && $column['Type']=='datetime') || ($column['Field']=='solarSystemID' && $column['Type']=='bigint(11)') || ($column['Field']=='shipID' && $column['Type']=='int(11)') ) { $found = TRUE; } } if ($found === FALSE) { $a = db_uquery(""ALTER TABLE `apicorpmembers` ADD COLUMN `logonDateTime` datetime NULL DEFAULT NULL;""); $b = db_uquery(""ALTER TABLE `apicorpmembers` ADD COLUMN `logoffDateTime` datetime NULL DEFAULT NULL;""); $c = db_uquery(""ALTER TABLE `apicorpmembers` ADD COLUMN `solarSystemID` bigint(11) NULL DEFAULT NULL;""); $d = db_uquery(""ALTER TABLE `apicorpmembers` ADD COLUMN `shipID` int(11) NULL DEFAULT NULL;""); } return $a && $b && $c && $d; }",True,PHP,esiUpdateApiCorpMembers,dbcatalog.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12346,"function esiUpdateApicorps() { $table = db_asocquery(""DESCRIBE `apicorps`;""); $found = FALSE; foreach ($table as $column) { if ($column['Field']=='tokenID' && $column['Type']=='int(11)') { $found = TRUE; } } if ($found === FALSE) { db_uquery(""ALTER TABLE `apicorps` ADD COLUMN `tokenID` int(11) NULL DEFAULT NULL;""); db_uquery(""ALTER TABLE `apicorps` CHANGE COLUMN `keyID` `keyID` VARCHAR(255) NULL DEFAULT NULL;""); } $table = db_asocquery(""DESCRIBE `apicorpsheet`;""); $found = FALSE; foreach ($table as $column) { if ($column['Field']=='description' && $column['Type']!='varchar(4096)') { $found = TRUE; } } if ($found === TRUE) { db_uquery(""ALTER TABLE `apicorpsheet` CHANGE COLUMN `description` `description` varchar(4096) NOT NULL;""); } return TRUE; }",True,PHP,esiUpdateApicorps,dbcatalog.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12347,"function esiUpdateApiAssets() { $table = db_asocquery(""DESCRIBE `apiassets`;""); $found = FALSE; foreach ($table as $column) { if ($column['Field']=='is_blueprint_copy' && $column['Type']=='int(11)') { $found = TRUE; } } if ($found === FALSE) { return db_uquery(""ALTER TABLE `apiassets` ADD `is_blueprint_copy` INT NULL DEFAULT NULL AFTER `singleton`;""); } return TRUE; }",True,PHP,esiUpdateApiAssets,dbcatalog.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12350,function get_caller_info() { ob_start(); debug_print_backtrace(); $trace = ob_get_contents(); ob_end_clean(); $trace = preg_replace ('/^ $trace = preg_replace ('/^ return $trace; },True,PHP,get_caller_info,errorhandler.php,https://github.com/roxlukas/lmeve,roxlukas,Administrator,2021-02-13 19:41:22+01:00,"important security update - SQL Injection found in login page via x-forwarded-for header",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4246,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12365,"static function getSearchResultsInDateRange($query,$start_date,$end_date,$featured = false) { $events = array(); if ($featured) { $featured = "" AND btx_events_events.featured = 'on' ""; } $words = explode("" "",$query); $qwords = array(); if ($words) { foreach ($words as $word) { $qwords[] = ""(btx_events_events.title LIKE '%$word%' OR btx_events_events.description LIKE '%$word%')""; } $qwords = implode("" AND "",$qwords)."" AND ""; } else { $qwords = """"; } $q = sqlquery(""SELECT btx_events_date_cache.start,btx_events_date_cache.end,btx_events_date_cache.id as instance,btx_events_date_cache.title_route AS title_route, btx_events_date_cache.date_route AS date_route,btx_events_events.* FROM btx_events_events JOIN btx_events_date_cache WHERE btx_events_date_cache.event = btx_events_events.id AND $qwords btx_events_date_cache.end >= '$start_date 00:00:00' AND btx_events_date_cache.start <= '$end_date 23:59:59' $featured ORDER BY btx_events_date_cache.start ASC""); while ($f = sqlfetch($q)) { $event = self::get($f); $events[] = $event; } return $events; }",True,PHP,getSearchResultsInDateRange,events.php,https://github.com/timbuckingham/bigtree-events,timbuckingham,Tim Buckingham,2018-03-19 11:03:37-04:00,"Added methods for getting a page of upcoming events, fixed SQL injection in searches",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-25076,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12366,"static function getUpcomingSearchResults($query,$limit = 5,$featured = false) { $events = array(); if ($featured) { $featured = "" AND btx_events_events.featured = 'on' ""; } $words = explode("" "",$query); $qwords = array(); if ($words) { foreach ($words as $word) { $qwords[] = ""(btx_events_events.title LIKE '%$word%' OR btx_events_events.description LIKE '%$word%')""; } $qwords = implode("" AND "",$qwords)."" AND ""; } else { $qwords = """"; } $q = sqlquery(""SELECT btx_events_date_cache.start,btx_events_date_cache.end,btx_events_date_cache.id as instance,btx_events_date_cache.title_route AS title_route, btx_events_date_cache.date_route AS date_route,btx_events_events.* FROM btx_events_events JOIN btx_events_date_cache WHERE btx_events_date_cache.event = btx_events_events.id AND $qwords btx_events_date_cache.end >= NOW() $featured ORDER BY btx_events_date_cache.start ASC LIMIT $limit""); while ($f = sqlfetch($q)) { $event = self::get($f); $events[] = $event; } return $events; }",True,PHP,getUpcomingSearchResults,events.php,https://github.com/timbuckingham/bigtree-events,timbuckingham,Tim Buckingham,2018-03-19 11:03:37-04:00,"Added methods for getting a page of upcoming events, fixed SQL injection in searches",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-25076,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12367,"static function searchResultsInCategory($query,$category) { $category = is_array($category) ? sqlescape($category[""id""]) : sqlescape($category); $with_sub = array_merge(array($category),self::getSubcategoriesOfCategory($category)); $cat_search = array(); foreach ($with_sub as $category) { $cat_search[] = ""btx_events_event_categories.category = '$category'""; } $words = explode("" "",$query); $qwords = array(); if ($words) { foreach ($words as $word) { $qwords[] = ""(btx_events_events.title LIKE '%$word%' OR btx_events_events.description LIKE '%$word%')""; } $qwords = "" AND "".implode("" AND "",$qwords); } else { $qwords = """"; } $q = sqlquery(""SELECT DISTINCT(btx_events_event_categories.event),btx_events_events.* FROM btx_events_events JOIN btx_events_event_categories WHERE btx_events_events.id = btx_events_event_categories.event $qwords AND ("".implode("" OR "",$cat_search)."") ORDER BY id DESC""); $events = array(); while ($f = sqlfetch($q)) { $event = self::get($f); $events[] = $event; } return $events; }",True,PHP,searchResultsInCategory,events.php,https://github.com/timbuckingham/bigtree-events,timbuckingham,Tim Buckingham,2018-03-19 11:03:37-04:00,"Added methods for getting a page of upcoming events, fixed SQL injection in searches",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2018-25076,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12368,"$contents[$headline] = trim($chapter->text); } } $contents = $this->events->runEvent('extendHelp', $contents); $this->view->assign('chapters', $contents); $pos = $this->chapterHeadline ? (int) array_search(strtoupper(base64_decode($this->chapterHeadline)), array_keys($contents)) : 0; $this->view->addJsVars(['fpcmDefaultCapter' => $pos]); $this->view->setViewJsFiles(['help.js']); $this->view->render(); }",True,PHP,trim,help.php,https://github.com/sea75300/fanpresscm3,sea75300,stefan,2018-01-15 22:00:40+01:00,"* Bugfix: Hilfe wird unter PHP 7 nicht angezeigt * Bugfix: Mögliche XSS-Lücke in Template-Vorschau",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-25086,"public function approve_toggle() { global $history; if (empty($this->params['id'])) return; $require_login = empty($this->params['require_login']) ? SIMPLENOTE_REQUIRE_LOGIN : $this->params['require_login']; $require_approval = empty($this->params['require_approval']) ? SIMPLENOTE_REQUIRE_APPROVAL : $this->params['require_approval']; $require_notification = empty($this->params['require_notification']) ? SIMPLENOTE_REQUIRE_NOTIFICATION : $this->params['require_notification']; $notification_email = empty($this->params['notification_email']) ? SIMPLENOTE_NOTIFICATION_EMAIL : $this->params['notification_email']; $simplenote = new expSimpleNote($this->params['id']); $simplenote->approved = $simplenote->approved == 1 ? 0 : 1; $simplenote->save(); $lastUrl = makelink($history->history[$history->history['lasts']['type']][count($history->history[$history->history['lasts']['type']])-1]['params']); if (!empty($this->params['tab'])) { $lastUrl .= ""#"".$this->params['tab']; } redirect_to($lastUrl); }" 12371,"private function getArticlesPreview() { $this->view = new \fpcm\model\view\pub('showall', 'public'); $parsed = []; $categoryTexts = array('Category 1', 'Category 2'); $shareButtonParser = new \fpcm\model\pubtemplates\sharebuttons($this->config->system_url, 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr!'); $replacements = array( '{{headline}}' => 'Lorem ipsum dolor sit amet, consetetur sadipscing elitr!', '{{text}}' => 'Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.', '{{author}}' => $this->session->getCurrentUser()->getUsername(), '{{authorEmail}}' => 'session->getCurrentUser()->getEmail().'"">'.$this->session->getCurrentUser()->getDisplayname().'', '{{authorAvatar}}' => \fpcm\model\users\author::getAuthorImageDataOrPath($this->session->getCurrentUser(), 0), '{{authorInfoText}}' => $this->session->getCurrentUser()->getUsrinfo(), '{{date}}' => date($this->config->system_dtmask, time()), '{{changeDate}}' => date($this->config->system_dtmask, time()), '{{changeUser}}' => $this->session->getCurrentUser()->getDisplayname(), '{{statusPinned}}' => '', '{{shareButtons}}' => $shareButtonParser->parse(), '{{categoryIcons}}' => '', '{{categoryTexts}}' => implode(PHP_EOL, $categoryTexts), '{{commentCount}}' => 0, '{{permaLink}}:{{/permaLink}}' => $this->config->system_url, '{{commentLink}}:{{/commentLink}}' => $this->config->system_url.'#comments', ':' => md5(time()), '{{articleImage}}' => '', '{{sources}}' => $this->config->system_url ); $this->template->setReplacementTags($replacements); $parsed[] = $this->template->parse(); $categoryTexts = array('Category 3', 'Category 4'); $shareButtonParser = new \fpcm\model\pubtemplates\sharebuttons($this->config->system_url, 'Ut wisi enim ad minim veniam?'); $replacements = array( '{{headline}}' => 'Ut wisi enim ad minim veniam?', '{{text}}' => 'Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. ', '{{author}}' => $this->session->getCurrentUser()->getUsername(), '{{authorEmail}}' => 'session->getCurrentUser()->getEmail().'"">'.$this->session->getCurrentUser()->getDisplayname().'', '{{authorAvatar}}' => '', '{{authorInfoText}}' => '', '{{date}}' => date($this->config->system_dtmask, time() - 3600), '{{changeDate}}' => date($this->config->system_dtmask, time() - 3600), '{{changeUser}}' => $this->session->getCurrentUser()->getDisplayname(), '{{statusPinned}}' => '', '{{shareButtons}}' => $shareButtonParser->parse(), '{{categoryIcons}}' => '', '{{categoryTexts}}' => implode(PHP_EOL, $categoryTexts), '{{commentCount}}' => 0, '{{permaLink}}:{{/permaLink}}' => $this->config->system_url, '{{commentLink}}:{{/commentLink}}' => $this->config->system_url.'#comments', ':' => md5(time()), '{{articleImage}}' => '', '{{sources}}' => '' ); $this->template->setReplacementTags($replacements); $parsed[] = $this->template->parse(); $this->view->assign('content', implode(PHP_EOL, $parsed)); $this->view->assign('commentform', ''); }",True,PHP,getArticlesPreview,templatepreview.php,https://github.com/sea75300/fanpresscm3,sea75300,stefan,2018-01-15 22:00:40+01:00,"* Bugfix: Hilfe wird unter PHP 7 nicht angezeigt * Bugfix: Mögliche XSS-Lücke in Template-Vorschau",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-25086,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12374,"$description = htmlspecialchars( preg_replace( '/<.*?>/', '', $event['description'] ), ENT_COMPAT | ENT_HTML401, ini_get( ""default_charset"" ), false ); $description = preg_replace( '/\n+/', ' ', $description ); $description = preg_replace( '/(.{400})(.+)/', '\1 ' . Html::rawElement( 'a', array( 'target' => '_blank', 'rel' => 'nofollow', 'class' => 'external text', 'href' => $event['link'], ), wfMessage( 'meetup-read-more' )->parse() ), $description ); $ret .= Html::rawElement( 'li', array( 'class' => 'event', ), Html::rawElement( 'a', array( 'target' => '_blank', 'rel' => 'nofollow', 'class' => 'external text', 'href' => $event['link'] ), sprintf( '%s (%s): %s', date( 'M j, Y', $event['time']/1000 ), htmlspecialchars( $event['local_time'] ), htmlspecialchars( $event['name'] ) ) ) . Html::rawElement( 'span', array( 'class' => 'meetup-venue', ), sprintf( '%s, %s · %s, %s', htmlspecialchars( $event['venue']['name'] ), htmlspecialchars( $event['venue']['address_1'] ), htmlspecialchars( $event['venue']['city'] ), htmlspecialchars( $event['venue']['state'] ) ) ) . Html::rawElement( 'span', array( 'class' => 'meetup-description', ), $description ) ); } $ret .= ''; $ret .= Html::rawElement( 'a', array( 'target' => '_blank', 'rel' => 'nofollow', 'class' => 'external text', 'href' => wfMessage( 'meetup-events-ui-url', $group, $status )->plain(), ), wfMessage( $link_message )->parse() ); } else { $ret .= wfMessage( $empty_message )->parse(); } return $ret; } } ?>",True,PHP,htmlspecialchars,Meetup.class.php,https://github.com/glb/mediawiki-tag-extension-meetup,glb,Geoff Baskwill,2018-02-21 19:04:46-05:00,"Mitigate ""reverse tabnabbing"" vulnerability ""Reverse Tabnabbing"" is an attack where a page linked from the target page is able to rewrite that page; the vulnerability is opened by use of the `target=""_blank""` link attribute. Removed `target=""_blank""` and added `rel=""noopener noreferer""` as well as advised in the OWASP cheat sheet. https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#Tabnabbing https://www.owasp.org/index.php/Reverse_Tabnabbing",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2018-25089,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12377,"public function display_sdm_other_details_meta_box($post) { $file_size = get_post_meta($post->ID, 'sdm_item_file_size', true); $file_size = isset($file_size) ? $file_size : ''; $version = get_post_meta($post->ID, 'sdm_item_version', true); $version = isset($version) ? $version : ''; echo '
    '; _e('File Size: ', 'simple-download-monitor'); echo '
    '; echo ' '; echo '

    ' . __('Enter the size of this file (example value: 2.15 MB). You can show this value in the fancy display by using a shortcode parameter.', 'simple-download-monitor') . '

    '; echo '
    '; echo '
    '; _e('Version: ', 'simple-download-monitor'); echo '
    '; echo ' '; echo '

    ' . __('Enter the version number for this item if any (example value: v2.5.10). You can show this value in the fancy display by using a shortcode parameter.', 'simple-download-monitor') . '

    '; echo '
    '; wp_nonce_field('sdm_other_details_nonce', 'sdm_other_details_nonce_check'); }",True,PHP,display_sdm_other_details_meta_box,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5212,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12378,"public function display_sdm_other_details_meta_box($post) { $file_size = get_post_meta($post->ID, 'sdm_item_file_size', true); $file_size = isset($file_size) ? $file_size : ''; $version = get_post_meta($post->ID, 'sdm_item_version', true); $version = isset($version) ? $version : ''; echo '
    '; _e('File Size: ', 'simple-download-monitor'); echo '
    '; echo ' '; echo '

    ' . __('Enter the size of this file (example value: 2.15 MB). You can show this value in the fancy display by using a shortcode parameter.', 'simple-download-monitor') . '

    '; echo '
    '; echo '
    '; _e('Version: ', 'simple-download-monitor'); echo '
    '; echo ' '; echo '

    ' . __('Enter the version number for this item if any (example value: v2.5.10). You can show this value in the fancy display by using a shortcode parameter.', 'simple-download-monitor') . '

    '; echo '
    '; wp_nonce_field('sdm_other_details_nonce', 'sdm_other_details_nonce_check'); }",True,PHP,display_sdm_other_details_meta_box,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5213,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12381,"public function sdm_save_other_details_meta_data($post_id) { if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) { return; } if (!isset($_POST['sdm_other_details_nonce_check']) || !wp_verify_nonce($_POST['sdm_other_details_nonce_check'], 'sdm_other_details_nonce')) { return; } if (isset($_POST['sdm_item_file_size'])) { update_post_meta($post_id, 'sdm_item_file_size', $_POST['sdm_item_file_size']); } if (isset($_POST['sdm_item_version'])) { update_post_meta($post_id, 'sdm_item_version', $_POST['sdm_item_version']); } }",True,PHP,sdm_save_other_details_meta_data,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5212,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12382,"public function sdm_save_other_details_meta_data($post_id) { if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) { return; } if (!isset($_POST['sdm_other_details_nonce_check']) || !wp_verify_nonce($_POST['sdm_other_details_nonce_check'], 'sdm_other_details_nonce')) { return; } if (isset($_POST['sdm_item_file_size'])) { update_post_meta($post_id, 'sdm_item_file_size', $_POST['sdm_item_file_size']); } if (isset($_POST['sdm_item_version'])) { update_post_meta($post_id, 'sdm_item_version', $_POST['sdm_item_version']); } }",True,PHP,sdm_save_other_details_meta_data,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5213,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12383,"public function sdm_save_thumbnail_meta_data($post_id) { if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) return; if (!isset($_POST['sdm_thumbnail_box_nonce_check']) || !wp_verify_nonce($_POST['sdm_thumbnail_box_nonce_check'], 'sdm_thumbnail_box_nonce')) return; if (isset($_POST['sdm_upload_thumbnail'])) { update_post_meta($post_id, 'sdm_upload_thumbnail', $_POST['sdm_upload_thumbnail']); } }",True,PHP,sdm_save_thumbnail_meta_data,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5212,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12384,"public function sdm_save_thumbnail_meta_data($post_id) { if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) return; if (!isset($_POST['sdm_thumbnail_box_nonce_check']) || !wp_verify_nonce($_POST['sdm_thumbnail_box_nonce_check'], 'sdm_thumbnail_box_nonce')) return; if (isset($_POST['sdm_upload_thumbnail'])) { update_post_meta($post_id, 'sdm_upload_thumbnail', $_POST['sdm_upload_thumbnail']); } }",True,PHP,sdm_save_thumbnail_meta_data,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5213,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12391,"public function display_sdm_upload_meta_box($post) { $old_upload = get_post_meta($post->ID, 'sdm_upload', true); $old_value = isset($old_upload) ? $old_upload : ''; _e('Manually enter a valid URL of the file in the text box below, or click ""Select File"" button to upload (or choose) the downloadable file.', 'simple-download-monitor'); echo '

    '; echo '
    '; echo ''; echo '
    '; echo ''; echo '

    '; _e('Steps to upload a file or choose one from your media library:', 'simple-download-monitor'); echo '
      '; echo '
    1. Hit the ""Select File"" button.
      2. '; echo '
    2. Upload a new file or choose an existing one from your media library.
      3. '; echo '
    3. Click the ""Insert"" button, this will populate the uploaded file\'s URL in the above text field.
      4. '; echo '
    '; wp_nonce_field('sdm_upload_box_nonce', 'sdm_upload_box_nonce_check'); }",True,PHP,display_sdm_upload_meta_box,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5212,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12392,"public function display_sdm_upload_meta_box($post) { $old_upload = get_post_meta($post->ID, 'sdm_upload', true); $old_value = isset($old_upload) ? $old_upload : ''; _e('Manually enter a valid URL of the file in the text box below, or click ""Select File"" button to upload (or choose) the downloadable file.', 'simple-download-monitor'); echo '

    '; echo '
    '; echo ''; echo '
    '; echo ''; echo '

    '; _e('Steps to upload a file or choose one from your media library:', 'simple-download-monitor'); echo '
      '; echo '
    1. Hit the ""Select File"" button.
      2. '; echo '
    2. Upload a new file or choose an existing one from your media library.
      3. '; echo '
    3. Click the ""Insert"" button, this will populate the uploaded file\'s URL in the above text field.
      4. '; echo '
    '; wp_nonce_field('sdm_upload_box_nonce', 'sdm_upload_box_nonce_check'); }",True,PHP,display_sdm_upload_meta_box,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5213,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12393,"public function display_sdm_thumbnail_meta_box($post) { $old_thumbnail = get_post_meta($post->ID, 'sdm_upload_thumbnail', true); $old_value = isset($old_thumbnail) ? $old_thumbnail : ''; _e('Manually enter a valid URL, or click ""Select Image"" to upload (or choose) the file thumbnail image.', 'simple-download-monitor'); ?>

    "" placeholder=""http:

    "" /> "" />

    "" style=""max-width:200px;"" /> '; _e('This thumbnail image will be used to create a fancy file download box if you want to use it.', 'simple-download-monitor'); echo '

    '; wp_nonce_field('sdm_thumbnail_box_nonce', 'sdm_thumbnail_box_nonce_check'); }",True,PHP,display_sdm_thumbnail_meta_box,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5212,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12394,"public function display_sdm_thumbnail_meta_box($post) { $old_thumbnail = get_post_meta($post->ID, 'sdm_upload_thumbnail', true); $old_value = isset($old_thumbnail) ? $old_thumbnail : ''; _e('Manually enter a valid URL, or click ""Select Image"" to upload (or choose) the file thumbnail image.', 'simple-download-monitor'); ?>

    "" placeholder=""http:

    "" /> "" />

    "" style=""max-width:200px;"" /> '; _e('This thumbnail image will be used to create a fancy file download box if you want to use it.', 'simple-download-monitor'); echo '

    '; wp_nonce_field('sdm_thumbnail_box_nonce', 'sdm_thumbnail_box_nonce_check'); }",True,PHP,display_sdm_thumbnail_meta_box,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5213,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12397,"public function sdm_save_upload_meta_data($post_id) { if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) return; if (!isset($_POST['sdm_upload_box_nonce_check']) || !wp_verify_nonce($_POST['sdm_upload_box_nonce_check'], 'sdm_upload_box_nonce')) return; if (isset($_POST['sdm_upload'])) { update_post_meta($post_id, 'sdm_upload', $_POST['sdm_upload']); } }",True,PHP,sdm_save_upload_meta_data,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5212,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12398,"public function sdm_save_upload_meta_data($post_id) { if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) return; if (!isset($_POST['sdm_upload_box_nonce_check']) || !wp_verify_nonce($_POST['sdm_upload_box_nonce_check'], 'sdm_upload_box_nonce')) return; if (isset($_POST['sdm_upload'])) { update_post_meta($post_id, 'sdm_upload', $_POST['sdm_upload']); } }",True,PHP,sdm_save_upload_meta_data,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5213,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12401,"public function display_sdm_stats_meta_box($post) { $old_count = get_post_meta($post->ID, 'sdm_count_offset', true); $value = isset($old_count) && $old_count != '' ? $old_count : '0'; $no_logs = get_post_meta($post->ID, 'sdm_item_no_log', true); $checked = isset($no_logs) && $no_logs === 'on' ? 'checked=""checked""' : ''; _e('These are the statistics for this download item.', 'simple-download-monitor'); echo '

    '; global $wpdb; $wpdb->get_results($wpdb->prepare('SELECT * FROM ' . $wpdb->prefix . 'sdm_downloads WHERE post_id=%s', $post->ID)); echo '
    '; _e('Number of Downloads:', 'simple-download-monitor'); echo ' ' . $wpdb->num_rows . ''; echo '
    '; echo '
    '; _e('Offset Count: ', 'simple-download-monitor'); echo '
    '; echo ' '; echo '

    ' . __('Enter any positive or negative numerical value; to offset the download count shown to the visitors (when using the download counter shortcode).', 'simple-download-monitor') . '

    '; echo '
    '; echo '
    '; echo '
    '; echo ''; echo ''; _e('Disable download logging for this item.', 'simple-download-monitor'); echo '
    '; wp_nonce_field('sdm_count_offset_nonce', 'sdm_count_offset_nonce_check'); }",True,PHP,display_sdm_stats_meta_box,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5212,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12402,"public function display_sdm_stats_meta_box($post) { $old_count = get_post_meta($post->ID, 'sdm_count_offset', true); $value = isset($old_count) && $old_count != '' ? $old_count : '0'; $no_logs = get_post_meta($post->ID, 'sdm_item_no_log', true); $checked = isset($no_logs) && $no_logs === 'on' ? 'checked=""checked""' : ''; _e('These are the statistics for this download item.', 'simple-download-monitor'); echo '

    '; global $wpdb; $wpdb->get_results($wpdb->prepare('SELECT * FROM ' . $wpdb->prefix . 'sdm_downloads WHERE post_id=%s', $post->ID)); echo '
    '; _e('Number of Downloads:', 'simple-download-monitor'); echo ' ' . $wpdb->num_rows . ''; echo '
    '; echo '
    '; _e('Offset Count: ', 'simple-download-monitor'); echo '
    '; echo ' '; echo '

    ' . __('Enter any positive or negative numerical value; to offset the download count shown to the visitors (when using the download counter shortcode).', 'simple-download-monitor') . '

    '; echo '
    '; echo '
    '; echo '
    '; echo ''; echo ''; _e('Disable download logging for this item.', 'simple-download-monitor'); echo '
    '; wp_nonce_field('sdm_count_offset_nonce', 'sdm_count_offset_nonce_check'); }",True,PHP,display_sdm_stats_meta_box,main.php,https://github.com/Arsenal21/simple-download-monitor,Arsenal21,jedi0_000,2018-01-04 11:12:19+11:00,v3.5.4 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2018-5213,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12403,"protected function signDocument(\DOMDocument $document, $node) { $this->add509Cert($this->getCertificate()->getPublicKey()->getX509Certificate()); $this->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); $this->addReference($document->documentElement, XMLSecurityDSig::SHA1, array('http: $this->sign($this->getCertificate()->getPrivateKey()); $this->insertSignature($document->firstChild, $node); $this->canonicalizeSignedInfo(); }",True,PHP,signDocument,Signature.php,https://github.com/GoGentoOSS/SAMLBase,GoGentoOSS,Ron van der Molen,2018-04-03 12:53:53+02:00,Fixed comment vulnerability in verifying signatures,CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2018-5387,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12406,"public function verifyDOMDocument($document) { $signatureNode = $this->locateSignature($document); if (!$signatureNode) { return true; } $this->add509Cert($this->getCertificate()->getPublicKey()->getX509Certificate()); $this->setCanonicalMethod(XMLSecurityDSig::EXC_C14N); $this->addReference($document->documentElement, XMLSecurityDSig::SHA1, array('http: return $this->verify($this->getCertificate()->getPublicKey()); }",True,PHP,verifyDOMDocument,Signature.php,https://github.com/GoGentoOSS/SAMLBase,GoGentoOSS,Ron van der Molen,2018-04-03 12:53:53+02:00,Fixed comment vulnerability in verifying signatures,CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2018-5387,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12407,"function array_replace_recursive($array, $array1) { function recurse($array, $array1) { foreach ($array1 as $key => $value) { if (!isset($array[$key]) || (isset($array[$key]) && !is_array($array[$key]))) { $array[$key] = array(); } if (is_array($value)) { $value = recurse($array[$key], $value); } $array[$key] = $value; } return $array; } $args = func_get_args(); $array = $args[0]; if (!is_array($array)) { return $array; } for ($i = 1; $i < count($args); $i++) { if (is_array($args[$i])) { $array = recurse($array, $args[$i]); } } return $array; }",True,PHP,array_replace_recursive,c_system_compat.php,https://github.com/zblogcn/zblogphp,zblogcn,zx.asd,2020-05-21 17:54:45+08:00,hash_equals函数添加及其应用;CloseTags函数进行了修正;,NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2020-23352,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12410,"public function Verify_Final($name, $password, &$member = null) { if ($name == '' || $password == '') { return false; } $m = $this->GetMemberByName($name); if ($m->ID != null) { if (strcasecmp($m->Password, $password) == 0) { $member = $m; return true; } } return false; }",True,PHP,Verify_Final,zblogphp.php,https://github.com/zblogcn/zblogphp,zblogcn,zx.asd,2020-05-21 17:54:45+08:00,hash_equals函数添加及其应用;CloseTags函数进行了修正;,NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2020-23352,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12412,"function passwordvisit_input_password(&$template) { global $zbp; if (isset($_POST['password']) && $_POST['password'] != '') { $article = $template->GetTags('article'); if ($article->Metas->passwordvisit_password != '') { if (GetVars('password', 'POST') == $article->Metas->passwordvisit_password) { return; } else { echo ''; die(); } } else { if (GetVars('password', 'POST') == $zbp->Config('passwordvisit')->default_password) { return; } else { echo ''; die(); } } } else { $article = $template->GetTags('article'); if ($zbp->Config('passwordvisit')->all_encrypt || $article->Metas->passwordvisit_enable_encrypt) { $article->Content = $zbp->Config('passwordvisit')->default_text . '
    '; $template->SetTags('article', $article); } } }",True,PHP,passwordvisit_input_password,include.php,https://github.com/zblogcn/zblogphp,zblogcn,zx.asd,2020-05-21 17:54:45+08:00,hash_equals函数添加及其应用;CloseTags函数进行了修正;,NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2020-23352,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12415,"private static function logoutAction() { if (wCMS::$currentPage === 'logout' && hash_equals($_REQUEST['token'], wCMS::generateToken())) { unset($_SESSION['l'], $_SESSION['i'], $_SESSION['u'], $_SESSION['token']); wCMS::redirect(); } }",True,PHP,logoutAction,index.php,https://github.com/robiso/wondercms,robiso,GitHub,2018-02-22 00:44:04+01:00,"Update index.php - Fixed vulnerability - logged in admin could delete files from any directory (added realpath). - Added SRI hashes to external JavaScript and CSS files: jquery.min.js, bootstrap.min.js, autosize.min.js, taboverride.min.js, jquery.taboverride.min.js, bootstrap.min.css). - Removed uneccessarry session unset. - Minor text changes.",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2018-7172,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12417,"private static function notifyAction() { if (! wCMS::$loggedIn) { return; } if (! wCMS::$currentPageExists) { wCMS::alert('info', 'This page (' . wCMS::$currentPage . ') doesn\'t exist. Click inside the content below to create it.'); } if (wCMS::get('config', 'login') === 'loginURL') { wCMS::alert('warning', 'Change the default admin login URL. (Settings -> Security)', true); } if (password_verify('admin', wCMS::get('config', 'password'))) { wCMS::alert('danger', 'Change the default password. (Settings -> Security)', true); } $repoVersion = wCMS::getOfficialVersion(); if ($repoVersion != version) { wCMS::alert('info', 'New WonderCMS update available.

    - Backup your website and check params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12419,"private static function js() { if (wCMS::$loggedIn) { $scripts = <<<'EOT' '; return wCMS::hook('js', $scripts)[0]; } return wCMS::hook('js', '')[0]; }",True,PHP,js,index.php,https://github.com/robiso/wondercms,robiso,GitHub,2018-02-22 00:44:04+01:00,"Update index.php - Fixed vulnerability - logged in admin could delete files from any directory (added realpath). - Added SRI hashes to external JavaScript and CSS files: jquery.min.js, bootstrap.min.js, autosize.min.js, taboverride.min.js, jquery.taboverride.min.js, bootstrap.min.css). - Removed uneccessarry session unset. - Minor text changes.",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2018-7172,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12420,"$filename = isset($_REQUEST[$request]) ? trim($_REQUEST[$request]) : false; if (!$filename || empty($filename)) { continue; } if ($filename == wCMS::get('config', 'theme')) { wCMS::alert('danger', 'Cannot delete currently active theme.'); wCMS::redirect(); continue; } if (file_exists(""{$folder}/{$filename}"")) { wCMS::recursiveDelete(""{$folder}/{$filename}""); wCMS::alert('success', ""Deleted {$filename}.""); wCMS::redirect(); } } } } }",True,PHP,trim,index.php,https://github.com/robiso/wondercms,robiso,GitHub,2018-02-22 00:44:04+01:00,"Update index.php - Fixed vulnerability - logged in admin could delete files from any directory (added realpath). - Added SRI hashes to external JavaScript and CSS files: jquery.min.js, bootstrap.min.js, autosize.min.js, taboverride.min.js, jquery.taboverride.min.js, bootstrap.min.css). - Removed uneccessarry session unset. - Minor text changes.",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2018-7172,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12421,"function init_args() { $_REQUEST=strings_stripSlashes($_REQUEST); $args = new stdClass(); $args->req_spec_id = isset($_REQUEST['req_spec_id']) ? $_REQUEST['req_spec_id'] : 0; $args->doCompare = isset($_REQUEST['doCompare']) ? true : false; $args->left_item_id = isset($_REQUEST['left_item_id']) ? intval($_REQUEST['left_item_id']) : -1; $args->right_item_id = isset($_REQUEST['right_item_id']) ? intval($_REQUEST['right_item_id']) : -1; $args->tproject_id = isset($_SESSION['testprojectID']) ? $_SESSION['testprojectID'] : 0; $args->useDaisyDiff = (isset($_REQUEST['diff_method']) && ($_REQUEST['diff_method'] == 'htmlCompare')) ? 1 : 0; $diffEngineCfg = config_get(""diffEngine""); $args->context = null; if( !isset($_REQUEST['context_show_all'])) { $args->context = (isset($_REQUEST['context']) && is_numeric($_REQUEST['context'])) ? $_REQUEST['context'] : $diffEngineCfg->context; } return $args; }",True,PHP,init_args,reqSpecCompareRevisions.php,https://github.com/TestLinkOpenSourceTRMS/testlink-code,TestLinkOpenSourceTRMS,Francisco Mancardi,2019-12-30 09:49:37+01:00,fix: security #8829,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2019-20107,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12424,"function init_args() { $args = new stdClass(); $args->req_id = isset($_REQUEST['requirement_id']) ? $_REQUEST['requirement_id'] : 0; $args->compare_selected_versions = isset($_REQUEST['compare_selected_versions']); $args->left_item_id = isset($_REQUEST['left_item_id']) ? intval($_REQUEST['left_item_id']) : -1; $args->right_item_id = isset($_REQUEST['right_item_id']) ? intval($_REQUEST['right_item_id']) : -1; $args->tproject_id = isset($_SESSION['testprojectID']) ? $_SESSION['testprojectID'] : 0; $args->use_daisydiff = isset($_REQUEST['use_html_comp']); $diffEngineCfg = config_get(""diffEngine""); $args->context = null; if( !isset($_REQUEST['context_show_all'])) { $args->context = (isset($_REQUEST['context']) && is_numeric($_REQUEST['context'])) ? $_REQUEST['context'] : $diffEngineCfg->context; } return $args; }",True,PHP,init_args,reqCompareVersions.php,https://github.com/TestLinkOpenSourceTRMS/testlink-code,TestLinkOpenSourceTRMS,Francisco Mancardi,2019-12-30 09:51:24+01:00,fix: security #8829,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2019-20107,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12426,function init_args() { $_REQUEST = strings_stripSlashes($_REQUEST); $args = new stdClass(); $args->user_id = $_SESSION['userID']; $args->tproject_id = $_SESSION['testprojectID']; $args->tproject_name = $_SESSION['testprojectName']; $args->tplan_id = isset($_REQUEST['tplan_id']) ? $_REQUEST['tplan_id'] : $_SESSION['testplanID']; $args->id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null; $args->version_id = isset($_REQUEST['version_id']) ? $_REQUEST['version_id'] : 0; $args->level = isset($_REQUEST['level']) ? $_REQUEST['level'] : null; $args->keyword_id = isset($_REQUEST['keyword_id']) ? $_REQUEST['keyword_id'] : 0; return $args; },True,PHP,init_args,newest_tcversions.php,https://github.com/TestLinkOpenSourceTRMS/testlink-code,TestLinkOpenSourceTRMS,Francisco Mancardi,2019-12-30 09:54:11+01:00,fix: security #8829,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2019-20107,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12428,function init_args(&$tplanMgr) { $_REQUEST = strings_stripSlashes($_REQUEST); $args = new stdClass(); $args->id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null; $args->level = isset($_REQUEST['level']) ? $_REQUEST['level'] : null; $args->doAction = isset($_REQUEST['doAction']) ? $_REQUEST['doAction'] : null; $args->fullTestCaseSet = isset($_REQUEST['a_tcid']) ? $_REQUEST['a_tcid'] : null; $args->checkedTestCaseSet = isset($_REQUEST['achecked_tc']) ? $_REQUEST['achecked_tc'] : null; $args->newVersionSet = isset($_REQUEST['new_tcversion_for_tcid']) ? $_REQUEST['new_tcversion_for_tcid'] : null; $args->version_id = isset($_REQUEST['version_id']) ? $_REQUEST['version_id'] : 0; $args->tproject_id = $_SESSION['testprojectID']; $args->tproject_name = $_SESSION['testprojectName']; $form_token = isset($_REQUEST['form_token']) ? $_REQUEST['form_token'] : 0; $mode = 'plan_mode'; $session_data = isset($_SESSION[$mode]) && isset($_SESSION[$mode][$form_token]) ? $_SESSION[$mode][$form_token] : null; $args->tplan_id = isset($session_data['setting_testplan']) ? $session_data['setting_testplan'] : 0; if($args->tplan_id == 0) { $args->tplan_id = isset($_SESSION['testplanID']) ? intval($_SESSION['testplanID']) : 0; $args->tplan_name = $_SESSION['testplanName']; } else { $tpi = $tplanMgr->get_by_id($args->tplan_id); $args->tplan_name = $tpi['name']; } $args->refreshTree = isset($session_data['setting_refresh_tree_on_action']) ? $session_data['setting_refresh_tree_on_action'] : 0; $args->keyword_id = 0; $fk = 'filter_keywords'; if (isset($session_data[$fk])) { $args->keyword_id = $session_data[$fk]; if (is_array($args->keyword_id) && count($args->keyword_id) == 1) { $args->keyword_id = $args->keyword_id[0]; } } $args->keywordsFilterType = null; $ft = 'filter_keywords_filter_type'; if (isset($session_data[$ft])) { $args->keywordsFilterType = $session_data[$ft]; } return $args; },True,PHP,init_args,planUpdateTC.php,https://github.com/TestLinkOpenSourceTRMS/testlink-code,TestLinkOpenSourceTRMS,Francisco Mancardi,2019-12-30 09:54:11+01:00,fix: security #8829,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2019-20107,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12431,function init_args() { $args = new stdClass(); $_REQUEST = strings_stripSlashes($_REQUEST); $args->build_id = isset($_REQUEST['build_id']) ? $_REQUEST['build_id'] : 0; $args->confirmed = isset($_REQUEST['confirmed']) && $_REQUEST['confirmed'] == 'yes' ? true : false; $args->user_id = $_SESSION['userID']; $args->testproject_id = $_SESSION['testprojectID']; $args->testproject_name = $_SESSION['testprojectName']; $args->refreshTree = isset($_SESSION['setting_refresh_tree_on_action']) ? $_SESSION['setting_refresh_tree_on_action'] : false; return $args; },True,PHP,init_args,tc_exec_unassign_all.php,https://github.com/TestLinkOpenSourceTRMS/testlink-code,TestLinkOpenSourceTRMS,Francisco Mancardi,2019-12-31 12:06:22+01:00,fix: security #8829,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2019-20107,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12432,"function init_args(&$dbHandler) { $argsObj = new stdClass(); $argsObj->doIt = false; $argsObj->showPlatforms = false; $argsObj->tproject_id = isset($_SESSION['testprojectID']) ? $_SESSION['testprojectID'] : 0; $argsObj->tproject_name = isset($_SESSION['testprojectName']) ? $_SESSION['testprojectName'] : ''; $argsObj->tplan_name = ''; $argsObj->tplan_id = isset($_REQUEST['tplan_id']) ? $_REQUEST['tplan_id'] : 0; if($argsObj->tplan_id == 0) { $argsObj->tplan_id = isset($_SESSION['testplanID']) ? $_SESSION['testplanID'] : 0; } if($argsObj->tplan_id > 0) { $tplan_mgr = new testplan($dbHandler); $tplan_info = $tplan_mgr->get_by_id($argsObj->tplan_id); $argsObj->tplan_name = $tplan_info['name']; $argsObj->doIt = $tplan_mgr->count_testcases($argsObj->tplan_id) > 0; $argsObj->showPlatforms = $tplan_mgr->hasLinkedPlatforms($argsObj->tplan_id); $getOpt = array('outputFormat' => 'map'); $argsObj->platforms = $tplan_mgr->getPlatforms($argsObj->tplan_id,$getOpt); unset($tplan_mgr); } return $argsObj; }",True,PHP,init_args,testCasesWithCF.php,https://github.com/TestLinkOpenSourceTRMS/testlink-code,TestLinkOpenSourceTRMS,Francisco Mancardi,2019-12-31 12:06:22+01:00,fix: security #8829,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2019-20107,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12434,"function checkRights(&$db,&$user) { return $user->hasRight($db,'testplan_metrics'); }",True,PHP,checkRights,testCasesWithCF.php,https://github.com/TestLinkOpenSourceTRMS/testlink-code,TestLinkOpenSourceTRMS,Francisco Mancardi,2019-12-31 12:06:22+01:00,fix: security #8829,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2019-20107,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12436,"function initEnv() { $iParams = array(""reqURI"" => array(tlInputParameter::STRING_N,0,4000)); $pParams = G_PARAMS($iParams); $args = new stdClass(); $args->ssodisable = getSSODisable(); $args->reqURI = ''; if ($pParams[""reqURI""] != '') { $args->reqURI = $pParams[""reqURI""]; if (strpos($args->reqURI,'javascript') !== false) { $args->reqURI = null; } } if (null == $args->reqURI) { $args->reqURI = 'lib/general/mainPage.php'; } $args->reqURI = $_SESSION['basehref'] . $args->reqURI; $args->tproject_id = isset($_REQUEST['tproject_id']) ? intval($_REQUEST['tproject_id']) : 0; $args->tplan_id = isset($_REQUEST['tplan_id']) ? intval($_REQUEST['tplan_id']) : 0; $gui = new stdClass(); $gui->title = lang_get('main_page_title'); $gui->mainframe = $args->reqURI; $gui->navbar_height = config_get('navbar_height'); $sso = ($args->ssodisable ? '&ssodisable' : ''); $gui->titleframe = ""lib/general/navBar.php?"" . ""tproject_id={$args->tproject_id}&"" . ""tplan_id={$args->tplan_id}&"" . ""updateMainPage=1"" . $sso; $gui->logout = 'logout.php?viewer=' . $sso; return array($args,$gui); }",True,PHP,initEnv,index.php,https://github.com/TestLinkOpenSourceTRMS/testlink-code,TestLinkOpenSourceTRMS,Francisco Mancardi,2019-12-31 15:07:14+01:00,fix: 0008808: TestLink v1.9.19.1 - Bypass security fix for XSS at index.php,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-20381,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12438,public function getQuerySelect() { },True,PHP,getQuerySelect,Burnup.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12439,public function getQuerySelect() { return ''; },True,PHP,getQuerySelect,StepExecution.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12440,"public function getQueryGroupby() { $R = 'R_' . $this->id; return ""$R.value_id""; }",True,PHP,getQueryGroupby,Tracker_FormElement_Field.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12441,public function getQueryOrderby() { return '`' . $this->name . '`'; },True,PHP,getQueryOrderby,Tracker_FormElement_Field.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12442,"public function getQuerySelect() { $R = 'R_' . $this->id; return ""$R.value_id AS `"" . $this->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12443,"public function getQueryGroupby() { $R1 = 'R1_' . $this->id; $R2 = 'R2_' . $this->id; return ""$R2.value""; }",True,PHP,getQueryGroupby,Tracker_FormElement_Field_Alphanum.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12444,"public function getQuerySelect() { return ""a.id AS `"" . $this->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_ArtifactId.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12445,"public function getQueryGroupby() { return ""a.id""; }",True,PHP,getQueryGroupby,Tracker_FormElement_Field_ArtifactId.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12446,public function getQuerySelect() { return ''; },True,PHP,getQuerySelect,Tracker_FormElement_Field_ArtifactLink.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12447,public function getQuerySelect() { },True,PHP,getQuerySelect,Tracker_FormElement_Field_Burndown.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12448,public function getQuerySelect() { return ''; },True,PHP,getQuerySelect,Tracker_FormElement_Field_Computed.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12449,public function getQuerySelect() { return ''; },True,PHP,getQuerySelect,Tracker_FormElement_Field_CrossReferences.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12450,"public function getQuerySelect() { $R1 = 'R1_' . $this->id; $R2 = 'R2_' . $this->id; return ""$R2.value AS `"" . $this->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_Date.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12451,"public function getQueryGroupby() { $R1 = 'R1_' . $this->id; $R2 = 'R2_' . $this->id; return ""$R2.value""; }",True,PHP,getQueryGroupby,Tracker_FormElement_Field_Date.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12452,public function getQuerySelect() { return ''; },True,PHP,getQuerySelect,Tracker_FormElement_Field_File.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12453,public function getQueryOrderby() { return $this->name; },True,PHP,getQueryOrderby,Tracker_FormElement_Field_LastModifiedBy.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,"function manage() { global $db; expHistory::set('manageable', $this->params); $dir = BASE.""framework/modules/ecommerce/billingcalculators""; if (is_readable($dir)) { $dh = opendir($dir); while (($file = readdir($dh)) !== false) { if (is_file(""$dir/$file"") && substr(""$dir/$file"", -4) == "".php"") { include_once(""$dir/$file""); $classname = substr($file, 0, -4); $id = $db->selectValue('billingcalculator', 'id', 'calculator_name=""'.$classname.'""'); if (empty($id)) { $calcobj = new $classname(); if ($calcobj->isSelectable() == true) { $obj = new billingcalculator(array( 'title'=>$calcobj->name(), 'body'=>$calcobj->description(), 'calculator_name'=>$classname, 'enabled'=>false)); $obj->save(); } } } } } $bcalc = new billingcalculator(); $calculators = $bcalc->find('all'); assign_to_template(array( 'calculators'=>$calculators )); }" 12454,public function getQueryGroupby() { return ''; },True,PHP,getQueryGroupby,Tracker_FormElement_Field_LastModifiedBy.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12455,"public function getQuerySelect() { return ""c.submitted_by AS `"" . $this->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_LastModifiedBy.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12456,public function getQueryGroupby() { return 'c.submitted_on'; },True,PHP,getQueryGroupby,Tracker_FormElement_Field_LastUpdateDate.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12457,"public function getQuerySelect() { return ""c.submitted_on AS `"" . $this->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_LastUpdateDate.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12458,public function getQuerySelect() { return $this->getBind()->getQuerySelect(); },True,PHP,getQuerySelect,Tracker_FormElement_Field_List.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12459,public function getQueryGroupby() { return $this->getBind()->getQueryGroupby(); },True,PHP,getQueryGroupby,Tracker_FormElement_Field_List.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12460,public function getQueryOrderby() { return $this->getBind()->getQueryOrderby(); },True,PHP,getQueryOrderby,Tracker_FormElement_Field_List.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12461,public function getQuerySelect() { return ''; },True,PHP,getQuerySelect,Tracker_FormElement_Field_List_Bind_Null.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12462,public function getQueryOrderby() { return ''; },True,PHP,getQueryOrderby,Tracker_FormElement_Field_List_Bind_Null.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12463,public function getQueryGroupby() { return ''; },True,PHP,getQueryGroupby,Tracker_FormElement_Field_List_Bind_Null.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12464,"public function getQueryGroupby() { $R1 = 'R1_' . $this->field->id; $R2 = 'R2_' . $this->field->id; return ""$R2.id""; }",True,PHP,getQueryGroupby,Tracker_FormElement_Field_List_Bind_Static.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12465,"public function getQueryOrderby() { $R1 = 'R1_' . $this->field->id; $R2 = 'R2_' . $this->field->id; return $this->is_rank_alpha ? ""$R2.label"" : ""$R2.rank""; }",True,PHP,getQueryOrderby,Tracker_FormElement_Field_List_Bind_Static.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12466,"public function getQuerySelect() { $R1 = 'R1_' . $this->field->id; $R2 = 'R2_' . $this->field->id; return ""$R2.id AS `"" . $this->field->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_List_Bind_Static.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12467,"public function getQueryOrderby() { $uh = UserHelper::instance(); $R1 = 'R1_' . $this->field->id; $R2 = 'R2_' . $this->field->id; return ""$R2.ugroup_id""; }",True,PHP,getQueryOrderby,Tracker_FormElement_Field_List_Bind_Ugroups.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12468,"public function getQueryGroupby() { $R1 = 'R1_' . $this->field->id; $R2 = 'R2_' . $this->field->id; return ""$R2.id""; }",True,PHP,getQueryGroupby,Tracker_FormElement_Field_List_Bind_Ugroups.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12469,"public function getQuerySelect() { $R1 = 'R1_' . $this->field->id; $R2 = 'R2_' . $this->field->id; $R3 = 'R3_' . $this->field->id; return ""$R2.id AS `"" . $this->field->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_List_Bind_Ugroups.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12470,"public function getQueryOrderby() { $uh = UserHelper::instance(); $R1 = 'R1_' . $this->field->id; $R2 = 'R2_' . $this->field->id; return $R2 . ""."" . str_replace('user.', '', $uh->getDisplayNameSQLOrder()); }",True,PHP,getQueryOrderby,Tracker_FormElement_Field_List_Bind_Users.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12471,"public function getQueryGroupby() { $R1 = 'R1_' . $this->field->id; $R2 = 'R2_' . $this->field->id; return ""$R2.user_id""; }",True,PHP,getQueryGroupby,Tracker_FormElement_Field_List_Bind_Users.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12472,"public function getQuerySelect() { $R1 = 'R1_' . $this->field->id; $R2 = 'R2_' . $this->field->id; $R3 = 'R3_' . $this->field->id; return ""$R2.user_id AS `"" . $this->field->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_List_Bind_Users.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12473,"public function getQuerySelect() { $R1 = 'R1_' . $this->id; $R2 = 'R2_' . $this->id; return ""$R2.value AS `"" . $this->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_Numeric.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12474,"public function getQueryGroupby() { return ""a.per_tracker_artifact_id""; }",True,PHP,getQueryGroupby,Tracker_FormElement_Field_PerTrackerArtifactIdclass.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12475,"public function getQuerySelect() { return ""a.per_tracker_artifact_id AS `"" . $this->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_PerTrackerArtifactIdclass.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12476,public function getQuerySelect() { return ''; },True,PHP,getQuerySelect,Tracker_FormElement_Field_PermissionsOnArtifact.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12477,"public function getQuerySelect() { return ""R_{$this->id}.rank AS `$this->name`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_Priority.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12478,"public function getQuerySelect() { return ""a.submitted_by AS `"" . $this->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_SubmittedBy.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12479,public function getQueryOrderby() { return $this->name; },True,PHP,getQueryOrderby,Tracker_FormElement_Field_SubmittedBy.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12480,public function getQueryGroupby() { return 'a.submitted_by'; },True,PHP,getQueryGroupby,Tracker_FormElement_Field_SubmittedBy.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12481,"public function getQuerySelect() { return ""a.submitted_on AS `"" . $this->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_SubmittedOn.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12482,public function getQueryGroupby() { return 'a.submitted_on'; },True,PHP,getQueryGroupby,Tracker_FormElement_Field_SubmittedOn.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12483,"public function getQuerySelect() { $R1 = 'R1_' . $this->id; $R2 = 'R2_' . $this->id; return ""$R2.value AS `"" . $this->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_Text.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12484,"public function getQuerySelect() { $R2 = 'R2_' . $this->id; return ""$R2.value AS `"" . $this->name . ""`""; }",True,PHP,getQuerySelect,Tracker_FormElement_Field_Encrypted.class.php,https://github.com/Enalean/tuleap,Enalean,Thomas Gerbet,2022-06-09 17:52:00+02:00,"request #27166: Naming a field ""id"" breaks the report Field names are now prefixed in the SQL query in order to avoid conflict with the static SQL columns we always retrieve. Change-Id: I7eaaf95e24f52f6e52647d679b5058bc09139b5f",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31058,function selectBillingOptions() { } 12486,"public function getContent() { $html = ''; $request = HTTPRequest::instance(); $um = UserManager::instance(); $user = $um->getCurrentUser(); $vFunc = new Valid_WhiteList('docman_func', ['show_docman']); $vFunc->required(); if ($request->valid($vFunc)) { $func = $request->get('docman_func'); } else { $func = ''; } $vDocmanId = new Valid_UInt('docman_id'); $vDocmanId->required(); if ($request->valid($vDocmanId)) { $docman_id = $request->get('docman_id'); } else { $docman_id = ''; } $url = ''; if ($request->get('dashboard_id')) { $url = '?dashboard_id=' . urlencode($request->get('dashboard_id')); } $html .= '

    '; $html .= ''; $html .= '
    '; $html .= ''; $html .= ''; if (($func == 'show_docman') && $docman_id) { $res = $this->returnAllowedGroupId($docman_id, $user); if ($res) { $dPm = Docman_PermissionsManager::instance($res['group_id']); $itemPerm = $dPm->userCanAccess($user, $docman_id); if ($itemPerm) { $html .= '

    Show "' . $res['title'] . '" Properties

    '; return $html; } } $html .= '

    ' . dgettext('tuleap-docman', 'You do not have the permission to access the document') . '

    '; } return $html; }",True,PHP,getContent,Docman_Widget_MyDocmanSearch.class.php,https://github.com/Enalean/tuleap,Enalean,Nicolas Terray,2022-06-14 10:59:47+02:00,"request #27173: XSS via the title of a document Change-Id: Ibdae4792b76c297bf8d553ab9b37f5ae3d76cb2a",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-31063,function selectBillingOptions() { } 12487,"$parent = $dIF->getItemFromDb($item->getParentId()); $content .= '
    ' . 'getId() . '"">' . $item->getTitle() . ''; if ($parent === null || $dIF->isRoot($parent)) { $content .= '' . $hp->purify($uH->getDisplayNameFromUserId($row['user_id'])) . '' . format_date($GLOBALS['Language']->getText('system', 'datefmt'), $row['lock_date']) . '
    ""; echo """"; echo """"; echo """"; echo """"; echo """"; echo """"; echo """"; echo """"; echo """"; echo """"; echo """"; echo """"; echo ""
    "" . __('Forgotten password?').""
    "". __('Please confirm your email address and enter your new password.'). ""
    "" . _n('Email', 'Emails', 1).""
    "" . __('Password').""""; echo ""
    "" . __('Password confirmation').""""; echo ""
    "".__('Password security policy').""""; Config::displayPasswordSecurityChecks(); echo ""
    ""; echo """"; echo """"; echo ""
    ""; Html::closeForm(); } else { echo __('Your password reset request has expired or is invalid. Please renew it.'); } echo ""
    ""; }",True,PHP,showPasswordForgetChangeForm,user.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2019-02-15 14:22:08+01:00,Fix password forget token check; fixes #5386,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2019-13240,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12875,"public function updateForgottenPassword(array $input) { $condition = [ 'glpi_users.is_active' => 1, 'glpi_users.is_deleted' => 0, [ 'OR' => [ ['glpi_users.begin_date' => null], ['glpi_users.begin_date' => ['<', new QueryExpression('NOW()')]] ], ], [ 'OR' => [ ['glpi_users.end_date' => null], ['glpi_users.end_date' => ['>', new QueryExpression('NOW()')]] ] ] ]; if ($this->getFromDBbyEmail($input['email'], $condition)) { if (($this->fields[""authtype""] == Auth::DB_GLPI) || !Auth::useAuthExt()) { if (($input['password_forget_token'] == $this->fields['password_forget_token']) && (abs(strtotime($_SESSION[""glpi_currenttime""]) -strtotime($this->fields['password_forget_token_date'])) < DAY_TIMESTAMP)) { $input['id'] = $this->fields['id']; Config::validatePassword($input[""password""], false); if (!$this->update($input)) { return false; } $input2 = [ 'password_forget_token' => '', 'password_forget_token_date' => null, 'id' => $this->fields['id'] ]; $this->update($input2); return true; } else { throw new ForgetPasswordException(__('Your password reset request has expired or is invalid. Please renew it.')); } } else { throw new ForgetPasswordException(__(""The authentication method configuration doesn't allow you to change your password."")); } } else { throw new ForgetPasswordException(__('Email address not found.')); } return false; }",True,PHP,updateForgottenPassword,user.class.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2019-03-12 11:26:26+01:00,Password token date was not removed,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2019-13240,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12883,"realname: l.attr('data-realname'), firstname: l.attr('data-firstname') }); l.append(`
    ${member_item} ${l.attr('data-name') || `${member_itemtype} (${member_items_id})`}
    `); }); });",True,PHP,l.attr,Kanban.js,https://github.com/glpi-project/glpi,glpi-project,GitHub,2022-05-31 10:04:12+02:00,Merge pull request from GHSA-33g2-m556-gccr,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-24876,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12884,"name: l.attr('data-name'), realname: l.attr('data-realname'), firstname: l.attr('data-firstname') }); l.append(`
    ${member_item} ${l.attr('data-name') || `${member_itemtype} (${member_items_id})`}
    `); }); }); $(self.element).on('click', '.item-details-panel ul.team-list button[name=""delete""]', (e) => { const list_item = $(e.target).closest('li'); const member_itemtype = list_item.attr('data-itemtype'); const member_items_id = list_item.attr('data-items_id'); const panel = $(e.target).closest('.item-details-panel'); const itemtype = panel.attr('data-itemtype'); const items_id = panel.attr('data-items_id'); const role = list_item.closest('.list-group').attr('data-role'); if (itemtype && items_id) { removeTeamMember(itemtype, items_id, member_itemtype, member_items_id, role); list_item.remove(); } }); };",True,PHP,l.attr,Kanban.js,https://github.com/glpi-project/glpi,glpi-project,GitHub,2022-05-31 10:04:12+02:00,Merge pull request from GHSA-33g2-m556-gccr,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-24876,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12887,"firstname: l.attr('data-firstname') }); l.append(`
    ${member_item} ${l.attr('data-name') || `${member_itemtype} (${member_items_id})`}
    `); });",True,PHP,l.attr,Kanban.js,https://github.com/glpi-project/glpi,glpi-project,GitHub,2022-05-31 10:04:12+02:00,Merge pull request from GHSA-33g2-m556-gccr,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-24876,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12893,"$this->testedInstance->getFromDBbyToken($uid, 'my_field'); } )->error ->withType(E_USER_WARNING) ->withMessage('User::getFromDBbyToken() can only be called with $field parameter with theses values: \'personal_token\', \'api_token\'') ->exists(); }",True,PHP,getFromDBbyToken,User.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2022-09-14 13:54:36+02:00,Ensure token based authentication only accept strings,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-35947,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12902,"public static function callCurl($url, array $eopts = [], &$msgerr = null, &$curl_error = null) { global $CFG_GLPI; $content = """"; $taburl = parse_url($url); $defaultport = 80; if ( (isset($taburl[""scheme""]) && $taburl[""scheme""] == 'https') || (isset($taburl[""port""]) && $taburl[""port""] == '443') ) { $defaultport = 443; } $ch = curl_init($url); $opts = [ CURLOPT_URL => $url, CURLOPT_USERAGENT => ""GLPI/"" . trim($CFG_GLPI[""version""]), CURLOPT_RETURNTRANSFER => 1, CURLOPT_CONNECTTIMEOUT => 5, ] + $eopts; if (!empty($CFG_GLPI[""proxy_name""])) { $opts += [ CURLOPT_PROXY => $CFG_GLPI['proxy_name'], CURLOPT_PROXYPORT => $CFG_GLPI['proxy_port'], CURLOPT_PROXYTYPE => CURLPROXY_HTTP ]; if (!empty($CFG_GLPI[""proxy_user""])) { $opts += [ CURLOPT_PROXYAUTH => CURLAUTH_BASIC, CURLOPT_PROXYUSERPWD => $CFG_GLPI[""proxy_user""] . "":"" . (new GLPIKey())->decrypt($CFG_GLPI[""proxy_passwd""]), ]; } if ($defaultport == 443) { $opts += [ CURLOPT_HTTPPROXYTUNNEL => 1 ]; } }",True,PHP,callCurl,Toolbox.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2022-09-14 13:55:17+02:00,Mitigate SSRF exploits,CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2022-36112,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12904,"public static function getURLContent($url, &$msgerr = null, $rec = 0) { $content = self::callCurl($url); return $content; }",True,PHP,getURLContent,Toolbox.php,https://github.com/glpi-project/glpi,glpi-project,Johan Cwiklinski,2022-09-14 13:55:17+02:00,Mitigate SSRF exploits,CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2022-36112,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12909,"static function sendXML($items_id, $itemtype) { if (call_user_func([$itemtype, 'canView'])) { $xml = file_get_contents(GLPI_PLUGIN_DOC_DIR.""/fusioninventory/xml/"".$items_id); echo $xml; } else { Html::displayRightError(); } }",True,PHP,sendXML,toolbox.class.php,https://github.com/fusioninventory/fusioninventory-for-glpi,fusioninventory,David Durieux,2019-03-28 15:37:31+01:00,Fix a security problem. Thanks to Julien Szlamowicz && Damien Picard from company synacktiv,CWE-19,Data Processing Errors,Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.,https://cwe.mitre.org/data/definitions/19.html,CVE-2019-10477,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12911,"function wp_statistics_get_site_title( $url ) { $html = wp_statistics_get_html_page( $url ); if ( $html === false ) { return false; } if ( class_exists( 'DOMDocument' ) ) { $dom = new DOMDocument; @$dom->loadHTML( $html ); $title = ''; if ( isset( $dom ) and $dom->getElementsByTagName( 'title' )->length > 0 ) { $title = $dom->getElementsByTagName( 'title' )->item( '0' )->nodeValue; } return ( wp_strip_all_tags( $title ) == """" ? false : $title ); } return false; }",True,PHP,wp_statistics_get_site_title,functions.php,https://github.com/wp-statistics/wp-statistics,wp-statistics,Mehrshad Darzi,2019-04-09 10:46:48+04:18,fix xss Attach Get Title Of Page,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-10864,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12922,"$row_rub = sql_fetsel(""id_rubrique"", ""spip_rubriques"", ""lang='"" . $GLOBALS['spip_lang'] . ""' AND id_parent=$id_parent""); if ($row_rub) { $row['id_rubrique'] = $row_rub['id_rubrique']; } } } } return $row; }",True,PHP,sql_fetsel,precharger_objet.php,https://github.com/spip/SPIP,spip,Gitea,2020-06-25 16:56:50+02:00,Divers petites sanitization et une balise manquante #4494,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-28959,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12923,"$row_rub = sql_fetsel(""id_rubrique"", ""spip_rubriques"", ""lang='"" . $GLOBALS['spip_lang'] . ""' AND id_parent=$id_parent""); if ($row_rub) { $row['id_rubrique'] = $row_rub['id_rubrique']; } } } } return $row; }",True,PHP,sql_fetsel,precharger_objet.php,https://github.com/spip/SPIP,spip,Gitea,2020-06-25 16:56:50+02:00,Divers petites sanitization et une balise manquante #4494,CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-28960,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12924,"$row_rub = sql_fetsel(""id_rubrique"", ""spip_rubriques"", ""lang='"" . $GLOBALS['spip_lang'] . ""' AND id_parent=$id_parent""); if ($row_rub) { $row['id_rubrique'] = $row_rub['id_rubrique']; } } } } return $row; }",True,PHP,sql_fetsel,precharger_objet.php,https://github.com/spip/SPIP,spip,Gitea,2020-06-25 16:56:50+02:00,Divers petites sanitization et une balise manquante #4494,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-28961,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12925,"function precharger_objet($type, $id_objet, $id_rubrique = 0, $lier_trad = 0, $champ_titre = 'titre') { $table = table_objet_sql($type); $_id_objet = id_table_objet($table); if (is_numeric($id_objet)) { return sql_fetsel(""*"", $table, ""$_id_objet=$id_objet""); } $desc = lister_tables_objets_sql($table); $is_rubrique = isset($desc['field']['id_rubrique']); $is_secteur = isset($desc['field']['id_secteur']); if ($lier_trad) { if ($select = charger_fonction(""precharger_traduction_"" . $type, 'inc', true)) { $row = $select($id_objet, $id_rubrique, $lier_trad); } else { $row = precharger_traduction_objet($type, $id_objet, $id_rubrique, $lier_trad, $champ_titre); } } else { $row[$champ_titre] = ''; if ($is_rubrique) { $row['id_rubrique'] = $id_rubrique; } } if ($is_rubrique) { if (!$row['id_rubrique']) { if ($GLOBALS['connect_id_rubrique']) { $row['id_rubrique'] = $id_rubrique = current($GLOBALS['connect_id_rubrique']); } else { $row_rub = sql_fetsel(""id_rubrique"", ""spip_rubriques"", """", """", ""id_rubrique DESC"", 1); $row['id_rubrique'] = $id_rubrique = $row_rub['id_rubrique']; } if (!autoriser('creerarticledans', 'rubrique', $row['id_rubrique'])) { $res = sql_select(""id_rubrique"", ""spip_rubriques"", ""id_parent=0""); while (!autoriser('creerarticledans', 'rubrique', $row['id_rubrique']) && $row_rub = sql_fetch($res)) { $row['id_rubrique'] = $row_rub['id_rubrique']; } }",True,PHP,precharger_objet,precharger_objet.php,https://github.com/spip/SPIP,spip,Gitea,2020-06-25 16:56:50+02:00,Divers petites sanitization et une balise manquante #4494,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-28959,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12926,"function precharger_objet($type, $id_objet, $id_rubrique = 0, $lier_trad = 0, $champ_titre = 'titre') { $table = table_objet_sql($type); $_id_objet = id_table_objet($table); if (is_numeric($id_objet)) { return sql_fetsel(""*"", $table, ""$_id_objet=$id_objet""); } $desc = lister_tables_objets_sql($table); $is_rubrique = isset($desc['field']['id_rubrique']); $is_secteur = isset($desc['field']['id_secteur']); if ($lier_trad) { if ($select = charger_fonction(""precharger_traduction_"" . $type, 'inc', true)) { $row = $select($id_objet, $id_rubrique, $lier_trad); } else { $row = precharger_traduction_objet($type, $id_objet, $id_rubrique, $lier_trad, $champ_titre); } } else { $row[$champ_titre] = ''; if ($is_rubrique) { $row['id_rubrique'] = $id_rubrique; } } if ($is_rubrique) { if (!$row['id_rubrique']) { if ($GLOBALS['connect_id_rubrique']) { $row['id_rubrique'] = $id_rubrique = current($GLOBALS['connect_id_rubrique']); } else { $row_rub = sql_fetsel(""id_rubrique"", ""spip_rubriques"", """", """", ""id_rubrique DESC"", 1); $row['id_rubrique'] = $id_rubrique = $row_rub['id_rubrique']; } if (!autoriser('creerarticledans', 'rubrique', $row['id_rubrique'])) { $res = sql_select(""id_rubrique"", ""spip_rubriques"", ""id_parent=0""); while (!autoriser('creerarticledans', 'rubrique', $row['id_rubrique']) && $row_rub = sql_fetch($res)) { $row['id_rubrique'] = $row_rub['id_rubrique']; } }",True,PHP,precharger_objet,precharger_objet.php,https://github.com/spip/SPIP,spip,Gitea,2020-06-25 16:56:50+02:00,Divers petites sanitization et une balise manquante #4494,CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-28960,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12927,"function precharger_objet($type, $id_objet, $id_rubrique = 0, $lier_trad = 0, $champ_titre = 'titre') { $table = table_objet_sql($type); $_id_objet = id_table_objet($table); if (is_numeric($id_objet)) { return sql_fetsel(""*"", $table, ""$_id_objet=$id_objet""); } $desc = lister_tables_objets_sql($table); $is_rubrique = isset($desc['field']['id_rubrique']); $is_secteur = isset($desc['field']['id_secteur']); if ($lier_trad) { if ($select = charger_fonction(""precharger_traduction_"" . $type, 'inc', true)) { $row = $select($id_objet, $id_rubrique, $lier_trad); } else { $row = precharger_traduction_objet($type, $id_objet, $id_rubrique, $lier_trad, $champ_titre); } } else { $row[$champ_titre] = ''; if ($is_rubrique) { $row['id_rubrique'] = $id_rubrique; } } if ($is_rubrique) { if (!$row['id_rubrique']) { if ($GLOBALS['connect_id_rubrique']) { $row['id_rubrique'] = $id_rubrique = current($GLOBALS['connect_id_rubrique']); } else { $row_rub = sql_fetsel(""id_rubrique"", ""spip_rubriques"", """", """", ""id_rubrique DESC"", 1); $row['id_rubrique'] = $id_rubrique = $row_rub['id_rubrique']; } if (!autoriser('creerarticledans', 'rubrique', $row['id_rubrique'])) { $res = sql_select(""id_rubrique"", ""spip_rubriques"", ""id_parent=0""); while (!autoriser('creerarticledans', 'rubrique', $row['id_rubrique']) && $row_rub = sql_fetch($res)) { $row['id_rubrique'] = $row_rub['id_rubrique']; } }",True,PHP,precharger_objet,precharger_objet.php,https://github.com/spip/SPIP,spip,Gitea,2020-06-25 16:56:50+02:00,Divers petites sanitization et une balise manquante #4494,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-28961,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12937,"function critere_where_dist($idb, &$boucles, $crit) { $boucle = &$boucles[$idb]; if (isset($crit->param[0])) { $_where = calculer_liste($crit->param[0], $idb, $boucles, $boucle->id_parent); } else { $_where = '@$Pile[0][""where""]'; } if ($crit->cond) { $_where = ""(($_where) ? ($_where) : '')""; } if ($crit->not) { $_where = ""array('NOT',$_where)""; } $boucle->where[] = $_where; }",True,PHP,critere_where_dist,criteres.php,https://github.com/spip/SPIP,spip,Gitea,2020-06-25 16:56:50+02:00,Divers petites sanitization et une balise manquante #4494,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-28959,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12938,"function critere_where_dist($idb, &$boucles, $crit) { $boucle = &$boucles[$idb]; if (isset($crit->param[0])) { $_where = calculer_liste($crit->param[0], $idb, $boucles, $boucle->id_parent); } else { $_where = '@$Pile[0][""where""]'; } if ($crit->cond) { $_where = ""(($_where) ? ($_where) : '')""; } if ($crit->not) { $_where = ""array('NOT',$_where)""; } $boucle->where[] = $_where; }",True,PHP,critere_where_dist,criteres.php,https://github.com/spip/SPIP,spip,Gitea,2020-06-25 16:56:50+02:00,Divers petites sanitization et une balise manquante #4494,CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-28960,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12939,"function critere_where_dist($idb, &$boucles, $crit) { $boucle = &$boucles[$idb]; if (isset($crit->param[0])) { $_where = calculer_liste($crit->param[0], $idb, $boucles, $boucle->id_parent); } else { $_where = '@$Pile[0][""where""]'; } if ($crit->cond) { $_where = ""(($_where) ? ($_where) : '')""; } if ($crit->not) { $_where = ""array('NOT',$_where)""; } $boucle->where[] = $_where; }",True,PHP,critere_where_dist,criteres.php,https://github.com/spip/SPIP,spip,Gitea,2020-06-25 16:56:50+02:00,Divers petites sanitization et une balise manquante #4494,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-28961,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12940,"unset($sql, $parameters, $row); } if (@sizeof($email_files) != 0) { $compressed_filename = 'emails_'.date('Ymd_His').'.zip'; $command = 'zip -mj '.$_SESSION['server']['temp']['dir'].'/'.$compressed_filename.' '.implode(' ', $email_files).' 2>&1'; exec($command, $response, $restore_errlevel); unset($command); if (file_exists($_SESSION['server']['temp']['dir'].'/'.$compressed_filename)) { session_cache_limiter('public'); $fd = fopen($_SESSION['server']['temp']['dir'].'/'.$compressed_filename, 'rb'); header(""Content-Type: application/zip""); header('Content-Disposition: attachment; filename=""'.$compressed_filename.'""'); header(""Cache-Control: no-cache, must-revalidate""); header(""Expires: Sat, 26 Jul 1997 05:00:00 GMT""); header(""Content-Length: "".filesize($_SESSION['server']['temp']['dir'].'/'.$compressed_filename)); ob_clean(); fpassthru($fd); fclose($fd); @unlink($_SESSION['server']['temp']['dir'].'/'.$compressed_filename); exit; } } } } } }",True,PHP,unset,email_logs.php,https://github.com/fusionpbx/fusionpbx,fusionpbx,GitHub,2022-03-21 10:01:05-06:00,"Remove email_logs download. (#6331) * Remove email_logs download. This feature has a security risk that is being eliminated by removing the download feature. * Update email_logs.php",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2022-28055,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12943,"public function getSiteInfo() { if(empty($this->getSite())){ $this->setName(get_bloginfo('name')); $this->setDescription(get_bloginfo('description')); $this->setRestApiUrl(get_rest_url()); $this->setSite(get_bloginfo('url')); $this->setLocal(true); return; } if(strpos($this->getSite(), 'http: $this->setSite( 'http: } $site = trailingslashit(sanitize_text_field($this->getSite())); $data = $this->getSelfHostedSiteInfo($site); if($data === false){ $data = $this->getWordPressComSiteInfo($site); } return $data; }",True,PHP,getSiteInfo,RestApiDetector.php,https://github.com/mnelson4/printmyblog,mnelson4,Mike Nelson,2019-04-26 20:40:30-07:00,do a little more sanitizing of the site param when REST PRoxy enabled,CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2019-11565,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12945,public function __construct($site) { if(! PMB_REST_PROXY_EXISTS){ $site = ''; } $this->setSite($site); $this->getSiteInfo(); },True,PHP,__construct,RestApiDetector.php,https://github.com/mnelson4/printmyblog,mnelson4,Mike Nelson,2019-04-26 20:40:30-07:00,do a little more sanitizing of the site param when REST PRoxy enabled,CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2019-11565,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12946,"$descr .= ""\n"".htmlspecialchars($cert['descr']); } } echo haproxyicon(""cert"", ""SSL offloading cert: {$descr}""); } $isadvset = """"; if ($frontend['advanced_bind']) { $isadvset .= ""Advanced bind: "".htmlspecialchars($frontend['advanced_bind']).""\r\n""; } if ($frontend['advanced']) { $isadvset .= ""Advanced pass thru setting used\r\n""; } if ($isadvset) { echo haproxyicon(""advanced"", gettext(""Advanced settings set"") . "": {$isadvset}""); } ?> ""; print ""{$addr['addr']}:{$addr['port']}""; if ($addr['ssl'] == 'yes') { echo haproxyicon(""cert"", ""SSL offloading""); } print ""
    ""; $first = false; } ?> ""; echo ""{$backend}""; if (!empty($actionitem['acl'])) { echo "" if({$actionitem['acl']})""; } echo ""
    ""; } } $hint = haproxy_userlist_backend_servers($frontend['backend_serverpool']); $backend = $frontend['backend_serverpool']; if (!empty($backend)) { echo ""
    ""; echo ""{$backend} (default)""; echo ""
    ""; } ?> ""> ""> ""> delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12949,"$descr .= ""\n"".htmlspecialchars($cert['descr']); } } echo haproxyicon(""cert"", ""SSL offloading cert: {$descr}""); } $isadvset = """"; if ($frontend['advanced_bind']) { $isadvset .= ""Advanced bind: "".htmlspecialchars($frontend['advanced_bind']).""\r\n""; } if ($frontend['advanced']) { $isadvset .= ""Advanced pass thru setting used\r\n""; } if ($isadvset) { echo haproxyicon(""advanced"", gettext(""Advanced settings set"") . "": {$isadvset}""); } ?> ""; print ""{$addr['addr']}:{$addr['port']}""; if ($addr['ssl'] == 'yes') { echo haproxyicon(""cert"", ""SSL offloading""); } print ""
    ""; $first = false; } ?> ""; echo ""{$backend}""; if (!empty($actionitem['acl'])) { echo "" if({$actionitem['acl']})""; } echo ""
    ""; } } $hint = haproxy_userlist_backend_servers($frontend['backend_serverpool']); $backend = $frontend['backend_serverpool']; if (!empty($backend)) { echo ""
    ""; echo ""{$backend} (default)""; echo ""
    ""; } ?> ""> ""> ""> delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12950,"function get_file($file) { $files['radiusd'] = FREERADIUS_RADDB . ""/radiusd.conf""; $files['eap'] = FREERADIUS_MODSENABLED . ""/eap""; $files['sql'] = FREERADIUS_MODSENABLED . ""/sql""; $files['clients'] = FREERADIUS_RADDB . ""/clients.conf""; $files['users'] = FREERADIUS_RADDB . ""/users""; $files['macs'] = FREERADIUS_RADDB . ""/authorized_macs""; $files['virtual-server-default'] = FREERADIUS_RADDB . ""/sites-enabled/default""; $files['ldap'] = FREERADIUS_MODSENABLED . ""/ldap""; if ($files[$file] != """" && file_exists($files[$file])) { print '
    '; print $files[$file] . ""\n"" . file_get_contents($files[$file]); print '
    '; } }",True,PHP,get_file,freeradius_view_config.php,https://github.com/pfsense/FreeBSD-ports,pfsense,jim-p,2019-10-31 08:28:28-04:00,Encode FreeRADIUS config file display output. Fixes #9866,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-18667,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12952,"public function post() { $args = $_POST; foreach ($this->dbFields as $key=>$value) { if (isset($args[$key])) { $value = Sanitize::html( $args[$key] ); if ($value==='false') { $value = false; } elseif ($value==='true') { $value = true; } settype($value, gettype($this->dbFields[$key])); $this->db[$key] = $value; } } return $this->save(); }",True,PHP,post,plugin.class.php,https://github.com/bludit/bludit,bludit,Diego Najar,2019-03-10 18:27:24+01:00,check extension and path traversal,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2019-12548,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12955,"public static function pathFile($path, $file=false) { if($file!==false){ $fullPath = $path.$file; } else { $fullPath = $path; } $fullPath = str_replace('/', DS, $fullPath); if(CHECK_SYMBOLIC_LINKS) { $real = realpath($fullPath); } else { $real = file_exists($fullPath)?$fullPath:false; } if($real===false) { return false; } if(strpos($fullPath, $real)!==0) { return false; } return true; }",True,PHP,pathFile,sanitize.class.php,https://github.com/bludit/bludit,bludit,Diego Najar,2019-03-10 18:27:24+01:00,check extension and path traversal,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2019-12548,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12957,"public function add($array) { $this->db = array_merge($array, $this->db); }",True,PHP,add,language.class.php,https://github.com/bludit/bludit,bludit,Diego Najar,2019-03-10 18:27:24+01:00,check extension and path traversal,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2019-12548,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12960,"public function adminBodyEnd() { global $L; if (!in_array($GLOBALS['ADMIN_CONTROLLER'], $this->loadOnController)) { return false; } $spellCheckerEnable = $this->getValue('spellChecker')?'true':'false'; $html = $this->includeJS('simplemde.min.js'); $html .= ''; return $html; }",True,PHP,adminBodyEnd,plugin.php,https://github.com/bludit/bludit,bludit,Diego Najar,2019-03-10 18:27:24+01:00,check extension and path traversal,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2019-12548,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12961,"Craft::t('app', 'Location') => function() use ($volume) { $loc = [Craft::t('site', $volume->name)]; if ($this->folderPath) { array_push($loc, ...ArrayHelper::filterEmptyStringsFromArray(explode('/', $this->folderPath))); } return implode(' → ', $loc); },",True,PHP,use,Asset.php,https://github.com/craftcms/cms,craftcms,Brad Bell,2023-02-23 11:00:02-08:00,Fixed an XSS vulnerability.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-30177,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12970,"function evf_search_entries( $args ) { global $wpdb; $args = wp_parse_args( $args, array( 'limit' => 10, 'offset' => 0, 'order' => 'DESC', 'orderby' => 'entry_id', ) ); if ( ! array_key_exists( $args['form_id'], evf_get_all_forms() ) ) { return array(); } $orderby = isset( $args['orderby'] ) ? sanitize_key( $args['orderby'] ) : 'entry_id'; $order = ""ORDER BY {$orderby} "" . esc_sql( strtoupper( $args['order'] ) ); $limit = -1 < $args['limit'] ? $wpdb->prepare( 'LIMIT %d', $args['limit'] ) : ''; $offset = 0 < $args['offset'] ? $wpdb->prepare( 'OFFSET %d', $args['offset'] ) : ''; $status = ! empty( $args['status'] ) ? ""AND `status` = '"" . sanitize_key( $args['status'] ) . ""'"" : ''; $search = ! empty( $args['search'] ) ? ""AND `meta_value` LIKE '%"" . $wpdb->esc_like( sanitize_text_field( $args['search'] ) ) . ""%'"" : ''; $include = ! empty( $args['form_id'] ) ? ""AND `form_id` = '"" . absint( $args['form_id'] ) . ""'"" : ''; $exclude = ''; $date_created = ''; $date_modified = ''; if ( ! empty( $args['after'] ) || ! empty( $args['before'] ) ) { $args['after'] = empty( $args['after'] ) ? '0000-00-00' : $args['after']; $args['before'] = empty( $args['before'] ) ? current_time( 'mysql', 1 ) : $args['before']; $date_created = ""AND `date_created_gmt` BETWEEN STR_TO_DATE('"" . esc_sql( $args['after'] ) . ""', '%Y-%m-%d %H:%i:%s') and STR_TO_DATE('"" . esc_sql( $args['before'] ) . ""', '%Y-%m-%d %H:%i:%s')""; } if ( ! empty( $args['modified_after'] ) || ! empty( $args['modified_before'] ) ) { $args['modified_after'] = empty( $args['modified_after'] ) ? '0000-00-00' : $args['modified_after']; $args['modified_before'] = empty( $args['modified_before'] ) ? current_time( 'mysql', 1 ) : $args['modified_before']; $date_modified = ""AND `date_modified_gmt` BETWEEN STR_TO_DATE('"" . esc_sql( $args['modified_after'] ) . ""', '%Y-%m-%d %H:%i:%s') and STR_TO_DATE('"" . esc_sql( $args['modified_before'] ) . ""', '%Y-%m-%d %H:%i:%s')""; } $query = trim( "" SELECT DISTINCT {$wpdb->prefix}evf_entries.entry_id FROM {$wpdb->prefix}evf_entries INNER JOIN {$wpdb->prefix}evf_entrymeta WHERE {$wpdb->prefix}evf_entries.entry_id = {$wpdb->prefix}evf_entrymeta.entry_id {$status} {$search} {$include} {$exclude} {$date_created} {$date_modified} {$order} {$limit} {$offset} "" ); $results = $wpdb->get_results( $query ); $ids = wp_list_pluck( $results, 'entry_id' ); return $ids; }",True,PHP,evf_search_entries,evf-entry-functions.php,https://github.com/wpeverest/everest-forms,wpeverest,Shiva Poudel,2019-07-12 11:21:21+05:27,Fix - Security issue reported by Tin Duong on entries SQL query,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2019-13575,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12973,"function audit($method, $class, $statement, $formats, $values, $users_id) { $this->method = $method; $this->class = $class; $this->statement = substr(str_replace(""'"", """", $statement),0,1000).""n""; $this->formats = $formats; $this->values = $values; $this->ip = getRealIpAddr(); $this->users_id = empty($users_id)?""NULL"":$users_id; return $this->save(); }",True,PHP,audit,AuditTable.php,https://github.com/YouPHPTube/YouPHPTube,YouPHPTube,daniel,2019-07-26 11:32:32-03:00,,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2019-14430,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12975,"public function createFromBill(Request $request, Bill $bill) { $request->session()->flash('info', (string)trans('firefly.instructions_rule_from_bill', ['name' => $bill->name])); $this->createDefaultRuleGroup(); $this->createDefaultRule(); $preFilled = [ 'strict' => true, 'title' => (string)trans('firefly.new_rule_for_bill_title', ['name' => $bill->name]), 'description' => (string)trans('firefly.new_rule_for_bill_description', ['name' => $bill->name]), ]; $oldTriggers = $this->getTriggersForBill($bill); $oldActions = $this->getActionsForBill($bill); $triggerCount = \count($oldTriggers); $actionCount = \count($oldActions); $subTitleIcon = 'fa-clone'; $subTitle = (string)trans('firefly.make_new_rule_no_group'); $request->session()->flash('preFilled', $preFilled); if (true !== session('rules.create.fromStore')) { $this->rememberPreviousUri('rules.create.uri'); } session()->forget('rules.create.fromStore'); return view( 'rules.rule.create', compact('subTitleIcon', 'oldTriggers', 'preFilled', 'oldActions', 'triggerCount', 'actionCount', 'subTitle') ); }",True,PHP,createFromBill,CreateController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2019-08-02 16:44:48+02:00,Fix #2365,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-14670,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12978,"public function index(Request $request) { $user = auth()->user(); $page = 0 === (int) $request->get('page') ? 1 : (int) $request->get('page'); $pageSize = (int) app('preferences')->get('listPageSize', 50)->data; $collection = $this->repository->getAll(); $total = $collection->count(); $collection = $collection->slice(($page - 1) * $pageSize, $pageSize); $currencies = new LengthAwarePaginator($collection, $total, $pageSize, $page); $currencies->setPath(route('currencies.index')); $defaultCurrency = $this->repository->getCurrencyByPreference(app('preferences')->get('currencyPreference', config('firefly.default_currency', 'EUR'))); $isOwner = true; if (!$this->userRepository->hasRole($user, 'owner')) { $request->session()->flash('info', (string) trans('firefly.ask_site_owner', ['owner' => config('firefly.site_owner')])); $isOwner = false; } return prefixView('currencies.index', compact('currencies', 'defaultCurrency', 'isOwner')); }",True,PHP,index,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-08-20 09:51:00+02:00,Fix https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76/,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3729,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12979,"public function create(Request $request) { $user = auth()->user(); if (!$this->userRepository->hasRole($user, 'owner')) { $request->session()->flash('error', (string) trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))])); return redirect(route('currencies.index')); } $subTitleIcon = 'fa-plus'; $subTitle = (string) trans('firefly.create_currency'); if (true !== session('currencies.create.fromStore')) { $this->rememberPreviousUri('currencies.create.uri'); } $request->session()->forget('currencies.create.fromStore'); Log::channel('audit')->info('Create new currency.'); return prefixView('currencies.create', compact('subTitleIcon', 'subTitle')); }",True,PHP,create,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-08-20 09:51:00+02:00,Fix https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76/,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3729,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12984,"public function disableCurrency(Request $request, TransactionCurrency $currency) { app('preferences')->mark(); $user = auth()->user(); if (!$this->userRepository->hasRole($user, 'owner')) { $request->session()->flash('error', (string) trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))])); Log::channel('audit')->info(sprintf('Tried to disable currency %s but is not site owner.', $currency->code)); return redirect(route('currencies.index')); } if ($this->repository->currencyInUse($currency)) { $location = $this->repository->currencyInUseAt($currency); $message = (string) trans(sprintf('firefly.cannot_disable_currency_%s', $location), ['name' => e($currency->name)]); $request->session()->flash('error', $message); Log::channel('audit')->info(sprintf('Tried to disable currency %s but is in use.', $currency->code)); return redirect(route('currencies.index')); } $this->repository->disable($currency); Log::channel('audit')->info(sprintf('Disabled currency %s.', $currency->code)); if (0 === $this->repository->get()->count()) { $first = $this->repository->getAll()->first(); if (null === $first) { throw new FireflyException('No currencies found.'); } Log::channel('audit')->info(sprintf('Auto-enabled currency %s.', $first->code)); $this->repository->enable($first); app('preferences')->set('currencyPreference', $first->code); app('preferences')->mark(); } if ('EUR' === $currency->code) { session()->flash('warning', (string) trans('firefly.disable_EUR_side_effects')); } session()->flash('success', (string) trans('firefly.currency_is_now_disabled', ['name' => $currency->name])); return redirect(route('currencies.index')); }",True,PHP,disableCurrency,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-08-20 09:51:00+02:00,Fix https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76/,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3729,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12985,"public function edit(Request $request, TransactionCurrency $currency) { $user = auth()->user(); if (!$this->userRepository->hasRole($user, 'owner')) { $request->session()->flash('error', (string) trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))])); Log::channel('audit')->info(sprintf('Tried to edit currency %s but is not owner.', $currency->code)); return redirect(route('currencies.index')); } $subTitleIcon = 'fa-pencil'; $subTitle = (string) trans('breadcrumbs.edit_currency', ['name' => $currency->name]); $currency->symbol = htmlentities($currency->symbol); $hasOldInput = null !== $request->old('_token'); $preFilled = [ 'enabled' => $hasOldInput ? (bool) $request->old('enabled') : $currency->enabled, ]; $request->session()->flash('preFilled', $preFilled); Log::channel('audit')->info('Edit currency.', $currency->toArray()); if (true !== session('currencies.edit.fromUpdate')) { $this->rememberPreviousUri('currencies.edit.uri'); } $request->session()->forget('currencies.edit.fromUpdate'); return prefixView('currencies.edit', compact('currency', 'subTitle', 'subTitleIcon')); }",True,PHP,edit,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-08-20 09:51:00+02:00,Fix https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76/,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3729,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12986,"public function defaultCurrency(Request $request, TransactionCurrency $currency) { app('preferences')->set('currencyPreference', $currency->code); app('preferences')->mark(); Log::channel('audit')->info(sprintf('Make %s the default currency.', $currency->code)); $this->repository->enable($currency); $request->session()->flash('success', (string) trans('firefly.new_default_currency', ['name' => $currency->name])); return redirect(route('currencies.index')); }",True,PHP,defaultCurrency,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-08-20 09:51:00+02:00,Fix https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76/,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3729,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12989,"public function update(CurrencyFormRequest $request, TransactionCurrency $currency) { $user = auth()->user(); $data = $request->getCurrencyData(); if (false === $data['enabled'] && $this->repository->currencyInUse($currency)) { $data['enabled'] = true; } if (!$this->userRepository->hasRole($user, 'owner')) { $request->session()->flash('error', (string) trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))])); Log::channel('audit')->info('Tried to update (POST) currency without admin rights.', $data); return redirect(route('currencies.index')); } $currency = $this->repository->update($currency, $data); Log::channel('audit')->info('Updated (POST) currency.', $data); $request->session()->flash('success', (string) trans('firefly.updated_currency', ['name' => $currency->name])); app('preferences')->mark(); if (1 === (int) $request->get('return_to_edit')) { $request->session()->put('currencies.edit.fromUpdate', true); return redirect(route('currencies.edit', [$currency->id])); } return redirect($this->getPreviousUri('currencies.edit.uri')); }",True,PHP,update,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-08-20 09:51:00+02:00,Fix https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76/,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3729,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12992,"public function __construct() { parent::__construct(); $this->middleware( function ($request, $next) { app('view')->share('title', (string) trans('firefly.currencies')); app('view')->share('mainTitleIcon', 'fa-usd'); $this->repository = app(CurrencyRepositoryInterface::class); $this->userRepository = app(UserRepositoryInterface::class); return $next($request); } ); }",True,PHP,__construct,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-08-20 09:51:00+02:00,Fix https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76/,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3729,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12993,"public function store(CurrencyFormRequest $request) { $user = auth()->user(); $data = $request->getCurrencyData(); if (!$this->userRepository->hasRole($user, 'owner')) { Log::error('User ' . auth()->user()->id . ' is not admin, but tried to store a currency.'); Log::channel('audit')->info('Tried to create (POST) currency without admin rights.', $data); return redirect($this->getPreviousUri('currencies.create.uri')); } $data['enabled'] = true; try { $currency = $this->repository->store($data); } catch (FireflyException $e) { Log::error($e->getMessage()); Log::channel('audit')->info('Could not store (POST) currency without admin rights.', $data); $request->session()->flash('error', (string) trans('firefly.could_not_store_currency')); $currency = null; } $redirect = redirect($this->getPreviousUri('currencies.create.uri')); if (null !== $currency) { $request->session()->flash('success', (string) trans('firefly.created_currency', ['name' => $currency->name])); Log::channel('audit')->info('Created (POST) currency.', $data); if (1 === (int) $request->get('create_another')) { $request->session()->put('currencies.create.fromStore', true); $redirect = redirect(route('currencies.create'))->withInput(); } } return $redirect; }",True,PHP,store,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-08-20 09:51:00+02:00,Fix https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76/,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3729,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12995,"public function enableCurrency(TransactionCurrency $currency) { app('preferences')->mark(); $this->repository->enable($currency); session()->flash('success', (string) trans('firefly.currency_is_now_enabled', ['name' => $currency->name])); Log::channel('audit')->info(sprintf('Enabled currency %s.', $currency->code)); return redirect(route('currencies.index')); }",True,PHP,enableCurrency,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-08-20 09:51:00+02:00,Fix https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76/,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3729,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12996,"public function delete(Request $request, TransactionCurrency $currency) { $user = auth()->user(); if (!$this->userRepository->hasRole($user, 'owner')) { $request->session()->flash('error', (string) trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))])); Log::channel('audit')->info(sprintf('Tried to visit page to delete currency %s but is not site owner.', $currency->code)); return redirect(route('currencies.index')); } if ($this->repository->currencyInUse($currency)) { $location = $this->repository->currencyInUseAt($currency); $message = (string) trans(sprintf('firefly.cannot_disable_currency_%s', $location), ['name' => e($currency->name)]); $request->session()->flash('error', $message); Log::channel('audit')->info(sprintf('Tried to visit page to delete currency %s but currency is in use.', $currency->code)); return redirect(route('currencies.index')); } $this->rememberPreviousUri('currencies.delete.uri'); $subTitle = (string) trans('form.delete_currency', ['name' => $currency->name]); Log::channel('audit')->info(sprintf('Visit page to delete currency %s.', $currency->code)); return prefixView('currencies.delete', compact('currency', 'subTitle')); }",True,PHP,delete,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-08-20 09:51:00+02:00,Fix https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76/,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3729,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12997,"public function destroy(Request $request, TransactionCurrency $currency) { $user = auth()->user(); if (!$this->userRepository->hasRole($user, 'owner')) { $request->session()->flash('error', (string) trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))])); Log::channel('audit')->info(sprintf('Tried to delete currency %s but is not site owner.', $currency->code)); return redirect(route('currencies.index')); } if ($this->repository->currencyInUse($currency)) { $request->session()->flash('error', (string) trans('firefly.cannot_delete_currency', ['name' => e($currency->name)])); Log::channel('audit')->info(sprintf('Tried to delete currency %s but is in use.', $currency->code)); return redirect(route('currencies.index')); } if ($this->repository->isFallbackCurrency($currency)) { $request->session()->flash('error', (string) trans('firefly.cannot_delete_fallback_currency', ['name' => e($currency->name)])); Log::channel('audit')->info(sprintf('Tried to delete currency %s but is FALLBACK.', $currency->code)); return redirect(route('currencies.index')); } Log::channel('audit')->info(sprintf('Deleted currency %s.', $currency->code)); $this->repository->destroy($currency); $request->session()->flash('success', (string) trans('firefly.deleted_currency', ['name' => $currency->name])); return redirect($this->getPreviousUri('currencies.delete.uri')); }",True,PHP,destroy,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-08-20 09:51:00+02:00,Fix https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76/,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3729,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 12999,"public function delete(AvailableBudget $availableBudget) { $this->abRepository->destroyAvailableBudget($availableBudget); session()->flash('success', trans('firefly.deleted_ab')); return redirect(route('budgets.index')); }",True,PHP,delete,AvailableBudgetController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-08-20 10:05:18+02:00,Fix https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7/,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3730,"$masteroption->delete(); } $db->delete('optiongroup', 'optiongroup_master_id='.$mastergroup->id); $mastergroup->delete(); expHistory::back(); }" 13000,"public function enableCurrency(TransactionCurrency $currency) { app('preferences')->mark(); $this->repository->enable($currency); session()->flash('success', (string)trans('firefly.currency_is_now_enabled', ['name' => $currency->name])); Log::channel('audit')->info(sprintf('Enabled currency %s.', $currency->code)); return redirect(route('currencies.index')); }",True,PHP,enableCurrency,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-09-20 06:39:10+02:00,Convert GET routes to POST.,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3819,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13003,"public function disableCurrency(Request $request, TransactionCurrency $currency) { app('preferences')->mark(); $user = auth()->user(); if (!$this->userRepository->hasRole($user, 'owner')) { $request->session()->flash('error', (string)trans('firefly.ask_site_owner', ['owner' => e(config('firefly.site_owner'))])); Log::channel('audit')->info(sprintf('Tried to disable currency %s but is not site owner.', $currency->code)); return redirect(route('currencies.index')); } if ($this->repository->currencyInUse($currency)) { $location = $this->repository->currencyInUseAt($currency); $message = (string)trans(sprintf('firefly.cannot_disable_currency_%s', $location), ['name' => e($currency->name)]); $request->session()->flash('error', $message); Log::channel('audit')->info(sprintf('Tried to disable currency %s but is in use.', $currency->code)); return redirect(route('currencies.index')); } $this->repository->disable($currency); Log::channel('audit')->info(sprintf('Disabled currency %s.', $currency->code)); if (0 === $this->repository->get()->count()) { $first = $this->repository->getAll()->first(); if (null === $first) { throw new FireflyException('No currencies found.'); } Log::channel('audit')->info(sprintf('Auto-enabled currency %s.', $first->code)); $this->repository->enable($first); app('preferences')->set('currencyPreference', $first->code); app('preferences')->mark(); } if ('EUR' === $currency->code) { session()->flash('warning', (string)trans('firefly.disable_EUR_side_effects')); } session()->flash('success', (string)trans('firefly.currency_is_now_disabled', ['name' => $currency->name])); return redirect(route('currencies.index')); }",True,PHP,disableCurrency,CurrencyController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-09-20 06:39:10+02:00,Convert GET routes to POST.,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3819,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13005,"public function cloneGroup(TransactionGroup $group) { $service = app(GroupCloneService::class); $newGroup = $service->cloneGroup($group); event(new StoredTransactionGroup($newGroup)); app('preferences')->mark(); $title = $newGroup->title ?? $newGroup->transactionJournals->first()->description; $link = route('transactions.show', [$newGroup->id]); session()->flash('success', trans('firefly.stored_journal', ['description' => $title])); session()->flash('success_url', $link); return redirect(route('transactions.show', [$newGroup->id])); }",True,PHP,cloneGroup,CreateController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-09-20 06:39:10+02:00,Convert GET routes to POST.,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3819,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13006,"public function __construct() { parent::__construct(); $this->middleware( static function ($request, $next) { app('view')->share('title', (string)trans('firefly.transactions')); app('view')->share('mainTitleIcon', 'fa-exchange'); return $next($request); } ); }",True,PHP,__construct,CreateController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-09-20 06:39:10+02:00,Convert GET routes to POST.,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3819,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13007,"public function down(RuleGroup $ruleGroup) { $maxOrder = $this->repository->maxOrder(); $order = (int)$ruleGroup->order; if ($order < $maxOrder) { $newOrder = $order + 1; $this->repository->setOrder($ruleGroup, $newOrder); } return redirect(route('rules.index')); }",True,PHP,down,EditController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-10-23 09:29:07+02:00,Catch CSRF issues,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3900,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13008,"public function up(RuleGroup $ruleGroup) { $order = (int)$ruleGroup->order; if ($order > 1) { $newOrder = $order - 1; $this->repository->setOrder($ruleGroup, $newOrder); } return redirect(route('rules.index')); }",True,PHP,up,EditController.php,https://github.com/firefly-iii/firefly-iii,firefly-iii,James Cole,2021-10-23 09:29:07+02:00,Catch CSRF issues,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3900,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13012,"function display($text, $inline_images=true, $balance=true) { $text = preg_replace_callback('/]*)(src=""http[^""]+"")([^>]*)\/>/', function($match) { $match = preg_replace('/class=""[^""]*""/', '', $match); return sprintf('', $match[1], $match[2], $match[3]); }, $text); if ($balance) $text = self::html_balance($text, false); $text = Format::clickableurls($text); if ($inline_images) return self::viewableImages($text); return $text; }",True,PHP,display,class.format.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2020-08-19 09:22:56-05:00,"ssrf: External Inline Images This mitigates an SSRF security vulnerability reported by [Talat Mehmood](https://twitter.com/Blackbatsecuri1) where we do not check if the src URL for external inline images contain a valid image extension when displaying. This means if someone puts something like `` in the body of their message, when someone clicks Show Images or when the ticket is printed the server will call the src URL to get the ""image"" data for display. This is a problem as this could load malicious code/scripts in the browser. This adds a new setting called `Allow External Images` and if Disabled we will not allow any external images in Threads. If this setting is Enabled (default), we will only allow `` src URLs with valid image extensions (`png`,`jpg`,`jpeg`,`gif`).",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2020-24881,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13016,"function display($output=false) { if ($this->isEmpty()) return '(empty)'; switch ($output) { case 'email': return $this->body; case 'pdf': return Format::clickableurls($this->body); default: return Format::display($this->body, true, !$this->options['balanced']); } }",True,PHP,display,class.thread.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2020-08-19 09:22:56-05:00,"ssrf: External Inline Images This mitigates an SSRF security vulnerability reported by [Talat Mehmood](https://twitter.com/Blackbatsecuri1) where we do not check if the src URL for external inline images contain a valid image extension when displaying. This means if someone puts something like `` in the body of their message, when someone clicks Show Images or when the ticket is printed the server will call the src URL to get the ""image"" data for display. This is a problem as this could load malicious code/scripts in the browser. This adds a new setting called `Allow External Images` and if Disabled we will not allow any external images in Threads. If this setting is Enabled (default), we will only allow `` src URLs with valid image extensions (`png`,`jpg`,`jpeg`,`gif`).",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2020-24881,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13022,"function dump() { if (!$this->output) $this->output = fopen('php: $delimiter = ','; if (class_exists('NumberFormatter')) { $nf = NumberFormatter::create(Internationalization::getCurrentLocale(), NumberFormatter::DECIMAL); $s = $nf->getSymbol(NumberFormatter::DECIMAL_SEPARATOR_SYMBOL); if ($s == ',') $delimiter = ';'; } fputs($this->output, chr(0xEF) . chr(0xBB) . chr(0xBF)); fputcsv($this->output, $this->getHeaders(), $delimiter); while ($row=$this->next()) fputcsv($this->output, $row, $delimiter); fclose($this->output); }",True,PHP,dump,class.export.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2019-07-11 10:56:27-05:00,"security: CSV Formula Injection This addresses a security issue discovered by Aishwarya Iyer where a User can change their Full Name to a windows formula and when an Agent exports a list of Users containing said User and opens the export file, the formula will be executed on their computer (if it's windows of course). This adds a new validator called `is_formula()` to all text fields disallowing the use of the following characters `= + - @` at the beginning of text. This should mitigate CSV Formula injections for any text field that allows user-input in the system. To further prevent CSV Formula injections this adds an escape mechanism to the Exporter that will escape any content matching the formula regex with a single quote (as mentioned in many posts about this subject).",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2019-14749,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13025,"return !isset($thisstaff) || $f->isRequiredForStaff(); }; if (!$form->isValid($filter)) $valid = false; if (($field=$form->getField('email')) && $field->getClean() && User::lookup(array('emails__address'=>$field->getClean()))) { $field->addError(__('Email is assigned to another user')); $valid = false; } return $valid ? self::fromVars($form->getClean(), $create) : null; }",True,PHP,isRequiredForStaff,class.user.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2019-07-11 10:56:27-05:00,"security: CSV Formula Injection This addresses a security issue discovered by Aishwarya Iyer where a User can change their Full Name to a windows formula and when an Agent exports a list of Users containing said User and opens the export file, the formula will be executed on their computer (if it's windows of course). This adds a new validator called `is_formula()` to all text fields disallowing the use of the following characters `= + - @` at the beginning of text. This should mitigate CSV Formula injections for any text field that allows user-input in the system. To further prevent CSV Formula injections this adds an escape mechanism to the Exporter that will escape any content matching the formula regex with a single quote (as mentioned in many posts about this subject).",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2019-14749,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13027,"function download($disposition=false, $expires=false) { $disposition = $disposition ?: 'inline'; $bk = $this->open(); if ($bk->sendRedirectUrl($disposition)) return; $ttl = ($expires) ? $expires - Misc::gmtime() : false; $this->makeCacheable($ttl); $type = $this->getType() ?: 'application/octet-stream'; Http::download($this->getName(), $type, null, 'inline'); header('Content-Length: '.$this->getSize()); $this->sendData(false); exit(); }",True,PHP,download,class.file.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2019-07-24 16:37:43-05:00,"security: HTML File Browser Execution (Windows: Firefox/IE) This addresses an issue reported by Aishwarya Iyer where attached HTML files are executed in the browser instead of forcing download in Firefox and IE for Windows specifically. This is caused by an incorrect `Content-Disposition` set in the `AttachmentFile::download` function. Instead of attachments having a disposition of `attachment` (which forces download) they have a disposition of `inline` (which displays the file contents in the browser). This updates the download function to use whatever disposition is passed (for S3 plugin), if none it defaults to `attachment`. In addition, this overwrites the disposition and sets it to `attachment` after the `$bk->sendRedirectURL()` so that S3 attachments still work and the issue of an attacker passing their own disposition is mitigated.",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2019-14748,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13028,"function download($disposition=false, $expires=false) { $disposition = $disposition ?: 'inline'; $bk = $this->open(); if ($bk->sendRedirectUrl($disposition)) return; $ttl = ($expires) ? $expires - Misc::gmtime() : false; $this->makeCacheable($ttl); $type = $this->getType() ?: 'application/octet-stream'; Http::download($this->getName(), $type, null, 'inline'); header('Content-Length: '.$this->getSize()); $this->sendData(false); exit(); }",True,PHP,download,class.file.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2019-07-24 16:37:43-05:00,"security: HTML File Browser Execution (Windows: Firefox/IE) This addresses an issue reported by Aishwarya Iyer where attached HTML files are executed in the browser instead of forcing download in Firefox and IE for Windows specifically. This is caused by an incorrect `Content-Disposition` set in the `AttachmentFile::download` function. Instead of attachments having a disposition of `attachment` (which forces download) they have a disposition of `inline` (which displays the file contents in the browser). This updates the download function to use whatever disposition is passed (for S3 plugin), if none it defaults to `attachment`. In addition, this overwrites the disposition and sets it to `attachment` after the `$bk->sendRedirectURL()` so that S3 attachments still work and the issue of an attacker passing their own disposition is mitigated.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-14748,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13031,static function lookup($var) { if (is_array($var)) return parent::lookup($var); elseif (is_numeric($var)) return parent::lookup(array('staff_id'=>$var)); elseif (Validator::is_email($var)) return parent::lookup(array('email'=>$var)); elseif (is_string($var)) return parent::lookup(array('username'=>$var)); else return null; },True,PHP,lookup,class.staff.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2021-10-07 14:38:44+00:00,"security: SQL Injection This mitigates a possible SQL injection vulnerability reported by Bittylicious.",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-42235,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13033,"static function lookupByUsername($username) { if (strpos($username, '@') !== false) $user = static::lookup(array('user__emails__address'=>$username)); else $user = static::lookup(array('username'=>$username)); return $user; }",True,PHP,lookupByUsername,class.user.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2021-10-07 14:38:44+00:00,"security: SQL Injection This mitigates a possible SQL injection vulnerability reported by Bittylicious.",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-42235,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13036,"static function is_username($username, &$error='') { if (strlen($username)<2) $error = __('Username must have at least two (2) characters'); elseif (!preg_match('/^[\p{L}\d._-]+$/u', $username)) $error = __('Username contains invalid characters'); return $error == ''; }",True,PHP,is_username,class.validator.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2021-10-07 14:38:44+00:00,"security: SQL Injection This mitigates a possible SQL injection vulnerability reported by Bittylicious.",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-42235,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13038,"function login($staff, $bk) { global $ost; if (!$bk || !($staff instanceof Staff)) return false; if (!static::isBackendAllowed($staff, $bk) || !($authkey=$bk->getAuthKey($staff))) return false; $ost->logDebug(_S('Agent Login'), sprintf(_S(""%s logged in [%s], via %s""), $staff->getUserName(), $_SERVER['REMOTE_ADDR'], get_class($bk))); $agent = Staff::lookup($staff->getId()); $type = array('type' => 'login'); Signal::send('person.login', $agent, $type); $auth2fa = null; if (($_2fa = $staff->get2FABackend()) && ($token=$_2fa->send($staff))) { $auth2fa = sprintf('%s:%s:%s', $_2fa->getId(), md5($token.$staff->getId()), time()); } $authkey = $bk::$id.':'.$authkey; $authsession = &$_SESSION['_auth']['staff']; $authsession = array(); $authsession['id'] = $staff->getId(); $authsession['key'] = $authkey; $authsession['2fa'] = $auth2fa; $staff->setAuthKey($authkey); $staff->refreshSession(true); Signal::send('auth.login.succeeded', $staff); if ($bk->supportsInteractiveAuthentication()) $staff->cancelResetTokens(); $staff->onLogin($bk); return true; }",True,PHP,login,class.auth.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13039,"function login($user, $bk) { global $ost; if (!$user || !$bk || !$bk::$id || !($authkey = $bk->getAuthKey($user))) return false; $acct = $user->getAccount(); if ($acct) { if (!$acct->isConfirmed()) throw new AccessDenied(__('Account confirmation required')); elseif ($acct->isLocked()) throw new AccessDenied(__('Account is administratively locked')); } $this->setAuthKey($user, $bk, $authkey); $user->setAuthKey($authkey); $user->refreshSession(true); $msg=sprintf(_S('%1$s (%2$s) logged in [%3$s]' ), $user->getUserName(), $user->getId(), $_SERVER['REMOTE_ADDR']); $ost->logDebug(_S('User login'), $msg); $u = $user->getSessionUser()->getUser(); $type = array('type' => 'login'); Signal::send('person.login', $u, $type); if ($bk->supportsInteractiveAuthentication() && ($acct=$user->getAccount())) $acct->cancelResetTokens(); $user->onLogin($bk); return true; }",True,PHP,login,class.auth.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13042,"function isvalidSession($htoken,$maxidletime=0,$checkip=false){ global $cfg; $token = rawurldecode($htoken); if($token && !strstr($token,"":"")) return FALSE; list($hash,$expire,$ip)=explode("":"",$token); if((md5($expire . SESSION_SECRET . $this->userID)!=$hash)){ return FALSE; } if($maxidletime && ((time()-$expire)>$maxidletime)){ return FALSE; } if($checkip && strcmp($ip, MD5($this->ip))) return FALSE; $this->validated=TRUE; return TRUE; }",True,PHP,isvalidSession,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13043,function getIP(){ return $this->ip; },True,PHP,getIP,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13044,static function lookup($var) { if ($staff = parent::lookup($var)) { $staff->token = &$_SESSION[':token']['staff']; $staff->session= new UserSession($staff->getId()); } return $staff; },True,PHP,lookup,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13047,function isClient() { return FALSE; },True,PHP,isClient,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13051,function __construct($user) { parent::__construct($user); $this->token = &$_SESSION[':token']['client']; $this->session= new UserSession($user->getId()); },True,PHP,__construct,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13054,function is2FAPending() { if (!isset($_SESSION['_auth']['staff']['2fa'])) return false; return true; },True,PHP,is2FAPending,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13055,function getBrowser(){ return $this->browser; },True,PHP,getBrowser,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13057,"function sessionToken(){ $time = time(); $hash = md5($time.SESSION_SECRET.$this->userID); $token = ""$hash:$time:"".MD5($this->ip); return($token); }",True,PHP,sessionToken,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13059,function getSession() { return $this->session; },True,PHP,getSession,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13060,"function getLastUpdate($htoken) { if (!$htoken) return 0; @list($hash,$expire,$ip)=explode("":"",$htoken); return $expire; }",True,PHP,getLastUpdate,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13065,function getSessionToken() { return $this->session->sessionToken(); },True,PHP,getSessionToken,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13066,function getSessionId(){ return $this->session_id; },True,PHP,getSessionId,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13068,function isValid() { return FALSE; },True,PHP,isValid,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13070,function __construct($userid){ $this->browser=(!empty($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : $_ENV['HTTP_USER_AGENT']; $this->ip=(!empty($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : getenv('REMOTE_ADDR'); $this->session_id=session_id(); $this->userID=$userid; },True,PHP,__construct,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13071,function getSessionUser() { return $this->user; },True,PHP,getSessionUser,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13072,function isStaff(){ return FALSE; },True,PHP,isStaff,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13076,"function refreshSession($force=false){ global $cfg; $time = $this->session->getLastUpdate($this->token); if (!$force && time() - $time < 30) return; $this->token = $this->getSessionToken(); osTicketSession::renewCookie($time, $cfg->getClientSessionTimeout()); }",True,PHP,refreshSession,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13077,function refreshSession(){ },True,PHP,refreshSession,class.usersession.php,https://github.com/osTicket/osTicket,osTicket,JediKev,2022-05-19 15:21:48+00:00,"Security: Session Fixation This commit addresses possible session fixation on both agent and end user login. Upon login users are now issued new session with the old one invalidated.",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-31888,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13080,"private function _handleCallback(){ try { $accessToken = $this->_provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]); } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) { exit($e->getMessage()); } $resourceOwner = $this->_provider->getResourceOwner($accessToken); $user = $this->_userHandling( $resourceOwner->toArray() ); $user->setCookies(); global $wgOut, $wgRequest; $title = null; $wgRequest->getSession()->persist(); if( $wgRequest->getSession()->exists('returnto') ) { $title = Title::newFromText( $wgRequest->getSession()->get('returnto') ); $wgRequest->getSession()->remove('returnto'); $wgRequest->getSession()->save(); } if( !$title instanceof Title || 0 > $title->mArticleID ) { $title = Title::newMainPage(); } $wgOut->redirect( $title->getFullURL() ); return true; }",True,PHP,_handleCallback,SpecialOAuth2Client.php,https://github.com/Schine/MW-OAuth2Client,Schine,schema,2019-08-19 02:38:23+02:00,"Enforce/verify state parameter of callback This fixes a security vulnerability where a malicious actor can bypass authentication via a clickjacking attack (CSRF vulnerability). Signed-off-by: schema ",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2019-15150,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13084,"protected function driverRead(CacheItemInterface $item) { $this->driverConnect(); $keyword = self::PREFIX . $item->getKey(); $x = isset($_COOKIE[ $keyword ]) ? $this->decode(json_decode($_COOKIE[ $keyword ], true)) : false; if ($x == false) { return null; } else { if (!is_scalar($this->driverUnwrapData($x)) && !is_null($this->driverUnwrapData($x))) { throw new phpFastCacheDriverException('Hacking attempt: The decoding returned a non-scalar value, Cookie driver does not allow this.'); } return $x; } }",True,PHP,driverRead,Driver.php,https://github.com/PHPSocialNetwork/phpfastcache,PHPSocialNetwork,Geolim4,2016-12-30 09:40:00+01:00,Fixed critical vulnerability on cookie driver,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2019-16774,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13086,"function test_anon_comments_require_email() { add_filter( 'xmlrpc_allow_anonymous_comments', '__return_true' ); $comment_args = array( 1, '', '', self::$post->ID, array( 'author' => 'WordPress', 'author_email' => 'noreply at wordpress.org', 'content' => 'Test Anon Comments', ), ); $result = $this->myxmlrpcserver->wp_newComment( $comment_args ); $this->assertIXRError( $result ); $this->assertSame( 403, $result->code ); }",True,PHP,test_anon_comments_require_email,newComment.php,https://github.com/WordPress/wordpress-develop,WordPress,Jonathan Desrosiers,2020-10-29 17:42:13+00:00,"XML-RPC: Improve error messages for unprivileged users. Add specific permission checks to avoid ambiguous failure messages. Props zieladam, peterwilsoncc, xknown, whyisjake. git-svn-id: https://develop.svn.wordpress.org/trunk@49380 602fd350-edb4-49c9-b593-d223f7449a82",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-28036,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13091,"function test_new_comment_duplicated() { $comment_args = array( 1, 'administrator', 'administrator', self::$post->ID, array( 'content' => rand_str( 100 ), ), ); $result = $this->myxmlrpcserver->wp_newComment( $comment_args ); $this->assertNotIXRError( $result ); $result = $this->myxmlrpcserver->wp_newComment( $comment_args ); $this->assertIXRError( $result ); $this->assertSame( 403, $result->code ); }",True,PHP,test_new_comment_duplicated,newComment.php,https://github.com/WordPress/wordpress-develop,WordPress,Jonathan Desrosiers,2020-10-29 17:42:13+00:00,"XML-RPC: Improve error messages for unprivileged users. Add specific permission checks to avoid ambiguous failure messages. Props zieladam, peterwilsoncc, xknown, whyisjake. git-svn-id: https://develop.svn.wordpress.org/trunk@49380 602fd350-edb4-49c9-b593-d223f7449a82",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-28036,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13095,"public function test_empty_content_multiple_spaces() { $result = $this->myxmlrpcserver->wp_newComment( array( 1, 'administrator', 'administrator', self::$post->ID, array( 'content' => ' ', ), ) ); $this->assertIXRError( $result ); $this->assertSame( 403, $result->code ); }",True,PHP,test_empty_content_multiple_spaces,newComment.php,https://github.com/WordPress/wordpress-develop,WordPress,Jonathan Desrosiers,2020-10-29 17:42:13+00:00,"XML-RPC: Improve error messages for unprivileged users. Add specific permission checks to avoid ambiguous failure messages. Props zieladam, peterwilsoncc, xknown, whyisjake. git-svn-id: https://develop.svn.wordpress.org/trunk@49380 602fd350-edb4-49c9-b593-d223f7449a82",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-28036,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13096,"function test_allowed_anon_comments() { add_filter( 'xmlrpc_allow_anonymous_comments', '__return_true' ); $comment_args = array( 1, '', '', self::$post->ID, array( 'author' => 'WordPress', 'author_email' => 'noreply@wordpress.org', 'content' => 'Test Anon Comments', ), ); $result = $this->myxmlrpcserver->wp_newComment( $comment_args ); $this->assertNotIXRError( $result ); $this->assertInternalType( 'int', $result ); }",True,PHP,test_allowed_anon_comments,newComment.php,https://github.com/WordPress/wordpress-develop,WordPress,Jonathan Desrosiers,2020-10-29 17:42:13+00:00,"XML-RPC: Improve error messages for unprivileged users. Add specific permission checks to avoid ambiguous failure messages. Props zieladam, peterwilsoncc, xknown, whyisjake. git-svn-id: https://develop.svn.wordpress.org/trunk@49380 602fd350-edb4-49c9-b593-d223f7449a82",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-28036,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13097,"function test_empty_comment() { $result = $this->myxmlrpcserver->wp_newComment( array( 1, 'administrator', 'administrator', self::$post->ID, array( 'content' => '', ), ) ); $this->assertIXRError( $result ); $this->assertSame( 403, $result->code ); }",True,PHP,test_empty_comment,newComment.php,https://github.com/WordPress/wordpress-develop,WordPress,Jonathan Desrosiers,2020-10-29 17:42:13+00:00,"XML-RPC: Improve error messages for unprivileged users. Add specific permission checks to avoid ambiguous failure messages. Props zieladam, peterwilsoncc, xknown, whyisjake. git-svn-id: https://develop.svn.wordpress.org/trunk@49380 602fd350-edb4-49c9-b593-d223f7449a82",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-28036,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13099,"public function test_valid_comment_allow_empty_content() { add_filter( 'allow_empty_comment', '__return_true' ); $result = $this->myxmlrpcserver->wp_newComment( array( 1, 'administrator', 'administrator', self::$post->ID, array( 'content' => ' ', ), ) ); $this->assertNotIXRError( $result ); }",True,PHP,test_valid_comment_allow_empty_content,newComment.php,https://github.com/WordPress/wordpress-develop,WordPress,Jonathan Desrosiers,2020-10-29 17:42:13+00:00,"XML-RPC: Improve error messages for unprivileged users. Add specific permission checks to avoid ambiguous failure messages. Props zieladam, peterwilsoncc, xknown, whyisjake. git-svn-id: https://develop.svn.wordpress.org/trunk@49380 602fd350-edb4-49c9-b593-d223f7449a82",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-28036,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13102,"public function test_valid_comment_0_content() { $result = $this->myxmlrpcserver->wp_newComment( array( 1, 'administrator', 'administrator', self::$post->ID, array( 'content' => '0', ), ) ); $this->assertNotIXRError( $result ); }",True,PHP,test_valid_comment_0_content,newComment.php,https://github.com/WordPress/wordpress-develop,WordPress,Jonathan Desrosiers,2020-10-29 17:42:13+00:00,"XML-RPC: Improve error messages for unprivileged users. Add specific permission checks to avoid ambiguous failure messages. Props zieladam, peterwilsoncc, xknown, whyisjake. git-svn-id: https://develop.svn.wordpress.org/trunk@49380 602fd350-edb4-49c9-b593-d223f7449a82",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-28036,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13103,"function test_username_avoids_anon_flow() { add_filter( 'xmlrpc_allow_anonymous_comments', '__return_true' ); $comment_args = array( 1, 'administrator', 'administrator', self::$post->ID, array( 'author' => 'WordPress', 'author_email' => 'noreply at wordpress.org', 'content' => 'Test Anon Comments', ), ); $result = $this->myxmlrpcserver->wp_newComment( $comment_args ); $comment = get_comment( $result ); $user_id = get_user_by( 'login', 'administrator' )->ID; $this->assertSame( $user_id, (int) $comment->user_id ); }",True,PHP,test_username_avoids_anon_flow,newComment.php,https://github.com/WordPress/wordpress-develop,WordPress,Jonathan Desrosiers,2020-10-29 17:42:13+00:00,"XML-RPC: Improve error messages for unprivileged users. Add specific permission checks to avoid ambiguous failure messages. Props zieladam, peterwilsoncc, xknown, whyisjake. git-svn-id: https://develop.svn.wordpress.org/trunk@49380 602fd350-edb4-49c9-b593-d223f7449a82",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-28036,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13105,public static function wpSetUpBeforeClass( $factory ) { self::make_user_by_role( 'administrator' ); self::$post = $factory->post->create_and_get(); },True,PHP,wpSetUpBeforeClass,newComment.php,https://github.com/WordPress/wordpress-develop,WordPress,Jonathan Desrosiers,2020-10-29 17:42:13+00:00,"XML-RPC: Improve error messages for unprivileged users. Add specific permission checks to avoid ambiguous failure messages. Props zieladam, peterwilsoncc, xknown, whyisjake. git-svn-id: https://develop.svn.wordpress.org/trunk@49380 602fd350-edb4-49c9-b593-d223f7449a82",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-28036,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13106,"function test_valid_comment() { $result = $this->myxmlrpcserver->wp_newComment( array( 1, 'administrator', 'administrator', self::$post->ID, array( 'content' => rand_str( 100 ), ), ) ); $this->assertNotIXRError( $result ); }",True,PHP,test_valid_comment,newComment.php,https://github.com/WordPress/wordpress-develop,WordPress,Jonathan Desrosiers,2020-10-29 17:42:13+00:00,"XML-RPC: Improve error messages for unprivileged users. Add specific permission checks to avoid ambiguous failure messages. Props zieladam, peterwilsoncc, xknown, whyisjake. git-svn-id: https://develop.svn.wordpress.org/trunk@49380 602fd350-edb4-49c9-b593-d223f7449a82",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-28036,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13114,"function is_protected_meta( $meta_key, $meta_type = '' ) { $protected = ( '_' === $meta_key[0] ); return apply_filters( 'is_protected_meta', $protected, $meta_key, $meta_type ); }",True,PHP,is_protected_meta,meta.php,https://github.com/WordPress/wordpress-develop,WordPress,Jonathan Desrosiers,2020-10-29 18:05:21+00:00,"Meta: Sanitize meta key before checking protection status. Props zieladam, peterwilsoncc, xknown, whyisjake. Merges [49377,49381] to trunk. git-svn-id: https://develop.svn.wordpress.org/trunk@49387 602fd350-edb4-49c9-b593-d223f7449a82",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2020-28039,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13121,"function fm_get_size($file) { static $iswin; static $isdarwin; if (!isset($iswin)) { $iswin = (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN'); } if (!isset($isdarwin)) { $isdarwin = (strtoupper(substr(PHP_OS, 0)) == ""DARWIN""); } static $exec_works; if (!isset($exec_works)) { $exec_works = (function_exists('exec') && !ini_get('safe_mode') && @exec('echo EXEC') == 'EXEC'); } if ($exec_works) { $cmd = ($iswin) ? ""for %F in (\""$file\"") do @echo %~zF"" : ($isdarwin ? ""stat -f%z \""$file\"""" : ""stat -c%s \""$file\""""); @exec($cmd, $output); if (is_array($output) && ctype_digit($size = trim(implode(""\n"", $output)))) { return $size; } } if ($iswin && class_exists(""COM"")) { try { $fsobj = new COM('Scripting.FileSystemObject'); $f = $fsobj->GetFile( realpath($file) ); $size = $f->Size; } catch (Exception $e) { $size = null; } if (ctype_digit($size)) { return $size; } } return filesize($file); }",True,PHP,fm_get_size,tinyfilemanager.php,https://github.com/prasathmani/tinyfilemanager,prasathmani,GitHub,2019-12-28 19:11:47+05:18,"Merge pull request from GHSA-w72h-v37j-rrwr * Fix the RCE vuln via Upload from URL This commit attemps to fix the Remote Code Execution (authenticated) via Upload from URL. Some notes about the proposed solution: * A new function (fm_is_file_allowed) has been created to validate if the filename is allowed. This function gets the the filename as parameter and returns true if it validates as allowed. Otherwise returns false (the default). * It's better to have such validatation(s) in one place instead of spread all over the code. There are other places in the application where the filename is validated and they should all be refactored to call this function. Then we can focus all needed validations in one place only! NOTE: This refactoring was not done - the only goal was to fix this security vulnerability only. * The fm_is_file_allowed() function validates the filename based on its extension only. No other validatation(s) have been implemented in this commit. * File extensions are assumed to be case-insensitive. For example, php == PHP == Php == PhP, etc. This is consitent with some web servers. Without this, the user will have to populate the $allowed_extensions with all possible allowed combinations. * Although, there is one drawback to the current solution, which is that all files must have an extension to be uploaded. This is not consitent with modern filesystems. Maybe a better solution would be to automatically append an extension to the filename if no extension has been found (e.g., .html or .txt which are generally considered to be harmless). This must be decided by the application's maintainers. * Fix the RCE vulns via new/rename file Sanitize the arguments to stat using escapeshellarg() Co-authored-by: Jorge Morgado ",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2019-16790,"public function edit_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); $group = new group(); $groups = array( -1 => 'ALL LOGGED IN USERS', -2 => 'ALL NON-LOGGED IN USERS' ); $allGroups = group::getAllGroups(); if (count($allGroups)) { foreach ($allGroups as $g) { $groups[$g->id] = $g->name; }; } $selected_groups = array(); if (!empty($discount->group_ids)) { $selected_groups = expUnserialize($discount->group_ids); } if ($discount->minimum_order_amount == """") $discount->minimum_order_amount = 0; if ($discount->discount_amount == """") $discount->discount_amount = 0; if ($discount->discount_percent == """") $discount->discount_percent = 0; $shipping_services = array(); $shipping_methods = array(); foreach (shipping::listAvailableCalculators() as $calcid=>$name) { if (class_exists($name)) { $calc = new $name($calcid); $shipping_services[$calcid] = $calc->title; $shipping_methods[$calcid] = $calc->availableMethods(); } } assign_to_template(array( 'discount'=>$discount, 'groups'=>$groups, 'selected_groups'=>$selected_groups, 'shipping_services'=>$shipping_services, 'shipping_methods'=>$shipping_methods )); }" 13126,"function scan($dir, $filter = '') { $path = FM_ROOT_PATH.'/'.$dir; $ite = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path)); $rii = new RegexIterator($ite, ""/("".$filter."")/i""); $files = array(); foreach ($rii as $file) { if (!$file->isDir()) { $fileName = $file->getFilename(); $location = str_replace(FM_ROOT_PATH, '', $file->getPath()); $files[] = array( ""name"" => $fileName, ""type"" => ""file"", ""path"" => $location, ); } } return $files; }",True,PHP,scan,tinyfilemanager.php,https://github.com/prasathmani/tinyfilemanager,prasathmani,Prasath Mani,2020-05-18 13:25:02+05:18,"Security fix #357 Download file causes timeout #353 Download Restart @ 88% #312 download large file issues #259 File upload issue #354 FIle Upload URL error #360 Bug in .tar archive extraction when destination(s) file(s) already exist (HTTP error 500) #332 Backup File return false #201",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-12102,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13127,"function scan($dir, $filter = '') { $path = FM_ROOT_PATH.'/'.$dir; $ite = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path)); $rii = new RegexIterator($ite, ""/("".$filter."")/i""); $files = array(); foreach ($rii as $file) { if (!$file->isDir()) { $fileName = $file->getFilename(); $location = str_replace(FM_ROOT_PATH, '', $file->getPath()); $files[] = array( ""name"" => $fileName, ""type"" => ""file"", ""path"" => $location, ); } } return $files; }",True,PHP,scan,tinyfilemanager.php,https://github.com/prasathmani/tinyfilemanager,prasathmani,Prasath Mani,2020-05-18 13:25:02+05:18,"Security fix #357 Download file causes timeout #353 Download Restart @ 88% #312 download large file issues #259 File upload issue #354 FIle Upload URL error #360 Bug in .tar archive extraction when destination(s) file(s) already exist (HTTP error 500) #332 Backup File return false #201",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-12103,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13131,"public function doConfigPageInit($page) { $action = isset($_REQUEST['action'])?$_REQUEST['action']:''; $managerdisplay = isset($_REQUEST['managerdisplay'])?$_REQUEST['managerdisplay']:''; $name = isset($_REQUEST['name'])?$_REQUEST['name']:''; $secret = isset($_REQUEST['secret'])?$_REQUEST['secret']:''; $deny = isset($_REQUEST['deny'])?$_REQUEST['deny']:'0.0.0.0/0.0.0.0'; $permit = isset($_REQUEST['permit'])?$_REQUEST['permit']:'127.0.0.1/255.255.255.0'; $engineinfo = engine_getinfo(); $writetimeout = isset($_REQUEST['writetimeout'])?$_REQUEST['writetimeout']:'100'; $astver = $engineinfo['version']; global $amp_conf; if($action == 'add' || $action == 'delete') { $ampuser = $amp_conf['AMPMGRUSER']; if($ampuser == $name) { $action = 'conflict'; } } switch ($action) { case ""add"": $rights = manager_format_in($_REQUEST); manager_add($name,$secret,$deny,$permit,$rights['read'],$rights['write'],$writetimeout); $_REQUEST['managerdisplay'] = $name; needreload(); break; case ""delete"": manager_del($managerdisplay); needreload(); break; case ""edit"": manager_del($name); $rights = manager_format_in($_REQUEST); manager_add($name,$secret,$deny,$permit,$rights['read'],$rights['write'],$writetimeout); needreload(); break; case ""conflict"": break; } }",True,PHP,doConfigPageInit,Manager.class.php,https://github.com/FreePBX/manager,FreePBX,Franck Danard,2019-09-03 14:46:11+00:00,FREEPBX-20436 XSS vulnerability in manager module,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-16967,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13133,"function recentthread_list_threads($return=false) { global $mybb, $db, $templates, $recentthreadtable, $recentthreads, $settings, $canviewrecentthreads, $cache, $theme, $lang, $threadfields, $xthreadfields; if(!recentthread_can_view()) { return false; } if($mybb->settings['recentthread_pages_shown']) { $allowed_pages = explode(""\n"", $mybb->settings['recentthread_pages_shown']); } else { $allowed_pages = array(); } $allowed_pages = str_replace(array("" "", ""\n"", ""\r""), """", $allowed_pages); $allowed_pages[] = ""xmlhttp.php""; if(!in_array(THIS_SCRIPT, $allowed_pages)) { return false; } $lang->load(""recentthreads""); $lang->load(""forumdisplay""); $icons = $cache->read(""posticons""); require_once MYBB_ROOT.""inc/functions_search.php""; $threadlimit = (int) $mybb->settings['recentthread_threadcount']; if(!$threadlimit) { $threadlimit = 15; } $onlyusfids = array(); $onlycanview = array(); $group_permissions = forum_permissions(); foreach($group_permissions as $fid => $forum_permissions) { if($forum_permissions['canonlyviewownthreads'] == 1) { $onlyusfids[] = $fid; } if ($forum_permissions['canview'] == 0) { $onlycanview[] = $fid; } } $where = """"; if(!empty($onlyusfids)) { $where .= ""AND ((t.fid IN("".implode(',', $onlyusfids)."") AND t.uid='{$mybb->user['uid']}') OR t.fid NOT IN("".implode(',', $onlyusfids).""))""; } if (!empty($onlycanview)) { $where .= ""AND (t.fid NOT IN("".implode(',', $onlycanview).""))""; } $approved = 0; if($mybb->usergroup['canmodcp']==1) { $approved = -1; } $unsearchableforums = get_unsearchable_forums(); $unviewableforums = get_unviewable_forums(); if($unsearchableforums && $unviewableforums) { $forumarray = explode("","", $unsearchableforums . "","" . $unviewableforums); $newarray = array_unique($forumarray); $unsearchableforumssql = "" AND t.fid NOT IN("" . implode("","", $newarray) . "") ""; } if($mybb->settings['recentthread_forumskip']) { $ignoreforums = "" AND t.fid NOT IN("" . $mybb->settings['recentthread_forumskip'] . "") ""; } $forums = $cache->read(""forums""); $prefixes = $cache->read(""threadprefixes""); if($mybb->settings['recentthread_prefix_only']) { if(is_numeric($mybb->settings['recentthread_prefix_only'])) { $prefixonly = "" AND t.prefix = "" . (int) $mybb->settings['recentthread_prefix_only'] . "" ""; } else { $prefixlist = explode("","", $mybb->settings['recentthread_prefix_only']); $newlist = array_map(""intval"", $prefixlist); $prefixonly = "" AND t.prefix IN("" . implode(',', $newlist) . "") ""; } }",True,PHP,recentthread_list_threads,hooks.php,https://github.com/dragonexpert/recentthreads,dragonexpert,GitHub,2019-02-06 14:43:27-06:00,"Update hooks.php Fixes a low risk XSS vulnerability. Classified as low risk due to needing access to ACP->Config.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-25093,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13143,"function execAction($dir, $item) { if(($GLOBALS[""permissions""]&01)!=01) ext_Result::sendResult( 'chmod', false, $GLOBALS[""error_msg""][""accessfunc""]); if( !ext_checkToken($GLOBALS['__POST'][""token""]) ) { ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.'); } if( !empty($GLOBALS['__POST'][""selitems""])) { $cnt=count($GLOBALS['__POST'][""selitems""]); } else { $GLOBALS['__POST'][""selitems""][] = $item; $cnt = 1; } if( !empty($GLOBALS['__POST']['do_recurse'])) { $do_recurse = true; } else { $do_recurse = false; } if(isset($GLOBALS['__POST'][""confirm""]) && $GLOBALS['__POST'][""confirm""]==""true"") { $bin=''; for($i=0;$i<3;$i++) for($j=0;$j<3;$j++) { $tmp=""r_"".$i.$j; if(!empty($GLOBALS['__POST'][$tmp]) ) { $bin.='1'; } else { $bin.='0'; } } if( $bin == '0') { ext_Result::sendResult('chmod', false, $item."": "".ext_Lang::err('chmod_none_not_allowed')); } $old_bin = $bin; for($i=0;$i<$cnt;++$i) { if( ext_isFTPMode() ) { $mode = decoct(bindec($bin)); } else { $mode = bindec($bin); } $item = $GLOBALS['__POST'][""selitems""][$i]; if( ext_isFTPMode() ) { $abs_item = get_item_info( $dir,$item); } else { $abs_item = get_abs_item($dir,$item); } if(!$GLOBALS['ext_File']->file_exists( $abs_item )) { ext_Result::sendResult('chmod', false, $item."": "".$GLOBALS[""error_msg""][""fileexist""]); } if(!get_show_item($dir, $item)) { ext_Result::sendResult('chmod', false, $item."": "".$GLOBALS[""error_msg""][""accessfile""]); } if( $do_recurse ) { $ok = $GLOBALS['ext_File']->chmodRecursive( $abs_item, $mode ); } else { if( get_is_dir( $abs_item )) { $bin = substr_replace( $bin, '1', 2, 1 ); $bin = substr_replace( $bin, '1', 5, 1 ); $bin = substr_replace( $bin, '1', 8, 1 ); if( ext_isFTPMode() ) { $mode = decoct(bindec($bin)); } else { $mode = bindec($bin); } } $ok = @$GLOBALS['ext_File']->chmod( $abs_item, $mode ); } $bin = $old_bin; } if($ok===false || PEAR::isError( $ok ) ) { $msg = $item."": "".$GLOBALS[""error_msg""][""permchange""]; $msg .= PEAR::isError( $ok ) ? ' [' . $ok->getMessage().']' : ''; ext_Result::sendResult('chmod', false, $msg ); } ext_Result::sendResult('chmod', true, ext_Lang::msg('permchange') ); return; } if( ext_isFTPMode() ) { $abs_item = get_item_info( $dir, $GLOBALS['__POST'][""selitems""][0]); } else { $abs_item = get_abs_item( $dir, $GLOBALS['__POST'][""selitems""][0]); $abs_item = utf8_decode($abs_item); } $mode = parse_file_perms(get_file_perms( $abs_item )); if($mode===false) { ext_Result::sendResult('chmod', false, $item."": "".$GLOBALS[""error_msg""][""permread""]); } $pos = ""rwx""; $text = """"; for($i=0;$i<$cnt;++$i) { $s_item=get_rel_item($dir,$GLOBALS['__POST'][""selitems""][$i]); if(strlen($s_item)>50) $s_item=""..."".substr($s_item,-47); $text .= $s_item.($i+1<$cnt ? ', ':''); }",True,PHP,execAction,chmod.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-25096,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13144,"function execAction($dir, $item) { if(($GLOBALS[""permissions""]&01)!=01) ext_Result::sendResult( 'chmod', false, $GLOBALS[""error_msg""][""accessfunc""]); if( !ext_checkToken($GLOBALS['__POST'][""token""]) ) { ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.'); } if( !empty($GLOBALS['__POST'][""selitems""])) { $cnt=count($GLOBALS['__POST'][""selitems""]); } else { $GLOBALS['__POST'][""selitems""][] = $item; $cnt = 1; } if( !empty($GLOBALS['__POST']['do_recurse'])) { $do_recurse = true; } else { $do_recurse = false; } if(isset($GLOBALS['__POST'][""confirm""]) && $GLOBALS['__POST'][""confirm""]==""true"") { $bin=''; for($i=0;$i<3;$i++) for($j=0;$j<3;$j++) { $tmp=""r_"".$i.$j; if(!empty($GLOBALS['__POST'][$tmp]) ) { $bin.='1'; } else { $bin.='0'; } } if( $bin == '0') { ext_Result::sendResult('chmod', false, $item."": "".ext_Lang::err('chmod_none_not_allowed')); } $old_bin = $bin; for($i=0;$i<$cnt;++$i) { if( ext_isFTPMode() ) { $mode = decoct(bindec($bin)); } else { $mode = bindec($bin); } $item = $GLOBALS['__POST'][""selitems""][$i]; if( ext_isFTPMode() ) { $abs_item = get_item_info( $dir,$item); } else { $abs_item = get_abs_item($dir,$item); } if(!$GLOBALS['ext_File']->file_exists( $abs_item )) { ext_Result::sendResult('chmod', false, $item."": "".$GLOBALS[""error_msg""][""fileexist""]); } if(!get_show_item($dir, $item)) { ext_Result::sendResult('chmod', false, $item."": "".$GLOBALS[""error_msg""][""accessfile""]); } if( $do_recurse ) { $ok = $GLOBALS['ext_File']->chmodRecursive( $abs_item, $mode ); } else { if( get_is_dir( $abs_item )) { $bin = substr_replace( $bin, '1', 2, 1 ); $bin = substr_replace( $bin, '1', 5, 1 ); $bin = substr_replace( $bin, '1', 8, 1 ); if( ext_isFTPMode() ) { $mode = decoct(bindec($bin)); } else { $mode = bindec($bin); } } $ok = @$GLOBALS['ext_File']->chmod( $abs_item, $mode ); } $bin = $old_bin; } if($ok===false || PEAR::isError( $ok ) ) { $msg = $item."": "".$GLOBALS[""error_msg""][""permchange""]; $msg .= PEAR::isError( $ok ) ? ' [' . $ok->getMessage().']' : ''; ext_Result::sendResult('chmod', false, $msg ); } ext_Result::sendResult('chmod', true, ext_Lang::msg('permchange') ); return; } if( ext_isFTPMode() ) { $abs_item = get_item_info( $dir, $GLOBALS['__POST'][""selitems""][0]); } else { $abs_item = get_abs_item( $dir, $GLOBALS['__POST'][""selitems""][0]); $abs_item = utf8_decode($abs_item); } $mode = parse_file_perms(get_file_perms( $abs_item )); if($mode===false) { ext_Result::sendResult('chmod', false, $item."": "".$GLOBALS[""error_msg""][""permread""]); } $pos = ""rwx""; $text = """"; for($i=0;$i<$cnt;++$i) { $s_item=get_rel_item($dir,$GLOBALS['__POST'][""selitems""][$i]); if(strlen($s_item)>50) $s_item=""..."".substr($s_item,-47); $text .= $s_item.($i+1<$cnt ? ', ':''); }",True,PHP,execAction,chmod.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2019-25097,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13145,"function execAction($dir, $item) { if(($GLOBALS[""permissions""]&01)!=01) ext_Result::sendResult( 'chmod', false, $GLOBALS[""error_msg""][""accessfunc""]); if( !ext_checkToken($GLOBALS['__POST'][""token""]) ) { ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.'); } if( !empty($GLOBALS['__POST'][""selitems""])) { $cnt=count($GLOBALS['__POST'][""selitems""]); } else { $GLOBALS['__POST'][""selitems""][] = $item; $cnt = 1; } if( !empty($GLOBALS['__POST']['do_recurse'])) { $do_recurse = true; } else { $do_recurse = false; } if(isset($GLOBALS['__POST'][""confirm""]) && $GLOBALS['__POST'][""confirm""]==""true"") { $bin=''; for($i=0;$i<3;$i++) for($j=0;$j<3;$j++) { $tmp=""r_"".$i.$j; if(!empty($GLOBALS['__POST'][$tmp]) ) { $bin.='1'; } else { $bin.='0'; } } if( $bin == '0') { ext_Result::sendResult('chmod', false, $item."": "".ext_Lang::err('chmod_none_not_allowed')); } $old_bin = $bin; for($i=0;$i<$cnt;++$i) { if( ext_isFTPMode() ) { $mode = decoct(bindec($bin)); } else { $mode = bindec($bin); } $item = $GLOBALS['__POST'][""selitems""][$i]; if( ext_isFTPMode() ) { $abs_item = get_item_info( $dir,$item); } else { $abs_item = get_abs_item($dir,$item); } if(!$GLOBALS['ext_File']->file_exists( $abs_item )) { ext_Result::sendResult('chmod', false, $item."": "".$GLOBALS[""error_msg""][""fileexist""]); } if(!get_show_item($dir, $item)) { ext_Result::sendResult('chmod', false, $item."": "".$GLOBALS[""error_msg""][""accessfile""]); } if( $do_recurse ) { $ok = $GLOBALS['ext_File']->chmodRecursive( $abs_item, $mode ); } else { if( get_is_dir( $abs_item )) { $bin = substr_replace( $bin, '1', 2, 1 ); $bin = substr_replace( $bin, '1', 5, 1 ); $bin = substr_replace( $bin, '1', 8, 1 ); if( ext_isFTPMode() ) { $mode = decoct(bindec($bin)); } else { $mode = bindec($bin); } } $ok = @$GLOBALS['ext_File']->chmod( $abs_item, $mode ); } $bin = $old_bin; } if($ok===false || PEAR::isError( $ok ) ) { $msg = $item."": "".$GLOBALS[""error_msg""][""permchange""]; $msg .= PEAR::isError( $ok ) ? ' [' . $ok->getMessage().']' : ''; ext_Result::sendResult('chmod', false, $msg ); } ext_Result::sendResult('chmod', true, ext_Lang::msg('permchange') ); return; } if( ext_isFTPMode() ) { $abs_item = get_item_info( $dir, $GLOBALS['__POST'][""selitems""][0]); } else { $abs_item = get_abs_item( $dir, $GLOBALS['__POST'][""selitems""][0]); $abs_item = utf8_decode($abs_item); } $mode = parse_file_perms(get_file_perms( $abs_item )); if($mode===false) { ext_Result::sendResult('chmod', false, $item."": "".$GLOBALS[""error_msg""][""permread""]); } $pos = ""rwx""; $text = """"; for($i=0;$i<$cnt;++$i) { $s_item=get_rel_item($dir,$GLOBALS['__POST'][""selitems""][$i]); if(strlen($s_item)>50) $s_item=""..."".substr($s_item,-47); $text .= $s_item.($i+1<$cnt ? ', ':''); }",True,PHP,execAction,chmod.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2019-25098,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13149,"function down_home($abs_dir) { if( ext_isFTPMode() ) { return true; } $real_home = @realpath($GLOBALS[""home_dir""]); $real_dir = @realpath($abs_dir); if($real_home===false || $real_dir===false) { if(@stristr($abs_dir,""\\.\\."")) return false; } else if(strcmp($real_home,@substr($real_dir,0,strlen($real_home)))) { return false; } return true; }",True,PHP,down_home,functions.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-25096,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13150,"function down_home($abs_dir) { if( ext_isFTPMode() ) { return true; } $real_home = @realpath($GLOBALS[""home_dir""]); $real_dir = @realpath($abs_dir); if($real_home===false || $real_dir===false) { if(@stristr($abs_dir,""\\.\\."")) return false; } else if(strcmp($real_home,@substr($real_dir,0,strlen($real_home)))) { return false; } return true; }",True,PHP,down_home,functions.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2019-25097,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13151,"function down_home($abs_dir) { if( ext_isFTPMode() ) { return true; } $real_home = @realpath($GLOBALS[""home_dir""]); $real_dir = @realpath($abs_dir); if($real_home===false || $real_dir===false) { if(@stristr($abs_dir,""\\.\\."")) return false; } else if(strcmp($real_home,@substr($real_dir,0,strlen($real_home)))) { return false; } return true; }",True,PHP,down_home,functions.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2019-25098,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13152,foreach ( $msgtype as $message ) { $messagetxt .= $message .'
    '; },True,PHP,foreach,result.class.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-25096,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13153,foreach ( $msgtype as $message ) { $messagetxt .= $message .'
    '; },True,PHP,foreach,result.class.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2019-25097,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13154,foreach ( $msgtype as $message ) { $messagetxt .= $message .'
    '; },True,PHP,foreach,result.class.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2019-25098,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13155,foreach ( $errortype as $error ) { $messagetxt .= $error .'
    '; },True,PHP,foreach,result.class.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-25096,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13156,foreach ( $errortype as $error ) { $messagetxt .= $error .'
    '; },True,PHP,foreach,result.class.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2019-25097,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13157,foreach ( $errortype as $error ) { $messagetxt .= $error .'
    '; },True,PHP,foreach,result.class.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2019-25098,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13164,"function get_result_array($list) { if(!is_array($list)) return; $cnt = count($list); $array = array(); for($i=0;$i<$cnt;++$i) { $dir = $list[$i][0]; $item = $list[$i][1]; $s_dir=str_ireplace($GLOBALS['home_dir'], '', $dir ); if(strlen($s_dir)>65) $s_dir=substr($s_dir,0,62).""...""; $s_item=str_ireplace($GLOBALS['home_dir'], '', $item ); if(strlen($s_item)>45) $s_item=substr($s_item,0,42).""...""; $link = """"; $target = """"; if(get_is_dir($dir,$item)) { $img = ""dir.png""; $link = ext_make_link(""list"",get_rel_item($dir, $item),NULL); } else { $img = get_mime_type( $item, ""img""); $link = $GLOBALS[""home_url""].""/"".get_rel_item($dir, $item); $target = ""_blank""; } $array[$i]['last_mtime'] = ext_isFTPMode() ? $GLOBALS['ext_File']->filemtime($GLOBALS['home_dir'].'/'.$dir.'/'.$item) : filemtime($dir.'/'.$item); $array[$i]['file_id'] = md5($s_dir.$s_item); $array[$i]['dir'] = str_ireplace($GLOBALS['home_dir'], '', $dir ); $array[$i]['s_dir'] = empty($s_dir) ? '' : $s_dir; $array[$i]['file'] = $s_item; $array[$i]['link'] = $link; $array[$i]['icon'] = _EXT_URL.""/images/$img""; } return $array; }",True,PHP,get_result_array,search.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-25096,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13165,"function get_result_array($list) { if(!is_array($list)) return; $cnt = count($list); $array = array(); for($i=0;$i<$cnt;++$i) { $dir = $list[$i][0]; $item = $list[$i][1]; $s_dir=str_ireplace($GLOBALS['home_dir'], '', $dir ); if(strlen($s_dir)>65) $s_dir=substr($s_dir,0,62).""...""; $s_item=str_ireplace($GLOBALS['home_dir'], '', $item ); if(strlen($s_item)>45) $s_item=substr($s_item,0,42).""...""; $link = """"; $target = """"; if(get_is_dir($dir,$item)) { $img = ""dir.png""; $link = ext_make_link(""list"",get_rel_item($dir, $item),NULL); } else { $img = get_mime_type( $item, ""img""); $link = $GLOBALS[""home_url""].""/"".get_rel_item($dir, $item); $target = ""_blank""; } $array[$i]['last_mtime'] = ext_isFTPMode() ? $GLOBALS['ext_File']->filemtime($GLOBALS['home_dir'].'/'.$dir.'/'.$item) : filemtime($dir.'/'.$item); $array[$i]['file_id'] = md5($s_dir.$s_item); $array[$i]['dir'] = str_ireplace($GLOBALS['home_dir'], '', $dir ); $array[$i]['s_dir'] = empty($s_dir) ? '' : $s_dir; $array[$i]['file'] = $s_item; $array[$i]['link'] = $link; $array[$i]['icon'] = _EXT_URL.""/images/$img""; } return $array; }",True,PHP,get_result_array,search.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2019-25097,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13166,"function get_result_array($list) { if(!is_array($list)) return; $cnt = count($list); $array = array(); for($i=0;$i<$cnt;++$i) { $dir = $list[$i][0]; $item = $list[$i][1]; $s_dir=str_ireplace($GLOBALS['home_dir'], '', $dir ); if(strlen($s_dir)>65) $s_dir=substr($s_dir,0,62).""...""; $s_item=str_ireplace($GLOBALS['home_dir'], '', $item ); if(strlen($s_item)>45) $s_item=substr($s_item,0,42).""...""; $link = """"; $target = """"; if(get_is_dir($dir,$item)) { $img = ""dir.png""; $link = ext_make_link(""list"",get_rel_item($dir, $item),NULL); } else { $img = get_mime_type( $item, ""img""); $link = $GLOBALS[""home_url""].""/"".get_rel_item($dir, $item); $target = ""_blank""; } $array[$i]['last_mtime'] = ext_isFTPMode() ? $GLOBALS['ext_File']->filemtime($GLOBALS['home_dir'].'/'.$dir.'/'.$item) : filemtime($dir.'/'.$item); $array[$i]['file_id'] = md5($s_dir.$s_item); $array[$i]['dir'] = str_ireplace($GLOBALS['home_dir'], '', $dir ); $array[$i]['s_dir'] = empty($s_dir) ? '' : $s_dir; $array[$i]['file'] = $s_item; $array[$i]['link'] = $link; $array[$i]['icon'] = _EXT_URL.""/images/$img""; } return $array; }",True,PHP,get_result_array,search.php,https://github.com/soerennb/extplorer,soerennb,Sören,2019-05-15 10:53:07+02:00,"- fixed various security issues reported by Mario Korth: * potential XSS * Arbitrary file read * Path traversal in listing directory contents * Path traversal in archive feature - added new turkish translations",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2019-25098,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13174,"public function validateReference() { $docElem = $this->sigNode->ownerDocument->documentElement; if (! $docElem->isSameNode($this->sigNode)) { if ($this->sigNode->parentNode != null) { $this->sigNode->parentNode->removeChild($this->sigNode); } } $xpath = $this->getXPathObj(); $query = ""./secdsig:SignedInfo/secdsig:Reference""; $nodeset = $xpath->query($query, $this->sigNode); if ($nodeset->length == 0) { throw new Exception(""Reference nodes not found""); } $this->validatedNodes = array(); foreach ($nodeset AS $refNode) { if (! $this->processRefNode($refNode)) { $this->validatedNodes = null; throw new Exception(""Reference validation failed""); } } return true; }",True,PHP,validateReference,XMLSecurityDSig.php,https://github.com/robrichards/xmlseclibs,robrichards,Rob Richards,2019-11-05 06:44:22-05:00,Release 3.0.4. Security release for CVE-2019-3465,CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2019-3465,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13175,"$val = trim($pfx); if (! empty($val)) { $arpfx[] = $val; } } if (count($arpfx) > 0) { $prefixList = $arpfx; } } break; } $node = $node->nextSibling; } break; case 'http: case 'http: if (!$includeCommentNodes) { $canonicalMethod = 'http: } else { $canonicalMethod = $algorithm; } break; case 'http: $node = $transform->firstChild; while ($node) { if ($node->localName == 'XPath') { $arXPath = array(); $arXPath['query'] = '(. $arXpath['namespaces'] = array(); $nslist = $xpath->query('./namespace::*', $node); foreach ($nslist AS $nsnode) { if ($nsnode->localName != ""xml"") { $arXPath['namespaces'][$nsnode->localName] = $nsnode->nodeValue; } } break; } $node = $node->nextSibling; } break; } } if ($data instanceof DOMNode) { $data = $this->canonicalizeData($objData, $canonicalMethod, $arXPath, $prefixList); } return $data; }",True,PHP,trim,XMLSecurityDSig.php,https://github.com/robrichards/xmlseclibs,robrichards,Rob Richards,2019-11-05 06:44:22-05:00,Release 3.0.4. Security release for CVE-2019-3465,CWE-347,Improper Verification of Cryptographic Signature,"The product does not verify, or incorrectly verifies, the cryptographic signature for data.",https://cwe.mitre.org/data/definitions/347.html,CVE-2019-3465,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13179,"public function before_content( $content ) { global $post; $post_id = $post->ID; if ( is_singular( 'sell_media_item' ) || sell_media_attachment( $post_id ) || sell_media_is_search() ) { if ( post_password_required( $post ) || ( isset( $post->post_parent ) && post_password_required( $post->post_parent ) ) ) { return $content; } $has_multiple_attachments = sell_media_has_multiple_attachments( $post_id ); $wrap = ( ! $has_multiple_attachments || 'attachment' === get_post_type( $post_id ) ) ? true : false; $new_content = ''; if ( $wrap ) { $new_content .= '
    '; } $new_content .= sell_media_breadcrumbs(); $new_content .= sell_media_get_media(); $new_content .= $content; if ( $wrap ) { $new_content .= '
    '; } $content = $new_content; sell_media_set_post_views( $post_id ); } return apply_filters( 'sell_media_content', $content ); }",True,PHP,before_content,class-layouts.php,https://github.com/graphpaperpress/Sell-Media,graphpaperpress,Daro,2019-01-03 09:55:28-06:00,"Fixed masonry layouts, sanitized search input, and misc PHP notices",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-6112,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13181,"$array = array( 'taxonomy' => 'keywords', 'field' => 'name', 'terms' => array( $n ), 'operator' => 'NOT IN' ); $tax_array[] = $array; } $tax_query = array( 'relation' => 'AND', $tax_array ); } else { $one_big_keyword = str_replace( ',', ' ', $search_term ); $search_terms[] .= $one_big_keyword; $tax_query = array( array( 'taxonomy' => 'keywords', 'field' => 'name', 'terms' => $search_terms, ) ); } $args = array( 'post_type' => 'attachment', 'paged' => $paged, 'post_status' => array( 'publish', 'inherit' ), 'post_mime_type' => $mime_type, 'post_parent__in' => sell_media_ids(), 'tax_query' => $tax_query ); $args = apply_filters( 'sell_media_search_args', $args ); $search_query = new WP_Query( $args ); $i = 0; if ( $search_query->have_posts() ) { $html .= '

    ' . sprintf( esc_html__( 'We found %1$s results for ""%2$s.""', 'sell_media' ), $search_query->found_posts, $search_term ) . '

    '; $html .= sell_media_format_related_search_results( $search_terms ); $html .= $this->search_help(); $html .= ''; $html .= sell_media_pagination_filter( $search_query->max_num_pages ); $text = esc_html__( 'Explore more from our store', 'sell_media' ); $html .= '

    ' . $text . '

    '; $html .= do_shortcode( '[sell_media_filters]' ); } else { if ( $search_terms ) { $text = sprintf( __( 'Sorry, no results for ""%1$s.""', 'sell_media' ), $search_term ); $html .= $this->search_help(); } else { $html .= $this->search_help(); } $html .= '

    ' . $text . '

    '; $html .= do_shortcode( '[sell_media_filters]' ); } wp_reset_postdata(); $i = 0; }",True,PHP,array,class-search.php,https://github.com/graphpaperpress/Sell-Media,graphpaperpress,Daro,2019-01-03 09:55:28-06:00,"Fixed masonry layouts, sanitized search input, and misc PHP notices",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-6112,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13182,"function sell_media_ecommerce_enabled( $post_id ) { $status = true; $meta = get_post_meta( $post_id, 'sell_media_enable_ecommerce', true ); if ( class_exists( 'VS_Platform' ) && 0 === $meta ) { $status = false; } return $status; }",True,PHP,sell_media_ecommerce_enabled,helpers.php,https://github.com/graphpaperpress/Sell-Media,graphpaperpress,Daro,2019-01-03 09:55:28-06:00,"Fixed masonry layouts, sanitized search input, and misc PHP notices",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-6112,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13184,"function sell_media_scripts( $hook ) { $settings = sell_media_get_plugin_options(); $checkout_page = empty( $settings->checkout_page ) ? '' : $settings->checkout_page; $test_mode = empty( $settings->test_mode ) ? false : $settings->test_mode; wp_enqueue_script( 'sell_media_jquery_cookie', SELL_MEDIA_PLUGIN_URL . 'js/jquery.cookie.js', array( 'jquery' ), SELL_MEDIA_VERSION ); wp_enqueue_script( 'sell_media', SELL_MEDIA_PLUGIN_URL . 'js/sell_media.js', array( 'jquery', 'sell_media_jquery_cookie' ), SELL_MEDIA_VERSION ); wp_enqueue_style( 'sell_media', SELL_MEDIA_PLUGIN_URL . 'css/sell_media.css', array( 'dashicons' ), SELL_MEDIA_VERSION ); if ( is_customize_preview() || ( isset( $settings->thumbnail_layout ) && 'sell-media-masonry' === $settings->thumbnail_layout ) ) { wp_enqueue_script( 'sell_media_masonry', SELL_MEDIA_PLUGIN_URL . 'js/macy.min.js', array( 'jquery' ), SELL_MEDIA_VERSION, true ); wp_add_inline_script( 'sell_media_masonry', ' setTimeout(function(){ var galleries = document.querySelectorAll("".sell-media-grid-item-masonry-container""); var macyInstances = []; var macyOptions = { trueOrder: false, waitForImages: true, margin: 10, columns: 4, breakAt: { 1200: 4, 940: 3, 520: 1 } }; for (var i = 0; i < galleries.length; i++) { var newId = ""sell-media-instance-"" + i; galleries[i].id = newId; macyOptions.container = ""#"" + newId; macyInstances.push(Macy(macyOptions)); } window.dispatchEvent(new Event(""resize"")); }, 100)' ); } if ( isset( $settings->style ) && '' !== $settings->style ) { wp_enqueue_style( 'sell_media_style', SELL_MEDIA_PLUGIN_URL . 'css/sell_media-' . $settings->style . '.css', array( 'sell_media' ), SELL_MEDIA_VERSION ); } else { wp_enqueue_style( 'sell_media_style', SELL_MEDIA_PLUGIN_URL . 'css/sell_media-light.css', array( 'sell_media' ), SELL_MEDIA_VERSION ); } wp_localize_script( 'sell_media', 'sell_media', array( 'ajaxurl' => esc_url( admin_url( 'admin-ajax.php' ) ), 'pluginurl' => esc_url( SELL_MEDIA_PLUGIN_URL . 'sell-media.php' ), 'site_name' => esc_html( get_bloginfo( 'name' ) ), 'site_url' => esc_url( site_url() ), 'checkout_url' => esc_url( get_permalink( $checkout_page ) ), 'currency_symbol' => empty( $settings->currency ) ? 'USD' : $settings->currency, 'dashboard_page' => empty( $settings->dashboard_page ) ? '' : esc_url( get_permalink( $settings->dashboard_page ) ), 'error' => array( 'email_exists' => __( 'Sorry that email already exists or is invalid', 'sell_media' ), ), 'sandbox' => ( 1 === $test_mode ) ? true : false, 'paypal_email' => empty( $settings->paypal_email ) ? null : $settings->paypal_email, 'thanks_page' => empty( $settings->thanks_page ) ? '' : esc_url( get_permalink( $settings->thanks_page ) ), 'listener_url' => esc_url( add_query_arg( 'sell_media-listener', 'IPN', home_url( 'index.php' ) ) ), 'added_to_cart' => sprintf( ""%s! %s!"", __( 'Added', 'sell_media' ), __( 'Checkout now', 'sell_media' ) ), 'cart_labels' => array( 'name' => __( 'Name', 'sell_media' ), 'size' => __( 'Size', 'sell_media' ), 'license' => __( 'License', 'sell_media' ), 'price' => __( 'Price', 'sell_media' ), 'qty' => __( 'Qty', 'sell_media' ), 'sub_total' => __( 'Subtotal', 'sell_media' ), ), 'cart_style' => apply_filters( 'sell_media_cart_style', 'table' ), 'tax' => empty( $settings->tax ) ? 0 : $settings->tax_rate, 'tax_display' => empty( $settings->tax_display ) ? 'exclusive' : $settings->tax_display, 'shipping' => apply_filters( 'sell_media_shipping', 0 ), 'cart_error' => __( 'There was an error loading the cart data. Please contact the site owner.', 'sell_media' ), 'checkout_text' => __( 'Checkout Now', 'sell_media' ), 'checkout_wait_text' => __( 'Please wait...', 'sell_media' ), 'remove_text' => __( 'Remove from Lightbox', 'sell_media' ), 'save_text' => __( 'Save to Lightbox', 'sell_media' ), 'currencies' => sell_media_currencies(), ) ); do_action( 'sell_media_scripts_hook' ); }",True,PHP,sell_media_scripts,scripts.php,https://github.com/graphpaperpress/Sell-Media,graphpaperpress,Daro,2019-01-03 09:55:28-06:00,"Fixed masonry layouts, sanitized search input, and misc PHP notices",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2019-6112,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13186,"public static function strValidCharacters($string, $checkType) { if (trim($string) === '') { return false; } switch ($checkType) { case 'noSpecialChar': $validRegex = '/^[\w.@+-]+$/i'; break; case 'email': $validRegex = '/^[\wáàâåäæçéèêîñóòôöõøœúùûüß.@+-]+$/i'; break; case 'file': $validRegex = '=^[^/?*;:~<>|\""\\\\]+\.[^/?*;:~<>|‚\""\\\\]+$='; break; case 'folder': $validRegex = '=^[^/?*;:~<>|\""\\\\]+$='; break; case 'url': $validRegex = '/^[\wáàâåäæçéèêîñóòôöõøœúùûüß$&!?() \/%= break; case 'phone': $validRegex = '/^[\d() \/+-]+$/i'; break; default: return false; } if (!preg_match($validRegex, $string)) { return false; } switch ($checkType) { case 'email': return filter_var(trim($string), FILTER_VALIDATE_EMAIL) !== false; case 'url': return filter_var(trim($string), FILTER_VALIDATE_URL) !== false; default: return true; } }",True,PHP,strValidCharacters,StringUtils.php,https://github.com/Admidio/admidio,Admidio,Markus Faßbender,2021-12-06 18:21:41+01:00,Cross-site Scripting (XSS) when redirect an url,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-43810,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13192,"public function pluginDetails() { return [ 'name' => 'Debugbar', 'description' => 'Debugbar integration for OctoberCMS.', 'author' => 'RainLab', 'icon' => 'icon-cog', 'homepage' => 'https: ]; }",True,PHP,pluginDetails,Plugin.php,https://github.com/rainlab/debugbar-plugin,rainlab,Luke Towers,2020-05-31 15:13:58-06:00,3.1.1 styling improvements and security fix,CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2020-11094,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13196,"public function boot() { Config::set('debugbar', Config::get('rainlab.debugbar::config')); App::register('\Barryvdh\Debugbar\ServiceProvider'); $alias = AliasLoader::getInstance(); $alias->alias('Debugbar', '\Barryvdh\Debugbar\Facade'); if (Config::get('app.debugAjax', false)) { $this->app['Illuminate\Contracts\Http\Kernel']->pushMiddleware('\RainLab\Debugbar\Middleware\Debugbar'); } Event::listen('cms.page.beforeDisplay', function ($controller, $url, $page) { if (!BackendAuth::check()) { Debugbar::disable(); } $twig = $controller->getTwig(); if (!$twig->hasExtension(\Barryvdh\Debugbar\Twig\Extension\Debug::class)) { $twig->addExtension(new \Barryvdh\Debugbar\Twig\Extension\Debug($this->app)); $twig->addExtension(new \Barryvdh\Debugbar\Twig\Extension\Stopwatch($this->app)); } }); }",True,PHP,boot,Plugin.php,https://github.com/rainlab/debugbar-plugin,rainlab,Luke Towers,2020-05-31 15:13:58-06:00,3.1.1 styling improvements and security fix,CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2020-11094,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13200,"public function handle($request, Closure $next) { $debugbar = $this->app['debugbar']; try { return $next($request); } catch (\Exception $ex) { if (!\Request::ajax()) { throw $ex; } $debugbar->addException($ex); $message = $ex instanceof AjaxException ? $ex->getContents() : \October\Rain\Exception\ErrorHandler::getDetailedMessage($ex); return \Response::make($message, $this->getStatusCode($ex), $debugbar->getDataAsHeaders()); } }",True,PHP,handle,InterpretsAjaxExceptions.php,https://github.com/rainlab/debugbar-plugin,rainlab,Luke Towers,2020-05-31 15:13:58-06:00,3.1.1 styling improvements and security fix,CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2020-11094,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13201,protected function getStatusCode($exception) { if ($exception instanceof HttpExceptionInterface) { $code = $exception->getStatusCode(); } elseif ($exception instanceof AjaxException) { $code = 406; } else { $code = 500; } return $code; },True,PHP,getStatusCode,InterpretsAjaxExceptions.php,https://github.com/rainlab/debugbar-plugin,rainlab,Luke Towers,2020-05-31 15:13:58-06:00,3.1.1 styling improvements and security fix,CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2020-11094,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13204,"public function getFlashCookieObject($name) { if (isset($_COOKIE[$name])) { $object = json_decode($_COOKIE[$name], false); setcookie($name, '', time() - 3600, '/'); return $object; } return null; }",True,PHP,getFlashCookieObject,Session.php,https://github.com/getgrav/grav,getgrav,Matias Griese,2021-09-14 18:28:07+03:00,Fixed `Session::setFlashCookieObject()` to use the same options as the main session cookie,CWE-565,Reliance on Cookies without Validation and Integrity Checking,"The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.",https://cwe.mitre.org/data/definitions/565.html,CVE-2021-3818,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13206,"public function setFlashCookieObject($name, $object, $time = 60) { setcookie($name, json_encode($object), time() + $time, '/'); return $this; }",True,PHP,setFlashCookieObject,Session.php,https://github.com/getgrav/grav,getgrav,Matias Griese,2021-09-14 18:28:07+03:00,Fixed `Session::setFlashCookieObject()` to use the same options as the main session cookie,CWE-565,Reliance on Cookies without Validation and Integrity Checking,"The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.",https://cwe.mitre.org/data/definitions/565.html,CVE-2021-3818,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13208,"public function invalidate() { $name = $this->getName(); if (null !== $name) { $params = session_get_cookie_params(); $cookie_options = array ( 'expires' => time() - 42000, 'path' => $params['path'], 'domain' => $params['domain'], 'secure' => $params['secure'], 'httponly' => $params['httponly'], 'samesite' => $params['samesite'] ); $this->removeCookie(); setcookie( session_name(), '', $cookie_options ); } if ($this->isSessionStarted()) { session_unset(); session_destroy(); } $this->started = false; return $this; }",True,PHP,invalidate,Session.php,https://github.com/getgrav/grav,getgrav,Matias Griese,2021-09-14 18:28:07+03:00,Fixed `Session::setFlashCookieObject()` to use the same options as the main session cookie,CWE-565,Reliance on Cookies without Validation and Integrity Checking,"The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.",https://cwe.mitre.org/data/definitions/565.html,CVE-2021-3818,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13212,"public static function svgImageFunction($path, $classes = null, $strip_style = false) { $path = Utils::fullPath($path); $classes = $classes ?: ''; if (file_exists($path) && !is_dir($path)) { $svg = file_get_contents($path); $classes = "" inline-block $classes""; $matched = false; $svg = preg_replace('/^<\?xml.*\?>/','', $svg); if ($strip_style) { $svg = preg_replace('//s', '', $svg); } $svg = preg_replace_callback('/^]*(class=\""([^""]*)\"")[^>]*>/', function($matches) use ($classes, &$matched) { if (isset($matches[2])) { $new_classes = $matches[2] . $classes; $matched = true; return str_replace($matches[1], ""class=\""$new_classes\"""", $matches[0]); } return $matches[0]; }, $svg ); if (!$matched) { $classes = trim($classes); $svg = str_replace('jsonSerialize(); } elseif (method_exists($data, 'toArray')) { $data = $data->toArray(); } else { $data = json_decode(json_encode($data), true); } } return Yaml::dump($data, $inline); } public function yamlDecodeFilter($data) { return Yaml::parse($data); } public function getTypeFunc($var) { return gettype($var); } public function ofTypeFunc($var, $typeTest = null, $className = null) { switch ($typeTest) { default: return false; case 'array': return is_array($var); case 'bool': return is_bool($var); case 'class': return is_object($var) === true && get_class($var) === $className; case 'float': return is_float($var); case 'int': return is_int($var); case 'numeric': return is_numeric($var); case 'object': return is_object($var); case 'scalar': return is_scalar($var); case 'string': return is_string($var); } } function filterFilter(Environment $env, $array, $arrow) { if (is_string($arrow) && Utils::isDangerousFunction($arrow)) { throw new RuntimeError('Twig |filter(""' . $arrow . '"") is not allowed.'); } return twig_array_filter($env, $array, $arrow); } function mapFilter(Environment $env, $array, $arrow) { if (is_string($arrow) && Utils::isDangerousFunction($arrow)) { throw new RuntimeError('Twig |map(""' . $arrow . '"") is not allowed.'); } return twig_array_map($env, $array, $arrow); } }",True,PHP,svgImageFunction,GravExtension.php,https://github.com/getgrav/grav,getgrav,Andy Miller,2023-06-13 17:45:40-06:00,better SSTI in |map and |filter,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2023-34448,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13213,"public static function svgImageFunction($path, $classes = null, $strip_style = false) { $path = Utils::fullPath($path); $classes = $classes ?: ''; if (file_exists($path) && !is_dir($path)) { $svg = file_get_contents($path); $classes = "" inline-block $classes""; $matched = false; $svg = preg_replace('/^<\?xml.*\?>/','', $svg); if ($strip_style) { $svg = preg_replace('//s', '', $svg); } $svg = preg_replace_callback('/^]*(class=\""([^""]*)\"")[^>]*>/', function($matches) use ($classes, &$matched) { if (isset($matches[2])) { $new_classes = $matches[2] . $classes; $matched = true; return str_replace($matches[1], ""class=\""$new_classes\"""", $matches[0]); } return $matches[0]; }, $svg ); if (!$matched) { $classes = trim($classes); $svg = str_replace('jsonSerialize(); } elseif (method_exists($data, 'toArray')) { $data = $data->toArray(); } else { $data = json_decode(json_encode($data), true); } } return Yaml::dump($data, $inline); } public function yamlDecodeFilter($data) { return Yaml::parse($data); } public function getTypeFunc($var) { return gettype($var); } public function ofTypeFunc($var, $typeTest = null, $className = null) { switch ($typeTest) { default: return false; case 'array': return is_array($var); case 'bool': return is_bool($var); case 'class': return is_object($var) === true && get_class($var) === $className; case 'float': return is_float($var); case 'int': return is_int($var); case 'numeric': return is_numeric($var); case 'object': return is_object($var); case 'scalar': return is_scalar($var); case 'string': return is_string($var); } } function filterFilter(Environment $env, $array, $arrow) { if (!$arrow instanceof \Closure && !is_string($arrow) || Utils::isDangerousFunction($arrow)) { throw new RuntimeError('Twig |filter(""' . $arrow . '"") is not allowed.'); } return twig_array_filter($env, $array, $arrow); } function mapFilter(Environment $env, $array, $arrow) { if (!$arrow instanceof \Closure && !is_string($arrow) || Utils::isDangerousFunction($arrow)) { throw new RuntimeError('Twig |map(""' . $arrow . '"") is not allowed.'); } return twig_array_map($env, $array, $arrow); } }",True,PHP,svgImageFunction,GravExtension.php,https://github.com/getgrav/grav,getgrav,Andy Miller,2023-06-14 11:08:17-06:00,also handle SSTI in reduce twig filter + function,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2023-34252,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13218,"public function redirect($route, $code = null) { $uri = $this['uri']; $regex = '/.*(\[(30[1-7])\])$/'; preg_match($regex, $route, $matches); if ($matches) { $route = str_replace($matches[1], '', $matches[0]); $code = $matches[2]; } if ($code === null) { $code = $this['config']->get('system.pages.redirect_default_code', 302); } if (isset($this['session'])) { $this['session']->close(); } if ($uri->isExternal($route)) { $url = $route; } else { $url = rtrim($uri->rootUrl(), '/') . '/'; if ($this['config']->get('system.pages.redirect_trailing_slash', true)) { $url .= trim($route, '/'); } else { $url .= ltrim($route, '/'); } } header(""Location: {$url}"", true, $code); exit(); }",True,PHP,redirect,Grav.php,https://github.com/getgrav/grav,getgrav,Andy Miller,2020-03-18 17:32:46-06:00,Fix for user reported CVE path-based open redirect,CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2020-11529,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13219,"$contents = ['form' => tep_draw_form('countries', 'countries.php', 'page=' . $_GET['page'] . '&action=insert')];",True,PHP,$contents,countries.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13222,"$contents[] = ['class' => 'text-center', 'text' => tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-save', null, 'primary', null, 'btn-success xxx text-white mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-times', tep_href_link('countries.php', 'page=' . $_GET['page']), null, null, 'btn-light')];",True,PHP,],countries.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13224,"$contents = ['form' => tep_draw_form('currencies', 'currencies.php', 'page=' . $_GET['page'] . (isset($cInfo) ? '&cID=' . $cInfo->currencies_id : '') . '&action=insert')];",True,PHP,$contents,currencies.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13226,"$contents[] = ['class' => 'text-center', 'text' => tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-save', null, 'primary', null, 'btn-success xxx text-white mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-times', tep_href_link('currencies.php', 'page=' . $_GET['page'] . '&cID=' . $cInfo->currencies_id), null, null, 'btn-light')];",True,PHP,],currencies.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13228,"$contents = ['form' => tep_draw_form('customer_data_groups', 'customer_data_groups.php', 'page=' . $_GET['page'] . '&action=insert')];",True,PHP,$contents,customer_data_groups.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13230,"$contents[] = ['class' => 'text-center', 'text' => tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-save', null, 'primary', null, 'btn-success xxx text-white mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-times', tep_href_link('customer_data_groups.php', 'page=' . $_GET['page']), null, null, 'btn-light')];",True,PHP,],customer_data_groups.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13231,"$confirm_string .= tep_draw_hidden_field('chosen[]', $customer_id); } } else { $confirm_string .= tep_draw_hidden_field('global', 'true'); } $confirm_string .= tep_draw_bootstrap_button(IMAGE_SEND, 'fas fa-paper-plane', null, 'primary', null, 'btn-success btn-block btn-lg'); $confirm_string .= ''; } $confirm_string .= tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-angle-left', tep_href_link('newsletters.php', 'page=' . $_GET['page'] . '&nID=' . $_GET['nID'] . '&action=send'), 'primary', null, 'btn-light mt-2'); return $confirm_string; }",True,PHP,tep_draw_hidden_field,product_notification.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13234,"$contents = ['form' => tep_draw_form('languages', 'languages.php', 'page=' . $_GET['page'] . '&lID=' . $lInfo->languages_id . '&action=save')];",True,PHP,$contents,languages.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13235,"$contents[] = ['class' => 'text-center', 'text' => '
    ' . tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-save', null, 'primary', null, 'btn-success xxx text-white mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-times', tep_href_link('languages.php', 'page=' . $_GET['page'] . '&lID=' . $lInfo->languages_id), null, null, 'btn-light')];",True,PHP,],languages.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13237,"$contents = ['form' => tep_draw_form('manufacturers', 'manufacturers.php', 'page=' . $_GET['page'] . '&mID=' . $mInfo->manufacturers_id . '&action=save', 'post', 'enctype=""multipart/form-data""')];",True,PHP,$contents,manufacturers.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,public function update_discount() { $id = empty($this->params['id']) ? null : $this->params['id']; $discount = new discounts($id); if ($this->params['required_shipping_calculator_id'] > 0) { $this->params['required_shipping_method'] = $this->params['required_shipping_methods'][$this->params['required_shipping_calculator_id']]; } else { $this->params['required_shipping_calculator_id'] = 0; } $discount->update($this->params); expHistory::back(); } 13238,"$contents[] = ['class' => 'text-center', 'text' => tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-save', null, 'primary', null, 'btn-success xxx text-white mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-times', tep_href_link('manufacturers.php', 'page=' . $_GET['page'] . '&mID=' . (int)$mInfo->manufacturers_id), null, null, 'btn-light')];",True,PHP,],manufacturers.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13241,"$contents[] = ['class' => 'text-center', 'text' => tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-save', null, 'primary', null, 'btn-success xxx text-white mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-times', tep_href_link('orders_status.php', 'page=' . $_GET['page']), null, null, 'btn-light')];",True,PHP,],orders_status.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13243,"$contents = ['form' => tep_draw_form('status', 'orders_status.php', 'page=' . $_GET['page'] . '&action=insert')];",True,PHP,$contents,orders_status.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13245,"$contents[] = ['class' => 'text-center', 'text' => tep_draw_bootstrap_button(IMAGE_DELETE, 'fas fa-trash', null, 'primary', null, 'btn-danger xxx text-white mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-times', tep_href_link('reviews.php', 'page=' . $_GET['page'] . '&rID=' . $rInfo->reviews_id), null, null, 'btn-light')];",True,PHP,],reviews.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13247,"$contents = ['form' => tep_draw_form('reviews', 'reviews.php', 'page=' . $_GET['page'] . '&rID=' . $rInfo->reviews_id . '&action=deleteconfirm')];",True,PHP,$contents,reviews.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13249,"$contents[] = ['class' => 'text-center', 'text' => tep_draw_bootstrap_button(IMAGE_DELETE, 'fas fa-trash', null, 'primary', null, 'btn-danger xxx text-white mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-times', tep_href_link('specials.php', 'page=' . $_GET['page'] . '&sID=' . $sInfo->specials_id), null, null, 'btn-light')];",True,PHP,],specials.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13251,"$contents = ['form' => tep_draw_form('specials', 'specials.php', 'page=' . $_GET['page'] . '&sID=' . $sInfo->specials_id . '&action=deleteconfirm')];",True,PHP,$contents,specials.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13253,"$contents = ['form' => tep_draw_form('classes', 'tax_classes.php', 'page=' . $_GET['page'] . '&action=insert')];",True,PHP,$contents,tax_classes.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13254,"$contents[] = ['class' => 'text-center', 'text' => tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-save', null, null, null, 'btn-success xxx text-white mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-times', tep_href_link('tax_classes.php', 'page=' . $_GET['page']), null, null, 'btn-light')];",True,PHP,],tax_classes.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13256,"$contents = ['form' => tep_draw_form('rates', 'tax_rates.php', 'page=' . $_GET['page'] . '&action=insert')];",True,PHP,$contents,tax_rates.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13257,"$contents[] = ['class' => 'text-center', 'text' => tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-save', null, 'primary', null, 'btn-success xxx text-white mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-times', tep_href_link('tax_rates.php', 'page=' . $_GET['page']), null, null, 'btn-light')];",True,PHP,],tax_rates.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13260,"$contents = ['form' => tep_draw_form('testimonials', 'testimonials.php', 'page=' . $_GET['page'] . '&tID=' . $tInfo->testimonials_id . '&action=deleteconfirm')];",True,PHP,$contents,testimonials.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13262,"$contents[] = ['class' => 'text-center', 'text' => tep_draw_bootstrap_button(IMAGE_DELETE, 'fas fa-trash', null, 'primary', null, 'btn-danger xxx text-white mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-times', tep_href_link('testimonials.php', 'page=' . $_GET['page'] . '&tID=' . $tInfo->testimonials_id), null, null, 'btn-light')];",True,PHP,],testimonials.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13264,"$contents = ['form' => tep_draw_form('zones', 'zones.php', 'page=' . $_GET['page'] . '&action=insert')];",True,PHP,$contents,zones.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13267,"$contents[] = ['class' => 'text-center', 'text' => tep_draw_bootstrap_button(IMAGE_SAVE, 'fas fa-save', null, 'primary', null, 'btn-success xxx text-white mr-2') . tep_draw_bootstrap_button(IMAGE_CANCEL, 'fas fa-times', tep_href_link('zones.php', 'page=' . $_GET['page']), null, null, 'btn-light')];",True,PHP,],zones.php,https://github.com/gburton/CE-Phoenix,gburton,gburton,2020-04-21 17:19:33+01:00,"Harden _GET page parameter TY to the guys at SISL Chicago",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12058,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13269,"private function sub_resource_download() { if (empty($this->response->meta->sub_resource_id)) { $this->response->meta->sub_resource_id = 0; } $attachment = $this->m_devices->read_sub_resource($this->response->meta->id, $this->response->meta->sub_resource, $this->response->meta->sub_resource_id, '*', '', '', ''); $this->load->helper('file'); if (php_uname('s') === 'Windows NT') { $temp = explode('\\', $attachment[0]->attributes->filename); } else { $temp = explode('/', $attachment[0]->attributes->filename); } $filename = $temp[count($temp)-1]; $filename = preg_replace('/'.$this->response->meta->id.'_/', '', $filename, 1); header('Content-Type: '.get_mime_by_extension($attachment[0]->attributes->filename)); header('Content-Disposition: attachment;filename=""'.$filename.'""'); header('Cache-Control: max-age=0'); readfile($attachment[0]->attributes->filename); }",True,PHP,sub_resource_download,devices.php,https://github.com/Opmantek/open-audit,Opmantek,Mark Unwin,2021-11-26 22:50:04+10:00,Fix for image upload path traversal issue.,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-44674,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13273,"function update($vars, &$errors) { if (!$vars['grace_period']) $errors['grace_period'] = __('Grace period required'); elseif (!is_numeric($vars['grace_period'])) $errors['grace_period'] = __('Numeric value required (in hours)'); elseif ($vars['grace_period'] > 8760) $errors['grace_period'] = sprintf( __('%s cannot be more than 8760 hours'), __('Grace period') ); if (!$vars['name']) $errors['name'] = __('Name is required'); elseif (($sid=SLA::getIdByName($vars['name'])) && $sid!=$vars['id']) $errors['name'] = __('Name already exists'); if ($errors) return false; $this->name = $vars['name']; $this->grace_period = $vars['grace_period']; $this->notes = Format::sanitize($vars['notes']); $this->flags = ($vars['isactive'] ? self::FLAG_ACTIVE : 0) | (isset($vars['disable_overdue_alerts']) ? self::FLAG_NOALERTS : 0) | (isset($vars['enable_priority_escalation']) ? self::FLAG_ESCALATE : 0) | (isset($vars['transient']) ? self::FLAG_TRANSIENT : 0); if ($this->save()) return true; if (isset($this->id)) { $errors['err']=sprintf(__('Unable to update %s.'), __('this SLA plan')) .' '.__('Internal error occurred'); } else { $errors['err']=sprintf(__('Unable to add %s.'), __('this SLA plan')) .' '.__('Internal error occurred'); } return false; }",True,PHP,update,class.sla.php,https://github.com/osticket/osticket,osticket,JediKev,2020-04-28 13:34:06-05:00,"xss: SLA Name This mitigates an issue discovered by Gais Cyber Security where the SLA Name can be exploited via XSS to execute code. This sanitizes the content for `create()` and `update()` with `Format::htmlchars()` so we are safe from any XSS attempts.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-12629,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13275,"function getMimeType() { if (!isset($this->_mimetype)) { $finfo = new finfo(FILEINFO_MIME); $this->_mimetype = $finfo->buffer($this->getContents(), FILEINFO_MIME_TYPE); } return $this->_mimetype; }",True,PHP,getMimeType,class.file.php,https://github.com/osticket/osticket,osticket,JediKev,2023-03-08 10:31:12-06:00,"xss: Draft Files This mitigates an XSS vulnerability with files uploaded through drafts.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1320,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13280,"function getAdvancedSearchDialog($key=false, $context='advsearch') { global $thisstaff; if (!$thisstaff) Http::response(403, 'Agent login required'); $search = new AdhocSearch(array( 'root' => 'T', 'staff_id' => $thisstaff->getId(), 'parent_id' => @$_GET['parent_id'] ?: 0, )); if ($search->parent_id) { $search->flags |= SavedSearch::FLAG_INHERIT_COLUMNS; } if (isset($_SESSION[$context]) && $key && $_SESSION[$context][$key]) $search->config = $_SESSION[$context][$key]; $this->_tryAgain($search); }",True,PHP,getAdvancedSearchDialog,ajax.search.php,https://github.com/osticket/osticket,osticket,JediKev,2023-03-08 10:35:56-06:00,"xss: Search parent_id This mitigates a vulnerability reported by @indevi0us where XSS is possible via the parent_id parameter. This forces the parameter to an INT so that there is no chance of XSS.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1315,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13282,"function createSearch() { global $thisstaff; if (!$thisstaff) Http::response(403, 'Agent login is required'); $search = SavedSearch::create(array( 'title' => __('Add Queue'), 'root' => 'T', 'staff_id' => $thisstaff->getId(), 'parent_id' => $_GET['pid'], )); $this->_tryAgain($search); }",True,PHP,createSearch,ajax.search.php,https://github.com/osticket/osticket,osticket,JediKev,2023-03-08 10:35:56-06:00,"xss: Search parent_id This mitigates a vulnerability reported by @indevi0us where XSS is possible via the parent_id parameter. This forces the parameter to an INT so that there is no chance of XSS.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1315,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13284,"$matched[] = array('name' => Format::htmlchars($name), 'info' => $name, 'id' => $id, '/bin/true' => $_REQUEST['q']);",True,PHP,array,ajax.orgs.php,https://github.com/osticket/osticket,osticket,JediKev,2023-03-08 10:36:28-06:00,"xss: Organization Search q This mitigates a vulnerability reported by @indevi0us where XSS is possible via the `q` parameter in organization lookups. This sanitizes the parameter value before use as well as htmlchars it before adding to JSON output.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1317,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13287,"function update($vars, &$errors) { if (!$vars['name']) $errors['name'] = __('Name required'); elseif (($r=Role::lookup(array('name'=>$vars['name']))) && $r->getId() != $vars['id']) $errors['name'] = __('Name already in use'); elseif (!$vars['perms'] || !count($vars['perms'])) $errors['err'] = __('Must check at least one permission for the role'); if ($errors) return false; $this->name = $vars['name']; $this->notes = $vars['notes']; $this->updatePerms($vars['perms'], $errors); if (!$this->save(true)) return false; return true; }",True,PHP,update,class.role.php,https://github.com/osticket/osticket,osticket,JediKev,2023-03-08 10:50:07-06:00,"xss: Roles This mitigates a vulnerability reported by indevi0us where XSS is possible via the `name` parameter for Roles.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1319,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13288,static function get_path_info() { if(isset($_SERVER['PATH_INFO'])) return $_SERVER['PATH_INFO']; if(isset($_SERVER['ORIG_PATH_INFO'])) return $_SERVER['ORIG_PATH_INFO']; return null; },True,PHP,get_path_info,class.osticket.php,https://github.com/osticket/osticket,osticket,JediKev,2023-03-08 10:53:55-06:00,"xss: AJAX Paths This mitigates a vulnerability reported by indevi0us where XSS is possible via some AJAX paths.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-1318,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13290,"function _makeChooseCheckbox($value, $title) { global $THIS_RET; return """"; }",True,PHP,_makeChooseCheckbox,AdvancedReport.php,https://github.com/OS4ED/openSIS-Responsive-Design,OS4ED,OS4ED Administrator,2020-04-25 17:45:25-04:00,"Version 7.4 release update Version 7.4 release update",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-13380,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13291,"function _makeChooseCheckbox($value, $title) { global $THIS_RET; return """"; }",True,PHP,_makeChooseCheckbox,AdvancedReport.php,https://github.com/OS4ED/openSIS-Responsive-Design,OS4ED,OS4ED Administrator,2020-04-25 17:45:25-04:00,"Version 7.4 release update Version 7.4 release update",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-13383,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13292,"function _makeChooseCheckbox($value, $title) { global $THIS_RET; return """"; }",True,PHP,_makeChooseCheckbox,AdvancedReport.php,https://github.com/OS4ED/openSIS-Responsive-Design,OS4ED,OS4ED Administrator,2020-04-25 17:45:25-04:00,"Version 7.4 release update Version 7.4 release update",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-6637,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13296,"function _makeChooseCheckbox($value, $title) { global $THIS_RET; return """"; }",True,PHP,_makeChooseCheckbox,StudentLabels.php,https://github.com/OS4ED/openSIS-Responsive-Design,OS4ED,OS4ED Administrator,2020-04-25 17:45:25-04:00,"Version 7.4 release update Version 7.4 release update",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-13380,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13297,"function _makeChooseCheckbox($value, $title) { global $THIS_RET; return """"; }",True,PHP,_makeChooseCheckbox,StudentLabels.php,https://github.com/OS4ED/openSIS-Responsive-Design,OS4ED,OS4ED Administrator,2020-04-25 17:45:25-04:00,"Version 7.4 release update Version 7.4 release update",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-13383,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13298,"function _makeChooseCheckbox($value, $title) { global $THIS_RET; return """"; }",True,PHP,_makeChooseCheckbox,StudentLabels.php,https://github.com/OS4ED/openSIS-Responsive-Design,OS4ED,OS4ED Administrator,2020-04-25 17:45:25-04:00,"Version 7.4 release update Version 7.4 release update",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-6637,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13304,"public function getSelectorsBySpecificity($sSpecificitySearch = null) { if (is_numeric($sSpecificitySearch) || is_numeric($sSpecificitySearch[0])) { $sSpecificitySearch = ""== $sSpecificitySearch""; } $aResult = array(); $this->allSelectors($aResult, $sSpecificitySearch); return $aResult; }",True,PHP,getSelectorsBySpecificity,Document.php,https://github.com/sabberworm/PHP-CSS-Parser,sabberworm,Raphael Schweikert,2020-06-01 11:03:20+02:00,Don’t use eval,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2020-13756,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13307,"$stmt->bindValue("":$field"", $domain, SQLITE3_TEXT); if($bindcomment) { $stmt->bindValue("":comment"", $comment, SQLITE3_TEXT); } if($stmt->execute() && $stmt->reset()) $num++; else { $stmt->close(); if($returnnum) return $num; else { if($num === 1) $plural = """"; else $plural = ""s""; return ""Error: "".$db->lastErrorMsg()."", added "".$num."" domain"".$plural; } } } $stmt->close(); $db->exec(""COMMIT;""); if($returnnum) return $num; else { $finalcount = intval($db->querySingle($countquery)); $modified = $finalcount - $initialcount; if($modified !== $num) { $delta = $num - $modified; $extra = "" (skipped "".$delta."" duplicates)""; } else { $extra = """"; } if($num === 1) $plural = """"; else $plural = ""s""; return ""Success, added "".$modified."" of "".$num."" domain"".$plural.$extra; } }",True,PHP,bindValue,database.php,https://github.com/pi-hole/AdminLTE,pi-hole,Adam Warner,2020-06-13 18:50:36+01:00,"make use of utils.escapeHtml on the JS side of things, and html_entity_decode/htmlentities in PHP Signed-off-by: Adam Warner ",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-14971,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13308,"function deleteAllCustomDNSEntries() { $handle = fopen($customDNSFile, ""r""); if ($handle) { try { while (($line = fgets($handle)) !== false) { $line = str_replace(""\r"","""", $line); $line = str_replace(""\n"","""", $line); $explodedLine = explode ("" "", $line); if (count($explodedLine) != 2) continue; $ip = $explodedLine[0]; $domain = $explodedLine[1]; pihole_execute(""-a removecustomdns "".$ip."" "".$domain); } } catch (\Exception $ex) { return errorJsonResponse($ex->getMessage()); } fclose($handle); } return successJsonResponse(); }",True,PHP,deleteAllCustomDNSEntries,func.php,https://github.com/pi-hole/AdminLTE,pi-hole,Adam Warner,2020-06-13 18:50:36+01:00,"make use of utils.escapeHtml on the JS side of things, and html_entity_decode/htmlentities in PHP Signed-off-by: Adam Warner ",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-14971,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13310,"function archive_restore_table($file, $table, $flush=false) { global $db, $flushed_tables; $json_string = file_get_contents($file); if(is_null($json_string)) return 0; $contents = json_decode($json_string, true); if(is_null($contents)) return 0; if($flush && !in_array($table, $flushed_tables)) { $db->exec(""DELETE FROM \"""".$table.""\""""); array_push($flushed_tables, $table); } if($table === ""adlist"") { $sql = ""INSERT OR IGNORE INTO adlist""; $sql .= "" (id,address,enabled,date_added,comment)""; $sql .= "" VALUES (:id,:address,:enabled,:date_added,:comment);""; } elseif($table === ""domain_audit"") { $sql = ""INSERT OR IGNORE INTO domain_audit""; $sql .= "" (id,domain,date_added)""; $sql .= "" VALUES (:id,:domain,:date_added);""; } elseif($table === ""domainlist"") { $sql = ""INSERT OR IGNORE INTO domainlist""; $sql .= "" (id,domain,enabled,date_added,comment,type)""; $sql .= "" VALUES (:id,:domain,:enabled,:date_added,:comment,:type);""; } elseif($table === ""group"") { $sql = ""INSERT OR IGNORE INTO \""group\""""; $sql .= "" (id,name,date_added,description)""; $sql .= "" VALUES (:id,:name,:date_added,:description);""; } elseif($table === ""client"") { $sql = ""INSERT OR IGNORE INTO client""; $sql .= "" (id,ip,date_added,comment)""; $sql .= "" VALUES (:id,:ip,:date_added,:comment);""; } elseif($table === ""domainlist_by_group"") { $sql = ""INSERT OR IGNORE INTO domainlist_by_group""; $sql .= "" (domainlist_id,group_id)""; $sql .= "" VALUES (:domainlist_id,:group_id);""; } elseif($table === ""client_by_group"") { $sql = ""INSERT OR IGNORE INTO client_by_group""; $sql .= "" (client_id,group_id)""; $sql .= "" VALUES (:client_id,:group_id);""; } elseif($table === ""adlist_by_group"") { $sql = ""INSERT OR IGNORE INTO adlist_by_group""; $sql .= "" (adlist_id,group_id)""; $sql .= "" VALUES (:adlist_id,:group_id);""; } else { if($table === ""whitelist"") $type = 0; elseif($table === ""blacklist"") $type = 1; elseif($table === ""regex_whitelist"") $type = 2; elseif($table === ""regex_blacklist"") $type = 3; $sql = ""INSERT OR IGNORE INTO domainlist""; $sql .= "" (id,domain,enabled,date_added,comment,type)""; $sql .= "" VALUES (:id,:domain,:enabled,:date_added,:comment,$type);""; $field = ""domain""; } $stmt = $db->prepare($sql); if(!$stmt) { echo ""Failed to prepare statement for "".$table."" table.""; echo $sql; return 0; } $num = 0; foreach($contents as $row) { if(strlen($row[$field]) > 253) continue; foreach($row as $key => $value) { $type = gettype($value); $sqltype=NULL; switch($type) { case ""integer"": $sqltype = SQLITE3_INTEGER; break; case ""string"": $sqltype = SQLITE3_TEXT; break; case ""NULL"": $sqltype = SQLITE3_NULL; break; default: $sqltype = ""UNK""; } $stmt->bindValue("":"".$key, $value, $sqltype); } if($stmt->execute() && $stmt->reset() && $stmt->clear()) $num++; else { $stmt->close(); return $num; } } $stmt->close(); return $num; }",True,PHP,archive_restore_table,teleporter.php,https://github.com/pi-hole/AdminLTE,pi-hole,Adam Warner,2020-06-13 18:50:36+01:00,"make use of utils.escapeHtml on the JS side of things, and html_entity_decode/htmlentities in PHP Signed-off-by: Adam Warner ",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-14971,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13313,"foreach($row as $key => $value) { $type = gettype($value); $sqltype=NULL; switch($type) { case ""integer"": $sqltype = SQLITE3_INTEGER; break; case ""string"": $sqltype = SQLITE3_TEXT; break; case ""NULL"": $sqltype = SQLITE3_NULL; break; default: $sqltype = ""UNK""; } $stmt->bindValue("":"".$key, $value, $sqltype); }",True,PHP,foreach,teleporter.php,https://github.com/pi-hole/AdminLTE,pi-hole,Adam Warner,2020-06-13 18:50:36+01:00,"make use of utils.escapeHtml on the JS side of things, and html_entity_decode/htmlentities in PHP Signed-off-by: Adam Warner ",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2020-14971,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13315,"protected function getBodyTagAttributes() { $formEngineParameters = []; $parameters = parent::getBodyTagAttributes(); $formEngineParameters['fieldChangeFunc'] = $this->parameters['fieldChangeFunc']; $formEngineParameters['fieldChangeFuncHash'] = GeneralUtility::hmac(serialize($this->parameters['fieldChangeFunc'])); $parameters['data-add-on-params'] .= HttpUtility::buildQueryString(['P' => $formEngineParameters], '&'); return $parameters; }",True,PHP,getBodyTagAttributes,LinkBrowserController.php,https://github.com/TYPO3/TYPO3.CMS,TYPO3,Oliver Hader,2020-07-28 10:19:06+02:00,"[SECURITY] Avoid ambiguous HMAC results Cryptographic hashes being calculated from and for query parameters must only be used for a specific use-case or scope in order to avoid resulting hashes being ambiguous. Resolves: #91689 Releases: master, 10.4, 9.5 Change-Id: I59ca16fe71e27195b98a822607aab564425d248d Security-Bulletin: TYPO3-CORE-SA-2020-008 Security-References: CVE-2020-15098 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65125 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-15098,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13316,"$value = str_replace($originalName, $cleanedName, $value); } unset($value); } $result = hash_equals(GeneralUtility::hmac(serialize($fieldChangeFunctions)), $this->parameters['fieldChangeFuncHash']); } return $result; }",True,PHP,str_replace,LinkBrowserController.php,https://github.com/TYPO3/TYPO3.CMS,TYPO3,Oliver Hader,2020-07-28 10:19:06+02:00,"[SECURITY] Avoid ambiguous HMAC results Cryptographic hashes being calculated from and for query parameters must only be used for a specific use-case or scope in order to avoid resulting hashes being ambiguous. Resolves: #91689 Releases: master, 10.4, 9.5 Change-Id: I59ca16fe71e27195b98a822607aab564425d248d Security-Bulletin: TYPO3-CORE-SA-2020-008 Security-References: CVE-2020-15098 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65125 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-15098,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13318,"public function render() { $languageService = $this->getLanguageService(); $options = $this->data['renderData']['fieldControlOptions']; $title = $options['title'] ?? 'LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:labels.edit'; $parameterArray = $this->data['parameterArray']; $itemName = $parameterArray['itemFormElName']; $windowOpenParameters = $options['windowOpenParameters'] ?? 'height=800,width=600,status=0,menubar=0,scrollbars=1'; $flexFormDataStructureIdentifier = $this->data['flexFormDataStructureIdentifier'] ?? ''; $flexFormDataStructurePath = ''; if (!empty($flexFormDataStructureIdentifier)) { if (empty($this->data['flexFormContainerName'])) { $flexFormDataStructurePath = 'sheets/' . $this->data['flexFormSheetName'] . '/ROOT/el/' . $this->data['flexFormFieldName'] . '/TCEforms/config'; } else { $flexFormDataStructurePath = 'sheets/' . $this->data['flexFormSheetName'] . '/ROOT/el/' . $this->data['flexFormFieldName'] . '/el/' . $this->data['flexFormContainerName'] . '/el/' . $this->data['flexFormContainerFieldName'] . '/TCEforms/config'; } } $urlParameters = [ 'P' => [ 'table' => $this->data['tableName'], 'field' => $this->data['fieldName'], 'formName' => 'editform', 'flexFormDataStructureIdentifier' => $flexFormDataStructureIdentifier, 'flexFormDataStructurePath' => $flexFormDataStructurePath, 'hmac' => GeneralUtility::hmac('editform' . $itemName, 'wizard_js'), 'fieldChangeFunc' => $parameterArray['fieldChangeFunc'], 'fieldChangeFuncHash' => GeneralUtility::hmac(serialize($parameterArray['fieldChangeFunc'])), ], ]; $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class); $url = (string)$uriBuilder->buildUriFromRoute('wizard_edit', $urlParameters); $id = StringUtility::getUniqueId('t3js-formengine-fieldcontrol-'); return [ 'iconIdentifier' => 'actions-open', 'title' => $title, 'linkAttributes' => [ 'id' => htmlspecialchars($id), 'href' => $url, 'data-element' => $itemName, 'data-window-parameters' => $windowOpenParameters, ], 'requireJsModules' => [ ['TYPO3/CMS/Backend/FormEngine/FieldControl/EditPopup' => 'function(FieldControl) {new FieldControl(' . GeneralUtility::quoteJSvalue('#' . $id) . ');}'], ], ]; }",True,PHP,render,EditPopup.php,https://github.com/TYPO3/TYPO3.CMS,TYPO3,Oliver Hader,2020-07-28 10:19:06+02:00,"[SECURITY] Avoid ambiguous HMAC results Cryptographic hashes being calculated from and for query parameters must only be used for a specific use-case or scope in order to avoid resulting hashes being ambiguous. Resolves: #91689 Releases: master, 10.4, 9.5 Change-Id: I59ca16fe71e27195b98a822607aab564425d248d Security-Bulletin: TYPO3-CORE-SA-2020-008 Security-References: CVE-2020-15098 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65125 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2020-15098,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13320,"protected function _validateSecretKey() { if (is_array($this->_publicActions) && in_array($this->getRequest()->getActionName(), $this->_publicActions)) { return true; } if (!($secretKey = $this->getRequest()->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME, null)) || $secretKey != Mage::getSingleton('adminhtml/url')->getSecretKey()) { return false; } return true; }",True,PHP,_validateSecretKey,Action.php,https://github.com/OpenMage/magento-lts,OpenMage,GitHub,2020-08-18 19:19:54+02:00,Merge pull request from GHSA-crf2-xm6x-46p6,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-15151,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13324,"protected function _afterLoad() { if ($this->_addUrlRewrite) { $this->_addUrlRewrite($this->_urlRewriteCategory); } if (count($this) > 0) { Mage::dispatchEvent('catalog_product_collection_load_after', array('collection' => $this)); } foreach ($this as $product) { if ($product->isRecurring() && $profile = $product->getRecurringProfile()) { $product->setRecurringProfile(unserialize($profile)); } } return $this; }",True,PHP,_afterLoad,Collection.php,https://github.com/OpenMage/magento-lts,OpenMage,GitHub,2020-10-20 23:19:07+02:00,Merge pull request from GHSA-jrgf-vfw2-hj26,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2020-15244,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13327,"private static function read_from_images($name = 'blankalbum.png') { $path = __DIR__ . '/../../../public/images/blankalbum.png'; if (!Core::is_readable($path)) { debug_event(self::class, 'read_from_images ' . $path . ' cannot be read.', 1); return null; } $image = ''; $filepath = fopen($path, ""rb""); do { $image .= fread($filepath, 2048); } while (!feof($filepath)); fclose($filepath); return $image; }",True,PHP,read_from_images,Art.php,https://github.com/ampache/ampache,ampache,lachlan,2022-12-14 17:47:15+10:00,think we good now,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-4665,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13328,"public static function check_dimensions($dimensions) { $width = (int)($dimensions['width']); $height = (int)($dimensions['height']); if ($width > 0 && $height > 0) { $minw = (AmpConfig::get('album_art_min_width')) ? AmpConfig::get('album_art_min_width') : 0; $maxw = (AmpConfig::get('album_art_max_width')) ? AmpConfig::get('album_art_max_width') : 0; $minh = (AmpConfig::get('album_art_min_height')) ? AmpConfig::get('album_art_min_height') : 0; $maxh = (AmpConfig::get('album_art_max_height')) ? AmpConfig::get('album_art_max_height') : 0; if ($minw > 0 && $width < $minw) { debug_event(self::class, ""Image width not in range (min=$minw, max=$maxw, current=$width)."", 1); return false; } if ($maxw > 0 && $width > $maxw) { debug_event(self::class, ""Image width not in range (min=$minw, max=$maxw, current=$width)."", 1); return false; } if ($minh > 0 && $height < $minh) { debug_event(self::class, ""Image height not in range (min=$minh, max=$maxh, current=$height)."", 1); return false; } if ($maxh > 0 && $height > $maxh) { debug_event(self::class, ""Image height not in range (min=$minh, max=$maxh, current=$height)."", 1); return false; } } return true; }",True,PHP,check_dimensions,Art.php,https://github.com/ampache/ampache,ampache,lachlan,2022-12-14 17:47:15+10:00,think we good now,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-4665,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13329,"public static function display( $object_type, $object_id, $name, $thumb, $link = null, $show_default = true, $kind = 'default' ) { if (!self::is_valid_type($object_type)) { return false; } if (!$show_default) { if (!self::has_db($object_id, $object_type, $kind)) { return false; } } $size = self::get_thumb_size($thumb); $prettyPhoto = ($link === null); if ($link === null) { $link = AmpConfig::get('web_path') . ""/image.php?object_id="" . $object_id . ""&object_type="" . $object_type . ""&thumb="" . $thumb; if (AmpConfig::get('use_auth') && AmpConfig::get('require_session')) { $link .= ""&auth="" . session_id(); } if ($kind != 'default') { $link .= '&kind=' . $kind; } } echo ""
    ""; echo """"; $imgurl = AmpConfig::get('web_path') . ""/image.php?object_id="" . $object_id . ""&object_type="" . $object_type . ""&thumb="" . $thumb; if ($kind != 'default') { $imgurl .= '&kind=' . $kind; } if (Art::has_db($object_id, $object_type)) { $art = new Art($object_id, $object_type); if ($art->has_db_info()) { $imgurl .= '&fooid=' . $art->id; } } $size['height'] /= 2; $size['width'] /= 2; echo ""\""""""; if ($size['height'] >= 150 && $size['height'] <= 300) { echo ""
    ""; echo Ajax::text('?page=stream&action=directplay&object_type=' . $object_type . '&object_id=' . $object_id . '\' + getPagePlaySettings() + \'', '', 'directplay_art_' . $object_type . '_' . $object_id); echo ""
    ""; } if ($prettyPhoto) { $class_name = ObjectTypeToClassNameMapper::map($object_type); $libitem = new $class_name($object_id); echo ""
    ""; if (Core::get_global('user')->has_access(50) || (Core::get_global('user')->has_access(25) && Core::get_global('user')->id == $libitem->get_user_owner())) { echo """"; echo """"; echo Ui::get_icon('delete', T_('Reset Art')); echo """"; } echo ""
    ""; } echo ""\n""; echo ""
    ""; return true; }",True,PHP,display,Art.php,https://github.com/ampache/ampache,ampache,lachlan,2022-12-14 17:47:15+10:00,think we good now,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-4665,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13331,"private function _get_extra_info() { if (parent::is_cached('tvshow_extra', $this->id)) { $row = parent::get_from_cache('tvshow_extra', $this->id); } else { $sql = ""SELECT COUNT(`tvshow_episode`.`id`) AS `episode_count`, `video`.`catalog` AS `catalog_id` FROM `tvshow_episode` LEFT JOIN `video` ON `video`.`id` = `tvshow_episode`.`id` WHERE `tvshow_episode`.`season` = ?GROUP BY `catalog_id`""; $db_results = Dba::read($sql, array($this->id)); $row = Dba::fetch_assoc($db_results); parent::add_to_cache('tvshow_extra', $this->id, $row); } $this->episodes = $row['episode_count']; $this->catalog_id = $row['catalog_id']; return $row; }",True,PHP,_get_extra_info,TVShow_Season.php,https://github.com/ampache/ampache,ampache,lachlan,2022-12-14 17:47:15+10:00,think we good now,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-4665,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13333,"public function upload_avatar() { $upload = array(); if (!empty($_FILES['avatar']['tmp_name']) && $_FILES['avatar']['size'] <= AmpConfig::get('max_upload_size')) { $path_info = pathinfo($_FILES['avatar']['name']); $upload['file'] = $_FILES['avatar']['tmp_name']; $upload['mime'] = 'image/' . $path_info['extension']; $image_data = Art::get_from_source($upload, 'user'); if ($image_data !== '') { return $this->update_avatar($image_data, $upload['mime']); } } return true; }",True,PHP,upload_avatar,User.php,https://github.com/ampache/ampache,ampache,lachlan,2022-12-14 17:47:15+10:00,think we good now,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-4665,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13336,"public static function get_user($input_count, $input_type, $user, $full = 0) { $type = self::validate_type($input_type); $date = ($full > 0) ? '0' : time() - (86400 * (int)AmpConfig::get('stats_threshold', 7)); $sql = ""SELECT `object_id`, COUNT(`id`) AS `count` FROM `object_count` WHERE `object_type` = ? AND `date` >= ? AND `user` = ? GROUP BY `object_id` ORDER BY `count` DESC LIMIT $input_count""; $db_results = Dba::read($sql, array($type, $date, $user)); $results = array(); while ($row = Dba::fetch_assoc($db_results)) { $results[] = $row; } return $results; }",True,PHP,get_user,Stats.php,https://github.com/ampache/ampache,ampache,lachlan,2023-01-20 09:58:23+10:00,cast to into for search limit searches,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-0771,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13340,"public function get_info($object_id, $table_name = '') { $table_name = $table_name ? Dba::escape($table_name) : Dba::escape(strtolower(get_class($this))); if ($object_id < 1) { return array(); } if (self::is_cached($table_name, $object_id)) { return self::get_from_cache($table_name, $object_id); } $sql = ""SELECT * FROM `$table_name` WHERE `id`='$object_id'""; $db_results = Dba::read($sql); if (!$db_results) { return array(); } $row = Dba::fetch_assoc($db_results); self::add_to_cache($table_name, $object_id, $row); return $row; }",True,PHP,get_info,database_object.abstract.php,https://github.com/ampache/ampache,ampache,lachlan-00,2020-08-18 17:25:36+10:00,"Update database_object.abstract.php cast int for object_id",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-15153,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13342,"public function fileExt($check, $exts) { $file = $check[key($check)]; if (!empty($file['name'])) { if (!is_array($exts)) { $exts = explode(',', $exts); } $ext = decodeContent($file['type'], $file['name']); if (in_array($ext, $exts)) { return true; } else { return false; } } return true; }",True,PHP,fileExt,BcAppModel.php,https://github.com/baserproject/basercms,baserproject,gondoh,2023-02-27 17:25:17+09:00,"fix CVE-2023-25654 ファイル更新時のValidationを改善",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-25654,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13344,"public function fileExt($check, $exts) { $file = $check[key($check)]; if (!is_array($exts)) { $exts = explode(',', $exts); } if (!empty($file['name'])) { $ext = decodeContent($file['type'], $file['name']); if (!in_array($ext, $exts)) { return false; } } if (is_string($file)) { $ext = pathinfo($file, PATHINFO_EXTENSION); if (!in_array($ext, $exts)) { return false; } } return true; }",True,PHP,fileExt,BcAppModel.php,https://github.com/baserproject/basercms,baserproject,gondoh,2023-03-10 13:56:48+09:00,"fix CVE-2023-25654 戻り値が変更されてしまう挙動を修正",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-25654,"function delete_option_master() { global $db; $masteroption = new option_master($this->params['id']); $db->delete('option', 'option_master_id='.$masteroption->id); $masteroption->delete('optiongroup_master_id=' . $masteroption->optiongroup_master_id); expHistory::back(); }" 13350,"public function admin_download() { $this->autoRender = false; $tmpDir = TMP . 'theme' . DS; $Folder = new Folder(); $Folder->create($tmpDir); $path = BASER_THEMES . $this->siteConfigs['theme'] . DS; $Folder->copy([ 'from' => $path, 'to' => $tmpDir . $this->siteConfigs['theme'], 'chmod' => 0777 ]); $Simplezip = new Simplezip(); $Simplezip->addFolder($tmpDir); $Simplezip->download($this->siteConfigs['theme']); $Folder->delete($tmpDir); }",True,PHP,admin_download,ThemesController.php,https://github.com/baserproject/basercms,baserproject,GitHub,2021-11-25 15:17:52+09:00,"Merge pull request from GHSA-7rpc-9m88-cf9w * 固定ページプレビュー実行時に入力内容検証を追加 * SimpleZipの利用を停止しZipArchiveの利用に切り替え * 不要コード除去 * BcZip利用時、ZipArchiveをopenしていない場合エラーログが出力される問題を改善",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-41243,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13351,"$this->_writeCsv($plugin, $tmpDir . $plugin . DS); } $targets = ['email', 'google_analytics_id', 'version']; $path = $tmpDir . 'site_configs.csv'; $fp = fopen($path, 'a+'); $records = []; while(($record = fgetcsvReg($fp, 10240)) !== false) { if (in_array($record[1], $targets)) { $record[2] = ''; } $records[] = '""' . implode('"",""', $record) . '""'; } ftruncate($fp, 0); fwrite($fp, implode(""\n"", $records)); $fileName = 'default'; $Simplezip = new Simplezip(); $Simplezip->addFolder($tmpDir); $Simplezip->download($fileName); emptyFolder($tmpDir); exit(); }",True,PHP,_writeCsv,ThemesController.php,https://github.com/baserproject/basercms,baserproject,GitHub,2021-11-25 15:17:52+09:00,"Merge pull request from GHSA-7rpc-9m88-cf9w * 固定ページプレビュー実行時に入力内容検証を追加 * SimpleZipの利用を停止しZipArchiveの利用に切り替え * 不要コード除去 * BcZip利用時、ZipArchiveをopenしていない場合エラーログが出力される問題を改善",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-41243,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13352,"public function admin_add() { $this->pageTitle = __d('baser', 'テーマアップロード'); $this->subMenuElements = ['themes']; if (!$this->request->is(['post', 'put'])) { return; } if ($this->Theme->isOverPostSize()) { $this->BcMessage->setError( __d( 'baser', '送信できるデータ量を超えています。合計で %s 以内のデータを送信してください。', ini_get('post_max_size') ) ); } if (empty($this->request->data['Theme']['file']['tmp_name'])) { $message = __d('baser', 'ファイルのアップロードに失敗しました。'); if (!empty($this->request->data['Theme']['file']['error']) && $this->request->data['Theme']['file']['error'] == 1) { $message .= __d('baser', 'サーバに設定されているサイズ制限を超えています。'); } $this->BcMessage->setError($message); return; } $name = $this->request->data['Theme']['file']['name']; move_uploaded_file($this->request->data['Theme']['file']['tmp_name'], TMP . $name); App::uses('BcZip', 'Lib'); $BcZip = new BcZip(); if (!$BcZip->extract(TMP . $name, BASER_THEMES)) { $msg = __d('baser', 'アップロードしたZIPファイルの展開に失敗しました。'); $msg .= ""\n"" . $BcZip->error; $this->BcMessage->setError($msg); return; } unlink(TMP . $name); $this->BcMessage->setInfo('テーマファイル「' . $name . '」を追加しました。'); $this->redirect(['action' => 'index']); }",True,PHP,admin_add,ThemesController.php,https://github.com/baserproject/basercms,baserproject,GitHub,2021-11-25 15:17:52+09:00,"Merge pull request from GHSA-7rpc-9m88-cf9w * 固定ページプレビュー実行時に入力内容検証を追加 * SimpleZipの利用を停止しZipArchiveの利用に切り替え * 不要コード除去 * BcZip利用時、ZipArchiveをopenしていない場合エラーログが出力される問題を改善",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-41243,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13353,"public function admin_maintenance($mode = '') { $this->_checkReferer(); switch($mode) { case 'backup': set_time_limit(0); $this->_backupDb($this->request->query['backup_encoding']); break; case 'restore': set_time_limit(0); $messages = []; if (!$this->request->data) { if ($this->Tool->isOverPostSize()) { $messages[] = __d('baser', '送信できるデータ量を超えています。合計で %s 以内のデータを送信してください。', ini_get('post_max_size')); } else { $this->notFound(); } } if ($this->_restoreDb($this->request->data)) { $messages[] = __d('baser', 'データの復元が完了しました。'); $error = false; } else { $messages[] = __d('baser', 'データの復元に失敗しました。ログの確認を行なって下さい。'); $error = true; } ClassRegistry::flush(); BcSite::flash(); if (!$error && !$this->Page->createAllPageTemplate()) { $messages[] = __d('baser', ""ページテンプレートの生成に失敗しました。\n表示できないページはページ管理より更新処理を行ってください。""); } if ($messages) { if ($error) { $this->BcMessage->setError(implode(""\n"", $messages)); } else { $this->BcMessage->setInfo(implode(""\n"", $messages)); } } clearAllCache(); $this->redirect(['action' => 'maintenance']); break; } $this->pageTitle = __d('baser', 'データメンテナンス'); $this->help = 'tools_maintenance'; }",True,PHP,admin_maintenance,ToolsController.php,https://github.com/baserproject/basercms,baserproject,GitHub,2021-11-25 15:17:52+09:00,"Merge pull request from GHSA-7rpc-9m88-cf9w * 固定ページプレビュー実行時に入力内容検証を追加 * SimpleZipの利用を停止しZipArchiveの利用に切り替え * 不要コード除去 * BcZip利用時、ZipArchiveをopenしていない場合エラーログが出力される問題を改善",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-41243,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13355,"public function admin_write_schema() { $path = TMP . 'schemas' . DS; $this->pageTitle = __d('baser', 'スキーマファイル生成'); $this->help = 'tools_write_schema'; if (!$this->request->data) { $this->request->data['Tool']['connection'] = 'core'; return; } if (empty($this->request->data['Tool'])) { $this->BcMessage->setError(__d('baser', 'テーブルを選択してください。')); return; } if (!$this->_resetTmpSchemaFolder()) { $this->BcMessage->setError('フォルダ:' . $path . ' が存在するか確認し、存在する場合は、削除するか書込権限を与えてください。'); $this->redirect(['action' => 'write_schema']); } if (!$this->Tool->writeSchema($this->request->data, $path)) { $this->BcMessage->setError(__d('baser', 'スキーマファイルの生成に失敗しました。')); return; } $Simplezip = new Simplezip(); $Simplezip->addFolder($path); $Simplezip->download('schemas'); exit(); }",True,PHP,admin_write_schema,ToolsController.php,https://github.com/baserproject/basercms,baserproject,GitHub,2021-11-25 15:17:52+09:00,"Merge pull request from GHSA-7rpc-9m88-cf9w * 固定ページプレビュー実行時に入力内容検証を追加 * SimpleZipの利用を停止しZipArchiveの利用に切り替え * 不要コード除去 * BcZip利用時、ZipArchiveをopenしていない場合エラーログが出力される問題を改善",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-41243,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13357,"public function admin_log($mode = '') { $errorLogPath = TMP . 'logs' . DS . 'error.log'; switch($mode) { case 'download': set_time_limit(0); if ($this->_downloadErrorLog()) { exit(); } $this->BcMessage->setInfo('エラーログが存在しません。'); $this->redirect(['action' => 'log']); break; case 'delete': $this->_checkSubmitToken(); if (file_exists($errorLogPath)) { if (unlink($errorLogPath)) { $messages[] = __d('baser', 'エラーログを削除しました。'); $error = false; } else { $messages[] = __d('baser', 'エラーログが削除できませんでした。'); $error = true; } } else { $messages[] = __d('baser', 'エラーログが存在しません。'); $error = false; } if ($messages) { $this->BcMessage->set(implode(""\n"", $messages), $error); } $this->redirect(['action' => 'log']); break; } $fileSize = 0; if (file_exists($errorLogPath)) { $fileSize = filesize($errorLogPath); } $this->pageTitle = __d('baser', 'データメンテナンス'); $this->help = 'tools_log'; $this->set('fileSize', $fileSize); }",True,PHP,admin_log,ToolsController.php,https://github.com/baserproject/basercms,baserproject,GitHub,2021-11-25 15:17:52+09:00,"Merge pull request from GHSA-7rpc-9m88-cf9w * 固定ページプレビュー実行時に入力内容検証を追加 * SimpleZipの利用を停止しZipArchiveの利用に切り替え * 不要コード除去 * BcZip利用時、ZipArchiveをopenしていない場合エラーログが出力される問題を改善",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-41243,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13358,"protected function _restoreDb($data) { if (empty($data['Tool']['backup']['tmp_name'])) { return false; } $tmpPath = TMP . 'schemas' . DS; $targetPath = $tmpPath . $data['Tool']['backup']['name']; if (!move_uploaded_file($data['Tool']['backup']['tmp_name'], $targetPath)) { return false; } $Simplezip = new Simplezip(); if (!$Simplezip->unzip($targetPath, $tmpPath)) { return false; } @unlink($targetPath); $result = true; $db = ConnectionManager::getDataSource('default'); $db->begin(); if (!$this->_loadBackup($tmpPath . 'core' . DS, $data['Tool']['encoding'])) { $result = false; } if (!$this->_loadBackup($tmpPath . 'plugin' . DS, $data['Tool']['encoding'])) { $result = false; } if ($result) { $db->commit(); } else { $db->rollback(); } $this->_resetTmpSchemaFolder(); clearAllCache(); return $result; }",True,PHP,_restoreDb,ToolsController.php,https://github.com/baserproject/basercms,baserproject,GitHub,2021-11-25 15:17:52+09:00,"Merge pull request from GHSA-7rpc-9m88-cf9w * 固定ページプレビュー実行時に入力内容検証を追加 * SimpleZipの利用を停止しZipArchiveの利用に切り替え * 不要コード除去 * BcZip利用時、ZipArchiveをopenしていない場合エラーログが出力される問題を改善",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-41243,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13360,"protected function _downloadErrorLog() { $tmpDir = TMP . 'logs' . DS; $Folder = new Folder($tmpDir); $files = $Folder->read(true, true, false); if (count($files[0]) === 0 && count($files[1]) === 0) { return false; } $fileName = 'basercms_logs_' . date('Ymd_His'); $Simplezip = new Simplezip(); $Simplezip->addFolder($tmpDir); $Simplezip->download($fileName); return true; }",True,PHP,_downloadErrorLog,ToolsController.php,https://github.com/baserproject/basercms,baserproject,GitHub,2021-11-25 15:17:52+09:00,"Merge pull request from GHSA-7rpc-9m88-cf9w * 固定ページプレビュー実行時に入力内容検証を追加 * SimpleZipの利用を停止しZipArchiveの利用に切り替え * 不要コード除去 * BcZip利用時、ZipArchiveをopenしていない場合エラーログが出力される問題を改善",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-41243,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13364,"$this->_writeBackup($tmpDir . 'plugin' . DS, $plugin['Plugin']['name'], $encoding); } } $fileName = 'baserbackup_' . $version . '_' . date('Ymd_His'); $Simplezip = new Simplezip(); $Simplezip->addFolder($tmpDir); $Simplezip->download($fileName); $this->_resetTmpSchemaFolder(); exit(); }",True,PHP,_writeBackup,ToolsController.php,https://github.com/baserproject/basercms,baserproject,GitHub,2021-11-25 15:17:52+09:00,"Merge pull request from GHSA-7rpc-9m88-cf9w * 固定ページプレビュー実行時に入力内容検証を追加 * SimpleZipの利用を停止しZipArchiveの利用に切り替え * 不要コード除去 * BcZip利用時、ZipArchiveをopenしていない場合エラーログが出力される問題を改善",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-41243,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13367,public function __destruct() { if (class_exists('ZipArchive')) { $this->Zip->close(); } },True,PHP,__destruct,BcZip.php,https://github.com/baserproject/basercms,baserproject,GitHub,2021-11-25 15:17:52+09:00,"Merge pull request from GHSA-7rpc-9m88-cf9w * 固定ページプレビュー実行時に入力内容検証を追加 * SimpleZipの利用を停止しZipArchiveの利用に切り替え * 不要コード除去 * BcZip利用時、ZipArchiveをopenしていない場合エラーログが出力される問題を改善",CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2021-41243,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13370,"function sigRenderTag ($input, array $args, Parser $parser, PPFrame $frame) { $username = $input; $img_url = sigGetAvatarUrl($username); $o = '
    ' . '' . '' . '' . '' . ' ' . '' . ''.$username.'' . '' . ' ' . '(' . 'talk' . ' | ' . 'contribs' . ')' . ''; return $o; }",True,PHP,sigRenderTag,ScratchSig2.php,https://github.com/InternationalScratchWiki/wiki-scratchsig,InternationalScratchWiki,GitHub,2020-09-14 20:13:48-07:00,,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-15179,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13373,"function ttMitigateCSRF() { global $request; if ($request->isGet()) return true; $origin = $_SERVER['HTTP_ORIGIN']; if ($origin) { $pos = strpos($origin, '//'); $origin = substr($origin, $pos+2); } if (!$origin) { $origin = $_SERVER['HTTP_REFERER']; if ($origin) { $pos = strpos($origin, '//'); $origin = substr($origin, $pos+2); $pos = strpos($origin, '/'); $origin = substr($origin, 0, $pos); } } error_log(""origin: "".$origin); $target = defined('HTTP_TARGET') ? HTTP_TARGET : $_SERVER['HTTP_HOST']; error_log(""target: "".$target); if (strcmp($origin, $target)) { error_log(""Potential cross site request forgery. Origin: '$origin' does not match target: '$target'.""); return false; } return true; }",True,PHP,ttMitigateCSRF,common.lib.php,https://github.com/anuko/timetracker,anuko,Nik Okuntseff,2021-04-12 17:14:41+00:00,"Tested CSRF fix for custom ports - it's working, also removed unnecessary logging.",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-29436,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13375,"function ttValidDate($val) { $val = trim($val); if (strlen($val) == 0) return false; if (!preg_match('/^\d\d\d\d-\d\d-\d\d$/', $val) && !preg_match('/^\d\d\/\d\d\/\d\d\d\d$/', $val) && !preg_match('/^\d\d\-\d\d\-\d\d\d\d$/', $val) && !preg_match('/^\d\d\.\d\d\.\d\d\d\d$/', $val) && !preg_match('/^\d\d\.\d\d\.\d\d\d\d .+$/', $val)) return false; return true; }",True,PHP,ttValidDate,common.lib.php,https://github.com/anuko/timetracker,anuko,Nik Okuntseff,2021-10-12 20:31:02+00:00,A better fix to validate a passed-in date.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-41139,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13378,"static function getParentGroup($group_id) { global $user; $mdb2 = getConnection(); $sql = ""select parent_id from tt_groups where id = $group_id and org_id = $user->org_id and status = 1""; $res = $mdb2->query($sql); if (!is_a($res, 'PEAR_Error')) { $val = $res->fetchRow(); return $val['parent_id']; } return false; }",True,PHP,getParentGroup,ttGroupHelper.class.php,https://github.com/anuko/timetracker,anuko,Nik Okuntseff,2021-10-21 12:29:00+00:00,Added additional protection against an sql injection fixed in previous commit.,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-43851,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13381,"function getUserPartForHeader() { global $i18n; if (!$this->id) return null; $user_part = htmlspecialchars($this->name); $user_part .= ' - '.htmlspecialchars($this->role_name); if ($this->behalf_id) { $user_part .= ' '.$i18n->get('label.on_behalf').' '.htmlspecialchars($this->behalf_name).''; } if ($this->behalf_group_id) { $user_part .= ', '.htmlspecialchars($this->behalf_group_name).''; } else { if ($this->group_name) $user_part .= ', '.$this->group_name; } return $user_part; }",True,PHP,getUserPartForHeader,ttUser.class.php,https://github.com/anuko/timetracker,anuko,Nik Okuntseff,2022-02-23 15:43:47+00:00,Addressed stored XSS vulnerability when displaying primary group name.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-24708,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13383,"function render(&$table, $value, $row, $column, $selected = false) { global $user; $showNotes = $user->isOptionEnabled('week_notes'); $field_name = $table->getValueAt($row,$column)['control_id']; $field = new TextField($field_name); global $lockedDays; if ($lockedDays[$column]) $field->setEnabled(false); $field->setFormName($table->getFormName()); $field->setStyle('width: 60px;'); $rowToSeparate = $showNotes ? 1 : 0; if ($rowToSeparate == $row) { $field->setStyle('width: 60px; margin-bottom: 40px'); } if ($showNotes) { if (0 == $row % 2) { $field->setValue($table->getValueAt($row,$column)['duration']); } else { $field->setValue($table->getValueAt($row,$column)['note']); $field->setTitle($table->getValueAt($row,$column)['note']); } } else { $field->setValue($table->getValueAt($row,$column)['duration']); } if (!$field->getValue() && TYPE_START_FINISH == $user->getRecordType()) { $field->setEnabled(false); } $this->setValue($field->getHtml()); return $this->toString(); }",True,PHP,render,week.php,https://github.com/anuko/timetracker,anuko,Nik Okuntseff,2023-05-05 18:19:31+00:00,Addressed stored XSS vulnerability in week.php by escaping cell title.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-32066,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13384,"function chat_start_for_user( $group_id, $requested_operator, $visitor_id, $visitor_name, $referrer, $info ) { $remote_host = get_remote_host(); $user_browser = $_SERVER['HTTP_USER_AGENT']; if (Thread::connectionLimitReached($remote_host)) { die(""number of connections from your IP is exceeded, try again later""); } $is_invited = false; if (Settings::get('enabletracking')) { $invitation_state = invitation_state($_SESSION[SESSION_PREFIX . 'visitorid']); if ($invitation_state['invited']) { $is_invited = true; } } $requested_operator_online = false; if ($requested_operator) { $requested_operator_online = is_operator_online( $requested_operator['operatorid'] ); } if ($is_invited) { $thread = invitation_accept($_SESSION[SESSION_PREFIX . 'visitorid']); if (!$thread) { die(""Cannot start thread""); } } else { $thread = new Thread(); $thread->state = Thread::STATE_LOADING; $thread->agentId = 0; if ($requested_operator && $requested_operator_online) { $thread->nextAgent = $requested_operator['operatorid']; } } $thread->groupId = $group_id; $thread->userName = $visitor_name; $thread->remote = $remote_host; $thread->referer = $referrer; $thread->locale = get_current_locale(); $thread->userId = $visitor_id; $thread->userAgent = $user_browser; $thread->save(); $_SESSION[SESSION_PREFIX . 'threadid'] = $thread->id; if (!isset($_SESSION[SESSION_PREFIX . 'own_threads'])) { $_SESSION[SESSION_PREFIX . 'own_threads'] = array(); } $_SESSION[SESSION_PREFIX . 'own_threads'][] = $thread->id; if (Settings::get('enabletracking')) { track_visitor_bind_thread($visitor_id, $thread); } if ($is_invited) { $operator = operator_by_id($thread->agentId); $operator_name = get_operator_name($operator); $thread->postMessage( Thread::KIND_FOR_AGENT, getlocal( 'Visitor accepted invitation from operator {0}', array($operator_name), get_current_locale(), true ) ); } else { if ($referrer) { $thread->postMessage( Thread::KIND_FOR_AGENT, getlocal('Visitor came from page {0}', array($referrer), get_current_locale(), true) ); } if ($requested_operator && !$requested_operator_online) { $thread->postMessage( Thread::KIND_INFO, getlocal( 'Thank you for contacting us. We are sorry, but requested operator {0} is offline. Another operator will be with you shortly.', array(get_operator_name($requested_operator)), get_current_locale(), true ) ); } else { $thread->postMessage( Thread::KIND_INFO, getlocal('Thank you for contacting us. An operator will be with you shortly.', null, get_current_locale(), true) ); } } if ($info) { $thread->postMessage( Thread::KIND_FOR_AGENT, getlocal('Info: {0}', array($info), get_current_locale(), true) ); } $dispatcher = EventDispatcher::getInstance(); $event_args = array('thread' => $thread); $dispatcher->triggerEvent(Events::THREAD_USER_IS_READY, $event_args); return $thread; }",True,PHP,chat_start_for_user,chat.php,https://github.com/Mibew/mibew,Mibew,Fedor A. Fetisov,2020-07-09 11:16:53+03:00,Fix multiple XSS (thanks to adsec2s),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-17476,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13387,"public function indexAction(Request $request) { $referer = $request->server->get('HTTP_REFERER', ''); $new_page = empty($_SESSION[SESSION_PREFIX . 'last_visited_page']) || $_SESSION[SESSION_PREFIX . 'last_visited_page'] != $referer; if ($referer && isset($_SESSION[SESSION_PREFIX . 'threadid']) && $new_page) { $thread = Thread::load($_SESSION[SESSION_PREFIX . 'threadid']); if ($thread && $thread->state != Thread::STATE_CLOSED) { $msg = getlocal( ""Visitor navigated to {0}"", array($referer), $thread->locale, true ); $thread->postMessage(Thread::KIND_FOR_AGENT, $msg); } } $_SESSION[SESSION_PREFIX . 'last_visited_page'] = $referer; $image = $request->query->get('i', ''); if (!preg_match(""/^\w+$/"", $image)) { $image = 'mibew'; } $lang = $request->query->get('lang', ''); if (!preg_match(""/^[\w-]{2,5}$/"", $lang)) { $lang = ''; } if (!$lang || !locale_is_available($lang)) { $lang = get_current_locale(); } $group_id = $request->query->get('group', ''); if (!preg_match(""/^\d{1,8}$/"", $group_id)) { $group_id = false; } if ($group_id) { if (Settings::get('enablegroups') == '1') { $group = group_by_id($group_id); if (!$group) { $group_id = false; } } else { $group_id = false; } } $image_postfix = has_online_operators($group_id) ? ""on"" : ""off""; $file_name = ""locales/${lang}/button/${image}_${image_postfix}.png""; $content_type = 'image/png'; if (!is_readable($file_name)) { $file_name = ""locales/${lang}/button/${image}_${image_postfix}.gif""; $content_type = 'image/gif'; } $fh = fopen($file_name, 'rb'); if ($fh) { $file_size = filesize($file_name); $content = fread($fh, $file_size); fclose($fh); $response = new Response($content, 200); $response->headers->set('Content-Type', $content_type); $response->headers->set('Content-Length', $file_size); } else { $response = new Response('Not found', 404); } $response->headers->addCacheControlDirective('no-cache', true); $response->headers->addCacheControlDirective('no-store', true); $response->headers->addCacheControlDirective('must-revalidate', true); $response->setExpires(new \DateTime('yesterday noon')); $response->headers->set('Pragma', 'no-cache'); return $response; }",True,PHP,indexAction,ButtonController.php,https://github.com/Mibew/mibew,Mibew,Fedor A. Fetisov,2020-07-09 11:16:53+03:00,Fix multiple XSS (thanks to adsec2s),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-17476,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13389,"protected function redirectToGroup(Thread $thread, $group_id) { if ($thread->state != Thread::STATE_CHATTING) { return false; } $thread->state = Thread::STATE_WAITING; $thread->nextAgent = 0; $thread->groupId = $group_id; $thread->agentId = 0; $thread->agentName = ''; $thread->save(); $thread->postMessage( Thread::KIND_EVENTS, getlocal( 'Operator {0} redirected you to another operator. Please wait a while.', array(get_operator_name($this->getOperator())), $thread->locale, true ) ); return true; }",True,PHP,redirectToGroup,RedirectController.php,https://github.com/Mibew/mibew,Mibew,Fedor A. Fetisov,2020-07-09 11:16:53+03:00,Fix multiple XSS (thanks to adsec2s),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-17476,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13390,"protected function redirectToOperator(Thread $thread, $operator_id) { if ($thread->state != Thread::STATE_CHATTING) { return false; } $thread->state = Thread::STATE_WAITING; $thread->nextAgent = $operator_id; $thread->agentId = 0; if ($thread->groupId != 0) { $db = Database::getInstance(); list($groups_count) = $db->query( (""SELECT count(*) AS count "" . ""FROM {operatortoopgroup} "" . ""WHERE operatorid = ? AND groupid = ?""), array($operator_id, $thread->groupId), array( 'return_rows' => Database::RETURN_ONE_ROW, 'fetch_type' => Database::FETCH_NUM, ) ); if ($groups_count === 0) { $thread->groupId = 0; } } $thread->save(); $thread->postMessage( Thread::KIND_EVENTS, getlocal( 'Operator {0} redirected you to another operator. Please wait a while.', array(get_operator_name($this->getOperator())), $thread->locale, true ) ); return true; }",True,PHP,redirectToOperator,RedirectController.php,https://github.com/Mibew/mibew,Mibew,Fedor A. Fetisov,2020-07-09 11:16:53+03:00,Fix multiple XSS (thanks to adsec2s),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-17476,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13393,"protected function apiProcessLeaveMessage($args) { if (Settings::get('enablecaptcha') == '1' && can_show_captcha()) { $captcha = $args['captcha']; $original = isset($_SESSION[SESSION_PREFIX . 'mibew_captcha']) ? $_SESSION[SESSION_PREFIX . 'mibew_captcha'] : ''; unset($_SESSION[SESSION_PREFIX . 'mibew_captcha']); if (empty($original) || empty($captcha) || $captcha != $original) { throw new ThreadProcessorException( getlocal('The letters you typed don\'t match the letters that were shown in the picture.'), ThreadProcessorException::ERROR_WRONG_CAPTCHA ); } } $email = $args['email']; $name = $args['name']; $message = $args['message']; $info = $args['info']; $referrer = $args['referrer']; if (!MailUtils::isValidAddress($email)) { throw new ThreadProcessorException( wrong_field(""Your email""), ThreadProcessorException::ERROR_WRONG_EMAIL ); } $group_id = 0; if (Settings::get('enablegroups') == '1') { if (preg_match(""/^\d{1,8}$/"", $args['groupId']) != 0) { $group = group_by_id($args['groupId']); if ($group) { $group_id = (int)$args['groupId']; } } } $remote_host = get_remote_host(); $user_browser = $_SERVER['HTTP_USER_AGENT']; $visitor = visitor_from_request(); $message_locale = Settings::get('left_messages_locale'); if (!locale_is_available($message_locale)) { $message_locale = get_home_locale(); } $thread = new Thread(); $thread->groupId = $group_id; $thread->userName = $name; $thread->remote = $remote_host; $thread->referer = $referrer; $thread->locale = get_current_locale(); $thread->userId = $visitor['id']; $thread->userAgent = $user_browser; $thread->state = Thread::STATE_LEFT; $thread->closed = time(); $thread->save(); if ($referrer) { $thread->postMessage( Thread::KIND_FOR_AGENT, getlocal('Visitor came from page {0}', array($referrer), get_current_locale(), true) ); } if ($email) { $thread->postMessage( Thread::KIND_FOR_AGENT, getlocal('E-Mail: {0}', array($email), get_current_locale(), true) ); } if ($info) { $thread->postMessage( Thread::KIND_FOR_AGENT, getlocal('Info: {0}', array($info), get_current_locale(), true) ); } $thread->postMessage(Thread::KIND_USER, $message, array('name' => $name)); $inbox_mail = get_group_email($group_id); if (empty($inbox_mail)) { $inbox_mail = Settings::get('email'); } if ($inbox_mail) { $mail_template = MailTemplate::loadByName('leave_message', $message_locale); if (!$mail_template) { trigger_error( 'Cannot send e-mail because ""leave_message"" mail template cannot be loaded.', E_USER_WARNING ); return; } $subject = $mail_template->buildSubject(array($args['name'])); $body = $mail_template->buildBody(array( $args['name'], $email, $message, ($info ? $info . ""\n"" : """"), )); $this->getMailerFactory()->getMailer()->send( MailUtils::buildMessage($inbox_mail, $email, $subject, $body) ); } }",True,PHP,apiProcessLeaveMessage,ThreadProcessor.php,https://github.com/Mibew/mibew,Mibew,Fedor A. Fetisov,2020-07-09 11:16:53+03:00,Fix multiple XSS (thanks to adsec2s),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-17476,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13394,"protected function apiProcessSurvey($args) { $visitor = visitor_from_request(); $first_message = $args['message']; $info = $args['info']; $email = $args['email']; $referrer = $args['referrer']; $group_id = 0; $group = null; if (Settings::get('enablegroups') == '1') { if (preg_match(""/^\d{1,8}$/"", $args['groupId']) != 0) { $group = group_by_id($args['groupId']); if ($group) { $group_id = (int)$args['groupId']; } } } if (Settings::get('usercanchangename') == ""1"" && !empty($args['name'])) { $newname = $args['name']; if ($newname != $visitor['name']) { $data = strtr(base64_encode($newname), '+/=', '-_,'); setcookie(USERNAME_COOKIE_NAME, $data, time() + 60 * 60 * 24 * 365); $visitor['name'] = $newname; } } if (!has_online_operators($group_id)) { $client_data = setup_leavemessage( $visitor['name'], $email, $group_id, $info, $referrer ); $options = $client_data['leaveMessage']; $options['page'] += setup_logo($group); return array( 'next' => 'leaveMessage', 'options' => $options, ); } $thread = chat_start_for_user( $group_id, false, $visitor['id'], $visitor['name'], $referrer, $info ); if ($email) { $thread->postMessage( Thread::KIND_FOR_AGENT, getlocal('E-Mail: {0}', array($email), get_current_locale(), true) ); } if ($first_message) { $posted_id = $thread->postMessage( Thread::KIND_USER, $first_message, array('name' => $visitor['name']) ); $thread->shownMessageId = $posted_id; $thread->save(); } $client_data = setup_chatview_for_user( $this->getRouter(), $this->getAssetManager()->getUrlGenerator(), $this->currentRequest, $thread ); $options = $client_data['chat']; $options['page'] += setup_logo($group); return array( 'next' => 'chat', 'options' => $options, ); }",True,PHP,apiProcessSurvey,ThreadProcessor.php,https://github.com/Mibew/mibew,Mibew,Fedor A. Fetisov,2020-07-09 11:16:53+03:00,Fix multiple XSS (thanks to adsec2s),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-17476,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13398,"public function renameUser($new_name) { if ($this->userName != $new_name) { $old_name = $this->userName; $this->userName = $new_name; $this->save(); $message = getlocal( ""The visitor changed their name {0} to {1}"", array($old_name, $new_name), $this->locale, true ); $this->postMessage(self::KIND_EVENTS, $message); } }",True,PHP,renameUser,Thread.php,https://github.com/Mibew/mibew,Mibew,Fedor A. Fetisov,2020-07-09 11:16:53+03:00,Fix multiple XSS (thanks to adsec2s),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-17476,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13399,"$message = getlocal( ""Operator {0} joined the chat"", array($operator_name), $this->locale, true ); } elseif ($is_operator_back) {",True,PHP,getlocal,Thread.php,https://github.com/Mibew/mibew,Mibew,Fedor A. Fetisov,2020-07-09 11:16:53+03:00,Fix multiple XSS (thanks to adsec2s),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-17476,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13401,"public function checkForReassign($operator) { $operator_name = ($this->locale == get_home_locale()) ? $operator['vclocalename'] : $operator['vccommonname']; $is_operator_correct = $this->nextAgent == $operator['operatorid'] || $this->agentId == $operator['operatorid']; if ($this->state == self::STATE_WAITING && $is_operator_correct) { if ($this->nextAgent == $operator['operatorid']) { $message_to_post = getlocal( ""Operator {0} changed operator {1}"", array($operator_name, $this->agentName), $this->locale, true ); } else { $message_to_post = getlocal( ""Operator {0} is back"", array($operator_name), $this->locale, true ); } $this->state = self::STATE_CHATTING; $this->nextAgent = 0; $this->agentId = $operator['operatorid']; $this->agentName = $operator_name; $this->save(); $this->postMessage(self::KIND_EVENTS, $message_to_post); } }",True,PHP,checkForReassign,Thread.php,https://github.com/Mibew/mibew,Mibew,Fedor A. Fetisov,2020-07-09 11:16:53+03:00,Fix multiple XSS (thanks to adsec2s),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-17476,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13402,"public function close($is_user) { if ($is_user) { $this->postMessage( self::KIND_EVENTS, getlocal( ""Visitor {0} left the chat"", array($this->userName), $this->locale, true ) ); } else { if ($this->state == self::STATE_INVITED) { $this->postMessage( self::KIND_FOR_AGENT, getlocal( 'Operator canceled invitation', null, $this->locale, true ) ); } else { $this->postMessage( self::KIND_EVENTS, getlocal( ""Operator {0} left the chat"", array($this->agentName), $this->locale, true ) ); } } $db = Database::getInstance(); list($message_count) = $db->query( (""SELECT COUNT(*) FROM {message} "" . ""WHERE {message}.threadid = :threadid AND ikind = :kind_user""), array( ':threadid' => $this->id, ':kind_user' => Thread::KIND_USER, ), array( 'return_rows' => Database::RETURN_ONE_ROW, 'fetch_type' => Database::FETCH_NUM, ) ); if ($this->state != self::STATE_CLOSED) { $this->state = self::STATE_CLOSED; $this->closed = time(); $this->messageCount = $message_count; $this->save(); $args = array('thread' => $this); EventDispatcher::getInstance()->triggerEvent(Events::THREAD_CLOSE, $args); } }",True,PHP,close,Thread.php,https://github.com/Mibew/mibew,Mibew,Fedor A. Fetisov,2020-07-09 11:16:53+03:00,Fix multiple XSS (thanks to adsec2s),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-17476,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13405,"function invitation_invite($visitor_id, $operator) { $invitation_state = invitation_state($visitor_id); if ($invitation_state['invited']) { return false; } $visitor = track_get_visitor_by_id($visitor_id); $visitor_path = track_get_path($visitor); ksort($visitor_path); $last_visited_page = array_pop($visitor_path); $visitor_details = track_retrieve_details($visitor); $operator_name = get_operator_name($operator); $thread = new Thread(); $thread->agentId = $operator['operatorid']; $thread->agentName = $operator_name; $thread->userName = $visitor['username']; $thread->remote = $visitor_details['remote_host']; $thread->referer = $last_visited_page; $thread->locale = get_current_locale(); $thread->userId = $visitor['userid']; $thread->userAgent = $visitor_details['user_agent']; $thread->state = Thread::STATE_INVITED; $thread->invitationState = Thread::INVITATION_WAIT; $thread->save(); $db = Database::getInstance(); $db->query( (""UPDATE {sitevisitor} set "" . ""invitations = invitations + 1, "" . ""threadid = :thread_id "" . ""WHERE visitorid = :visitor_id""), array( ':thread_id' => $thread->id, ':visitor_id' => $visitor_id, ) ); $thread->postMessage( Thread::KIND_FOR_AGENT, getlocal( 'Operator {0} invites visitor at {1} page', array($operator_name, $last_visited_page), get_current_locale(), true ) ); $thread->postMessage( Thread::KIND_AGENT, getlocal('Hello, how can I help you?', null, get_current_locale(), true), array( 'name' => $operator_name, 'operator_id' => $operator['operatorid'], ) ); $args = array('invitation' => $thread); EventDispatcher::getInstance()->triggerEvent(Events::INVITATION_CREATE, $args); return $thread; }",True,PHP,invitation_invite,invitation.php,https://github.com/Mibew/mibew,Mibew,Fedor A. Fetisov,2020-07-09 11:16:53+03:00,Fix multiple XSS (thanks to adsec2s),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-17476,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13407,"public function link($target, $link) { if (! windows_os()) { return symlink($target, $link); } $mode = $this->isDirectory($target) ? 'J' : 'H'; exec(""mklink /{$mode} \""{$link}\"" \""{$target}\""""); }",True,PHP,link,Filesystem.php,https://github.com/laravel/framework,laravel,Taylor Otwell,2019-05-14 10:58:33-05:00,use escapeshellarg on windows symlink,CWE-78,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'),"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/78.html,CVE-2020-19316,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13409,public function getCompiledPath($path) { return $this->cachePath.'/'.sha1($path).'.php'; },True,PHP,getCompiledPath,Compiler.php,https://github.com/laravel/framework,laravel,GitHub,2021-12-06 11:14:03-06:00,"[6.x] Fix parent call (#39908) * Fix parent call * Apply fixes from StyleCI Co-authored-by: Taylor Otwell ",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2021-43808,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13411,public static function parentPlaceholder($section = '') { if (! isset(static::$parentPlaceholder[$section])) { static::$parentPlaceholder[$section] = '# } return static::$parentPlaceholder[$section]; },True,PHP,parentPlaceholder,ManagesLayouts.php,https://github.com/laravel/framework,laravel,GitHub,2021-12-06 11:14:03-06:00,"[6.x] Fix parent call (#39908) * Fix parent call * Apply fixes from StyleCI Co-authored-by: Taylor Otwell ",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2021-43808,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13413,"public function testCompilePathIsProperlyCreated() { $compiler = new BladeCompiler($this->getFiles(), __DIR__); $this->assertEquals(__DIR__.'/'.sha1('foo').'.php', $compiler->getCompiledPath('foo')); }",True,PHP,testCompilePathIsProperlyCreated,ViewBladeCompilerTest.php,https://github.com/laravel/framework,laravel,GitHub,2021-12-06 11:14:03-06:00,"[6.x] Fix parent call (#39908) * Fix parent call * Apply fixes from StyleCI Co-authored-by: Taylor Otwell ",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2021-43808,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13415,"public function testIsExpiredReturnsTrueIfCompiledFileDoesntExist() { $compiler = new BladeCompiler($files = $this->getFiles(), __DIR__); $files->shouldReceive('exists')->once()->with(__DIR__.'/'.sha1('foo').'.php')->andReturn(false); $this->assertTrue($compiler->isExpired('foo')); }",True,PHP,testIsExpiredReturnsTrueIfCompiledFileDoesntExist,ViewBladeCompilerTest.php,https://github.com/laravel/framework,laravel,GitHub,2021-12-06 11:14:03-06:00,"[6.x] Fix parent call (#39908) * Fix parent call * Apply fixes from StyleCI Co-authored-by: Taylor Otwell ",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2021-43808,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13419,"public function testCompileCompilesFileAndReturnsContents() { $compiler = new BladeCompiler($files = $this->getFiles(), __DIR__); $files->shouldReceive('get')->once()->with('foo')->andReturn('Hello World'); $files->shouldReceive('put')->once()->with(__DIR__.'/'.sha1('foo').'.php', 'Hello World'); $compiler->compile('foo'); } public function testCompileCompilesAndGetThePath() { $compiler = new BladeCompiler($files = $this->getFiles(), __DIR__); $files->shouldReceive('get')->once()->with('foo')->andReturn('Hello World'); $files->shouldReceive('put')->once()->with(__DIR__.'/'.sha1('foo').'.php', 'Hello World'); $compiler->compile('foo'); $this->assertSame('foo', $compiler->getPath()); } public function testCompileSetAndGetThePath() { $compiler = new BladeCompiler($files = $this->getFiles(), __DIR__); $compiler->setPath('foo'); $this->assertSame('foo', $compiler->getPath()); } public function testCompileWithPathSetBefore() { $compiler = new BladeCompiler($files = $this->getFiles(), __DIR__); $files->shouldReceive('get')->once()->with('foo')->andReturn('Hello World'); $files->shouldReceive('put')->once()->with(__DIR__.'/'.sha1('foo').'.php', 'Hello World'); $compiler->setPath('foo'); $compiler->compile(); $this->assertSame('foo', $compiler->getPath()); } public function testRawTagsCanBeSetToLegacyValues() { $compiler = new BladeCompiler($this->getFiles(), __DIR__); $compiler->setEchoFormat('%s'); $this->assertSame('', $compiler->compileString('{{{ $name }}}')); $this->assertSame('', $compiler->compileString('{{ $name }}')); $this->assertSame('', $compiler->compileString('{{ $name }}')); } public function testIncludePathToTemplate($content, $compiled) { $compiler = new BladeCompiler($files = $this->getFiles(), __DIR__); $files->shouldReceive('get')->once()->with('foo')->andReturn($content); $files->shouldReceive('put')->once()->with(__DIR__.'/'.sha1('foo').'.php', $compiled); $compiler->compile('foo'); } public function appendViewPathDataProvider() { return [ 'No PHP blocks' => [ 'Hello World', 'Hello World', ], 'Single PHP block without closing ?>' => [ '', ], 'Ending PHP block.' => [ 'Hello world', 'Hello world', ], 'Ending PHP block without closing ?>' => [ 'Hello world', ], 'PHP block between content.' => [ 'Hello worldHi There', 'Hello worldHi There', ], 'Multiple PHP blocks.' => [ 'Hello worldHi ThereHello Again', 'Hello worldHi ThereHello Again', ], 'Multiple PHP blocks without closing ?>' => [ 'Hello worldHi ThereHi There', ], 'Short open echo tag' => [ 'Hello world', ], 'Echo XML declaration' => [ '\';', '\'; ?>', ], ]; } public function testDontIncludeEmptyPath() { $compiler = new BladeCompiler($files = $this->getFiles(), __DIR__); $files->shouldReceive('get')->once()->with('')->andReturn('Hello World'); $files->shouldReceive('put')->once()->with(__DIR__.'/'.sha1('').'.php', 'Hello World'); $compiler->setPath(''); $compiler->compile(); } public function testDontIncludeNullPath() { $compiler = new BladeCompiler($files = $this->getFiles(), __DIR__); $files->shouldReceive('get')->once()->with(null)->andReturn('Hello World'); $files->shouldReceive('put')->once()->with(__DIR__.'/'.sha1(null).'.php', 'Hello World'); $compiler->setPath(null); $compiler->compile(); } public function testShouldStartFromStrictTypesDeclaration() { $compiler = new BladeCompiler($files = $this->getFiles(), __DIR__); $strictTypeDecl = ""assertTrue(substr($compiler->compileString(""",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2021-43808,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13420,"public function testIsExpiredReturnsTrueWhenModificationTimesWarrant() { $compiler = new BladeCompiler($files = $this->getFiles(), __DIR__); $files->shouldReceive('exists')->once()->with(__DIR__.'/'.sha1('foo').'.php')->andReturn(true); $files->shouldReceive('lastModified')->once()->with('foo')->andReturn(100); $files->shouldReceive('lastModified')->once()->with(__DIR__.'/'.sha1('foo').'.php')->andReturn(0); $this->assertTrue($compiler->isExpired('foo')); }",True,PHP,testIsExpiredReturnsTrueWhenModificationTimesWarrant,ViewBladeCompilerTest.php,https://github.com/laravel/framework,laravel,GitHub,2021-12-06 11:14:03-06:00,"[6.x] Fix parent call (#39908) * Fix parent call * Apply fixes from StyleCI Co-authored-by: Taylor Otwell ",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2021-43808,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13422,"public function wipecache() { $type = $this->request->request(""type""); switch ($type) { case 'all': case 'content': rmdirs(CACHE_PATH, false); Cache::clear(); if ($type == 'content') break; case 'template': rmdirs(TEMP_PATH, false); if ($type == 'template') break; case 'addons': Service::refresh(); if ($type == 'addons') break; } \think\Hook::listen(""wipecache_after""); $this->success(); }",True,PHP,wipecache,Ajax.php,https://github.com/karsonzhang/fastadmin,karsonzhang,Karson,2019-12-27 12:09:20+08:00,"修复邮箱验证码错误 修复排序表名安全检测 修复Selectpage编辑时分页大小错误",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-21665,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13424,"function getDeviceID($useRandomString = true) { $ip = md5(getRealIpAddr()); if (empty($_SERVER['HTTP_USER_AGENT'])) { $device = ""unknowDevice-{$ip}""; $device .= '-' . intval(User::getId()); return $device; } if (empty($useRandomString)) { $device = 'ypt-' . get_browser_name() . '-' . getOS() . '-' . $ip . '-' . md5($_SERVER['HTTP_USER_AGENT']); $device = str_replace( ['[', ']', ' '], ['', '', '_'], $device ); $device .= '-' . intval(User::getId()); return $device; } $cookieName = ""yptDeviceID""; if (empty($_COOKIE[$cookieName])) { if (empty($_GET[$cookieName])) { $id = uniqidV4(); $_GET[$cookieName] = $id; } if (empty($_SESSION[$cookieName])) { _session_start(); $_SESSION[$cookieName] = $_GET[$cookieName]; } else { $_GET[$cookieName] = $_SESSION[$cookieName]; } if (!_setcookie($cookieName, $_GET[$cookieName], strtotime(""+ 1 year""))) { return ""getDeviceIDError""; } $_COOKIE[$cookieName] = $_GET[$cookieName]; return $_GET[$cookieName]; } return $_COOKIE[$cookieName]; }",True,PHP,getDeviceID,functions.php,https://github.com/WWBN/AVideo,WWBN,Daniel,2022-03-13 11:00:47-03:00,"XSS vulnerability fix , thanks Max Boll",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-27462,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }" 13427,"public static function BBCode2Html($text) { $text = trim($text); $text = self::parseEmoji($text); $in = array( ); $out = array( ); $in[] = '[/*]'; $in[] = '[*]'; $out[] = ''; $out[] = '
  • '; $text = str_replace($in, $out, $text); $in = array( '/\[b\](.*?)\[\/b\]/ms', '/\[i\](.*?)\[\/i\]/ms', '/\[u\](.*?)\[\/u\]/ms', '/\[mark\](.*?)\[\/mark\]/ms', '/\[s\](.*?)\[\/s\]/ms', '/\[list\=(.*?)\](.*?)\[\/list\]/ms', '/\[list\](.*?)\[\/list\]/ms', '/\[\*\]\s?(.*?)\n/ms', '/\[fs(.*?)\](.*?)\[\/fs(.*?)\]/ms', '/\[color\=(.*?)\](.*?)\[\/color\]/ms' ); $out = array( '\1', '\1', '\1', '\1', '\1', '
      \2
    ', '
      \1
    ', '
  • \1
    • ', '\2', '"", """", $s[0]); } } $text = preg_replace_callback('/
    (.*?)<\/pre>/ms', ""removeBr"", $text); $text = preg_replace('/
    (.*?)<\/pre><\/p>/ms', ""
    \\1
    "", $text); $text = preg_replace_callback('/
      (.*?)<\/ul>/ms', ""removeBr"", $text); $text = preg_replace('/
        (.*?)<\/ul><\/p>/ms', ""
          \\1
        "", $text); return $text; }",True,PHP,BBCode2Html,lhbbcode.php,https://github.com/LiveHelperChat/livehelperchat,LiveHelperChat,Remigijus Kiminas,2020-09-28 01:28:18-04:00,Cleanup BB Code,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-26134,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13428,"public static function BBCode2Html($text) { $text = trim($text); $text = self::parseEmoji($text); $in = array( ); $out = array( ); $in[] = '[/*]'; $in[] = '[*]'; $out[] = ''; $out[] = '
      • '; $text = str_replace($in, $out, $text); $in = array( '/\[b\](.*?)\[\/b\]/ms', '/\[i\](.*?)\[\/i\]/ms', '/\[u\](.*?)\[\/u\]/ms', '/\[mark\](.*?)\[\/mark\]/ms', '/\[s\](.*?)\[\/s\]/ms', '/\[list\=(.*?)\](.*?)\[\/list\]/ms', '/\[list\](.*?)\[\/list\]/ms', '/\[\*\]\s?(.*?)\n/ms', '/\[fs(.*?)\](.*?)\[\/fs(.*?)\]/ms', '/\[color\=(.*?)\](.*?)\[\/color\]/ms' ); $out = array( '\1', '\1', '\1', '\1', '\1', '
          \2
        ', '
          \1
        ', '
      • \1
        • ', '\2', '"", """", $s[0]); } } $text = preg_replace_callback('/
        (.*?)<\/pre>/ms', ""removeBr"", $text); $text = preg_replace('/
        (.*?)<\/pre><\/p>/ms', ""
        \\1
        "", $text); $text = preg_replace_callback('/
          (.*?)<\/ul>/ms', ""removeBr"", $text); $text = preg_replace('/
            (.*?)<\/ul><\/p>/ms', ""
              \\1
            "", $text); return $text; }",True,PHP,BBCode2Html,lhbbcode.php,https://github.com/LiveHelperChat/livehelperchat,LiveHelperChat,Remigijus Kiminas,2020-09-28 01:28:18-04:00,Cleanup BB Code,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-26135,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13429,"public static function BBCode2Html($text) { $text = trim($text); $text = self::parseEmoji($text); $in = array( ); $out = array( ); $in[] = '[/*]'; $in[] = '[*]'; $out[] = ''; $out[] = '
          • '; $text = str_replace($in, $out, $text); $in = array( '/\[b\](.*?)\[\/b\]/ms', '/\[i\](.*?)\[\/i\]/ms', '/\[u\](.*?)\[\/u\]/ms', '/\[mark\](.*?)\[\/mark\]/ms', '/\[s\](.*?)\[\/s\]/ms', '/\[list\=(.*?)\](.*?)\[\/list\]/ms', '/\[list\](.*?)\[\/list\]/ms', '/\[\*\]\s?(.*?)\n/ms', '/\[fs(.*?)\](.*?)\[\/fs(.*?)\]/ms', '/\[color\=(.*?)\](.*?)\[\/color\]/ms' ); $out = array( '\1', '\1', '\1', '\1', '\1', '\2', '\1', '\1', '\2', '\2' ); $text = preg_replace($in, $out, $text); $text = str_replace(""\r\n"",""\n"",$text); $text = str_replace(""\r"", """", $text); return $text; }",True,PHP,BBCode2Html,lhbbcode_cleanup.php,https://github.com/LiveHelperChat/livehelperchat,LiveHelperChat,Remigijus Kiminas,2020-09-28 01:28:18-04:00,Cleanup BB Code,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-26134,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13430,"public static function BBCode2Html($text) { $text = trim($text); $text = self::parseEmoji($text); $in = array( ); $out = array( ); $in[] = '[/*]'; $in[] = '[*]'; $out[] = '
            • '; $out[] = '
          • '; $text = str_replace($in, $out, $text); $in = array( '/\[b\](.*?)\[\/b\]/ms', '/\[i\](.*?)\[\/i\]/ms', '/\[u\](.*?)\[\/u\]/ms', '/\[mark\](.*?)\[\/mark\]/ms', '/\[s\](.*?)\[\/s\]/ms', '/\[list\=(.*?)\](.*?)\[\/list\]/ms', '/\[list\](.*?)\[\/list\]/ms', '/\[\*\]\s?(.*?)\n/ms', '/\[fs(.*?)\](.*?)\[\/fs(.*?)\]/ms', '/\[color\=(.*?)\](.*?)\[\/color\]/ms' ); $out = array( '\1', '\1', '\1', '\1', '\1', '\2', '\1', '\1', '\2', '\2' ); $text = preg_replace($in, $out, $text); $text = str_replace(""\r\n"",""\n"",$text); $text = str_replace(""\r"", """", $text); return $text; }",True,PHP,BBCode2Html,lhbbcode_cleanup.php,https://github.com/LiveHelperChat/livehelperchat,LiveHelperChat,Remigijus Kiminas,2020-09-28 01:28:18-04:00,Cleanup BB Code,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-26135,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13434,"public function update(Request $request, string $attachmentId) { $attachment = $this->attachment->newQuery()->findOrFail($attachmentId); try { $this->validate($request, [ 'attachment_edit_name' => 'required|string|min:1|max:255', 'attachment_edit_url' => 'string|min:1|max:255' ]); } catch (ValidationException $exception) { return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [ 'attachment' => $attachment, 'errors' => new MessageBag($exception->errors()), ]), 422); } $this->checkOwnablePermission('view', $attachment->page); $this->checkOwnablePermission('page-update', $attachment->page); $this->checkOwnablePermission('attachment-create', $attachment); $attachment = $this->attachmentService->updateFile($attachment, [ 'name' => $request->get('attachment_edit_name'), 'link' => $request->get('attachment_edit_url'), ]); return view('attachments.manager-edit-form', [ 'attachment' => $attachment, ]); }",True,PHP,update,AttachmentController.php,https://github.com/BookStackApp/BookStack,BookStackApp,Dan Brown,2020-10-31 15:01:52+00:00,"Prevented possible XSS via link attachments

This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-26210,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13436,"public function attachLink(Request $request) { $pageId = $request->get('attachment_link_uploaded_to'); try { $this->validate($request, [ 'attachment_link_uploaded_to' => 'required|integer|exists:pages,id', 'attachment_link_name' => 'required|string|min:1|max:255', 'attachment_link_url' => 'required|string|min:1|max:255' ]); } catch (ValidationException $exception) { return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [ 'pageId' => $pageId, 'errors' => new MessageBag($exception->errors()), ]), 422); } $page = $this->pageRepo->getById($pageId); $this->checkPermission('attachment-create-all'); $this->checkOwnablePermission('page-update', $page); $attachmentName = $request->get('attachment_link_name'); $link = $request->get('attachment_link_url'); $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId); return view('attachments.manager-link-form', [ 'pageId' => $pageId, ]); }",True,PHP,attachLink,AttachmentController.php,https://github.com/BookStackApp/BookStack,BookStackApp,Dan Brown,2020-10-31 15:01:52+00:00,"Prevented possible XSS via link attachments

This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-26210,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13438,"public function updateFile(Attachment $attachment, $requestData) { $attachment->name = $requestData['name']; if (isset($requestData['link']) && trim($requestData['link']) !== '') { $attachment->path = $requestData['link']; if (!$attachment->external) { $this->deleteFileInStorage($attachment); $attachment->external = true; } } $attachment->save(); return $attachment; }",True,PHP,updateFile,AttachmentService.php,https://github.com/BookStackApp/BookStack,BookStackApp,Dan Brown,2020-10-31 15:01:52+00:00,"Prevented possible XSS via link attachments

This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-26210,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13439,"public function saveNewFromLink($name, $link, $page_id) { $largestExistingOrder = Attachment::where('uploaded_to', '=', $page_id)->max('order'); return Attachment::forceCreate([ 'name' => $name, 'path' => $link, 'external' => true, 'extension' => '', 'uploaded_to' => $page_id, 'created_by' => user()->id, 'updated_by' => user()->id, 'order' => $largestExistingOrder + 1 ]); }",True,PHP,saveNewFromLink,AttachmentService.php,https://github.com/BookStackApp/BookStack,BookStackApp,Dan Brown,2020-10-31 15:01:52+00:00,"Prevented possible XSS via link attachments

This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-26210,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13442,"protected function getTestFile($fileName) { return new \Illuminate\Http\UploadedFile(base_path('tests/test-data/test-file.txt'), $fileName, 'text/plain', 55, null, true); }",True,PHP,getTestFile,AttachmentTest.php,https://github.com/BookStackApp/BookStack,BookStackApp,Dan Brown,2020-10-31 15:01:52+00:00,"Prevented possible XSS via link attachments

This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-26210,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13443,"public function test_attachment_updating() { $page = Page::first(); $this->asAdmin(); $this->call('POST', 'attachments/link', [ 'attachment_link_url' => 'https: 'attachment_link_name' => 'Example Attachment Link', 'attachment_link_uploaded_to' => $page->id, ]); $attachmentId = Attachment::first()->id; $update = $this->call('PUT', 'attachments/' . $attachmentId, [ 'attachment_edit_name' => 'My new attachment name', 'attachment_edit_url' => 'https: ]); $expectedData = [ 'id' => $attachmentId, 'path' => 'https: 'name' => 'My new attachment name', 'uploaded_to' => $page->id ]; $update->assertStatus(200); $this->assertDatabaseHas('attachments', $expectedData); $this->deleteUploads(); }",True,PHP,test_attachment_updating,AttachmentTest.php,https://github.com/BookStackApp/BookStack,BookStackApp,Dan Brown,2020-10-31 15:01:52+00:00,"Prevented possible XSS via link attachments

This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-26210,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13444,"public function checkUpload($file) { $filesettings = $this->blueprint->files(); $forbiddenExtensions = array('php', 'html', 'htm', 'exe', kirby()->option('content.file.extension', 'txt')); $forbiddenMimes = array_merge(f::$mimes['php'], array('text/html', 'application/x-msdownload')); $extension = strtolower($file->extension()); if(empty($extension)) { throw new Exception(l('files.add.error.extension.missing')); } if(in_array($extension, $forbiddenExtensions)) { throw new Exception(l('files.add.error.extension.forbidden')); } if(str::contains($extension, 'php')) { throw new Exception(l('files.add.error.extension.forbidden')); } if(in_array(strtolower($file->mime()), $forbiddenMimes)) { throw new Exception(l('files.add.error.mime.forbidden')); } if(strtolower($file->filename()) == '.htaccess') { throw new Exception(l('files.add.error.htaccess')); } if(str::startsWith($file->filename(), '.')) { throw new Exception(l('files.add.error.invisible')); } if(count($filesettings->type()) > 0 and !in_array($file->type(), $filesettings->type())) { throw new Exception(l('files.add.blueprint.type.error') . ' ' . implode(', ', $filesettings->type())); } if($filesettings->size() and f::size($file->root()) > $filesettings->size()) { throw new Exception(l('files.add.blueprint.size.error') . ' ' . f::niceSize($filesettings->size())); } if($file->type() == 'image' and $filesettings->width() and $file->width() > $filesettings->width()) { throw new Exception('Page only allows image width of ' . $filesettings->width().'px'); } if($file->type() == 'image' and $filesettings->height() and $file->height() > $filesettings->height()) { throw new Exception('Page only allows image height of ' . $filesettings->height().'px'); } }",True,PHP,checkUpload,uploader.php,https://github.com/getkirby-v2/panel,getkirby-v2,Bastian Allgeier,2020-12-01 11:11:19+01:00,Prevent phar upload in file upload validation,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2020-26255,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13446,"public function __construct($page, $file = null) { $this->page = $page; $this->file = $file; $this->blueprint = $page->blueprint(); $this->filename = $this->blueprint->files()->sanitize() ? '{safeFilename}' : '{filename}'; if($this->file) { $this->replace(); } else { $this->upload(); } }",True,PHP,__construct,uploader.php,https://github.com/getkirby-v2/panel,getkirby-v2,Bastian Allgeier,2020-12-01 11:11:19+01:00,Prevent phar upload in file upload validation,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2020-26255,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13448,"public function isLocal() { $localhosts = array('::1', '127.0.0.1', '0.0.0.0'); return ( in_array(server::get('SERVER_ADDR'), $localhosts) || server::get('SERVER_NAME') == 'localhost' || str::endsWith(server::get('SERVER_NAME'), '.localhost') || str::endsWith(server::get('SERVER_NAME'), '.test') ); }",True,PHP,isLocal,panel.php,https://github.com/getkirby-v2/panel,getkirby-v2,Bastian Allgeier,2020-12-01 11:11:19+01:00,Better check for local environments,CWE-346,Origin Validation Error,The product does not properly verify that the source of data or communication is valid.,https://cwe.mitre.org/data/definitions/346.html,CVE-2020-26253,"function edit_optiongroup_master() { expHistory::set('editable', $this->params); $id = isset($this->params['id']) ? $this->params['id'] : null; $record = new optiongroup_master($id); assign_to_template(array( 'record'=>$record )); }"
13454,"public function testFile() { $file = __DIR__ . '/fixtures/download.txt'; $response = Response::file($file); $this->assertSame('text/plain', $response->type()); $this->assertSame(200, $response->code()); $this->assertSame('test', $response->body()); $response = Response::file($file, [ 'code' => '201', 'headers' => [ 'Pragma' => 'no-cache' ] ]); $this->assertSame('text/plain', $response->type()); $this->assertSame(201, $response->code()); $this->assertSame('test', $response->body()); $this->assertSame([ 'Pragma' => 'no-cache' ], $response->headers()); }",True,PHP,testFile,ResponseTest.php,https://github.com/getkirby/kirby,getkirby,Lukas Bestle,2023-07-26 21:07:12+02:00,"Fix MIME detection vulnerability

https://github.com/getkirby/kirby/security/advisories/GHSA-8fv7-wq38-f5c9",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-38491,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13457,"public function testValidatePasswordHttpCode() { $user = new User([ 'email' => 'test@getkirby.com', 'password' => User::hashPassword('correct-horse-battery-staple') ]); $caught = 0; try { $user->validatePassword('short'); } catch (\Kirby\Exception\InvalidArgumentException $e) { $this->assertSame(400, $e->getHttpCode()); $caught++; } try { $user->validatePassword('longbutinvalid'); } catch (\Kirby\Exception\InvalidArgumentException $e) { $this->assertSame(401, $e->getHttpCode()); $caught++; } $this->assertSame(2, $caught); }",True,PHP,testValidatePasswordHttpCode,UserTest.php,https://github.com/getkirby/kirby,getkirby,Lukas Bestle,2023-07-26 21:17:20+02:00,"Fix password length vulnerability

https://github.com/getkirby/kirby/security/advisories/GHSA-3v6j-v3qc-cxff",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-38492,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13459,public function currentUserFromSession($session = null) { $session = $this->session($session); $id = $session->data()->get('kirby.userId'); if (is_string($id) !== true) { return null; } if ($user = $this->kirby->users()->find($id)) { $session->commit(); return $user; } return null; },True,PHP,currentUserFromSession,Auth.php,https://github.com/getkirby/kirby,getkirby,Lukas Bestle,2023-07-26 21:17:35+02:00,"Invalidate session on password change

https://github.com/getkirby/kirby/security/advisories/GHSA-5mvj-rvp8-rf45",CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-38489,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13463,protected function readPassword() { return F::read($this->root() . '/.htpasswd'); },True,PHP,readPassword,UserActions.php,https://github.com/getkirby/kirby,getkirby,Lukas Bestle,2023-07-26 21:17:35+02:00,"Invalidate session on password change

https://github.com/getkirby/kirby/security/advisories/GHSA-5mvj-rvp8-rf45",CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-38489,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13464,"public function testUserSession2() { $session = (new AutoSession($this->app->root('sessions')))->createManually(); $session->set('kirby.userId', 'homer'); $user = $this->auth->user($session); $this->assertSame('homer@simpsons.com', $user->email()); $this->assertSame([ 'challenge' => null, 'email' => 'homer@simpsons.com', 'status' => 'active' ], $this->auth->status()->toArray()); }",True,PHP,testUserSession2,AuthTest.php,https://github.com/getkirby/kirby,getkirby,Lukas Bestle,2023-07-26 21:17:35+02:00,"Invalidate session on password change

https://github.com/getkirby/kirby/security/advisories/GHSA-5mvj-rvp8-rf45",CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-38489,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13468,"public function testUserSession1() { $session = $this->app->session(); $session->set('kirby.userId', 'marge'); $user = $this->auth->user(); $this->assertSame('marge@simpsons.com', $user->email()); $this->assertSame([ 'challenge' => null, 'email' => 'marge@simpsons.com', 'status' => 'active' ], $this->auth->status()->toArray()); $this->assertNull($this->auth->currentUserFromImpersonation()); $session->set('kirby.userId', 'homer'); $user = $this->auth->user(); $this->assertSame('marge@simpsons.com', $user->email()); $this->assertSame([ 'challenge' => null, 'email' => 'marge@simpsons.com', 'status' => 'active' ], $this->auth->status()->toArray()); }",True,PHP,testUserSession1,AuthTest.php,https://github.com/getkirby/kirby,getkirby,Lukas Bestle,2023-07-26 21:17:35+02:00,"Invalidate session on password change

https://github.com/getkirby/kirby/security/advisories/GHSA-5mvj-rvp8-rf45",CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-38489,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13470,$phpunit->assertTrue($newUser->validatePassword('topsecret2018')); $phpunit->assertEmpty($oldUser->password()); $calls++; },True,PHP,assertTrue,UserActionsTest.php,https://github.com/getkirby/kirby,getkirby,Lukas Bestle,2023-07-26 21:17:35+02:00,"Invalidate session on password change

https://github.com/getkirby/kirby/security/advisories/GHSA-5mvj-rvp8-rf45",CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-38489,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13474,"unset($needed_parts[$m[1]]); } if (!empty($needed_parts)) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm=""'.$realm.'"",qop=""auth"",nonce=""'.uniqid().'"",opaque=""'.$opaque.'""'); die; } if (!isset($config['login'][$data['username']])) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm=""'.$realm.'"",qop=""auth"",nonce=""'.uniqid().'"",opaque=""'.$opaque.'""'); die('Invalid username and/or password combination.'); } $login = $config['login'][$data['username']]; $login['name'] = $data['username']; $password = md5($login['name'].':'.$realm.':'.$login['password']); $response = md5($password.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.md5($_SERVER['REQUEST_METHOD'].':'.$data['uri'])); if ($data['response'] != $response) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm=""'.$realm.'"",qop=""auth"",nonce=""'.uniqid().'"",opaque=""'.$opaque.'""'); die('Invalid username and/or password combination.'); } return $login; }",True,PHP,unset,login.inc.php,https://github.com/erikdubbelboer/phpRedisAdmin,erikdubbelboer,Erik Dubbelboer,2021-10-05 18:45:52+00:00,Fix magic hash attack,CWE-597,Use of Wrong Operator in String Comparison,"The product uses the wrong operator when comparing a string, such as using ""=="" when the .equals() method should be used instead.",https://cwe.mitre.org/data/definitions/597.html,CVE-2021-4259,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13477,"public function rename(){ if($this->request->isMethod('POST')){ if(\Storage::move($this->request->input('old_file'), $this->request->input('new_file'))){ if($this->request->ajax()){ return response()->json(['success' => trans('File successfully renamed!')]); } }else{ if($this->request->ajax()){ return response()->json(['danger' => trans('message.something_went_wrong')]); } } } }",True,PHP,rename,FileManagerController.php,https://github.com/ttimot24/HorizontCMS,ttimot24,Timot Tarjani,2020-10-23 20:06:33+02:00,Security bug fix.,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2020-27387,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13479,"public function rename(){ if($this->request->isMethod('POST')){ $new_file = $this->request->input('new_file'); if(!\Security::isExecutable($new_file) && \Storage::move($this->request->input('old_file'), $new_file)){ if($this->request->ajax()){ return response()->json(['success' => trans('File successfully renamed!')]); } }else{ if($this->request->ajax()){ return response()->json(['danger' => trans('message.something_went_wrong')]); } } } }",True,PHP,rename,FileManagerController.php,https://github.com/ttimot24/HorizontCMS,ttimot24,Timot Tarjani,2021-05-23 15:49:36+02:00,#30 - Security fix: File extension bypass,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2021-28428,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13482,"public static function vulnerableExtensions(){ return '/^.*\.('.implode('|',[""php"",""php5"",""php7"",""phar"",""phtml""]).')$/i'; }",True,PHP,vulnerableExtensions,Security.php,https://github.com/ttimot24/HorizontCMS,ttimot24,Timot Tarjani,2021-05-23 15:49:36+02:00,#30 - Security fix: File extension bypass,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2021-28428,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13484,"$arrDetail['total_price'] = sc_currency_value($cartItem->price) * $cartItem->qty; $arrCartDetail[] = $arrDetail; } session(['dataOrder' => $dataOrder]); session(['arrCartDetail' => $arrCartDetail]); $newOrder = (new ShopOrder)->createOrder($dataOrder, $dataTotal, $arrCartDetail); if ($newOrder['error'] == 1) { return redirect(sc_route('cart'))->with(['error' => $newOrder['msg']]); } session(['orderID' => $newOrder['orderID']]); if ($address_process == 'new') { $addressNew = [ 'first_name' => $shippingAddress['first_name'] ?? '', 'last_name' => $shippingAddress['last_name'] ?? '', 'first_name_kana' => $shippingAddress['first_name_kana'] ?? '', 'last_name_kana' => $shippingAddress['last_name_kana'] ?? '', 'postcode' => $shippingAddress['postcode'] ?? '', 'address1' => $shippingAddress['address1'] ?? '', 'address2' => $shippingAddress['address2'] ?? '', 'country' => $shippingAddress['country'] ?? '', 'phone' => $shippingAddress['phone'] ?? '', ]; ShopCustomer::find($uID)->addresses()->save(new ShopCustomerAddress(sc_clean($addressNew))); session()->forget('address_process'); } $paymentMethod = sc_get_class_plugin_controller('Payment', session('paymentMethod')); if ($paymentMethod) { return (new $paymentMethod)->processOrder(); } else { return (new ShopCartController)->completeOrder(); } }",True,PHP,sc_currency_value,ShopCartController.php,https://github.com/s-cart/core,s-cart,Lanh Le,2020-12-01 22:37:23+07:00,Escape data for front-end,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-28456,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13487,"public function assets_path($file = NULL, $path = NULL, $module = NULL, $absolute = NULL) { $cache = ''; if (!isset($absolute)) $absolute = $this->assets_absolute_path; $CI = $this->_get_assets_config(); if ($this->asset_append_cache_timestamp AND in_array($path, $this->asset_append_cache_timestamp) AND !empty($file)) { $q_str = (strpos($file, '?') === FALSE) ? '?' : '&'; $cache = $q_str.'c='.strtotime($this->assets_last_updated); } if (!$this->_is_local_path($file)) { return $file.$cache; } $assets_folders = $this->assets_folders; $asset_type = (!empty($assets_folders[$path])) ? $assets_folders[$path] : $CI->config->item($path); if (!$this->_is_local_path($this->assets_path)) { return $this->assets_path.$asset_type.$file.$cache; } $assets_path = $this->_get_assets_path($module); $path = WEB_PATH.$assets_path.$asset_type.$file.$cache; if ($absolute) { $protocol = ($_SERVER[""SERVER_PORT""] == 443) ? ""https: $path = $protocol.$_SERVER['HTTP_HOST'].$path; } return $path; }",True,PHP,assets_path,Asset.php,https://github.com/daylightstudio/FUEL-CMS,daylightstudio,David McReynolds,2021-08-06 11:21:48-07:00,fix: issue #580 using $_SERVER[‘HTTP_HOST’],CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2021-38290,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13488,"foreach($paths as $path) { $path = str_replace(array(':any', '*'), '.*', str_replace(':num', '[0-9]+', $path)); if (!empty($_SERVER['HTTP_HOST']) AND preg_match('#^'.$path.'$ { define('ENVIRONMENT', $env); break 2; } }",True,PHP,foreach,index.php,https://github.com/daylightstudio/FUEL-CMS,daylightstudio,David McReynolds,2021-08-06 11:21:48-07:00,fix: issue #580 using $_SERVER[‘HTTP_HOST’],CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2021-38290,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13493,"public function __construct() { parent::__construct(); $this->load->library('session'); if (!$this->fuel->config('admin_enabled')) show_404(); $this->load->vars(array( 'js' => '', 'css' => css($this->fuel->config('xtra_css')), 'js_controller_params' => array(), 'keyboard_shortcuts' => $this->fuel->config('keyboard_shortcuts'))); $this->asset->assets_path = $this->fuel->config('fuel_assets_path'); $this->asset->assets_output = $this->fuel->config('fuel_assets_output'); $this->lang->load('fuel'); $this->load->helper('ajax'); $this->load->library('form_builder'); $this->load->module_model(FUEL_FOLDER, 'fuel_users_model'); $this->asset->assets_module ='fuel'; $this->asset->assets_folders = array( 'images' => 'images/', 'css' => 'css/', 'js' => 'js/', ); }",True,PHP,__construct,Login.php,https://github.com/daylightstudio/FUEL-CMS,daylightstudio,David McReynolds,2021-08-10 10:38:11-07:00,fix: for issue #584,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-38721,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13494,"function render_menu_tabs() { $current_tab = $this->get_current_tab(); echo '
            '; foreach ( $this->menu_tabs as $tab_key => $tab_caption ) { $active = $current_tab == $tab_key ? 'nav-tab-active' : ''; echo '' . $tab_caption . ''; } echo '
            '; }",True,PHP,render_menu_tabs,wp-security-blacklist-menu.php,https://github.com/Arsenal21/all-in-one-wordpress-security,Arsenal21,Amin,2020-12-25 14:51:58+11:00,v4.4.6 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-29171,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13495,"function render_menu_page() { echo '
            '; echo '
            '.__('Blacklist Manager','all-in-one-wp-security-and-firewall').'
            '; $this->set_menu_tabs(); $tab = $this->get_current_tab(); $this->render_menu_tabs(); ?> 
             menu_tabs_handler[$tab])); ?> 
             
             params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13496,function __construct() { $this->render_menu_page(); },True,PHP,__construct,wp-security-blacklist-menu.php,https://github.com/Arsenal21/all-in-one-wordpress-security,Arsenal21,Amin,2020-12-25 14:51:58+11:00,v4.4.6 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-29171,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13499,"$text = sanitize_text_field($agent); $agents[] = $text; } } if (sizeof($agents) > 1) { sort( $agents ); $agents = array_unique($agents, SORT_STRING); } $banned_user_agent_data = implode(PHP_EOL, $agents); $aio_wp_security->configs->set_value('aiowps_banned_user_agents',$banned_user_agent_data); $_POST['aiowps_banned_user_agents'] = ''; return 1; }",True,PHP,sanitize_text_field,wp-security-blacklist-menu.php,https://github.com/Arsenal21/all-in-one-wordpress-security,Arsenal21,Amin,2020-12-25 14:51:58+11:00,v4.4.6 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-29171,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13501,"function set_menu_tabs() { $this->menu_tabs = array( 'tab1' => __('Ban Users', 'all-in-one-wp-security-and-firewall'), ); }",True,PHP,set_menu_tabs,wp-security-blacklist-menu.php,https://github.com/Arsenal21/all-in-one-wordpress-security,Arsenal21,Amin,2020-12-25 14:51:58+11:00,v4.4.6 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-29171,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13502,function get_current_tab() { $tab_keys = array_keys($this->menu_tabs); $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $tab_keys[0]; return $tab; },True,PHP,get_current_tab,wp-security-blacklist-menu.php,https://github.com/Arsenal21/all-in-one-wordpress-security,Arsenal21,Amin,2020-12-25 14:51:58+11:00,v4.4.6 released,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-29171,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13511,"public function newpassword() { if ($token = $this->param('token')) { $user = $this->app->storage->findOne('cockpit/accounts', ['_reset_token' => $token]); if (!$user) { return false; } $user['md5email'] = md5($user['email']); return $this->render('cockpit:views/layouts/newpassword.php', compact('user', 'token')); } return false; }",True,PHP,newpassword,Auth.php,https://github.com/agentejo/cockpit,agentejo,Artur Heinze,2020-09-14 14:20:51+02:00,fix possible security issue for login,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-35846,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13512,"public function newpassword() { if ($token = $this->param('token')) { $user = $this->app->storage->findOne('cockpit/accounts', ['_reset_token' => $token]); if (!$user) { return false; } $user['md5email'] = md5($user['email']); return $this->render('cockpit:views/layouts/newpassword.php', compact('user', 'token')); } return false; }",True,PHP,newpassword,Auth.php,https://github.com/agentejo/cockpit,agentejo,Artur Heinze,2020-09-14 14:20:51+02:00,fix possible security issue for login,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-35847,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13513,"public function newpassword() { if ($token = $this->param('token')) { $user = $this->app->storage->findOne('cockpit/accounts', ['_reset_token' => $token]); if (!$user) { return false; } $user['md5email'] = md5($user['email']); return $this->render('cockpit:views/layouts/newpassword.php', compact('user', 'token')); } return false; }",True,PHP,newpassword,Auth.php,https://github.com/agentejo/cockpit,agentejo,Artur Heinze,2020-09-14 14:20:51+02:00,fix possible security issue for login,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-35848,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13514,"private static function evaluate($func, $a, $b) { $r = false; if (\is_null($a) && $func != '$exists') { return false; } switch ($func) { case '$eq' : $r = $a == $b; break; case '$ne' : $r = $a != $b; break; case '$gte' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a >= $b; } break; case '$gt' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a > $b; } break; case '$lte' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a <= $b; } break; case '$lt' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a < $b; } break; case '$in' : if (\is_array($a)) { $r = \is_array($b) ? \count(\array_intersect($a, $b)) : false; } else { $r = \is_array($b) ? \in_array($a, $b) : false; } break; case '$nin' : if (\is_array($a)) { $r = \is_array($b) ? (\count(\array_intersect($a, $b)) === 0) : false; } else { $r = \is_array($b) ? (\in_array($a, $b) === false) : false; } break; case '$has' : if (\is_array($b)) throw new \InvalidArgumentException('Invalid argument for $has array not supported'); if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; $r = \in_array($b, $a); break; case '$all' : if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; if (!\is_array($b)) throw new \InvalidArgumentException('Invalid argument for $all option must be array'); $r = \count(\array_intersect_key($a, $b)) == \count($b); break; case '$regex' : case '$preg' : case '$match' : case '$not': $r = (boolean) @\preg_match(isset($b[0]) && $b[0]=='/' ? $b : '/'.$b.'/iu', $a, $match); if ($func === '$not') { $r = !$r; } break; case '$size' : if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; $r = (int) $b == \count($a); break; case '$mod' : if (! \is_array($b)) throw new \InvalidArgumentException('Invalid argument for $mod option must be array'); $r = $a % $b[0] == $b[1] ?? 0; break; case '$func' : case '$fn' : case '$f' : if (! \is_callable($b)) throw new \InvalidArgumentException('Function should be callable'); $r = $b($a); break; case '$exists': $r = $b ? !\is_null($a) : \is_null($a); break; case '$fuzzy': case '$text': $distance = 3; $minScore = 0.7; if (\is_array($b) && isset($b['$search'])) { if (isset($b['$minScore']) && \is_numeric($b['$minScore'])) $minScore = $b['$minScore']; if (isset($b['$distance']) && \is_numeric($b['$distance'])) $distance = $b['$distance']; $b = $b['search']; } $r = fuzzy_search($b, $a, $distance) >= $minScore; break; default : throw new \ErrorException(""Condition not valid ... Use {$func} for custom operations""); break; } return $r; }",True,PHP,evaluate,Database.php,https://github.com/agentejo/cockpit,agentejo,Artur Heinze,2020-09-14 20:23:06+02:00,don't allow callable strings for $func (MongoLite),CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-35846,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13515,"private static function evaluate($func, $a, $b) { $r = false; if (\is_null($a) && $func != '$exists') { return false; } switch ($func) { case '$eq' : $r = $a == $b; break; case '$ne' : $r = $a != $b; break; case '$gte' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a >= $b; } break; case '$gt' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a > $b; } break; case '$lte' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a <= $b; } break; case '$lt' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a < $b; } break; case '$in' : if (\is_array($a)) { $r = \is_array($b) ? \count(\array_intersect($a, $b)) : false; } else { $r = \is_array($b) ? \in_array($a, $b) : false; } break; case '$nin' : if (\is_array($a)) { $r = \is_array($b) ? (\count(\array_intersect($a, $b)) === 0) : false; } else { $r = \is_array($b) ? (\in_array($a, $b) === false) : false; } break; case '$has' : if (\is_array($b)) throw new \InvalidArgumentException('Invalid argument for $has array not supported'); if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; $r = \in_array($b, $a); break; case '$all' : if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; if (!\is_array($b)) throw new \InvalidArgumentException('Invalid argument for $all option must be array'); $r = \count(\array_intersect_key($a, $b)) == \count($b); break; case '$regex' : case '$preg' : case '$match' : case '$not': $r = (boolean) @\preg_match(isset($b[0]) && $b[0]=='/' ? $b : '/'.$b.'/iu', $a, $match); if ($func === '$not') { $r = !$r; } break; case '$size' : if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; $r = (int) $b == \count($a); break; case '$mod' : if (! \is_array($b)) throw new \InvalidArgumentException('Invalid argument for $mod option must be array'); $r = $a % $b[0] == $b[1] ?? 0; break; case '$func' : case '$fn' : case '$f' : if (! \is_callable($b)) throw new \InvalidArgumentException('Function should be callable'); $r = $b($a); break; case '$exists': $r = $b ? !\is_null($a) : \is_null($a); break; case '$fuzzy': case '$text': $distance = 3; $minScore = 0.7; if (\is_array($b) && isset($b['$search'])) { if (isset($b['$minScore']) && \is_numeric($b['$minScore'])) $minScore = $b['$minScore']; if (isset($b['$distance']) && \is_numeric($b['$distance'])) $distance = $b['$distance']; $b = $b['search']; } $r = fuzzy_search($b, $a, $distance) >= $minScore; break; default : throw new \ErrorException(""Condition not valid ... Use {$func} for custom operations""); break; } return $r; }",True,PHP,evaluate,Database.php,https://github.com/agentejo/cockpit,agentejo,Artur Heinze,2020-09-14 20:23:06+02:00,don't allow callable strings for $func (MongoLite),CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-35847,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13516,"private static function evaluate($func, $a, $b) { $r = false; if (\is_null($a) && $func != '$exists') { return false; } switch ($func) { case '$eq' : $r = $a == $b; break; case '$ne' : $r = $a != $b; break; case '$gte' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a >= $b; } break; case '$gt' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a > $b; } break; case '$lte' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a <= $b; } break; case '$lt' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a < $b; } break; case '$in' : if (\is_array($a)) { $r = \is_array($b) ? \count(\array_intersect($a, $b)) : false; } else { $r = \is_array($b) ? \in_array($a, $b) : false; } break; case '$nin' : if (\is_array($a)) { $r = \is_array($b) ? (\count(\array_intersect($a, $b)) === 0) : false; } else { $r = \is_array($b) ? (\in_array($a, $b) === false) : false; } break; case '$has' : if (\is_array($b)) throw new \InvalidArgumentException('Invalid argument for $has array not supported'); if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; $r = \in_array($b, $a); break; case '$all' : if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; if (!\is_array($b)) throw new \InvalidArgumentException('Invalid argument for $all option must be array'); $r = \count(\array_intersect_key($a, $b)) == \count($b); break; case '$regex' : case '$preg' : case '$match' : case '$not': $r = (boolean) @\preg_match(isset($b[0]) && $b[0]=='/' ? $b : '/'.$b.'/iu', $a, $match); if ($func === '$not') { $r = !$r; } break; case '$size' : if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; $r = (int) $b == \count($a); break; case '$mod' : if (! \is_array($b)) throw new \InvalidArgumentException('Invalid argument for $mod option must be array'); $r = $a % $b[0] == $b[1] ?? 0; break; case '$func' : case '$fn' : case '$f' : if (! \is_callable($b)) throw new \InvalidArgumentException('Function should be callable'); $r = $b($a); break; case '$exists': $r = $b ? !\is_null($a) : \is_null($a); break; case '$fuzzy': case '$text': $distance = 3; $minScore = 0.7; if (\is_array($b) && isset($b['$search'])) { if (isset($b['$minScore']) && \is_numeric($b['$minScore'])) $minScore = $b['$minScore']; if (isset($b['$distance']) && \is_numeric($b['$distance'])) $distance = $b['$distance']; $b = $b['search']; } $r = fuzzy_search($b, $a, $distance) >= $minScore; break; default : throw new \ErrorException(""Condition not valid ... Use {$func} for custom operations""); break; } return $r; }",True,PHP,evaluate,Database.php,https://github.com/agentejo/cockpit,agentejo,Artur Heinze,2020-09-14 20:23:06+02:00,don't allow callable strings for $func (MongoLite),CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-35848,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13523,"$_fn[] = self::buildCondition($v, ' && '); } $fn[] = '('.\implode(' || ', $_fn).')'; break; case '$where': if (\is_callable($value)) { } break; default: $d = '$document'; if (\strpos($key, '.') !== false) { $keys = \explode('.', $key); foreach ($keys as $k) { $d .= '[\''.$k.'\']'; } } else { $d .= '[\''.$key.'\']'; } if (\is_array($value)) { $fn[] = ""\\MongoLite\\UtilArrayQuery::check((isset({$d}) ? {$d} : null), "".\var_export($value, true).')'; } else { if (is_null($value)) { $fn[] = ""(!isset({$d}))""; } else { $_value = \var_export($value, true); $fn[] = ""(isset({$d}) && ( is_array({$d}) && is_string({$_value}) ? in_array({$_value}, {$d}) : {$d}=={$_value} ) )""; } } } } return \count($fn) ? \trim(\implode($concat, $fn)) : 'true'; }",True,PHP,buildCondition,Database.php,https://github.com/agentejo/cockpit,agentejo,Artur Heinze,2020-09-25 23:18:28+02:00,"remove $fn, $func, $f as field filter ... add $where as an alternative (MongoLite)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-35846,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13524,"$_fn[] = self::buildCondition($v, ' && '); } $fn[] = '('.\implode(' || ', $_fn).')'; break; case '$where': if (\is_callable($value)) { } break; default: $d = '$document'; if (\strpos($key, '.') !== false) { $keys = \explode('.', $key); foreach ($keys as $k) { $d .= '[\''.$k.'\']'; } } else { $d .= '[\''.$key.'\']'; } if (\is_array($value)) { $fn[] = ""\\MongoLite\\UtilArrayQuery::check((isset({$d}) ? {$d} : null), "".\var_export($value, true).')'; } else { if (is_null($value)) { $fn[] = ""(!isset({$d}))""; } else { $_value = \var_export($value, true); $fn[] = ""(isset({$d}) && ( is_array({$d}) && is_string({$_value}) ? in_array({$_value}, {$d}) : {$d}=={$_value} ) )""; } } } } return \count($fn) ? \trim(\implode($concat, $fn)) : 'true'; }",True,PHP,buildCondition,Database.php,https://github.com/agentejo/cockpit,agentejo,Artur Heinze,2020-09-25 23:18:28+02:00,"remove $fn, $func, $f as field filter ... add $where as an alternative (MongoLite)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-35847,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13525,"$_fn[] = self::buildCondition($v, ' && '); } $fn[] = '('.\implode(' || ', $_fn).')'; break; case '$where': if (\is_callable($value)) { } break; default: $d = '$document'; if (\strpos($key, '.') !== false) { $keys = \explode('.', $key); foreach ($keys as $k) { $d .= '[\''.$k.'\']'; } } else { $d .= '[\''.$key.'\']'; } if (\is_array($value)) { $fn[] = ""\\MongoLite\\UtilArrayQuery::check((isset({$d}) ? {$d} : null), "".\var_export($value, true).')'; } else { if (is_null($value)) { $fn[] = ""(!isset({$d}))""; } else { $_value = \var_export($value, true); $fn[] = ""(isset({$d}) && ( is_array({$d}) && is_string({$_value}) ? in_array({$_value}, {$d}) : {$d}=={$_value} ) )""; } } } } return \count($fn) ? \trim(\implode($concat, $fn)) : 'true'; }",True,PHP,buildCondition,Database.php,https://github.com/agentejo/cockpit,agentejo,Artur Heinze,2020-09-25 23:18:28+02:00,"remove $fn, $func, $f as field filter ... add $where as an alternative (MongoLite)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-35848,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13526,"private static function evaluate($func, $a, $b) { $r = false; if (\is_null($a) && $func != '$exists') { return false; } switch ($func) { case '$eq' : $r = $a == $b; break; case '$ne' : $r = $a != $b; break; case '$gte' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a >= $b; } break; case '$gt' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a > $b; } break; case '$lte' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a <= $b; } break; case '$lt' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a < $b; } break; case '$in' : if (\is_array($a)) { $r = \is_array($b) ? \count(\array_intersect($a, $b)) : false; } else { $r = \is_array($b) ? \in_array($a, $b) : false; } break; case '$nin' : if (\is_array($a)) { $r = \is_array($b) ? (\count(\array_intersect($a, $b)) === 0) : false; } else { $r = \is_array($b) ? (\in_array($a, $b) === false) : false; } break; case '$has' : if (\is_array($b)) throw new \InvalidArgumentException('Invalid argument for $has array not supported'); if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; $r = \in_array($b, $a); break; case '$all' : if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; if (!\is_array($b)) throw new \InvalidArgumentException('Invalid argument for $all option must be array'); $r = \count(\array_intersect_key($a, $b)) == \count($b); break; case '$regex' : case '$preg' : case '$match' : case '$not': $r = (boolean) @\preg_match(isset($b[0]) && $b[0]=='/' ? $b : '/'.$b.'/iu', $a, $match); if ($func === '$not') { $r = !$r; } break; case '$size' : if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; $r = (int) $b == \count($a); break; case '$mod' : if (! \is_array($b)) throw new \InvalidArgumentException('Invalid argument for $mod option must be array'); $r = $a % $b[0] == $b[1] ?? 0; break; case '$func' : case '$fn' : case '$f' : if (\is_string($b) || !\is_callable($b)) throw new \InvalidArgumentException('Function should be callable'); $r = $b($a); break; case '$exists': $r = $b ? !\is_null($a) : \is_null($a); break; case '$fuzzy': case '$text': $distance = 3; $minScore = 0.7; if (\is_array($b) && isset($b['$search'])) { if (isset($b['$minScore']) && \is_numeric($b['$minScore'])) $minScore = $b['$minScore']; if (isset($b['$distance']) && \is_numeric($b['$distance'])) $distance = $b['$distance']; $b = $b['search']; } $r = fuzzy_search($b, $a, $distance) >= $minScore; break; default : throw new \ErrorException(""Condition not valid ... Use {$func} for custom operations""); break; } return $r; }",True,PHP,evaluate,Database.php,https://github.com/agentejo/cockpit,agentejo,Artur Heinze,2020-09-25 23:18:28+02:00,"remove $fn, $func, $f as field filter ... add $where as an alternative (MongoLite)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-35846,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13527,"private static function evaluate($func, $a, $b) { $r = false; if (\is_null($a) && $func != '$exists') { return false; } switch ($func) { case '$eq' : $r = $a == $b; break; case '$ne' : $r = $a != $b; break; case '$gte' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a >= $b; } break; case '$gt' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a > $b; } break; case '$lte' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a <= $b; } break; case '$lt' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a < $b; } break; case '$in' : if (\is_array($a)) { $r = \is_array($b) ? \count(\array_intersect($a, $b)) : false; } else { $r = \is_array($b) ? \in_array($a, $b) : false; } break; case '$nin' : if (\is_array($a)) { $r = \is_array($b) ? (\count(\array_intersect($a, $b)) === 0) : false; } else { $r = \is_array($b) ? (\in_array($a, $b) === false) : false; } break; case '$has' : if (\is_array($b)) throw new \InvalidArgumentException('Invalid argument for $has array not supported'); if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; $r = \in_array($b, $a); break; case '$all' : if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; if (!\is_array($b)) throw new \InvalidArgumentException('Invalid argument for $all option must be array'); $r = \count(\array_intersect_key($a, $b)) == \count($b); break; case '$regex' : case '$preg' : case '$match' : case '$not': $r = (boolean) @\preg_match(isset($b[0]) && $b[0]=='/' ? $b : '/'.$b.'/iu', $a, $match); if ($func === '$not') { $r = !$r; } break; case '$size' : if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; $r = (int) $b == \count($a); break; case '$mod' : if (! \is_array($b)) throw new \InvalidArgumentException('Invalid argument for $mod option must be array'); $r = $a % $b[0] == $b[1] ?? 0; break; case '$func' : case '$fn' : case '$f' : if (\is_string($b) || !\is_callable($b)) throw new \InvalidArgumentException('Function should be callable'); $r = $b($a); break; case '$exists': $r = $b ? !\is_null($a) : \is_null($a); break; case '$fuzzy': case '$text': $distance = 3; $minScore = 0.7; if (\is_array($b) && isset($b['$search'])) { if (isset($b['$minScore']) && \is_numeric($b['$minScore'])) $minScore = $b['$minScore']; if (isset($b['$distance']) && \is_numeric($b['$distance'])) $distance = $b['$distance']; $b = $b['search']; } $r = fuzzy_search($b, $a, $distance) >= $minScore; break; default : throw new \ErrorException(""Condition not valid ... Use {$func} for custom operations""); break; } return $r; }",True,PHP,evaluate,Database.php,https://github.com/agentejo/cockpit,agentejo,Artur Heinze,2020-09-25 23:18:28+02:00,"remove $fn, $func, $f as field filter ... add $where as an alternative (MongoLite)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-35847,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13528,"private static function evaluate($func, $a, $b) { $r = false; if (\is_null($a) && $func != '$exists') { return false; } switch ($func) { case '$eq' : $r = $a == $b; break; case '$ne' : $r = $a != $b; break; case '$gte' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a >= $b; } break; case '$gt' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a > $b; } break; case '$lte' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a <= $b; } break; case '$lt' : if ( (\is_numeric($a) && \is_numeric($b)) || (\is_string($a) && \is_string($b)) ) { $r = $a < $b; } break; case '$in' : if (\is_array($a)) { $r = \is_array($b) ? \count(\array_intersect($a, $b)) : false; } else { $r = \is_array($b) ? \in_array($a, $b) : false; } break; case '$nin' : if (\is_array($a)) { $r = \is_array($b) ? (\count(\array_intersect($a, $b)) === 0) : false; } else { $r = \is_array($b) ? (\in_array($a, $b) === false) : false; } break; case '$has' : if (\is_array($b)) throw new \InvalidArgumentException('Invalid argument for $has array not supported'); if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; $r = \in_array($b, $a); break; case '$all' : if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; if (!\is_array($b)) throw new \InvalidArgumentException('Invalid argument for $all option must be array'); $r = \count(\array_intersect_key($a, $b)) == \count($b); break; case '$regex' : case '$preg' : case '$match' : case '$not': $r = (boolean) @\preg_match(isset($b[0]) && $b[0]=='/' ? $b : '/'.$b.'/iu', $a, $match); if ($func === '$not') { $r = !$r; } break; case '$size' : if (!\is_array($a)) $a = @\json_decode($a, true) ? : []; $r = (int) $b == \count($a); break; case '$mod' : if (! \is_array($b)) throw new \InvalidArgumentException('Invalid argument for $mod option must be array'); $r = $a % $b[0] == $b[1] ?? 0; break; case '$func' : case '$fn' : case '$f' : if (\is_string($b) || !\is_callable($b)) throw new \InvalidArgumentException('Function should be callable'); $r = $b($a); break; case '$exists': $r = $b ? !\is_null($a) : \is_null($a); break; case '$fuzzy': case '$text': $distance = 3; $minScore = 0.7; if (\is_array($b) && isset($b['$search'])) { if (isset($b['$minScore']) && \is_numeric($b['$minScore'])) $minScore = $b['$minScore']; if (isset($b['$distance']) && \is_numeric($b['$distance'])) $distance = $b['$distance']; $b = $b['search']; } $r = fuzzy_search($b, $a, $distance) >= $minScore; break; default : throw new \ErrorException(""Condition not valid ... Use {$func} for custom operations""); break; } return $r; }",True,PHP,evaluate,Database.php,https://github.com/agentejo/cockpit,agentejo,Artur Heinze,2020-09-25 23:18:28+02:00,"remove $fn, $func, $f as field filter ... add $where as an alternative (MongoLite)",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2020-35848,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13536,"public function lite_videos_tab( $post ) { ?> 
             Add Video To Your Galleries With Envira Pro! 
              params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13537,"public function lite_videos_tab( $post ) { ?> 
             Add Video To Your Galleries With Envira Pro! 
              params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13538,"public function misc_tab( $post ) { $upgrade_link = Envira_Gallery_Common_Admin::get_instance()->get_upgrade_link( 'http: ?> 
             
                
              "" class=""envira-doc"" target=""_blank"">   or                
             
              
                 get_config( 'title', $this->get_config_default( 'title' ) ); ?>"" /> 
                         		 
             
                 get_config( 'slug', $this->get_config_default( 'slug' ) ); ?>"" /> 
            Unique internal gallery slug for identification and advanced gallery queries.', 'envira-gallery-lite' ); ?>
                         		 
             
                  
                         		 
             
                 get_config( 'rtl', $this->get_config_default( 'rtl' ) ); ?>"" get_config( 'rtl', $this->get_config_default( 'rtl' ) ), 1 ); ?> />   
                           
             
             display_inline_notice( 'envira_gallery_images_tab', __( 'Want to take your galleries further?', 'envira-gallery-lite' ), __( '
            By upgrading to Envira Gallery Pro, you can get access to numerous other features, including:
             
            Bonus: Envira Lite users get a discount code for 20% off regular price.
            ', 'envira-gallery-lite' ), 'warning', __( 'Click here to Upgrade', 'envira-gallery-lite' ), Envira_Gallery_Common_Admin::get_instance()->get_upgrade_link( false, 'adminpagemisc', 'clickheretoupgradebutton' ), false ); }",True,PHP,misc_tab,metaboxes.php,https://github.com/enviragallery/envira-gallery-lite,enviragallery,Chris Kelley,2020-12-16 11:23:34-06:00,escape title output,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-35581,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13539,"public function misc_tab( $post ) { $upgrade_link = Envira_Gallery_Common_Admin::get_instance()->get_upgrade_link( 'http: ?> 
             
                
                          "" class=""envira-doc"" target=""_blank"">   or    
             
              
                 get_config( 'title', $this->get_config_default( 'title' ) ); ?>"" /> 
                         		 
             
                 get_config( 'slug', $this->get_config_default( 'slug' ) ); ?>"" /> 
            Unique internal gallery slug for identification and advanced gallery queries.', 'envira-gallery-lite' ); ?>
                         		 
             
                  
                         		 
             
                 get_config( 'rtl', $this->get_config_default( 'rtl' ) ); ?>"" get_config( 'rtl', $this->get_config_default( 'rtl' ) ), 1 ); ?> />   
                           
             
             display_inline_notice( 'envira_gallery_images_tab', __( 'Want to take your galleries further?', 'envira-gallery-lite' ), __( '
            By upgrading to Envira Gallery Pro, you can get access to numerous other features, including:
             
            Bonus: Envira Lite users get a discount code for 20% off regular price.
            ', 'envira-gallery-lite' ), 'warning', __( 'Click here to Upgrade', 'envira-gallery-lite' ), Envira_Gallery_Common_Admin::get_instance()->get_upgrade_link( false, 'adminpagemisc', 'clickheretoupgradebutton' ), false ); }",True,PHP,misc_tab,metaboxes.php,https://github.com/enviragallery/envira-gallery-lite,enviragallery,Chris Kelley,2020-12-16 11:23:34-06:00,escape title output,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-35582,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13545,"public function changepassword() { session_start(); Auth::check(); $this->template = 'account/changepassword'; if (Flight::request()->method == 'POST') { if (Flight::get('user')->changePassword( Flight::request()->data->pw, Flight::request()->data->pw_new, Flight::request()->data->pw_repeated )) { try { R::store(Flight::get('user')); Flight::get('user')->notify(I18n::__('account_changepassword_success'), 'success'); $this->redirect('/account/'); } catch (Exception $e) { } } else { Flight::get('user')->notify(I18n::__('account_changepassword_failure'), 'error'); } } $this->render(); }",True,PHP,changepassword,Account.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13547,"protected function render() { Flight::render('shared/notification', array(), 'notification'); Flight::render('shared/navigation/account', array(), 'navigation_account'); Flight::render('shared/navigation/main', array(), 'navigation_main'); Flight::render('shared/navigation', array(), 'navigation'); Flight::render('account/toolbar', array(), 'toolbar'); Flight::render('shared/header', array(), 'header'); Flight::render('shared/footer', array(), 'footer'); Flight::render($this->template, array( 'record' => Flight::get('user') ), 'content'); Flight::render('html5', array( 'title' => I18n::__(""account_head_title""), 'language' => Flight::get('language') )); }",True,PHP,render,Account.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13549,"public function index() { session_start(); Auth::check(); $this->template = 'account/index'; if (Flight::request()->method == 'POST') { Flight::get('user')->import(Flight::request()->data->dialog); try { R::store(Flight::get('user')); Flight::get('user')->notify(I18n::__('account_edit_success'), 'success'); $this->redirect('/account/'); } catch (Exception $e) { Flight::get('user')->notify(I18n::__('account_edit_failure'), 'error'); } } $this->render(); }",True,PHP,index,Account.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13550,"public function index() { session_start(); if ( ! isset($_SESSION['login_id'])) { $_SESSION['login_id'] = 0; } $login = R::load('login', $_SESSION['login_id']); if (Flight::request()->method == 'POST') { try { $login = R::graph( Flight::request()->data->dialog, TRUE ); if ($login->trial()) { $_SESSION['user']['id'] = $login->user->getId(); $_SESSION['backend']['language'] = Flight::get('language'); $login->user->sid = session_id(); R::store($login); $this->redirect(Flight::request()->data->goto, $raw = true); } $this->message = I18n::__('login_failed'); R::store($login); } catch (Exception $e) { error_log($e); } } if ( Flight::request()->query->goto == '' || Flight::request()->query->goto == '/login' ) { $goto = '/cms'; } else { $goto = Flight::request()->query->goto; } Flight::render('account/login', array( 'goto' => htmlspecialchars($goto), 'record' => $login, 'message' => $this->message ), 'content'); Flight::render('html5', array( 'title' => I18n::__('login_head_title'), 'language' => Flight::get('language'), 'stylesheets' => array('custom', 'default') )); }",True,PHP,index,Login.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13553,$this->message = I18n::__('lostpassword_email_failed'); } else { $this->redirect('login'); } } $this->render(); },True,PHP,__,Lostpassword.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13554,"protected function render() { Flight::render($this->template, array( 'uname' => $this->uname, 'message' => $this->message ), 'content'); Flight::render('html5', array( 'title' => I18n::__(""lostpassword_head_title""), 'language' => Flight::get('language'), 'stylesheets' => array('custom', 'default') )); }",True,PHP,render,Lostpassword.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13563,public function convertToIn($value) { return $value; },True,PHP,convertToIn,Criteria.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13564,"public function convertToNumber($value) { return (float)str_replace(',', '.', $value); }",True,PHP,convertToNumber,Criteria.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13565,"public function convertToDate($value) { return date('Y-m-d', strtotime($value)); }",True,PHP,convertToDate,Criteria.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13568,public function convertToSelect($value) { return $value; },True,PHP,convertToSelect,Criteria.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,"function edit_option_master() { expHistory::set('editable', $this->params); $params = isset($this->params['id']) ? $this->params['id'] : $this->params; $record = new option_master($params); assign_to_template(array( 'record'=>$record )); }"
13570,public function convertToTextarea($value) { return $value; },True,PHP,convertToTextarea,Criteria.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13573,"public function convertToDatetime($value) { return date('Y-m-d H:i:s', strtotime($value)); }",True,PHP,convertToDatetime,Criteria.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13574,public function convertToBool($value) { return $value; },True,PHP,convertToBool,Criteria.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13575,"public function makeWherePart(Model_Filter $filter) { if ( ! isset($this->map[$this->bean->op])) throw new Exception('Filter operator has no template'); $template = $this->map[$this->bean->op]; $value = $this->mask_filter_value($filter); return sprintf($template, $this->bean->attribute, $value); }",True,PHP,makeWherePart,Criteria.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13577,"protected function mask_filter_value(Model_Filter $filter) { $add_to_filter_values = true; switch ($this->bean->op) { case 'like': $value = '%'.str_replace($this->pat, $this->rep, $this->bean->value).'%'; break; case 'notlike': $value = '%'.str_replace($this->pat, $this->rep, $this->bean->value).'%'; break; case 'bw': $value = str_replace($this->pat, $this->rep, $this->bean->value).'%'; break; case 'ew': $value = '%'.str_replace($this->pat, $this->rep, $this->bean->value); break; case 'in': $_sharedSubName = 'shared'.ucfirst(strtolower($this->bean->substitute)); $ids = array_keys($this->bean->{$_sharedSubName}); $value = implode(', ', $ids); $add_to_filter_values = false; break; default: $value = $this->bean->value; } if ($add_to_filter_values) { $converter = 'convertTo' . ucfirst(strtolower($this->bean->tag)); $filter->filter_values[] = $this->$converter($value); } return $value; }",True,PHP,mask_filter_value,Criteria.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13578,public function operators() { if (isset($this->operators[$this->bean->tag])) return $this->operators[$this->bean->tag]; return array(); },True,PHP,operators,Criteria.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13579,public function convertToEmail($value) { return $value; },True,PHP,convertToEmail,Criteria.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13580,public function convertToText($value) { return $value; },True,PHP,convertToText,Criteria.php,https://github.com/sah-comp/bienlein,sah-comp,sah-comp,2020-09-28 17:07:51+02:00,Added CSRF prevention,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36622,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13585,"public function get_content() { global $SITE; if (! $newsforum = forum_get_course_forum($SITE->id, ""news"")) { print_error(""cannotfindorcreateforum"", ""forum""); } $newsforumcm = get_coursemodule_from_instance('forum', $newsforum->id, $SITE->id, false, MUST_EXIST); $updatemynumber = optional_param(""mynewsitems"", -1, PARAM_INT); $displaysetting = block_sitenews_get_itemsnumber(); if ($updatemynumber >= 0 && $updatemynumber < 11) { block_sitenews_update_itemsnumber($updatemynumber); $displaysetting = $items = $updatemynumber; } else { $items = $displaysetting; } if ($items == 0) { $items = $SITE->newsitems; } $this->content = new stdClass(); $this->content->text = """"; $this->content->footer = """"; $renderer = $this->page->get_renderer(""block_sitenews""); if ($this->page->user_is_editing()) { $this->content->text .= $renderer->editing_bar_head($displaysetting); } if ($items > 0 && forum_get_discussions_count($newsforumcm)) { $this->content->text .= $renderer->sitenews($newsforum, $items); } return $this->content; }",True,PHP,get_content,block_sitenews.php,https://github.com/eberhardt/moodle-block_sitenews,eberhardt,Martin Gauk,2020-01-10 14:12:16+00:00,Add CSRF protection to item number setting,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2020-36633,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13588,"protected function getParam($key, $iscompile=false) { if (isset($this->params) && array_key_exists($key, $this->params)) { $param = $this->params[$key]; } else { $param = $this->default_params[$key]; } if ($param != 0 && array_key_exists($key, $this->min_params_compile) && $this->min_params_compile[$key] > $param) { $param = $this->min_params_compile[$key]; } return $param; }",True,PHP,getParam,LanguageTask.php,https://github.com/trampgeek/jobe,trampgeek,Richard Lobb,2020-11-20 14:39:27+13:00,"Prevent command injection attacks via the cputime parameter. Fixes
issue #39 (https://github.com/trampgeek/jobe/issues/39).
Thanks Marlon (myxxl).",CWE-77,Improper Neutralization of Special Elements used in a Command ('Command Injection'),"The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/77.html,CVE-2020-36642,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13603,"function token($str) { $fw=$this->fw; $str=trim(preg_replace('/\{\{(.+?)\}\}/s',trim('\1'), $fw->compile($str))); if (preg_match('/^(.+)(?split(trim($parts[2],""\xC2\xA0"")) as $func) $str=((empty($this->filter[$cmd=$func]) && function_exists($cmd)) || is_string($cmd=$this->filter($func)))? $cmd.'('.$str.')': 'Base::instance()->'. 'call($this->filter(\''.$func.'\'),['.$str.'])'; } return $str; }",True,PHP,token,base.php,https://github.com/bcosca/fatfree-core,bcosca,ikkez,2020-01-04 15:44:00+01:00,ensure misuse of clear() wont open a vulnerability,CWE-20,Improper Input Validation,"The product receives input or data, but it does
        not validate or incorrectly validates that the input has the
        properties that are required to process the data safely and
        correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2020-5203,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13604,"function token($str) { $fw=$this->fw; $str=trim(preg_replace('/\{\{(.+?)\}\}/s',trim('\1'), $fw->compile($str))); if (preg_match('/^(.+)(?split(trim($parts[2],""\xC2\xA0"")) as $func) $str=((empty($this->filter[$cmd=$func]) && function_exists($cmd)) || is_string($cmd=$this->filter($func)))? $cmd.'('.$str.')': 'Base::instance()->'. 'call($this->filter(\''.$func.'\'),['.$str.'])'; } return $str; }",True,PHP,token,base.php,https://github.com/bcosca/fatfree-core,bcosca,ikkez,2020-01-04 15:44:00+01:00,ensure misuse of clear() wont open a vulnerability,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2020-5203,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13605,"protected function parseChunkedRequest(Request $request) { $totalChunkCount = $request->get('dztotalchunkcount'); $index = $request->get('dzchunkindex'); $last = ((int) $index + 1) === (int) $totalChunkCount; $uuid = $request->get('dzuuid'); $file = $request->files->get('file')->getClientOriginalName(); $orig = $file; return [$last, $uuid, $index, $orig]; }",True,PHP,parseChunkedRequest,DropzoneController.php,https://github.com/1up-lab/OneupUploaderBundle,1up-lab,GitHub,2020-02-04 11:37:36+01:00,Merge pull request from GHSA-x8wj-6m73-gfqp,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-5237,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13607,"protected function parseChunkedRequest(Request $request) { $index = $request->get('qqpartindex'); $total = $request->get('qqtotalparts'); $uuid = $request->get('qquuid'); $orig = $request->get('qqfilename'); $last = ((int) $total - 1) === (int) $index; return [$last, $uuid, $index, $orig]; }",True,PHP,parseChunkedRequest,FineUploaderController.php,https://github.com/1up-lab/OneupUploaderBundle,1up-lab,GitHub,2020-02-04 11:37:36+01:00,Merge pull request from GHSA-x8wj-6m73-gfqp,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-5237,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13609,"protected function parseChunkedRequest(Request $request) { $session = $this->container->get('session'); $orig = $request->get('name'); $index = $request->get('chunk'); $last = (int) $request->get('chunks') - 1 === (int) $request->get('chunk'); $uuid = md5(sprintf('%s.%s', $orig, $session->getId())); return [$last, $uuid, $index, $orig]; }",True,PHP,parseChunkedRequest,PluploadController.php,https://github.com/1up-lab/OneupUploaderBundle,1up-lab,GitHub,2020-02-04 11:37:36+01:00,Merge pull request from GHSA-x8wj-6m73-gfqp,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2020-5237,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13618,"function bp_core_admin_slugs_options() { $existing_pages = bp_core_get_directory_page_ids(); $directory_pages = bp_core_admin_get_directory_pages(); if ( !empty( $directory_pages ) ) : ?> 
             
              $label ) : ?> 
              
                   'bp_pages[' . esc_attr( $name ) . ']', 'echo' => false, 'show_option_none' => __( '- None -', 'buddypress' ), 'selected' => !empty( $existing_pages[$name] ) ? $existing_pages[$name] : false ) ); ?>  "" class=""button-secondary"" target=""_bp"">    
                            
              
              
               
            this page.', 'buddypress' ), network_admin_url( 'settings.php' ) ); ?>
              
            this page.', 'buddypress' ), admin_url( 'options-general.php' ) ); ?>
                $label ) : ?> 
              
                   'bp_pages[' . esc_attr( $name ) . ']', 'echo' => false, 'show_option_none' => __( '- None -', 'buddypress' ), 'selected' => !empty( $existing_pages[$name] ) ? $existing_pages[$name] : false ) ) ?>  "" class=""button-secondary"" target=""_bp"">    
                            
             params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13620,* function my_query_args_filter( $field_query ) { * * return $field_query; * },True,PHP,my_query_args_filter,class-member-directory-meta.php,https://github.com/ultimatemember/ultimatemember,ultimatemember,nikitasinelnikov,2020-01-08 15:19:24+02:00,"- fixed vulnerability with uploading cover/profile photo for other user ID;
- re-written member directory meta queries;
- fixed search line additional slashes;",CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2020-6859,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13621,"$searches[] = $wpdb->prepare( ""u.{$field} LIKE %s"", '%' . trim( $_POST['search'] ) . '%' ); } $core_search = implode( ' OR ', $searches ); $this->joins[] = ""LEFT JOIN {$wpdb->prefix}um_metadata umm_search ON umm_search.user_id = u.ID""; $this->sql_where .= "" AND ( umm_search.um_value = '"" . trim( $_POST['search'] ) . ""' OR umm_search.um_value LIKE '%"" . trim( $_POST['search'] ) . ""%' OR umm_search.um_value LIKE '%"" . trim( serialize( strval( $_POST['search'] ) ) ) . ""%' OR {$core_search})""; $this->is_search = true; }",True,PHP,prepare,class-member-directory-meta.php,https://github.com/ultimatemember/ultimatemember,ultimatemember,nikitasinelnikov,2020-01-08 15:19:24+02:00,"- fixed vulnerability with uploading cover/profile photo for other user ID;
- re-written member directory meta queries;
- fixed search line additional slashes;",CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2020-6859,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13623,"private function writeComment(Worksheet $pSheet, $coordinate) { $result = ''; if (!$this->isPdf && isset($pSheet->getComments()[$coordinate])) { $result .= ''; $result .= '
            ' . nl2br($pSheet->getComment($coordinate)->getText()->getPlainText()) . '
            '; $result .= PHP_EOL; } return $result; }",True,PHP,writeComment,Html.php,https://github.com/PHPOffice/PhpSpreadsheet,PHPOffice,GitHub,2020-11-19 11:59:57+01:00,"Resolve XSS Vulnerability in the HTML Writer (#1719)

Resolve XSS Vulnerability in the HTML Writer",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2020-7776,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13627,"public function execute( $par ) { $user = $this->getUser(); $out = $this->getOutput(); $out->setPageTitle( wfMessage('report-title')->escaped() ); $out->addModules( 'ext.report' ); $this->checkReadOnly(); if ( !$user->isAllowed( 'report' ) ) { $out->addHTML(Html::rawElement( 'p', [ 'class' => 'error' ], wfMessage( 'report-error-missing-perms' )->escaped() )); return; } if ( $user->isBlocked() ) { $out->addHTML(Html::rawElement( 'p', [ 'class' => 'error' ], wfMessage( 'report-error-missing-perms' )->escaped() )); } if (!ctype_digit( $par )) { $out->addHTML(Html::rawElement( 'p', [ 'class' => 'error' ], wfMessage( 'report-error-invalid-revid', $par )->escaped() )); return; } $rev = Revision::newFromId( (int)$par ); if (!$rev) { $out->addHTML(Html::rawElement( 'p', [ 'class' => 'error' ], wfMessage( 'report-error-invalid-revid', $par )->escaped() )); return; } $dbr = wfGetDB( DB_REPLICA ); if ($dbr->selectRow( 'report_reports', [ 'report_id' ], [ 'report_revid' => $rev->getId(), 'report_user' => $user->getId() ], __METHOD__ )) { $out->addHTML(Html::rawElement( 'p', [], wfMessage( 'report-already-reported' )->escaped() )); return; } $request = $this->getRequest(); if ($request->wasPosted()) { return self::onPost( $par, $out, $request ); } $out->setIndexPolicy( 'noindex' ); $out->addHTML( Html::rawElement( 'p', [ 'class' => 'mw-report-intro' ], wfMessage( 'report-intro' ) ->params( $par ) ->parse() ) ); $out->addHTML(Html::openElement( 'form', [ 'method' => 'POST' ] )); $out->addHTML(Html::rawElement( 'input', [ 'type' => 'hidden', 'name' => 'revid', 'id' => 'mw-report-form-revid', 'value' => $par ] )); $out->addHTML(Html::rawElement( 'textarea', [ 'name' => 'reason', 'id' => 'mw-report-form-reason' ] )); $out->addHTML(Html::rawElement( 'input', [ 'type' => 'submit', 'id' => 'mw-report-form-submit', 'value' => wfMessage( 'report-submit' ) ] )); $out->addHTML(Html::closeElement( 'form' )); }",True,PHP,execute,SpecialReport.php,https://github.com/Kenny2github/Report,Kenny2github,Kenny2github,2021-01-21 19:24:06+00:00,"Add CSRF check for Special:Report

Also clean up a little of the logic",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-21275,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13629,"static public function onPost( $par, $out, $request ) { global $wgUser; if (!$request->getText('reason')) { $out->addHTML(Html::rawElement( 'p', [ 'class' => 'error '], wfMessage( 'report-error-missing-reason' )->escaped() )); } else { $dbw = wfGetDB( DB_MASTER ); $dbw->startAtomic(__METHOD__); $dbw->insert( 'report_reports', [ 'report_revid' => (int)$par, 'report_reason' => $request->getText('reason'), 'report_user' => $wgUser->getId(), 'report_user_text' => $wgUser->getName(), 'report_timestamp' => wfTimestampNow() ], __METHOD__ ); $dbw->endAtomic(__METHOD__); $out->addWikiMsg( 'report-success' ); $out->addWikiMsg( 'returnto', '[[' . SpecialPage::getTitleFor('Diff', $par)->getPrefixedText() . ']]' ); return; } }",True,PHP,onPost,SpecialReport.php,https://github.com/Kenny2github/Report,Kenny2github,Kenny2github,2021-01-21 19:24:06+00:00,"Add CSRF check for Special:Report

Also clean up a little of the logic",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-21275,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13631,"public static function finishSetup(Request $request) { if (!isset($_COOKIE['setup_arguments'])) { abort(404); } $setup_finish_args_raw = $_COOKIE['setup_arguments']; $setup_finish_args = json_decode($setup_finish_args_raw); setcookie('setup_arguments', '', time()-3600); $transaction_authorised = env('TMP_SETUP_AUTH_KEY') == $setup_finish_args->setup_auth_key; if ($transaction_authorised != true) { abort(403, 'Transaction unauthorised.'); } $database_created = self::createDatabase(); if (!$database_created) { return redirect(route('setup'))->with('error', 'Could not create database. Perhaps your credentials were incorrect?'); } if (env('SETTING_ADV_ANALYTICS')) { $geoip_db_created = self::updateGeoIP(); if (!$geoip_db_created) { return redirect(route('setup'))->with('error', 'Could not fetch GeoIP database for advanced analytics. Perhaps your server is not connected to the internet or your MAXMIND_LICENSE_KEY is incorrect?'); } } $user = UserFactory::createUser($setup_finish_args->acct_username, $setup_finish_args->acct_email, $setup_finish_args->acct_password, 1, $request->ip(), false, 0, UserHelper::$USER_ROLES['admin']); return view('setup_thanks')->with('success', 'Set up completed! Thanks for using Polr!'); }",True,PHP,finishSetup,SetupController.php,https://github.com/cydrobolt/polr,cydrobolt,GitHub,2021-01-28 17:40:44-05:00,Merge pull request from GHSA-vg6w-8w9v-xxqc,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-21276,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13633,"function rootQuery($db, $query) { @ini_set('track_errors', 1); $file = @file_get_contents(""$this->_url/?database=$db"", false, stream_context_create(array('http' => array( 'method' => 'POST', 'content' => $this->isQuerySelectLike($query) ? ""$query FORMAT JSONCompact"" : $query, 'header' => 'Content-type: application/x-www-form-urlencoded', 'ignore_errors' => 1, )))); if ($file === false) { $this->error = $php_errormsg; return $file; } if (!preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) { $this->error = $file; return false; } $return = json_decode($file, true); if ($return === null) { if (!$this->isQuerySelectLike($query) && $file === '') { return true; } $this->errno = json_last_error(); if (function_exists('json_last_error_msg')) { $this->error = json_last_error_msg(); } else { $constants = get_defined_constants(true); foreach ($constants['json'] as $name => $value) { if ($value == $this->errno && preg_match('~^JSON_ERROR_~', $name)) { $this->error = $name; break; } } } } return new Min_Result($return); }",True,PHP,rootQuery,clickhouse.inc.php,https://github.com/vrana/adminer,vrana,Jakub Vrana,2021-02-06 10:45:56+01:00,"Elasticsearch, ClickHouse: Do not print response if HTTP code is not 200

Thanks to Adam Crosser and Brian Sizemore",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-21311,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13635,"function doc_link($paths, $text = ""?"") { global $jush, $connection; $server_info = $connection->server_info; $version = preg_replace('~^(\d\.?\d).*~s', '\1', $server_info); $urls = array( 'sql' => ""https: 'sqlite' => ""https: 'pgsql' => ""https: 'mssql' => ""https: 'oracle' => ""https: ); if (preg_match('~MariaDB~', $server_info)) { $urls['sql'] = ""https: $paths['sql'] = (isset($paths['mariadb']) ? $paths['mariadb'] : str_replace("".html"", ""/"", $paths['sql'])); } return ($paths[$jush] ? ""$text"" : """"); }",True,PHP,doc_link,editing.inc.php,https://github.com/vrana/adminer,vrana,Jakub Vrana,2021-05-14 07:12:44+02:00,Escape link in doc_link (bug #797),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-29625,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13637,"foreach ($post['fields'] as $abs_pos => $field) { if ($current_cat != $post[$field . '_category']) { $pos = 0; $current_cat = $post[$field . '_category']; } $required = null; if (isset($post[$field . '_required'])) { $required = $post[$field . '_required']; } else { $required = false; } $res[$current_cat][] = array( 'field_id' => $field, 'label' => $post[$field . '_label'], 'category' => $post[$field . '_category'], 'visible' => $post[$field . '_visible'], 'required' => $required ); $pos++; }",True,PHP,foreach,GaletteController.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-04-05 09:47:02+02:00,"Prevent some possible XSS

Few fixes
Enhance type hinting",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-21319,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13638,"public static function getNameWithCase($name, $surname, $title = false, $id = false, $nick = false) { $str = ''; if ($title !== false && $title instanceof Title) { $str .= $title->tshort . ' '; } $str .= mb_strtoupper($name, 'UTF-8') . ' ' . ucwords(mb_strtolower($surname, 'UTF-8'), "" \t\r\n\f\v-_|""); if ($id !== false || $nick !== false) { $str .= ' ('; } if ($nick !== false) { $str .= $nick; } if ($id !== false) { if ($nick !== false && !empty($nick)) { $str .= ', '; } $str .= $id; } if ($id !== false || $nick !== false) { $str .= ')'; } return $str; }",True,PHP,getNameWithCase,Adherent.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-04-05 09:47:02+02:00,"Prevent some possible XSS

Few fixes
Enhance type hinting",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-21319,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13640,"public function __get($name) { $forbidden = array( 'admin', 'staff', 'due_free', 'appears_in_list', 'active', 'row_classes', 'oldness', 'duplicate' ); if (!defined('GALETTE_TESTS')) { $forbidden[] = 'password'; } $virtuals = array( 'sadmin', 'sstaff', 'sdue_free', 'sappears_in_list', 'sactive', 'stitle', 'sstatus', 'sfullname', 'sname', 'saddress', 'rbirthdate', 'sgender', 'contribstatus' ); if (in_array($name, $forbidden)) { switch ($name) { case 'admin': return $this->isAdmin(); case 'staff': return $this->isStaff(); case 'due_free': return $this->isDueFree(); case 'appears_in_list': return $this->appearsInMembersList(); case 'active': return $this->isActive(); case 'duplicate': return $this->isDuplicate(); default: throw new \RuntimeException(""Call to __get for '$name' is forbidden!""); } } else { if (in_array($name, $virtuals)) { if (substr($name, 0, 1) !== '_') { $real = '_' . substr($name, 1); } else { $real = $name; } switch ($name) { case 'sadmin': case 'sdue_free': case 'sappears_in_list': case 'sstaff': return (($this->$real) ? _T(""Yes"") : _T(""No"")); break; case 'sactive': return (($this->$real) ? _T(""Active"") : _T(""Inactive"")); break; case 'stitle': if (isset($this->_title) && $this->_title instanceof Title) { return $this->_title->tshort; } else { return null; } break; case 'sstatus': $status = new Status($this->zdb); return $status->getLabel($this->_status); break; case 'sfullname': return $this->getNameWithCase( $this->_name, $this->_surname, (isset($this->_title) ? $this->title : false) ); break; case 'saddress': $address = $this->_address; if ($this->_address_continuation !== '' && $this->_address_continuation !== null) { $address .= ""\n"" . $this->_address_continuation; } return $address; break; case 'sname': return $this->getNameWithCase($this->_name, $this->_surname); break; case 'rbirthdate': return $this->_birthdate; break; case 'sgender': switch ($this->gender) { case self::MAN: return _T('Man'); case self::WOMAN: return _T('Woman'); default: return _T('Unspecified'); } break; case 'contribstatus': return $this->getDues(); break; } } else { if (substr($name, 0, 1) !== '_') { $rname = '_' . $name; } else { $rname = $name; } switch ($name) { case 'id': case 'id_statut': if ($this->$rname !== null) { return (int)$this->$rname; } else { return null; } break; case 'birthdate': case 'creation_date': case 'modification_date': case 'due_date': if ($this->$rname != '') { try { $d = new \DateTime($this->$rname); return $d->format(__(""Y-m-d"")); } catch (Throwable $e) { Analog::log( 'Bad date (' . $this->$rname . ') | ' . $e->getMessage(), Analog::INFO ); return $this->$rname; } } break; default: if (!property_exists($this, $rname)) { Analog::log( ""Unknown property '$rname'"", Analog::WARNING ); return null; } else { return $this->$rname; } break; } } } }",True,PHP,__get,Adherent.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-04-05 09:47:02+02:00,"Prevent some possible XSS

Few fixes
Enhance type hinting",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-21319,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13643,"public function store($values) { if (!$this->check($values)) { return false; } $isnew = ($this->id === null); if ($this->old_name !== null) { $this->deleteTranslation($this->old_name); $this->addTranslation($this->name); } try { $values = array( 'field_name' => $this->name, 'field_perm' => $this->perm, 'field_required' => $this->required, 'field_width' => ($this->width === null ? new Expression('NULL') : $this->width), 'field_height' => ($this->height === null ? new Expression('NULL') : $this->height), 'field_size' => ($this->size === null ? new Expression('NULL') : $this->size), 'field_repeat' => ($this->repeat === null ? new Expression('NULL') : $this->repeat), 'field_form' => $this->form, 'field_index' => $this->index ); if ($this->required === false) { $values['field_required'] = $this->zdb->isPostgres() ? 'false' : 0; } if (!$isnew) { $update = $this->zdb->update(self::TABLE); $update->set($values)->where( self::PK . ' = ' . $this->id ); $this->zdb->execute($update); } else { $values['field_type'] = $this->getType(); $insert = $this->zdb->insert(self::TABLE); $insert->values($values); $this->zdb->execute($insert); $this->id = $this->zdb->getLastGeneratedValue($this); if ($this->name != '') { $this->addTranslation($this->name); } } } catch (Throwable $e) { Analog::log( 'An error occurred storing field | ' . $e->getMessage(), Analog::ERROR ); $this->errors[] = _T(""An error occurred storing the field.""); } if (count($this->errors) === 0 && $this->hasFixedValues()) { $contents_table = self::getFixedValuesTableName($this->id, true); try { $this->zdb->drop(str_replace(PREFIX_DB, '', $contents_table), true); $field_size = ((int)$this->size > 0) ? $this->size : 1; $this->zdb->db->query( 'CREATE TABLE ' . $contents_table . ' (id INTEGER NOT NULL,val varchar(' . $field_size . ') NOT NULL)', \Laminas\Db\Adapter\Adapter::QUERY_MODE_EXECUTE ); } catch (Throwable $e) { Analog::log( 'Unable to manage fields values table ' . $contents_table . ' | ' . $e->getMessage(), Analog::ERROR ); $this->errors[] = _T(""An error occurred creating field values table""); } if (count($this->errors) == 0 && is_array($this->values)) { $contents_table = self::getFixedValuesTableName($this->id); try { $this->zdb->connection->beginTransaction(); $insert = $this->zdb->insert($contents_table); $insert->values( array( 'id' => ':id', 'val' => ':val' ) ); $stmt = $this->zdb->sql->prepareStatementForSqlObject($insert); $cnt_values = count($this->values); for ($i = 0; $i < $cnt_values; $i++) { $stmt->execute( array( 'id' => $i, 'val' => $this->values[$i] ) ); } $this->zdb->connection->commit(); } catch (Throwable $e) { $this->zdb->connection->rollBack(); Analog::log( 'Unable to store field ' . $this->id . ' values (' . $e->getMessage() . ')', Analog::ERROR ); $this->warnings[] = _T('An error occurred storing dynamic field values :('); } } } if (count($this->errors) === 0) { return true; } else { return false; } }",True,PHP,store,DynamicField.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-04-05 09:47:02+02:00,Fix stored XSS on dynamic fields configuration,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-21319,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13645,public function getName($translated = true) { if ($translated === true) { return _T($this->name); } else { return $this->name; } },True,PHP,getName,TranslatableTrait.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-04-05 09:47:02+02:00,Fix stored XSS on dynamic fields configuration,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-21319,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13648,"foreach ($pkeys as $k) { $where[] = $k . ' = ""' . $row->$k . '""'; }",True,PHP,foreach,Db.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13649,"public function grantCheck($mode = 'i') { Analog::log( 'Check for database rights (mode ' . $mode . ')', Analog::DEBUG ); $stop = false; $results = array( 'create' => false, 'insert' => false, 'select' => false, 'update' => false, 'delete' => false, 'drop' => false ); if ($mode === 'u') { $results['alter'] = false; } try { $sql = 'CREATE TABLE galette_test ( test_id INTEGER NOT NULL, test_text VARCHAR(20) )'; $this->db->query($sql, Adapter::QUERY_MODE_EXECUTE); $results['create'] = true; } catch (Throwable $e) { Analog::log('Cannot CREATE TABLE', Analog::WARNING); $stop = true; $results['create'] = $e; } if (!$stop) { if ($mode == 'u') { try { $sql = 'ALTER TABLE galette_test ALTER test_text SET DEFAULT \'nothing\''; $this->db->query($sql, Adapter::QUERY_MODE_EXECUTE); $results['alter'] = true; } catch (Throwable $e) { Analog::log( 'Cannot ALTER TABLE | ' . $e->getMessage(), Analog::WARNING ); $results['alter'] = $e; } } $values = array( 'test_id' => 1, 'test_text' => 'a simple text' ); try { $insert = $this->sql->insert('galette_test'); $insert->values($values); $res = $this->execute($insert); if ($res->count() === 1) { $results['insert'] = true; } else { throw new \Exception('No row inserted!'); } } catch (Throwable $e) { Analog::log( 'Cannot INSERT records | ' . $e->getMessage(), Analog::WARNING ); $stop = true; $results['insert'] = $e; } if (!$stop) { $values = array( 'test_text' => 'another simple text' ); try { $update = $this->sql->update('galette_test'); $update->set($values)->where( array('test_id' => 1) ); $res = $this->execute($update); if ($res->count() === 1) { $results['update'] = true; } else { throw new \Exception('No row updated!'); } } catch (Throwable $e) { Analog::log( 'Cannot UPDATE records | ' . $e->getMessage(), Analog::WARNING ); $results['update'] = $e; } try { $select = $this->sql->select('galette_test'); $select->where('test_id = 1'); $res = $this->execute($select); $pass = $res->count() === 1; if ($pass) { $results['select'] = true; } else { throw new \Exception('Select is empty!'); } } catch (Throwable $e) { Analog::log( 'Cannot SELECT records | ' . $e->getMessage(), Analog::WARNING ); $results['select'] = $e; } try { $delete = $this->sql->delete('galette_test'); $delete->where(array('test_id' => 1)); $this->execute($delete); $results['delete'] = true; } catch (Throwable $e) { Analog::log( 'Cannot DELETE records | ' . $e->getMessage(), Analog::WARNING ); $results['delete'] = $e; } } try { $sql = 'DROP TABLE galette_test'; $this->db->query($sql, Adapter::QUERY_MODE_EXECUTE); $results['drop'] = true; } catch (Throwable $e) { Analog::log( 'Cannot DROP TABLE | ' . $e->getMessage(), Analog::WARNING ); $results['drop'] = $e; } } return $results; }",True,PHP,grantCheck,Db.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13652,"protected function getCheckFileQuery() { global $zdb; $select = $zdb->select(self::TABLE); $select->columns( array( 'picture', 'format' ) ); $select->where(self::PK . ' = ' . $this->db_id); return $select; }",True,PHP,getCheckFileQuery,Logo.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13655,"public static function loadFrom(Db $zdb, $id, $mailing, $new = true) { try { $select = $zdb->select(self::TABLE); $select->where('mailing_id = ' . $id); $results = $zdb->execute($select); $result = $results->current(); return $mailing->loadFromHistory($result, $new); } catch (Throwable $e) { Analog::log( 'Unable to load mailing model $e->getMessage(), Analog::WARNING ); throw $e; } }",True,PHP,loadFrom,MailingHistory.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13656,"public function update() { try { $_recipients = array(); if ($this->recipients != null) { foreach ($this->recipients as $_r) { $_recipients[$_r->id] = $_r->sname . ' <' . $_r->email . '>'; } } $sender = ($this->sender === 0) ? new Expression('NULL') : $this->sender; $sender_name = ($this->sender_name === null) ? new Expression('NULL') : $this->sender_name; $sender_address = ($this->sender_address === null) ? new Expression('NULL') : $this->sender_address; $values = array( 'mailing_sender' => $sender, 'mailing_sender_name' => $sender_name, 'mailing_sender_address' => $sender_address, 'mailing_subject' => $this->subject, 'mailing_body' => $this->message, 'mailing_date' => $this->date, 'mailing_recipients' => serialize($_recipients), 'mailing_sent' => ($this->sent) ? true : ($this->zdb->isPostgres() ? 'false' : 0) ); $update = $this->zdb->update(self::TABLE); $update->set($values); $update->where(self::PK . ' = ' . $this->mailing->history_id); $this->zdb->execute($update); return true; } catch (Throwable $e) { Analog::log( 'An error occurend updating Mailing | ' . $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,update,MailingHistory.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13659,"public function load($id) { try { $select = $this->zdb->select(self::TABLE); $select->where(self::PK . ' = ' . $id); $results = $this->zdb->execute($select); $result = $results->current(); if ($result) { $this->loadFromRs($result); } } catch (Throwable $e) { Analog::log( 'Unable to retrieve field type for field ' . $id . ' | ' . $e->getMessage(), Analog::ERROR ); } }",True,PHP,load,DynamicField.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13660,"public static function loadFieldType(Db $zdb, $id) { try { $select = $zdb->select(self::TABLE); $select->where('field_id = ' . $id); $results = $zdb->execute($select); $result = $results->current(); if ($result) { $field_type = $result->field_type; $field_type = self::getFieldType($zdb, $field_type); $field_type->loadFromRs($result); return $field_type; } } catch (Throwable $e) { Analog::log( __METHOD__ . ' | Unable to retrieve field `' . $id . '` information | ' . $e->getMessage(), Analog::ERROR ); return false; } return false; }",True,PHP,loadFieldType,DynamicField.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13662,"public function store($values) { if (!$this->check($values)) { return false; } $isnew = ($this->id === null); if ($this->old_name !== null) { $this->deleteTranslation($this->old_name); $this->addTranslation($this->name); } try { $values = array( 'field_name' => strip_tags($this->name), 'field_perm' => $this->perm, 'field_required' => $this->required, 'field_width' => ($this->width === null ? new Expression('NULL') : $this->width), 'field_height' => ($this->height === null ? new Expression('NULL') : $this->height), 'field_size' => ($this->size === null ? new Expression('NULL') : $this->size), 'field_repeat' => ($this->repeat === null ? new Expression('NULL') : $this->repeat), 'field_form' => $this->form, 'field_index' => $this->index ); if ($this->required === false) { $values['field_required'] = $this->zdb->isPostgres() ? 'false' : 0; } if (!$isnew) { $update = $this->zdb->update(self::TABLE); $update->set($values)->where( self::PK . ' = ' . $this->id ); $this->zdb->execute($update); } else { $values['field_type'] = $this->getType(); $insert = $this->zdb->insert(self::TABLE); $insert->values($values); $this->zdb->execute($insert); $this->id = $this->zdb->getLastGeneratedValue($this); if ($this->name != '') { $this->addTranslation($this->name); } } } catch (Throwable $e) { Analog::log( 'An error occurred storing field | ' . $e->getMessage(), Analog::ERROR ); $this->errors[] = _T(""An error occurred storing the field.""); } if (count($this->errors) === 0 && $this->hasFixedValues()) { $contents_table = self::getFixedValuesTableName($this->id, true); try { $this->zdb->drop(str_replace(PREFIX_DB, '', $contents_table), true); $field_size = ((int)$this->size > 0) ? $this->size : 1; $this->zdb->db->query( 'CREATE TABLE ' . $contents_table . ' (id INTEGER NOT NULL,val varchar(' . $field_size . ') NOT NULL)', \Laminas\Db\Adapter\Adapter::QUERY_MODE_EXECUTE ); } catch (Throwable $e) { Analog::log( 'Unable to manage fields values table ' . $contents_table . ' | ' . $e->getMessage(), Analog::ERROR ); $this->errors[] = _T(""An error occurred creating field values table""); } if (count($this->errors) == 0 && is_array($this->values)) { $contents_table = self::getFixedValuesTableName($this->id); try { $this->zdb->connection->beginTransaction(); $insert = $this->zdb->insert($contents_table); $insert->values( array( 'id' => ':id', 'val' => ':val' ) ); $stmt = $this->zdb->sql->prepareStatementForSqlObject($insert); $cnt_values = count($this->values); for ($i = 0; $i < $cnt_values; $i++) { $stmt->execute( array( 'id' => $i, 'val' => $this->values[$i] ) ); } $this->zdb->connection->commit(); } catch (Throwable $e) { $this->zdb->connection->rollBack(); Analog::log( 'Unable to store field ' . $this->id . ' values (' . $e->getMessage() . ')', Analog::ERROR ); $this->warnings[] = _T('An error occurred storing dynamic field values :('); } } } if (count($this->errors) === 0) { return true; } else { return false; } }",True,PHP,store,DynamicField.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13667,"public static function updatePassword(Db $zdb, $id_adh, $pass) { try { $cpass = password_hash($pass, PASSWORD_BCRYPT); $update = $zdb->update(self::TABLE); $update->set( array('mdp_adh' => $cpass) )->where(self::PK . ' = ' . $id_adh); $zdb->execute($update); Analog::log( 'Password for `' . $id_adh . '` has been updated.', Analog::DEBUG ); return true; } catch (Throwable $e) { Analog::log( 'An error occurred while updating password for `' . $id_adh . '` | ' . $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,updatePassword,Adherent.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13668,"public function store() { global $hist, $emitter, $login; $event = null; if (!$login->isAdmin() && !$login->isStaff() && !$login->isGroupManager() && $this->id == '') { if ($this->preferences->pref_bool_create_member) { $this->_parent = $login->id; } } try { $values = array(); $fields = self::getDbFields($this->zdb); foreach ($fields as $field) { if ( $field !== 'date_modif_adh' || empty($this->_id) ) { $prop = '_' . $this->fields[$field]['propname']; if ( ($field === 'bool_admin_adh' || $field === 'bool_exempt_adh' || $field === 'bool_display_info' || $field === 'activite_adh') && $this->$prop === false ) { $values[$field] = $this->zdb->isPostgres() ? 'false' : 0; } elseif ($field === 'parent_id') { if ($this->_parent === null) { $values['parent_id'] = new Expression('NULL'); } elseif ($this->parent instanceof Adherent) { $values['parent_id'] = $this->_parent->id; } else { $values['parent_id'] = $this->_parent; } } else { $values[$field] = $this->$prop; } } } if (!$this->_birthdate) { $values['ddn_adh'] = new Expression('NULL'); } if (!$this->_due_date) { $values['date_echeance'] = new Expression('NULL'); } if ($this->_title instanceof Title) { $values['titre_adh'] = $this->_title->id; } else { $values['titre_adh'] = new Expression('NULL'); } if (!$this->_parent) { $values['parent_id'] = new Expression('NULL'); } if (!$this->_number) { $values['num_adh'] = new Expression('NULL'); } $notnull = [ '_surname' => 'prenom_adh', '_nickname' => 'pseudo_adh', '_address' => 'adresse_adh', '_zipcode' => 'cp_adh', '_town' => 'ville_adh' ]; foreach ($notnull as $prop => $field) { if ($this->$prop === null) { $values[$field] = ''; } } $success = false; if (empty($this->_id)) { unset($values[self::PK]); $this->_modification_date = date('Y-m-d'); $values['date_modif_adh'] = $this->_modification_date; $insert = $this->zdb->insert(self::TABLE); $insert->values($values); $add = $this->zdb->execute($insert); if ($add->count() > 0) { $this->_id = $this->zdb->getLastGeneratedValue($this); $this->_picture = new Picture($this->_id); if ($this->_self_adh) { $hist->add( _T(""Self_subscription as a member: "") . $this->getNameWithCase($this->_name, $this->_surname), $this->sname ); } else { $hist->add( _T(""Member card added""), $this->sname ); } $success = true; $event = 'member.add'; } else { $hist->add(_T(""Fail to add new member."")); throw new \Exception( 'An error occurred inserting new member!' ); } } else { if (!$this->isDueFree()) { $due_date = Contribution::getDueDate($this->zdb, $this->_id); if ($due_date) { $values['date_echeance'] = $due_date; } } if (!$this->_password) { unset($values['mdp_adh']); } $update = $this->zdb->update(self::TABLE); $update->set($values); $update->where( self::PK . '=' . $this->_id ); $edit = $this->zdb->execute($update); if ($edit->count() > 0) { $this->updateModificationDate(); $hist->add( _T(""Member card updated""), $this->sname ); } $success = true; $event = 'member.edit'; } if ($success) { $success = $this->dynamicsStore(); $this->storeSocials($this->id); } if ($event !== null) { $emitter->emit($event, $this); } return $success; } catch (Throwable $e) { Analog::log( 'Something went wrong :\'( | ' . $e->getMessage() . ""\n"" . $e->getTraceAsString(), Analog::ERROR ); throw $e; } }",True,PHP,store,Adherent.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13670,"public static function getSName($zdb, $id, $wid = false, $wnick = false) { try { $select = $zdb->select(self::TABLE); $select->where(self::PK . ' = ' . $id); $results = $zdb->execute($select); $row = $results->current(); return self::getNameWithCase( $row->nom_adh, $row->prenom_adh, false, ($wid === true ? $row->id_adh : false), ($wnick === true ? $row->pseudo_adh : false) ); } catch (Throwable $e) { Analog::log( 'Cannot get formatted name for member form id `' . $id . '` | ' . $e->getMessage(), Analog::WARNING ); throw $e; } }",True,PHP,getSName,Adherent.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13671,"$this->errors[] = _T(""Password misrepeated: ""); } else { $pinfos = password_get_info($value); if ($pinfos['algo'] == 0) { $this->$prop = password_hash( $value, PASSWORD_BCRYPT ); $pwcheck = new \Galette\Util\Password($preferences); $pwcheck->setAdherent($this); if (!$pwcheck->isValid($value)) { $this->errors = array_merge( $this->errors, $pwcheck->getErrors() ); } } } break; case 'id_statut': try { $this->$prop = (int)$value; $select = $this->zdb->select(Status::TABLE); $select->where(Status::PK . '= ' . $value); $results = $this->zdb->execute($select); $result = $results->current(); if (!$result) { $this->errors[] = str_replace( '%id', $value, _T(""Status ); break; } } catch (Throwable $e) { Analog::log( 'An error occurred checking status existence: ' . $e->getMessage(), Analog::ERROR ); $this->errors[] = _T(""An error has occurred while looking if status does exists.""); } break; case 'sexe_adh': if (in_array($value, [self::NC, self::MAN, self::WOMAN])) { $this->$prop = (int)$value; } else { $this->errors[] = _T(""Gender %gender does not exists!""); } break; case 'parent_id': $this->$prop = ($value instanceof Adherent) ? (int)$value->id : (int)$value; $this->loadParent(); break; }",True,PHP,_T,Adherent.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13672,"private function updateModificationDate() { try { $modif_date = date('Y-m-d'); $update = $this->zdb->update(self::TABLE); $update->set( array('date_modif_adh' => $modif_date) )->where(self::PK . '=' . $this->_id); $edit = $this->zdb->execute($update); $this->_modification_date = $modif_date; } catch (Throwable $e) { Analog::log( 'Something went wrong updating modif date :\'( | ' . $e->getMessage() . ""\n"" . $e->getTraceAsString(), Analog::ERROR ); throw $e; } }",True,PHP,updateModificationDate,Adherent.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13675,"public function checkOverlap() { try { $select = $this->zdb->select(self::TABLE, 'c'); $select->columns( array('date_debut_cotis', 'date_fin_cotis') )->join( array('ct' => PREFIX_DB . ContributionsTypes::TABLE), 'c.' . ContributionsTypes::PK . '=ct.' . ContributionsTypes::PK, array() )->where(Adherent::PK . ' = ' . $this->_member) ->where(array('cotis_extension' => new Expression('true'))) ->where->nest->nest ->greaterThanOrEqualTo('date_debut_cotis', $this->_begin_date) ->lessThan('date_debut_cotis', $this->_end_date) ->unnest ->or->nest ->greaterThan('date_fin_cotis', $this->_begin_date) ->lessThanOrEqualTo('date_fin_cotis', $this->_end_date); if ($this->id != '') { $select->where(self::PK . ' != ' . $this->id); } $results = $this->zdb->execute($select); if ($results->count() > 0) { $result = $results->current(); $d = new \DateTime($result->date_debut_cotis); return _T(""- Membership period overlaps period starting at "") . $d->format(__(""Y-m-d"")); } return true; } catch (Throwable $e) { Analog::log( 'An error occurred checking overlapping fee. ' . $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,checkOverlap,Contribution.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13677,"public static function setTransactionPart(Db $zdb, $trans_id, $contrib_id) { try { $update = $zdb->update(self::TABLE); $update->set( array(Transaction::PK => $trans_id) )->where(self::PK . ' = ' . $contrib_id); $zdb->execute($update); return true; } catch (Throwable $e) { Analog::log( 'Unable to attach contribution ' to transaction Analog::ERROR ); throw $e; } }",True,PHP,setTransactionPart,Contribution.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13679,"public function store() { global $hist, $emitter; $event = null; if (count($this->errors) > 0) { throw new \RuntimeException( 'Existing errors prevents storing contribution: ' . print_r($this->errors, true) ); } try { $this->zdb->connection->beginTransaction(); $values = array(); $fields = self::getDbFields($this->zdb); foreach ($fields as $field) { $prop = '_' . $this->_fields[$field]['propname']; switch ($field) { case ContributionsTypes::PK: case Transaction::PK: if (isset($this->$prop)) { $values[$field] = $this->$prop->id; } break; default: $values[$field] = $this->$prop; break; } } if (!$this->isFee() && !$this->_end_date) { unset($values['date_fin_cotis']); } $success = false; if (!isset($this->_id) || $this->_id == '') { unset($values[self::PK]); $insert = $this->zdb->insert(self::TABLE); $insert->values($values); $add = $this->zdb->execute($insert); if ($add->count() > 0) { $this->_id = $this->zdb->getLastGeneratedValue($this); $hist->add( _T(""Contribution added""), Adherent::getSName($this->zdb, $this->_member) ); $success = true; $event = 'contribution.add'; } else { $hist->add(_T(""Fail to add new contribution."")); throw new \Exception( 'An error occurred inserting new contribution!' ); } } else { $update = $this->zdb->update(self::TABLE); $update->set($values)->where( self::PK . '=' . $this->_id ); $edit = $this->zdb->execute($update); if ($edit->count() > 0) { $hist->add( _T(""Contribution updated""), Adherent::getSName($this->zdb, $this->_member) ); } if ($edit === false) { throw new \Exception( 'An error occurred updating contribution ); } $success = true; $event = 'contribution.edit'; } if ($this->isFee()) { $this->updateDeadline(); } if ($success) { $success = $this->dynamicsStore(true); } $this->zdb->connection->commit(); $this->_orig_amount = $this->_amount; if ($event !== null) { $emitter->emit($event, $this); } return true; } catch (Throwable $e) { if ($this->zdb->connection->inTransaction()) { $this->zdb->connection->rollBack(); } throw $e; } }",True,PHP,store,Contribution.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13680,"private function updateDeadline() { try { $due_date = self::getDueDate($this->zdb, $this->_member); if ($due_date != '') { $date_fin_update = $due_date; } else { $date_fin_update = new Expression('NULL'); } $update = $this->zdb->update(Adherent::TABLE); $update->set( array('date_echeance' => $date_fin_update) )->where( Adherent::PK . '=' . $this->_member ); $this->zdb->execute($update); return true; } catch (Throwable $e) { Analog::log( 'An error occurred updating member ' . $this->_member . '\'s deadline |' . $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,updateDeadline,Contribution.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13684,"public static function getDueDate(Db $zdb, $member_id) { if (!$member_id) { return ''; } try { $select = $zdb->select(self::TABLE, 'c'); $select->columns( array( 'max_date' => new Expression('MAX(date_fin_cotis)') ) )->join( array('ct' => PREFIX_DB . ContributionsTypes::TABLE), 'c.' . ContributionsTypes::PK . '=ct.' . ContributionsTypes::PK, array() )->where( Adherent::PK . ' = ' . $member_id )->where( array('cotis_extension' => new Expression('true')) ); $results = $zdb->execute($select); $result = $results->current(); $due_date = $result->max_date; if ($due_date == '0001-01-01 BC' || $due_date == '1901-01-01') { $due_date = ''; } return $due_date; } catch (Throwable $e) { Analog::log( 'An error occurred trying to retrieve member\'s due date', Analog::ERROR ); throw $e; } }",True,PHP,getDueDate,Contribution.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13685,"public function remove($transaction = true) { global $emitter; try { if ($transaction) { $this->zdb->connection->beginTransaction(); } $delete = $this->zdb->delete(self::TABLE); $delete->where(self::PK . ' = ' . $this->_id); $del = $this->zdb->execute($delete); if ($del->count() > 0) { $this->updateDeadline(); $this->dynamicsRemove(true); } else { Analog::log( 'Contribution has not been removed!', Analog::WARNING ); return false; } if ($transaction) { $this->zdb->connection->commit(); } $emitter->emit('contribution.remove', $this); return true; } catch (Throwable $e) { if ($transaction) { $this->zdb->connection->rollBack(); } Analog::log( 'An error occurred trying to remove contribution $this->_id . ' | ' . $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,remove,Contribution.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13686,"public static function unsetTransactionPart(Db $zdb, Login $login, $trans_id, $contrib_id) { try { $c = new Contribution($zdb, $login, (int)$contrib_id); if ($c->isTransactionPartOf($trans_id)) { $update = $zdb->update(self::TABLE); $update->set( array(Transaction::PK => null) )->where( self::PK . ' = ' . $contrib_id ); $zdb->execute($update); return true; } else { Analog::log( 'Contribution ' is not actually part of transaction Analog::WARNING ); return false; } } catch (Throwable $e) { Analog::log( 'Unable to detach contribution ' to transaction Analog::ERROR ); throw $e; } }",True,PHP,unsetTransactionPart,Contribution.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,public function activate_discount(){ if (isset($this->params['id'])) { $discount = new discounts($this->params['id']); $discount->update($this->params); } expHistory::back(); }
13687,"public function update($id, $label, $extra) { $ret = $this->get($id); if (!$ret) { return self::ID_NOT_EXITS; } $class = get_class($this); try { $oldlabel = $ret->{$this->flabel}; $this->zdb->connection->beginTransaction(); $values = array( $this->flabel => $label, $this->fthird => $extra ); $update = $this->zdb->update($this->table); $update->set($values); $update->where($this->fpk . ' = ' . $id); $ret = $this->zdb->execute($update); if ($oldlabel != $label) { $this->deleteTranslation($oldlabel); $this->addTranslation($label); } Analog::log( $this->getType() . ' Analog::INFO ); $this->zdb->connection->commit(); return true; } catch (Throwable $e) { $this->zdb->connection->rollBack(); Analog::log( 'Unable to update ' . $this->getType() . ' $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,update,Entitled.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13690,"public function load($id) { try { $select = $this->zdb->select($this->table); $select->where($this->fpk . ' = ' . $id); $results = $this->zdb->execute($select); if ($results->count() > 0) { $result = $results->current(); $this->loadFromRS($result); return true; } else { Analog::log( 'Unknown ID ' . $id, Analog::ERROR ); return false; } } catch (Throwable $e) { Analog::log( 'Cannot load ' . $this->getType() . ' from id `' . $id . '` | ' . $e->getMessage(), Analog::WARNING ); throw $e; } }",True,PHP,load,Entitled.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13691,"public function isUsed($id) { try { $select = $this->zdb->select($this->used); $select->where($this->fpk . ' = ' . $id); $results = $this->zdb->execute($select); $result = $results->current(); if ($result !== null) { return true; } else { return false; } } catch (Throwable $e) { Analog::log( 'Unable to check if ' . $this->getType . ' `' . $id . '` is used. | ' . $e->getMessage(), Analog::ERROR ); return true; } }",True,PHP,isUsed,Entitled.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13692,"public function get($id) { if (!is_numeric($id)) { $this->errors[] = _T(""ID must be an integer!""); return false; } try { $select = $this->zdb->select($this->table); $select->where($this->fpk . '=' . $id); $results = $this->zdb->execute($select); $result = $results->current(); if (!$result) { $this->errors[] = _T(""Label does not exist""); return false; } return $result; } catch (Throwable $e) { Analog::log( __METHOD__ . ' | ' . $e->getMessage(), Analog::WARNING ); throw $e; } }",True,PHP,get,Entitled.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13693,"public function delete($id) { $ret = $this->get($id); if (!$ret) { return self::ID_NOT_EXITS; } if ($this->isUsed($id)) { $this->errors[] = _T(""Cannot delete this label: it's still used""); return false; } try { $this->zdb->connection->beginTransaction(); $delete = $this->zdb->delete($this->table); $delete->where($this->fpk . ' = ' . $id); $this->zdb->execute($delete); $this->deleteTranslation($ret->{$this->flabel}); Analog::log( $this->getType() . ' ' . $id . ' deleted successfully.', Analog::INFO ); $this->zdb->connection->commit(); return true; } catch (Throwable $e) { $this->zdb->connection->rollBack(); Analog::log( 'Unable to delete ' . $this->getType() . ' ' . $id . ' | ' . $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,delete,Entitled.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13697,"public function store() { global $zdb, $hist; try { $values = array( self::PK => $this->id, 'group_name' => $this->group_name ); if ($this->parent_group) { $values['parent_group'] = $this->parent_group->getId(); } if (!isset($this->id) || $this->id == '') { unset($values[self::PK]); $this->creation_date = date(""Y-m-d H:i:s""); $values['creation_date'] = $this->creation_date; $insert = $zdb->insert(self::TABLE); $insert->values($values); $add = $zdb->execute($insert); if ($add->count() > 0) { $this->id = $zdb->getLastGeneratedValue($this); $hist->add( _T(""Group added""), $this->group_name ); return true; } else { $hist->add(_T(""Fail to add new group."")); throw new \Exception( 'An error occurred inserting new group!' ); } } else { $update = $zdb->update(self::TABLE); $update ->set($values) ->where(self::PK . '=' . $this->id); $edit = $zdb->execute($update); if ($edit->count() > 0) { $hist->add( _T(""Group updated""), $this->group_name ); } return true; } } catch (Throwable $e) { Analog::log( 'Something went wrong :\'( | ' . $e->getMessage() . ""\n"" . $e->getTraceAsString(), Analog::ERROR ); throw $e; } }",True,PHP,store,Group.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13698,"public function detach() { global $zdb, $hist; try { $update = $zdb->update(self::TABLE); $update->set( array('parent_group' => new Expression('NULL')) )->where( self::PK . ' = ' . $this->id ); $edit = $zdb->execute($update); if ($edit->count() > 0) { $this->parent_group = null; $hist->add( _T(""Group has been detached from its parent""), $this->group_name ); } return true; } catch (Throwable $e) { Analog::log( 'Something went wrong detaching group `' . $this->group_name . '` (' . $this->id . ') from its parent:\'( | ' . $e->getMessage() . ""\n"" . $e->getTraceAsString(), Analog::ERROR ); throw $e; } }",True,PHP,detach,Group.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13700,"$subgroup->remove(true); } } Analog::log( 'Cascading remove ' . $this->group_name . '. Members and managers will be detached.', Analog::INFO ); $delete = $zdb->delete(self::GROUPSUSERS_TABLE); $delete->where( self::PK . ' = ' . $this->id ); $zdb->execute($delete); $delete = $zdb->delete(self::GROUPSMANAGERS_TABLE); $delete->where( self::PK . ' = ' . $this->id ); $zdb->execute($delete); } $delete = $zdb->delete(self::TABLE); $delete->where( self::PK . ' = ' . $this->id ); $zdb->execute($delete); if ($transaction) { $zdb->connection->commit(); } return true; } catch (Throwable $e) { if ($transaction) { $zdb->connection->rollBack(); } if ($e->getCode() == 23000) { Analog::log( str_replace( '%group', $this->group_name, 'Group ""%group"" still have members!' ), Analog::WARNING ); $this->isempty = false; } else { Analog::log( 'Unable to delete group ' . $this->group_name . ' (' . $this->id . ') |' . $e->getMessage(), Analog::ERROR ); throw $e; } return false; } }",True,PHP,remove,Group.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13703,"public function store($zdb) { try { $values = array( self::PK => $this->id, 'model_fields' => serialize($this->fields) ); if (!isset($this->id) || $this->id == '') { unset($values[self::PK]); $this->creation_date = date(""Y-m-d H:i:s""); $values['model_creation_date'] = $this->creation_date; $insert = $zdb->insert(self::TABLE); $insert->values($values); $results = $zdb->execute($insert); if ($results->count() > 0) { return true; } else { throw new \Exception( 'An error occurred inserting new import model!' ); } } else { $update = $zdb->update(self::TABLE); $update->set($values); $update->where(self::PK . '=' . $this->id); $zdb->execute($update); return true; } } catch (Throwable $e) { Analog::log( 'Something went wrong storing import model :\'( | ' . $e->getMessage() . ""\n"" . $e->getTraceAsString(), Analog::ERROR ); throw $e; } }",True,PHP,store,ImportModel.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13705,"public function store() { $data = array( 'type_name' => $this->name ); try { if ($this->id !== null && $this->id > 0) { if ($this->old_name !== null) { $this->deleteTranslation($this->old_name); $this->addTranslation($this->name); } $update = $this->zdb->update(self::TABLE); $update->set($data)->where( self::PK . '=' . $this->id ); $this->zdb->execute($update); } else { $insert = $this->zdb->insert(self::TABLE); $insert->values($data); $add = $this->zdb->execute($insert); if (!$add->count() > 0) { Analog::log('Not stored!', Analog::ERROR); return false; } $this->id = $this->zdb->getLastGeneratedValue($this); $this->addTranslation($this->name); } return true; } catch (Throwable $e) { Analog::log( 'An error occurred storing payment type: ' . $e->getMessage() . ""\n"" . print_r($data, true), Analog::ERROR ); throw $e; } }",True,PHP,store,PaymentType.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13706,"public function remove() { $id = (int)$this->id; if ($this->isSystemType()) { throw new \RuntimeException(_T(""You cannot delete system payment types!"")); } try { $delete = $this->zdb->delete(self::TABLE); $delete->where( self::PK . ' = ' . $id ); $this->zdb->execute($delete); $this->deleteTranslation($this->name); Analog::log( 'Payment type . ') deleted successfully.', Analog::INFO ); return true; } catch (Throwable $e) { Analog::log( 'Unable to delete payment type ' . $id . ' | ' . $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,remove,PaymentType.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13707,"private function load($id) { try { $select = $this->zdb->select(self::TABLE); $select->limit(1)->where(self::PK . ' = ' . $id); $results = $this->zdb->execute($select); $res = $results->current(); $this->id = $id; $this->name = $res->type_name; } catch (Throwable $e) { Analog::log( 'An error occurred loading payment type $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,load,PaymentType.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13713,"public function store() { $title = $this->title; if ($title === null || trim($title) === '') { $title = new Expression('NULL'); } $subtitle = $this->subtitle; if ($subtitle === null || trim($subtitle) === '') { $subtitle = new Expression('NULL'); } $data = array( 'model_header' => $this->header, 'model_footer' => $this->footer, 'model_type' => $this->type, 'model_title' => $title, 'model_subtitle' => $subtitle, 'model_body' => $this->body, 'model_styles' => $this->styles ); try { if ($this->id !== null) { $update = $this->zdb->update(self::TABLE); $update->set($data)->where( self::PK . '=' . $this->id ); $this->zdb->execute($update); } else { $data['model_name'] = $this->name; $insert = $this->zdb->insert(self::TABLE); $insert->values($data); $add = $this->zdb->execute($insert); if (!($add->count() > 0)) { Analog::log('Not stored!', Analog::ERROR); return false; } } return true; } catch (Throwable $e) { Analog::log( 'An error occurred storing model: ' . $e->getMessage() . ""\n"" . print_r($data, true), Analog::ERROR ); throw $e; } }",True,PHP,store,PdfModel.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13714,"protected function load($id, $init = true) { global $login; try { $select = $this->zdb->select(self::TABLE); $select->limit(1) ->where(self::PK . ' = ' . $id); $results = $this->zdb->execute($select); $count = $results->count(); if ($count === 0) { if ($init === true) { $models = new PdfModels($this->zdb, $this->preferences, $login); $models->installInit(); $this->load($id, false); } else { throw new \RuntimeException('Model not found!'); } } else { $this->loadFromRs($results->current()); } } catch (Throwable $e) { Analog::log( 'An error occurred loading model $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,load,PdfModel.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13715,"private function load($id) { global $zdb; try { $select = $zdb->select(self::TABLE); $select->limit(1) ->where(self::PK . ' = ' . $id); $results = $zdb->execute($select); $this->loadFromRs($results->current()); } catch (Throwable $e) { Analog::log( 'An error occurred loading reminder $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,load,Reminder.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13717,private function load($id) { try { $select = $this->zdb->select(self::TABLE); $select->limit(1)->where(self::PK . ' = ' . $id); if ($this->login->isSuperAdmin()) { $select->where(Adherent::PK . ' IS NULL'); } else { $select->where(Adherent::PK . ' = ' . (int)$this->login->id); } $results = $this->zdb->execute($select); $res = $results->current(); $this->loadFromRs($res); } catch (Throwable $e) {,True,PHP,load,SavedSearch.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13719,"public function remove() { $id = (int)$this->id; try { $delete = $this->zdb->delete(self::TABLE); $delete->where( self::PK . ' = ' . $id ); $this->zdb->execute($delete); Analog::log( 'Saved search . ') deleted successfully.', Analog::INFO ); return true; } catch (\RuntimeException $re) { throw $re; } catch (Throwable $e) { Analog::log( 'Unable to delete saved search ' . $id . ' | ' . $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,remove,SavedSearch.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13721,"public function store($zdb) { $data = array( 'short_label' => $this->short, 'long_label' => $this->long ); try { if ($this->id !== null && $this->id > 0) { $update = $zdb->update(self::TABLE); $update->set($data)->where( self::PK . '=' . $this->id ); $zdb->execute($update); } else { $insert = $zdb->insert(self::TABLE); $insert->values($data); $add = $zdb->execute($insert); if (!$add->count() > 0) { Analog::log('Not stored!', Analog::ERROR); return false; } $this->id = $zdb->getLastGeneratedValue($this); } return true; } catch (Throwable $e) { Analog::log( 'An error occurred storing title: ' . $e->getMessage() . ""\n"" . print_r($data, true), Analog::ERROR ); throw $e; } }",True,PHP,store,Title.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13724,"private function load($id) { global $zdb; try { $select = $zdb->select(self::TABLE); $select->limit(1)->where(self::PK . ' = ' . $id); $results = $zdb->execute($select); $res = $results->current(); $this->id = $id; $this->short = $res->short_label; $this->long = $res->long_label; } catch (Throwable $e) { Analog::log( 'An error occurred loading title $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,load,Title.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13725,"public function remove($zdb) { $id = (int)$this->id; if ($id === self::MR || $id === self::MRS) { throw new \RuntimeException(_T(""You cannot delete Mr. or Mrs. titles!"")); } try { $delete = $zdb->delete(self::TABLE); $delete->where( self::PK . ' = ' . $id ); $zdb->execute($delete); Analog::log( 'Title . ') deleted successfully.', Analog::INFO ); return true; } catch (\RuntimeException $re) { throw $re; } catch (Throwable $e) { Analog::log( 'Unable to delete title ' . $id . ' | ' . $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,remove,Title.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13729,"public function load($id) { try { $select = $this->zdb->select(self::TABLE, 't'); $select->where(self::PK . ' = ' . $id); $select->join( array('a' => PREFIX_DB . Adherent::TABLE), 't.' . Adherent::PK . '=a.' . Adherent::PK, array() ); if (!$this->login->isAdmin() && !$this->login->isStaff() && !$this->login->isGroupManager()) { if (!$this->login->isLogged()) { Analog::log( 'Non-logged-in users cannot load transaction id `' . $id, Analog::ERROR ); return false; } $select->where ->nest() ->equalTo('a.' . Adherent::PK, $this->login->id) ->or ->equalTo('a.parent_id', $this->login->id) ->unnest() ->and ->equalTo('t.' . self::PK, $id) ; } else { $select->where->equalTo(self::PK, $id); } $results = $this->zdb->execute($select); $result = $results->current(); if ($result) { $this->loadFromRS($result); return true; } else { Analog::log( 'Transaction id `' . $id . '` does not exists', Analog::WARNING ); return false; } } catch (Throwable $e) { Analog::log( 'Cannot load transaction form id `' . $id . '` | ' . $e->getMessage(), Analog::WARNING ); throw $e; } }",True,PHP,load,Transaction.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13732,"public function remove(History $hist, $transaction = true) { global $emitter; try { if ($transaction) { $this->zdb->connection->beginTransaction(); } if ($this->getDispatchedAmount() > 0) { $c = new Contributions($this->zdb, $this->login); $clist = $c->getListFromTransaction($this->_id); $cids = array(); foreach ($clist as $cid) { $cids[] = $cid->id; } $rem = $c->remove($cids, $hist, false); } $delete = $this->zdb->delete(self::TABLE); $delete->where( self::PK . ' = ' . $this->_id ); $del = $this->zdb->execute($delete); if ($del->count() > 0) { $this->dynamicsRemove(true); } else { Analog::log( 'Transaction has not been removed!', Analog::WARNING ); return false; } if ($transaction) { $this->zdb->connection->commit(); } $emitter->emit('transaction.remove', $this); return true; } catch (Throwable $e) { if ($transaction) { $this->zdb->connection->rollBack(); } Analog::log( 'An error occurred trying to remove transaction $this->_id . ' | ' . $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,remove,Transaction.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13733,"public function getMissingAmount() { if (empty($this->_id)) { return (double)$this->amount; } try { $select = $this->zdb->select(Contribution::TABLE); $select->columns( array( 'sum' => new Expression('SUM(montant_cotis)') ) )->where(self::PK . ' = ' . $this->_id); $results = $this->zdb->execute($select); $result = $results->current(); $dispatched_amount = $result->sum; return (double)$this->_amount - (double)$dispatched_amount; } catch (Throwable $e) { Analog::log( 'An error occurred retrieving missing amounts | ' . $e->getMessage(), Analog::ERROR ); throw $e; } }",True,PHP,getMissingAmount,Transaction.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13734,"public function store(History $hist) { global $emitter; $event = null; try { $this->zdb->connection->beginTransaction(); $values = array(); $fields = $this->getDbFields($this->zdb); foreach ($fields as $field) { $prop = '_' . $this->_fields[$field]['propname']; $values[$field] = $this->$prop; } $success = false; if (!isset($this->_id) || $this->_id == '') { unset($values[self::PK]); $insert = $this->zdb->insert(self::TABLE); $insert->values($values); $add = $this->zdb->execute($insert); if ($add->count() > 0) { $this->_id = $this->zdb->getLastGeneratedValue($this); $hist->add( _T(""Transaction added""), Adherent::getSName($this->zdb, $this->_member) ); $success = true; $event = 'transaction.add'; } else { $hist->add(_T(""Fail to add new transaction."")); throw new \RuntimeException( 'An error occurred inserting new transaction!' ); } } else { $update = $this->zdb->update(self::TABLE); $update->set($values)->where( self::PK . '=' . $this->_id ); $edit = $this->zdb->execute($update); if ($edit->count() > 0) { $hist->add( _T(""Transaction updated""), Adherent::getSName($this->zdb, $this->_member) ); } $success = true; $event = 'transaction.edit'; } if ($success) { $success = $this->dynamicsStore(true); } $this->zdb->connection->commit(); if ($event !== null) { $emitter->emit($event, $this); } return true; } catch (Throwable $e) { $this->zdb->connection->rollBack(); Analog::log( 'Something went wrong :\'( | ' . $e->getMessage() . ""\n"" . $e->getTraceAsString(), Analog::ERROR ); throw $e; } }",True,PHP,store,Transaction.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13735,"private function buildWhereClause(Select $select) { global $zdb, $login; try { if ($this->filters->email_filter == self::FILTER_W_EMAIL) { $select->where('email_adh != \'\''); } if ($this->filters->email_filter == self::FILTER_WO_EMAIL) { $select->where('(email_adh = \'\' OR email_adh IS NULL)'); } if ($this->filters->filter_str != '') { $token = $zdb->platform->quoteValue( '%' . strtolower($this->filters->filter_str) . '%' ); switch ($this->filters->field_filter) { case self::FILTER_NAME: if (TYPE_DB === 'pgsql') { $sep = "" || ' ' || ""; $pre = ''; $post = ''; } else { $sep = ', "" "", '; $pre = 'CONCAT('; $post = ')'; } $select->where( '(' . $pre . 'LOWER(nom_adh)' . $sep . 'LOWER(prenom_adh)' . $sep . 'LOWER(pseudo_adh)' . $post . ' LIKE ' . $token . ' OR ' . $pre . 'LOWER(prenom_adh)' . $sep . 'LOWER(nom_adh)' . $sep . 'LOWER(pseudo_adh)' . $post . ' LIKE ' . $token . ')' ); break; case self::FILTER_COMPANY_NAME: $select->where( 'LOWER(societe_adh) LIKE ' . $token ); break; case self::FILTER_ADDRESS: $select->where( '(' . 'LOWER(adresse_adh) LIKE ' . $token . ' OR ' . 'LOWER(adresse2_adh) LIKE ' . $token . ' OR ' . 'cp_adh LIKE ' . $token . ' OR ' . 'LOWER(ville_adh) LIKE ' . $token . ' OR ' . 'LOWER(pays_adh) LIKE ' . $token . ')' ); break; case self::FILTER_MAIL: $select->where( '(' . 'LOWER(email_adh) LIKE ' . $token . ' OR ' . 'LOWER(so.url) LIKE ' . $token . ')' ); break; case self::FILTER_JOB: $select->where( 'LOWER(prof_adh) LIKE ' . $token ); break; case self::FILTER_INFOS: $more = ''; if ($login->isAdmin() || $login->isStaff()) { $more = ' OR LOWER(info_adh) LIKE ' . $token; } $select->where( '(LOWER(info_public_adh) LIKE ' . $token . $more . ')' ); break; case self::FILTER_NUMBER: $select->where->equalTo('a.num_adh', $this->filters->filter_str); break; case self::FILTER_ID: $select->where->equalTo('a.id_adh', $this->filters->filter_str); break; } } if ($this->filters->membership_filter) { switch ($this->filters->membership_filter) { case self::MEMBERSHIP_NEARLY: $now = new \DateTime(); $duedate = new \DateTime(); $duedate->modify('+1 month'); $select->where->greaterThan( 'date_echeance', $now->format('Y-m-d') )->lessThanOrEqualTo( 'date_echeance', $duedate->format('Y-m-d') ); break; case self::MEMBERSHIP_LATE: $select->where ->lessThan( 'date_echeance', date('Y-m-d', time()) )->equalTo('bool_exempt_adh', new Expression('false')); break; case self::MEMBERSHIP_UP2DATE: $select->where( '(' . 'date_echeance >= \'' . date('Y-m-d', time()) . '\' OR bool_exempt_adh=true)' ); break; case self::MEMBERSHIP_NEVER: $select->where('date_echeance IS NULL') ->where('bool_exempt_adh = false'); break; case self::MEMBERSHIP_STAFF: $select->where->lessThan( 'status.priorite_statut', self::NON_STAFF_MEMBERS ); break; case self::MEMBERSHIP_ADMIN: $select->where->equalTo('bool_admin_adh', true); break; case self::MEMBERSHIP_NONE: $select->where->equalTo('a.id_statut', Status::DEFAULT_STATUS); break; } } if ($this->filters->filter_account) { switch ($this->filters->filter_account) { case self::ACTIVE_ACCOUNT: $select->where('activite_adh=true'); break; case self::INACTIVE_ACCOUNT: $select->where('activite_adh=false'); break; } } if ($this->filters->group_filter) { $select->join( array('g' => PREFIX_DB . Group::GROUPSUSERS_TABLE), 'a.' . Adherent::PK . '=g.' . Adherent::PK, array(), $select::JOIN_LEFT )->join( array('gs' => PREFIX_DB . Group::TABLE), 'gs.' . Group::PK . '=g.' . Group::PK, array(), $select::JOIN_LEFT )->where( '(g.' . Group::PK . ' = ' . $this->filters->group_filter . ' OR gs.parent_group = NULL OR gs.parent_group = ' . $this->filters->group_filter . ')' ); } if ($this->filters instanceof AdvancedMembersList) { $this->buildAdvancedWhereClause($select); } return $select; } catch (Throwable $e) { Analog::log( __METHOD__ . ' | ' . $e->getMessage(), Analog::WARNING ); throw $e; } }",True,PHP,buildWhereClause,Members.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:47:22+01:00,Use prepared statement rather than direct SQL,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-41262,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13740,"public function store($zdb) { $data = array( 'short_label' => $this->short, 'long_label' => $this->long ); try { if ($this->id !== null && $this->id > 0) { $update = $zdb->update(self::TABLE); $update->set($data)->where([self::PK => $this->id]); $zdb->execute($update); } else { $insert = $zdb->insert(self::TABLE); $insert->values($data); $add = $zdb->execute($insert); if (!$add->count() > 0) { Analog::log('Not stored!', Analog::ERROR); return false; } $this->id = $zdb->getLastGeneratedValue($this); } return true; } catch (Throwable $e) { Analog::log( 'An error occurred storing title: ' . $e->getMessage() . ""\n"" . print_r($data, true), Analog::ERROR ); throw $e; } }",True,PHP,store,Title.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:51:39+01:00,"Fix XSS, prevent their storage

Use HTML purifier lib to sanitize preferences footer",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-41261,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13743,"$key = strtolower($key); $prop = '_' . $this->_fields[$key]['propname']; if (isset($values[$key])) { $value = trim($values[$key]); } else { $value = ''; } if (!isset($disabled[$key])) { if ($value != '') { switch ($key) { case 'trans_date': try { $d = \DateTime::createFromFormat(__(""Y-m-d""), $value); if ($d === false) { throw new \Exception('Incorrect format'); } $this->$prop = $d->format('Y-m-d'); } catch (Throwable $e) { Analog::log( 'Wrong date format. field: ' . $key . ', value: ' . $value . ', expected fmt: ' . __(""Y-m-d"") . ' | ' . $e->getMessage(), Analog::INFO ); $this->errors[] = str_replace( array( '%date_format', '%field' ), array( __(""Y-m-d""), $this->getFieldLabel($key) ), _T(""- Wrong date format (%date_format) for %field!"") ); } break; case Adherent::PK: $this->_member = (int)$value; break; case 'trans_amount': $this->_amount = $value; $value = strtr($value, ',', '.'); if (!is_numeric($value)) { $this->errors[] = _T(""- The amount must be an integer!""); } break; case 'trans_desc': $this->_description = $value; if (mb_strlen($value) > 150) { $this->errors[] = _T(""- Transaction description must be 150 characters long maximum.""); } break; } } } } foreach ($required as $key => $val) { if ($val === 1) { $prop = '_' . $this->_fields[$key]['propname']; if (!isset($disabled[$key]) && !isset($this->$prop)) { $this->errors[] = str_replace( '%field', '' . $this->getFieldLabel($key) . '', _T(""- Mandatory field %field empty."") ); } } } if ($this->_id != '') { $dispatched = $this->getDispatchedAmount(); if ($dispatched > $this->_amount) { $this->errors[] = _T(""- Sum of all contributions exceed corresponding transaction amount.""); } } $this->dynamicsCheck($values, $required, $disabled); if (count($this->errors) > 0) { Analog::log( 'Some errors has been thew attempting to edit/store a transaction' . print_r($this->errors, true), Analog::DEBUG ); return $this->errors; } else { Analog::log( 'Transaction checked successfully.', Analog::DEBUG ); return true; } }",True,PHP,strtolower,Transaction.php,https://github.com/galette/galette,galette,Johan Cwiklinski,2021-11-09 22:51:39+01:00,"Fix XSS, prevent their storage

Use HTML purifier lib to sanitize preferences footer",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-41261,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13745,"protected function unserialize(string $data) { if (is_numeric($data)) { return $data; } $unserialize = $this->options['serialize'][1] ?? ""unserialize""; return $unserialize($data); }",True,PHP,unserialize,Driver.php,https://github.com/top-think/framework,top-think,ThinkPHP,2022-01-07 12:09:13+08:00,改进缓存驱动unserialize方法参数类型限制,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2021-23592,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13747,"public function saveToCookie(Cookie $cookie) { if ($this->config['use_cookie']) { $cookie->set($this->config['cookie_var'], $this->range); } }",True,PHP,saveToCookie,Lang.php,https://github.com/top-think/framework,top-think,thinkphp,2022-09-14 13:33:59+08:00,删除废弃方法 优化多语言检测,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-47945,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13750,"function dataCreator($char = '', $type = '') { if($char != '') { $permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $strip_one = substr(str_shuffle($permitted_chars), 0, 1); $strip_two = substr(str_shuffle($permitted_chars), 0, 2); $encryp_array = array( ""A"" => ""v"", ""B"" => ""l"", ""C"" => ""x"", ""D"" => ""m"", ""E"" => ""w"", ""F"" => ""q"", ""G"" => ""p"", ""H"" => ""a"", ""I"" => ""r"", ""J"" => ""y"", ""K"" => ""b"", ""L"" => ""u"", ""M"" => ""z"", ""N"" => ""c"", ""O"" => ""k"", ""P"" => ""e"", ""Q"" => ""t"", ""R"" => ""i"", ""S"" => ""d"", ""T"" => ""g"", ""U"" => ""n"", ""V"" => ""o"", ""W"" => ""h"", ""X"" => ""f"", ""Y"" => ""j"", ""Z"" => ""s"", ""a"" => ""M"", ""b"" => ""K"", ""c"" => ""T"", ""d"" => ""Q"", ""e"" => ""S"", ""f"" => ""I"", ""g"" => ""N"", ""h"" => ""P"", ""i"" => ""L"", ""j"" => ""B"", ""k"" => ""G"", ""l"" => ""X"", ""m"" => ""D"", ""n"" => ""Z"", ""o"" => ""W"", ""p"" => ""J"", ""q"" => ""Z"", ""r"" => ""A"", ""s"" => ""U"", ""t"" => ""E"", ""u"" => ""Y"", ""v"" => ""C"", ""w"" => ""H"", ""x"" => ""F"", ""y"" => ""R"", ""z"" => ""O"", ""0"" => ""6"", ""1"" => ""4"", ""2"" => ""7"", ""3"" => ""8"", ""4"" => ""2"", ""5"" => ""9"", ""6"" => ""3"", ""7"" => ""0"", ""8"" => ""1"", ""9"" => ""5"" ); $decryp_array_caps = array( ""M"" => ""a"", ""K"" => ""b"", ""T"" => ""c"", ""Q"" => ""d"", ""S"" => ""e"", ""I"" => ""f"", ""N"" => ""g"", ""P"" => ""h"", ""L"" => ""i"", ""B"" => ""j"", ""G"" => ""k"", ""X"" => ""l"", ""D"" => ""m"", ""Z"" => ""n"", ""W"" => ""o"", ""J"" => ""p"", ""Z"" => ""q"", ""A"" => ""r"", ""U"" => ""s"", ""E"" => ""t"", ""Y"" => ""u"", ""C"" => ""v"", ""H"" => ""w"", ""F"" => ""x"", ""R"" => ""y"", ""O"" => ""z"" ); $decryp_array_small = array( ""v"" => ""A"", ""l"" => ""B"", ""x"" => ""C"", ""m"" => ""D"", ""w"" => ""E"", ""q"" => ""F"", ""p"" => ""G"", ""a"" => ""H"", ""r"" => ""I"", ""y"" => ""J"", ""b"" => ""K"", ""u"" => ""L"", ""z"" => ""M"", ""c"" => ""N"", ""k"" => ""O"", ""e"" => ""P"", ""t"" => ""Q"", ""i"" => ""R"", ""d"" => ""S"", ""g"" => ""T"", ""n"" => ""U"", ""o"" => ""V"", ""h"" => ""W"", ""f"" => ""X"", ""j"" => ""Y"", ""s"" => ""Z"" ); $decryp_array_numbers = array( ""6"" => ""0"", ""4"" => ""1"", ""7"" => ""2"", ""8"" => ""3"", ""2"" => ""4"", ""9"" => ""5"", ""3"" => ""6"", ""0"" => ""7"", ""1"" => ""8"", ""5"" => ""9"" ); if($type == 'ENC') { if(in_array($char, $encryp_array)) { return $strip_one.$encryp_array[$char].$strip_two; } else { return $strip_one.$char.$strip_two; } } if($type == 'DEC') { if(in_array($char, $decryp_array_caps)) { return $decryp_array_small[$char]; } elseif(in_array($char, $decryp_array_small)) { return $decryp_array_caps[$char]; } elseif(in_array($char, $decryp_array_numbers)) { return $decryp_array_numbers[$char]; } else { return $char; } } } else { return '*'; } }",True,PHP,dataCreator,AuthCryp.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13751,"function dataCreator($char = '', $type = '') { if($char != '') { $permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $strip_one = substr(str_shuffle($permitted_chars), 0, 1); $strip_two = substr(str_shuffle($permitted_chars), 0, 2); $encryp_array = array( ""A"" => ""v"", ""B"" => ""l"", ""C"" => ""x"", ""D"" => ""m"", ""E"" => ""w"", ""F"" => ""q"", ""G"" => ""p"", ""H"" => ""a"", ""I"" => ""r"", ""J"" => ""y"", ""K"" => ""b"", ""L"" => ""u"", ""M"" => ""z"", ""N"" => ""c"", ""O"" => ""k"", ""P"" => ""e"", ""Q"" => ""t"", ""R"" => ""i"", ""S"" => ""d"", ""T"" => ""g"", ""U"" => ""n"", ""V"" => ""o"", ""W"" => ""h"", ""X"" => ""f"", ""Y"" => ""j"", ""Z"" => ""s"", ""a"" => ""M"", ""b"" => ""K"", ""c"" => ""T"", ""d"" => ""Q"", ""e"" => ""S"", ""f"" => ""I"", ""g"" => ""N"", ""h"" => ""P"", ""i"" => ""L"", ""j"" => ""B"", ""k"" => ""G"", ""l"" => ""X"", ""m"" => ""D"", ""n"" => ""Z"", ""o"" => ""W"", ""p"" => ""J"", ""q"" => ""Z"", ""r"" => ""A"", ""s"" => ""U"", ""t"" => ""E"", ""u"" => ""Y"", ""v"" => ""C"", ""w"" => ""H"", ""x"" => ""F"", ""y"" => ""R"", ""z"" => ""O"", ""0"" => ""6"", ""1"" => ""4"", ""2"" => ""7"", ""3"" => ""8"", ""4"" => ""2"", ""5"" => ""9"", ""6"" => ""3"", ""7"" => ""0"", ""8"" => ""1"", ""9"" => ""5"" ); $decryp_array_caps = array( ""M"" => ""a"", ""K"" => ""b"", ""T"" => ""c"", ""Q"" => ""d"", ""S"" => ""e"", ""I"" => ""f"", ""N"" => ""g"", ""P"" => ""h"", ""L"" => ""i"", ""B"" => ""j"", ""G"" => ""k"", ""X"" => ""l"", ""D"" => ""m"", ""Z"" => ""n"", ""W"" => ""o"", ""J"" => ""p"", ""Z"" => ""q"", ""A"" => ""r"", ""U"" => ""s"", ""E"" => ""t"", ""Y"" => ""u"", ""C"" => ""v"", ""H"" => ""w"", ""F"" => ""x"", ""R"" => ""y"", ""O"" => ""z"" ); $decryp_array_small = array( ""v"" => ""A"", ""l"" => ""B"", ""x"" => ""C"", ""m"" => ""D"", ""w"" => ""E"", ""q"" => ""F"", ""p"" => ""G"", ""a"" => ""H"", ""r"" => ""I"", ""y"" => ""J"", ""b"" => ""K"", ""u"" => ""L"", ""z"" => ""M"", ""c"" => ""N"", ""k"" => ""O"", ""e"" => ""P"", ""t"" => ""Q"", ""i"" => ""R"", ""d"" => ""S"", ""g"" => ""T"", ""n"" => ""U"", ""o"" => ""V"", ""h"" => ""W"", ""f"" => ""X"", ""j"" => ""Y"", ""s"" => ""Z"" ); $decryp_array_numbers = array( ""6"" => ""0"", ""4"" => ""1"", ""7"" => ""2"", ""8"" => ""3"", ""2"" => ""4"", ""9"" => ""5"", ""3"" => ""6"", ""0"" => ""7"", ""1"" => ""8"", ""5"" => ""9"" ); if($type == 'ENC') { if(in_array($char, $encryp_array)) { return $strip_one.$encryp_array[$char].$strip_two; } else { return $strip_one.$char.$strip_two; } } if($type == 'DEC') { if(in_array($char, $decryp_array_caps)) { return $decryp_array_small[$char]; } elseif(in_array($char, $decryp_array_small)) { return $decryp_array_caps[$char]; } elseif(in_array($char, $decryp_array_numbers)) { return $decryp_array_numbers[$char]; } else { return $char; } } } else { return '*'; } }",True,PHP,dataCreator,AuthCryp.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13754,"unset($return[$key]); } } break; } return @array_change_key_case($return, CASE_UPPER); }",True,PHP,unset,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13755,"unset($return[$key]); } } break; } return @array_change_key_case($return, CASE_UPPER); }",True,PHP,unset,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13762,"$dt = date('Y-m-d', strtotime($match)); $sql = par_rep(""/'$match'/"", ""'$dt'"", $sql); } } if (substr($sql, 0, 6) == ""BEGIN;"") { $array = explode("";"", $sql); foreach ($array as $value) { if ($value != """") { $user_agent = explode('/', $_SERVER['HTTP_USER_AGENT']); if ($user_agent[0] == 'Mozilla') { $result = $connection->query($value); } if (!$result) { $user_agent = explode('/', $_SERVER['HTTP_USER_AGENT']); if ($user_agent[0] == 'Mozilla') { $connection->query(""ROLLBACK""); die(db_show_error($sql, _dbExecuteFailed, mysqli_error($connection))); } } } } } else { $user_agent = explode('/', $_SERVER['HTTP_USER_AGENT']); if ($user_agent[0] == 'Mozilla') { $result = $connection->query($sql) or die(db_show_error($sql, _dbExecuteFailed, mysqli_error($connection))); } } break; }",True,PHP,date,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13763,"$dt = date('Y-m-d', strtotime($match)); $sql = par_rep(""/'$match'/"", ""'$dt'"", $sql); } } if (substr($sql, 0, 6) == ""BEGIN;"") { $array = explode("";"", $sql); foreach ($array as $value) { if ($value != """") { $user_agent = explode('/', $_SERVER['HTTP_USER_AGENT']); if ($user_agent[0] == 'Mozilla') { $result = $connection->query($value); } if (!$result) { $user_agent = explode('/', $_SERVER['HTTP_USER_AGENT']); if ($user_agent[0] == 'Mozilla') { $connection->query(""ROLLBACK""); die(db_show_error($sql, _dbExecuteFailed, mysqli_error($connection))); } } } } } else { $user_agent = explode('/', $_SERVER['HTTP_USER_AGENT']); if ($user_agent[0] == 'Mozilla') { $result = $connection->query($sql) or die(db_show_error($sql, _dbExecuteFailed, mysqli_error($connection))); } } break; }",True,PHP,date,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13764,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13765,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13770,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress; PopTable('header', _error); $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            "" . _date . "": 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             "" . _failureNotice . "": 
             $failnote 
            		 
             "" . _sql . "": $sql 
             
             "" . _traceback . "": $error 
             
             "" . _additionalInformation . "": $additional 
             
            ""; echo "" 
             
            "" . _date . "": 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              "" . _openSisHasEncounteredAnErrorThatCouldHaveResultedFromAnyOfTheFollowing . "": 
             
               
            • "" . _invalidDataInput . ""
              •  
            • "" . _databaseSqlError . ""
              •  
            • "" . _programError . ""
              •  
             "" . _pleaseTakeThisScreenShotAndSendItToYourOpenSisRepresentativeForDebuggingAndResolution . "".             		 
             
            ""; PopTable('footer'); echo """"; if ($openSISNotifyAddress) { $message = """" . _system . "": $openSISTitle \n""; $message .= """" . _date . "": "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= """" . _page . "": "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= """" . _failureNotice . "": $failnote \n""; $message .= """" . _additionalInfo . "": $additional \n""; $message .= ""\n $sql \n""; $message .= """" . _requestArray . "": \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\n"" . _sessionArray . "": \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, _openSisDatabaseError, $message); } die(); }",True,PHP,db_show_error,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13771,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress; PopTable('header', _error); $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            "" . _date . "": 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             "" . _failureNotice . "": 
             $failnote 
            		 
             "" . _sql . "": $sql 
             
             "" . _traceback . "": $error 
             
             "" . _additionalInformation . "": $additional 
             
            ""; echo "" 
             
            "" . _date . "": 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              "" . _openSisHasEncounteredAnErrorThatCouldHaveResultedFromAnyOfTheFollowing . "": 
             
               
            • "" . _invalidDataInput . ""
              •  
            • "" . _databaseSqlError . ""
              •  
            • "" . _programError . ""
              •  
             "" . _pleaseTakeThisScreenShotAndSendItToYourOpenSisRepresentativeForDebuggingAndResolution . "".             		 
             
            ""; PopTable('footer'); echo """"; if ($openSISNotifyAddress) { $message = """" . _system . "": $openSISTitle \n""; $message .= """" . _date . "": "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= """" . _page . "": "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= """" . _failureNotice . "": $failnote \n""; $message .= """" . _additionalInfo . "": $additional \n""; $message .= ""\n $sql \n""; $message .= """" . _requestArray . "": \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\n"" . _sessionArray . "": \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, _openSisDatabaseError, $message); } die(); }",True,PHP,db_show_error,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13774,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13775,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13776,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType, $connection; switch ($DatabaseType) { case 'mysqli': $connection = new ConnectDBOpensis(); if ($connection->auto_init == true) { $connection = $connection->init($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); mysqli_set_charset($connection, ""utf8""); } break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errstring); } return $connection; }",True,PHP,db_start,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13777,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType, $connection; switch ($DatabaseType) { case 'mysqli': $connection = new ConnectDBOpensis(); if ($connection->auto_init == true) { $connection = $connection->init($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); mysqli_set_charset($connection, ""utf8""); } break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errstring); } return $connection; }",True,PHP,db_start,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13778,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13779,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13782,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            "" . _date . "": 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             "" . _failureNotice . "": 
             $failnote 
            		 
             "" . _sql . "": $sql 
             
             "" . _traceback . "": $error 
             
             "" . _additionalInformation . "": $additional 
             
            ""; echo "" 
             
            "" . _date . "": 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              "" . _openSisHasEncounteredAnErrorThatCouldHaveResultedFromAnyOfTheFollowing . "": 
             
               
            • "" . _invalidDataInput . ""
              •  
            • "" . _databaseSqlError . ""
              •  
            • "" . _programError . ""
              •  
             "" . _pleaseTakeThisScreenShotAndSendItToYourOpenSisRepresentativeForDebuggingAndResolution . "".             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,ForgotPass.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13783,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            "" . _date . "": 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             "" . _failureNotice . "": 
             $failnote 
            		 
             "" . _sql . "": $sql 
             
             "" . _traceback . "": $error 
             
             "" . _additionalInformation . "": $additional 
             
            ""; echo "" 
             
            "" . _date . "": 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              "" . _openSisHasEncounteredAnErrorThatCouldHaveResultedFromAnyOfTheFollowing . "": 
             
               
            • "" . _invalidDataInput . ""
              •  
            • "" . _databaseSqlError . ""
              •  
            • "" . _programError . ""
              •  
             "" . _pleaseTakeThisScreenShotAndSendItToYourOpenSisRepresentativeForDebuggingAndResolution . "".             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,ForgotPass.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13786,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,ForgotPass.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13787,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,ForgotPass.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_upcharge() { $this->loc->src = ""@globalstoresettings""; $config = new expConfig($this->loc); $this->config = $config->config; $upcharge = array(); foreach($this->params['upcharge'] as $key => $item) { if(!empty($item)) { $upcharge[$key] = $item; } } $this->config['upcharge'] = $upcharge; $config->update(array('config'=>$this->config)); flash('message', gt('Configuration updated')); expHistory::back(); }"
13792,"function DateInputAY($value, $name, $counter = 1, $placeholder = _enterDate) { $show = """"; $date_sep = """"; $monthVal = """"; $yearVal = """"; $dayVal = """"; $display = """"; if ($value != '') return '
            ' . ProperDateAY($value) . '     
            '; else { if ($counter == 2) return ''; else return ''; } }",True,PHP,DateInputAY,ForgotPass.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13793,"function DateInputAY($value, $name, $counter = 1, $placeholder = _enterDate) { $show = """"; $date_sep = """"; $monthVal = """"; $yearVal = """"; $dayVal = """"; $display = """"; if ($value != '') return '
            ' . ProperDateAY($value) . '     
            '; else { if ($counter == 2) return ''; else return ''; } }",True,PHP,DateInputAY,ForgotPass.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13794,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,ForgotPass.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13795,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,ForgotPass.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13800,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,ForgotPass.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13801,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,ForgotPass.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13802,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,ForgotPass.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13803,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,ForgotPass.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13806,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13807,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13810,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13811,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13822,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13823,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13826,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             Failure Notice: 
             $failnote 
            		 
             SQL: $sql 
             
             Traceback: $error 
             
             Additional Information: $additional 
             
            ""; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              openSIS has encountered an error that could have resulted from any of the following: 
             
               
            • Invalid data input
              •  
            • Database SQL error
              •  
            • Program error
              •  
             Please take this screen shot and send it to your openSIS representative for debugging and resolution.             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13827,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             Failure Notice: 
             $failnote 
            		 
             SQL: $sql 
             
             Traceback: $error 
             
             Additional Information: $additional 
             
            ""; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              openSIS has encountered an error that could have resulted from any of the following: 
             
               
            • Invalid data input
              •  
            • Database SQL error
              •  
            • Program error
              •  
             Please take this screen shot and send it to your openSIS representative for debugging and resolution.             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13828,"unset($return[$key]); } } break; } return @array_change_key_case($return, CASE_UPPER); }",True,PHP,unset,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13829,"unset($return[$key]); } } break; } return @array_change_key_case($return, CASE_UPPER); }",True,PHP,unset,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13830,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13831,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13832,"$dt = date('Y-m-d', strtotime($match)); $sql = par_rep(""/'$match'/"", ""'$dt'"", $sql); } } if (substr($sql, 0, 6) == ""BEGIN;"") { $array = explode("";"", $sql); foreach ($array as $value) { if ($value != """") { $result = $connection->query($value); if (!$result) { $connection->query(""ROLLBACK""); die(db_show_error($sql, _dbExecuteFailed, mysql_error())); } } } } else { $result = $connection->query($sql) or die(db_show_error($sql, _dbExecuteFailed, mysql_error())); } break; }",True,PHP,date,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13833,"$dt = date('Y-m-d', strtotime($match)); $sql = par_rep(""/'$match'/"", ""'$dt'"", $sql); } } if (substr($sql, 0, 6) == ""BEGIN;"") { $array = explode("";"", $sql); foreach ($array as $value) { if ($value != """") { $result = $connection->query($value); if (!$result) { $connection->query(""ROLLBACK""); die(db_show_error($sql, _dbExecuteFailed, mysql_error())); } } } } else { $result = $connection->query($sql) or die(db_show_error($sql, _dbExecuteFailed, mysql_error())); } break; }",True,PHP,date,ForgotPassUserName.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13840,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqil': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13841,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqil': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13846,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13847,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13848,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             Failure Notice: 
             $failnote 
            		 
             SQL: $sql 
             
             Traceback: $error 
             
             Additional Information: $additional 
             
            ""; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              openSIS has encountered an error that could have resulted from any of the following: 
             
               
            • Invalid data input
              •  
            • Database SQL error
              •  
            • Program error
              •  
             Please take this screen shot and send it to your openSIS representative for debugging and resolution.             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13849,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             Failure Notice: 
             $failnote 
            		 
             SQL: $sql 
             
             Traceback: $error 
             
             Additional Information: $additional 
             
            ""; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              openSIS has encountered an error that could have resulted from any of the following: 
             
               
            • Invalid data input
              •  
            • Database SQL error
              •  
            • Program error
              •  
             Please take this screen shot and send it to your openSIS representative for debugging and resolution.             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13854,"$dt = date('Y-m-d', strtotime($match)); $sql = par_rep(""/'$match'/"", ""'$dt'"", $sql); } } if (substr($sql, 0, 6) == ""BEGIN;"") { $array = explode("";"", $sql); foreach ($array as $value) { if ($value != """") { $result = $connection->query($value); if (!$result) { $connection->query(""ROLLBACK""); die(db_show_error($sql, _dbExecuteFailed, mysql_error())); } } } } else { $result = $connection->query($sql) or die(db_show_error($sql, _dbExecuteFailed, mysql_error())); } break; }",True,PHP,date,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13855,"$dt = date('Y-m-d', strtotime($match)); $sql = par_rep(""/'$match'/"", ""'$dt'"", $sql); } } if (substr($sql, 0, 6) == ""BEGIN;"") { $array = explode("";"", $sql); foreach ($array as $value) { if ($value != """") { $result = $connection->query($value); if (!$result) { $connection->query(""ROLLBACK""); die(db_show_error($sql, _dbExecuteFailed, mysql_error())); } } } } else { $result = $connection->query($sql) or die(db_show_error($sql, _dbExecuteFailed, mysql_error())); } break; }",True,PHP,date,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13856,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13857,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13858,"unset($return[$key]); } } break; } return @array_change_key_case($return, CASE_UPPER); }",True,PHP,unset,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13859,"unset($return[$key]); } } break; } return @array_change_key_case($return, CASE_UPPER); }",True,PHP,unset,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13860,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13861,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,PasswordCheck.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13864,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,ResetUserInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13865,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,ResetUserInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13868,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,ResetUserInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13869,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,ResetUserInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13870,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,ResetUserInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13871,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,ResetUserInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13876,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,ResetUserInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13877,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,ResetUserInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13880,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             Failure Notice: 
             $failnote 
            		 
             SQL: $sql 
             
             Traceback: $error 
             
             Additional Information: $additional 
             
            ""; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              openSIS has encountered an error that could have resulted from any of the following: 
             
               
            • Invalid data input
              •  
            • Database SQL error
              •  
            • Program error
              •  
             Please take this screen shot and send it to your openSIS representative for debugging and resolution.             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,ResetUserInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13881,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             Failure Notice: 
             $failnote 
            		 
             SQL: $sql 
             
             Traceback: $error 
             
             Additional Information: $additional 
             
            ""; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              openSIS has encountered an error that could have resulted from any of the following: 
             
               
            • Invalid data input
              •  
            • Database SQL error
              •  
            • Program error
              •  
             Please take this screen shot and send it to your openSIS representative for debugging and resolution.             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,ResetUserInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13882,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13883,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13884,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"public function update_groupdiscounts() { global $db; if (empty($this->params['id'])) { $existing_id = $db->selectValue('groupdiscounts', 'id', 'group_id='.$this->params['group_id']); if (!empty($existing_id)) flashAndFlow('error',gt('There is already a discount for that group.')); } $gd = new groupdiscounts(); $gd->update($this->params); expHistory::back(); }"
13885,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13896,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             Failure Notice: 
             $failnote 
            		 
             SQL: $sql 
             
             Traceback: $error 
             
             Additional Information: $additional 
             
            ""; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              openSIS has encountered an error that could have resulted from any of the following: 
             
               
            • Invalid data input
              •  
            • Database SQL error
              •  
            • Program error
              •  
             Please take this screen shot and send it to your openSIS representative for debugging and resolution.             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13897,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             Failure Notice: 
             $failnote 
            		 
             SQL: $sql 
             
             Traceback: $error 
             
             Additional Information: $additional 
             
            ""; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              openSIS has encountered an error that could have resulted from any of the following: 
             
               
            • Invalid data input
              •  
            • Database SQL error
              •  
            • Program error
              •  
             Please take this screen shot and send it to your openSIS representative for debugging and resolution.             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13900,foreach ($value as $k => $val) { if ($k != 'LAST_UPDATED') { if ($k != 'UPDATED_BY') { if ($k == 'ID') $data['data'][$i]['SCHOOL_ID'] = $val; else if ($k == 'SYEAR') $data['data'][$i]['SCHOOL_YEAR'] = $val; else if ($k == 'TITLE') $data['data'][$i]['SCHOOL_NAME'] = $val; else if ($k == 'WWW_ADDRESS') $data['data'][$i]['URL'] = $val; else $data['data'][$i][$k] = $val; } } },True,PHP,foreach,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13901,foreach ($value as $k => $val) { if ($k != 'LAST_UPDATED') { if ($k != 'UPDATED_BY') { if ($k == 'ID') $data['data'][$i]['SCHOOL_ID'] = $val; else if ($k == 'SYEAR') $data['data'][$i]['SCHOOL_YEAR'] = $val; else if ($k == 'TITLE') $data['data'][$i]['SCHOOL_NAME'] = $val; else if ($k == 'WWW_ADDRESS') $data['data'][$i]['URL'] = $val; else $data['data'][$i][$k] = $val; } } },True,PHP,foreach,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13904,"function GetMP($mp = '', $column = 'TITLE', $syear, $school) { global $_openSIS; if ($column == 'MARKING_PERIOD_ID') $column = 'TITLE'; if (!$_openSIS['GetMP']) { $_openSIS['GetMP'] = DBGet(DBQuery('SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_quarters\' AS `TABLE`,\'SEMESTER_ID\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_quarters WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_semesters\' AS `TABLE`,\'YEAR_ID\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_semesters WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_years\' AS `TABLE`, \'-1\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_years WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_progress_periods\' AS `TABLE`, \'-1\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_progress_periods WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\''), array(), array('MARKING_PERIOD_ID')); } if (substr($mp, 0, 1) == 'E') { if ($column == 'TITLE' || $column == 'SHORT_NAME') $suffix = ' Exam'; $mp = substr($mp, 1); } if ($mp == '') { return 'Custom'; } else { if ($mp == 0 && $column == 'TITLE') return 'Full Year' . $suffix; else { return $_openSIS['GetMP'][$mp][1][$column] . $suffix; } } }",True,PHP,GetMP,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13905,"function GetMP($mp = '', $column = 'TITLE', $syear, $school) { global $_openSIS; if ($column == 'MARKING_PERIOD_ID') $column = 'TITLE'; if (!$_openSIS['GetMP']) { $_openSIS['GetMP'] = DBGet(DBQuery('SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_quarters\' AS `TABLE`,\'SEMESTER_ID\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_quarters WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_semesters\' AS `TABLE`,\'YEAR_ID\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_semesters WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_years\' AS `TABLE`, \'-1\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_years WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_progress_periods\' AS `TABLE`, \'-1\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_progress_periods WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\''), array(), array('MARKING_PERIOD_ID')); } if (substr($mp, 0, 1) == 'E') { if ($column == 'TITLE' || $column == 'SHORT_NAME') $suffix = ' Exam'; $mp = substr($mp, 1); } if ($mp == '') { return 'Custom'; } else { if ($mp == 0 && $column == 'TITLE') return 'Full Year' . $suffix; else { return $_openSIS['GetMP'][$mp][1][$column] . $suffix; } } }",True,PHP,GetMP,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13906,"$percent = round($percent, 0); } else { $percent = round($percent, 2); } if ($ret == '%') return $percent; if (!$_openSIS['_makeLetterGrade']['grades'][$grade_scale_id]) $_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] = DBGet(DBQuery('SELECT TITLE,ID,BREAK_OFF FROM report_card_grades WHERE SYEAR=\'' . $cp[1]['SYEAR'] . '\' AND SCHOOL_ID=\'' . $cp[1]['SCHOOL_ID'] . '\' AND GRADE_SCALE_ID=\'' . $grade_scale_id . '\' ORDER BY BREAK_OFF IS NOT NULL DESC,BREAK_OFF DESC,SORT_ORDER')); foreach ($_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] as $grade) { if ($does_breakoff == 'Y' ? $percent >= $programconfig[$staff_id][$course_period_id . '-' . $grade['ID']] && is_numeric($programconfig[$staff_id][$course_period_id . '-' . $grade['ID']]) : $percent >= $grade['BREAK_OFF']) return $ret == 'ID' ? $grade['ID'] : $grade['TITLE']; } }",True,PHP,round,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13907,"$percent = round($percent, 0); } else { $percent = round($percent, 2); } if ($ret == '%') return $percent; if (!$_openSIS['_makeLetterGrade']['grades'][$grade_scale_id]) $_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] = DBGet(DBQuery('SELECT TITLE,ID,BREAK_OFF FROM report_card_grades WHERE SYEAR=\'' . $cp[1]['SYEAR'] . '\' AND SCHOOL_ID=\'' . $cp[1]['SCHOOL_ID'] . '\' AND GRADE_SCALE_ID=\'' . $grade_scale_id . '\' ORDER BY BREAK_OFF IS NOT NULL DESC,BREAK_OFF DESC,SORT_ORDER')); foreach ($_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] as $grade) { if ($does_breakoff == 'Y' ? $percent >= $programconfig[$staff_id][$course_period_id . '-' . $grade['ID']] && is_numeric($programconfig[$staff_id][$course_period_id . '-' . $grade['ID']]) : $percent >= $grade['BREAK_OFF']) return $ret == 'ID' ? $grade['ID'] : $grade['TITLE']; } }",True,PHP,round,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13908,"function singleQuoteReplace($param1 = false, $param2 = false, $param3) { return str_replace(""'"", ""''"", str_replace(""\'"", ""'"", $param3)); }",True,PHP,singleQuoteReplace,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13909,"function singleQuoteReplace($param1 = false, $param2 = false, $param3) { return str_replace(""'"", ""''"", str_replace(""\'"", ""'"", $param3)); }",True,PHP,singleQuoteReplace,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13910,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13911,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13912,foreach ($val as $vkey => $value) { if ($vkey != 'LAST_UPDATED') { if ($vkey != 'UPDATED_BY') { if ($vkey == 'ID') echo '' . htmlentities($value) . ''; else if ($vkey == 'SYEAR') echo '' . htmlentities($value) . ''; else if ($vkey == 'TITLE') echo '' . htmlentities($value) . ''; else if ($vkey == 'WWW_ADDRESS') echo '' . htmlentities($value) . ''; else echo '<' . $vkey . '>' . htmlentities($value) . ''; } } },True,PHP,foreach,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13913,foreach ($val as $vkey => $value) { if ($vkey != 'LAST_UPDATED') { if ($vkey != 'UPDATED_BY') { if ($vkey == 'ID') echo '' . htmlentities($value) . ''; else if ($vkey == 'SYEAR') echo '' . htmlentities($value) . ''; else if ($vkey == 'TITLE') echo '' . htmlentities($value) . ''; else if ($vkey == 'WWW_ADDRESS') echo '' . htmlentities($value) . ''; else echo '<' . $vkey . '>' . htmlentities($value) . ''; } } },True,PHP,foreach,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13914,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13915,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13922,echo ''; $i++; } echo ''; echo ''; $j++; },True,PHP,'params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13923,echo ''; $i++; } echo ''; echo ''; $j++; },True,PHP,'params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13928,"function GetMP($mp = '', $column = 'TITLE', $syear, $school) { global $_openSIS; if ($column == 'MARKING_PERIOD_ID') $column = 'TITLE'; if (!$_openSIS['GetMP']) { $_openSIS['GetMP'] = DBGet(DBQuery('SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_quarters\' AS `TABLE`,\'SEMESTER_ID\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_quarters WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_semesters\' AS `TABLE`,\'YEAR_ID\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_semesters WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_years\' AS `TABLE`, \'-1\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_years WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_progress_periods\' AS `TABLE`, \'-1\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_progress_periods WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\''), array(), array('MARKING_PERIOD_ID')); } if (substr($mp, 0, 1) == 'E') { if ($column == 'TITLE' || $column == 'SHORT_NAME') $suffix = ' Exam'; $mp = substr($mp, 1); } if ($mp == '') { return 'Custom'; } else { if ($mp == 0 && $column == 'TITLE') return 'Full Year' . $suffix; else { return $_openSIS['GetMP'][$mp][1][$column] . $suffix; } } }",True,PHP,GetMP,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13929,"function GetMP($mp = '', $column = 'TITLE', $syear, $school) { global $_openSIS; if ($column == 'MARKING_PERIOD_ID') $column = 'TITLE'; if (!$_openSIS['GetMP']) { $_openSIS['GetMP'] = DBGet(DBQuery('SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_quarters\' AS `TABLE`,\'SEMESTER_ID\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_quarters WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_semesters\' AS `TABLE`,\'YEAR_ID\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_semesters WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_years\' AS `TABLE`, \'-1\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_years WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_progress_periods\' AS `TABLE`, \'-1\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_progress_periods WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\''), array(), array('MARKING_PERIOD_ID')); } if (substr($mp, 0, 1) == 'E') { if ($column == 'TITLE' || $column == 'SHORT_NAME') $suffix = ' Exam'; $mp = substr($mp, 1); } if ($mp == '') { return 'Custom'; } else { if ($mp == 0 && $column == 'TITLE') return 'Full Year' . $suffix; else { return $_openSIS['GetMP'][$mp][1][$column] . $suffix; } } }",True,PHP,GetMP,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13938,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             Failure Notice: 
             $failnote 
            		 
             SQL: $sql 
             
             Traceback: $error 
             
             Additional Information: $additional 
             
            ""; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              openSIS has encountered an error that could have resulted from any of the following: 
             
               
            • Invalid data input
              •  
            • Database SQL error
              •  
            • Program error
              •  
             Please take this screen shot and send it to your openSIS representative for debugging and resolution.             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13939,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             Failure Notice: 
             $failnote 
            		 
             SQL: $sql 
             
             Traceback: $error 
             
             Additional Information: $additional 
             
            ""; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              openSIS has encountered an error that could have resulted from any of the following: 
             
               
            • Invalid data input
              •  
            • Database SQL error
              •  
            • Program error
              •  
             Please take this screen shot and send it to your openSIS representative for debugging and resolution.             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13940,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13941,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13942,"function singleQuoteReplace($param1 = false, $param2 = false, $param3) { return str_replace(""'"", ""''"", str_replace(""\'"", ""'"", $param3)); }",True,PHP,singleQuoteReplace,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13943,"function singleQuoteReplace($param1 = false, $param2 = false, $param3) { return str_replace(""'"", ""''"", str_replace(""\'"", ""'"", $param3)); }",True,PHP,singleQuoteReplace,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13946,"$percent = round($percent, 0); } else { $percent = round($percent, 2); } if ($ret == '%') return $percent; if (!$_openSIS['_makeLetterGrade']['grades'][$grade_scale_id]) $_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] = DBGet(DBQuery('SELECT TITLE,ID,BREAK_OFF FROM report_card_grades WHERE SYEAR=\'' . $cp[1]['SYEAR'] . '\' AND SCHOOL_ID=\'' . $cp[1]['SCHOOL_ID'] . '\' AND GRADE_SCALE_ID=\'' . $grade_scale_id . '\' ORDER BY BREAK_OFF IS NOT NULL DESC,BREAK_OFF DESC,SORT_ORDER')); foreach ($_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] as $grade) { if ($does_breakoff == 'Y' ? $percent >= $programconfig[$staff_id][$course_period_id . '-' . $grade['ID']] && is_numeric($programconfig[$staff_id][$course_period_id . '-' . $grade['ID']]) : $percent >= $grade['BREAK_OFF']) return $ret == 'ID' ? $grade['ID'] : $grade['TITLE']; } }",True,PHP,round,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13947,"$percent = round($percent, 0); } else { $percent = round($percent, 2); } if ($ret == '%') return $percent; if (!$_openSIS['_makeLetterGrade']['grades'][$grade_scale_id]) $_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] = DBGet(DBQuery('SELECT TITLE,ID,BREAK_OFF FROM report_card_grades WHERE SYEAR=\'' . $cp[1]['SYEAR'] . '\' AND SCHOOL_ID=\'' . $cp[1]['SCHOOL_ID'] . '\' AND GRADE_SCALE_ID=\'' . $grade_scale_id . '\' ORDER BY BREAK_OFF IS NOT NULL DESC,BREAK_OFF DESC,SORT_ORDER')); foreach ($_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] as $grade) { if ($does_breakoff == 'Y' ? $percent >= $programconfig[$staff_id][$course_period_id . '-' . $grade['ID']] && is_numeric($programconfig[$staff_id][$course_period_id . '-' . $grade['ID']]) : $percent >= $grade['BREAK_OFF']) return $ret == 'ID' ? $grade['ID'] : $grade['TITLE']; } }",True,PHP,round,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13948,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13949,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13950,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13951,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13956,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13957,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,StaffInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13958,"function GetMP($mp = '', $column = 'TITLE', $syear, $school) { global $_openSIS; if ($column == 'MARKING_PERIOD_ID') $column = 'TITLE'; if (!$_openSIS['GetMP']) { $_openSIS['GetMP'] = DBGet(DBQuery('SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_quarters\' AS `TABLE`,\'SEMESTER_ID\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_quarters WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_semesters\' AS `TABLE`,\'YEAR_ID\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_semesters WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_years\' AS `TABLE`, \'-1\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_years WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_progress_periods\' AS `TABLE`, \'-1\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_progress_periods WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\''), array(), array('MARKING_PERIOD_ID')); } if (substr($mp, 0, 1) == 'E') { if ($column == 'TITLE' || $column == 'SHORT_NAME') $suffix = ' Exam'; $mp = substr($mp, 1); } if ($mp == '') { return 'Custom'; } else { if ($mp == 0 && $column == 'TITLE') return 'Full Year' . $suffix; else { return $_openSIS['GetMP'][$mp][1][$column] . $suffix; } } }",True,PHP,GetMP,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13959,"function GetMP($mp = '', $column = 'TITLE', $syear, $school) { global $_openSIS; if ($column == 'MARKING_PERIOD_ID') $column = 'TITLE'; if (!$_openSIS['GetMP']) { $_openSIS['GetMP'] = DBGet(DBQuery('SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_quarters\' AS `TABLE`,\'SEMESTER_ID\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_quarters WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_semesters\' AS `TABLE`,\'YEAR_ID\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_semesters WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_years\' AS `TABLE`, \'-1\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_years WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\' UNION SELECT MARKING_PERIOD_ID,TITLE,POST_START_DATE,POST_END_DATE,\'school_progress_periods\' AS `TABLE`, \'-1\' AS `PA_ID`,SORT_ORDER,SHORT_NAME,START_DATE,END_DATE,DOES_GRADES,DOES_EXAM,DOES_COMMENTS FROM school_progress_periods WHERE SYEAR=\'' . $syear . '\' AND SCHOOL_ID=\'' . $school . '\''), array(), array('MARKING_PERIOD_ID')); } if (substr($mp, 0, 1) == 'E') { if ($column == 'TITLE' || $column == 'SHORT_NAME') $suffix = ' Exam'; $mp = substr($mp, 1); } if ($mp == '') { return 'Custom'; } else { if ($mp == 0 && $column == 'TITLE') return 'Full Year' . $suffix; else { return $_openSIS['GetMP'][$mp][1][$column] . $suffix; } } }",True,PHP,GetMP,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13960,foreach ($value_arr['ENROLLMENT_INFO'] as $eid => $ed) { echo ''; echo '' . htmlentities($ed['SCHOOL_ID']) . ''; echo '' . htmlentities($ed['CALENDAR']) . ''; echo '' . htmlentities($ed['GRADE']) . ''; echo '
            ' . htmlentities($ed['SECTION']) . '
            '; echo '' . htmlentities($ed['START_DATE']) . ''; echo '' . htmlentities($ed['DROP_DATE']) . ''; echo '' . htmlentities($ed['ENROLLMENT_CODE']) . ''; echo '' . htmlentities($ed['DROP_CODE']) . ''; echo '            '; },True,PHP,foreach,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13961,foreach ($value_arr['ENROLLMENT_INFO'] as $eid => $ed) { echo ''; echo '' . htmlentities($ed['SCHOOL_ID']) . ''; echo '' . htmlentities($ed['CALENDAR']) . ''; echo '' . htmlentities($ed['GRADE']) . ''; echo '
            ' . htmlentities($ed['SECTION']) . '
            '; echo '' . htmlentities($ed['START_DATE']) . ''; echo '' . htmlentities($ed['DROP_DATE']) . ''; echo '' . htmlentities($ed['ENROLLMENT_CODE']) . ''; echo '' . htmlentities($ed['DROP_CODE']) . ''; echo '            '; },True,PHP,foreach,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13962,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13963,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errormessage); } return $connection; }",True,PHP,db_start,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13966,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13967,"function db_seq_nextval($seqname) { global $DatabaseType; if ($DatabaseType == 'mysqli') $seq = ""fn_"" . strtolower($seqname) . ""()""; return $seq; }",True,PHP,db_seq_nextval,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13968,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13969,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) $pos = strpos($row['TYPE'], ')'); else $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; else $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } break; } return $properties; }",True,PHP,db_properties,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13972,echo '' . htmlentities($value_arr['LANGUAGE']) . ''; foreach ($value_arr['ENROLLMENT_INFO'] as $eid => $ed) { echo ''; echo '' . htmlentities($ed['SCHOOL_ID']) . ''; echo '' . htmlentities($ed['CALENDAR']) . ''; echo '' . htmlentities($ed['GRADE']) . ''; echo '
            ' . htmlentities($ed['SECTION']) . '
            '; echo '' . htmlentities($ed['START_DATE']) . ''; echo '' . htmlentities($ed['DROP_DATE']) . ''; echo '' . htmlentities($ed['ENROLLMENT_CODE']) . ''; echo '' . htmlentities($ed['DROP_CODE']) . ''; echo '            '; } echo ''; } echo ''; },True,PHP,''.htmlentities,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13973,echo '' . htmlentities($value_arr['LANGUAGE']) . ''; foreach ($value_arr['ENROLLMENT_INFO'] as $eid => $ed) { echo ''; echo '' . htmlentities($ed['SCHOOL_ID']) . ''; echo '' . htmlentities($ed['CALENDAR']) . ''; echo '' . htmlentities($ed['GRADE']) . ''; echo '
            ' . htmlentities($ed['SECTION']) . '
            '; echo '' . htmlentities($ed['START_DATE']) . ''; echo '' . htmlentities($ed['DROP_DATE']) . ''; echo '' . htmlentities($ed['ENROLLMENT_CODE']) . ''; echo '' . htmlentities($ed['DROP_CODE']) . ''; echo '            '; } echo ''; } echo ''; },True,PHP,''.htmlentities,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13976,"$percent = round($percent, 0); } else { $percent = round($percent, 2); } if ($ret == '%') return $percent; if (!$_openSIS['_makeLetterGrade']['grades'][$grade_scale_id]) $_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] = DBGet(DBQuery('SELECT TITLE,ID,BREAK_OFF FROM report_card_grades WHERE SYEAR=\'' . $cp[1]['SYEAR'] . '\' AND SCHOOL_ID=\'' . $cp[1]['SCHOOL_ID'] . '\' AND GRADE_SCALE_ID=\'' . $grade_scale_id . '\' ORDER BY BREAK_OFF IS NOT NULL DESC,BREAK_OFF DESC,SORT_ORDER')); foreach ($_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] as $grade) { if ($does_breakoff == 'Y' ? $percent >= $programconfig[$staff_id][$course_period_id . '-' . $grade['ID']] && is_numeric($programconfig[$staff_id][$course_period_id . '-' . $grade['ID']]) : $percent >= $grade['BREAK_OFF']) return $ret == 'ID' ? $grade['ID'] : $grade['TITLE']; } }",True,PHP,round,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13977,"$percent = round($percent, 0); } else { $percent = round($percent, 2); } if ($ret == '%') return $percent; if (!$_openSIS['_makeLetterGrade']['grades'][$grade_scale_id]) $_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] = DBGet(DBQuery('SELECT TITLE,ID,BREAK_OFF FROM report_card_grades WHERE SYEAR=\'' . $cp[1]['SYEAR'] . '\' AND SCHOOL_ID=\'' . $cp[1]['SCHOOL_ID'] . '\' AND GRADE_SCALE_ID=\'' . $grade_scale_id . '\' ORDER BY BREAK_OFF IS NOT NULL DESC,BREAK_OFF DESC,SORT_ORDER')); foreach ($_openSIS['_makeLetterGrade']['grades'][$grade_scale_id] as $grade) { if ($does_breakoff == 'Y' ? $percent >= $programconfig[$staff_id][$course_period_id . '-' . $grade['ID']] && is_numeric($programconfig[$staff_id][$course_period_id . '-' . $grade['ID']]) : $percent >= $grade['BREAK_OFF']) return $ret == 'ID' ? $grade['ID'] : $grade['TITLE']; } }",True,PHP,round,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function update_optiongroup_master() { global $db; $id = empty($this->params['id']) ? null : $this->params['id']; $og = new optiongroup_master($id); $oldtitle = $og->title; $og->update($this->params); if ($oldtitle != $og->title) { $db->sql('UPDATE '.$db->prefix.'optiongroup SET title=""'.$og->title.'"" WHERE title=""'.$oldtitle.'""'); } expHistory::back(); }"
13984,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
13985,"function db_case($array) { global $DatabaseType; $counter = 0; if ($DatabaseType == 'mysqli') { $array_count = count($array); $string = "" CASE WHEN $array[0] =""; $counter++; $arr_count = count($array); for ($i = 1; $i < $arr_count; $i++) { $value = $array[$i]; if ($value == ""''"" && substr($string, -1) == '=') { $value = ' IS NULL'; $string = substr($string, 0, -1); } $string .= ""$value""; if ($counter == ($array_count - 2) && $array_count % 2 == 0) $string .= "" ELSE ""; elseif ($counter == ($array_count - 1)) $string .= "" END ""; elseif ($counter % 2 == 0) $string .= "" WHEN $array[0]=""; elseif ($counter % 2 == 1) $string .= "" THEN ""; $counter++; } } return $string; }",True,PHP,db_case,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
13986,"function singleQuoteReplace($param1 = false, $param2 = false, $param3) { return str_replace(""'"", ""''"", str_replace(""\'"", ""'"", $param3)); }",True,PHP,singleQuoteReplace,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
13987,"function singleQuoteReplace($param1 = false, $param2 = false, $param3) { return str_replace(""'"", ""''"", str_replace(""\'"", ""'"", $param3)); }",True,PHP,singleQuoteReplace,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
13992,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             Failure Notice: 
             $failnote 
            		 
             SQL: $sql 
             
             Traceback: $error 
             
             Additional Information: $additional 
             
            ""; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              openSIS has encountered an error that could have resulted from any of the following: 
             
               
            • Invalid data input
              •  
            • Database SQL error
              •  
            • Program error
              •  
             Please take this screen shot and send it to your openSIS representative for debugging and resolution.             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
13993,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress, $openSISMode; $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
             Failure Notice: 
             $failnote 
            		 
             SQL: $sql 
             
             Traceback: $error 
             
             Additional Information: $additional 
             
            ""; echo "" 
             
            Date: 
            "" . date(""m/d/Y h:i:s"") . ""
            		 
              openSIS has encountered an error that could have resulted from any of the following: 
             
               
            • Invalid data input
              •  
            • Database SQL error
              •  
            • Program error
              •  
             Please take this screen shot and send it to your openSIS representative for debugging and resolution.             		 
             
            ""; echo """"; if ($openSISNotifyAddress) { $message = ""System: $openSISTitle \n""; $message .= ""Date: "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= ""Page: "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= ""Failure Notice: $failnote \n""; $message .= ""Additional Info: $additional \n""; $message .= ""\n $sql \n""; $message .= ""Request Array: \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\nSession Array: \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, 'openSIS Database Error', $message); } die(); }",True,PHP,db_show_error,StudentEnrollmentInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
13998,"function button($type, $text = '', $link = '', $width = '', $extra = '', $buttonType = 'btn-primary') { $button_icons = array( ""add"" => """", ""bus"" => """", ""comment"" => """", ""compass_rose"" => """", ""down_phone"" => """", ""phone"" => """", ""edit"" => """", ""emergency"" => """", ""gravel"" => """", ""house"" => """", ""info"" => """", ""mailbox"" => """", ""remove"" => """", ""warning"" => """", ""white_add"" => """" ); $button = ''; if ($type == 'dot') { $button = ''; $button .= '
            '; } else { $button = ''; if ($text) { if ($link) { $button .= ''; } else { $button .= '
            '; } } if ($link) { if (strpos($link, 'onclick') !== false) { $onclick = $link; $href = 'href=""#"" '; } else { $onclick = 'onclick=""grabA(this); return false;""'; $href = 'href=""' . $link . '""'; } $button .= ''; } $button .= $button_icons[$type]; if ($text) { $button .= ' '.$text; } if ($link) { $button .= ''; } if ($text) { $button .= ""
            ""; } } return $button; }",True,PHP,button,ButtonFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
13999,"function button($type, $text = '', $link = '', $width = '', $extra = '', $buttonType = 'btn-primary') { $button_icons = array( ""add"" => """", ""bus"" => """", ""comment"" => """", ""compass_rose"" => """", ""down_phone"" => """", ""phone"" => """", ""edit"" => """", ""emergency"" => """", ""gravel"" => """", ""house"" => """", ""info"" => """", ""mailbox"" => """", ""remove"" => """", ""warning"" => """", ""white_add"" => """" ); $button = ''; if ($type == 'dot') { $button = ''; $button .= '
            '; } else { $button = ''; if ($text) { if ($link) { $button .= ''; } else { $button .= '
            '; } } if ($link) { if (strpos($link, 'onclick') !== false) { $onclick = $link; $href = 'href=""#"" '; } else { $onclick = 'onclick=""grabA(this); return false;""'; $href = 'href=""' . $link . '""'; } $button .= ''; } $button .= $button_icons[$type]; if ($text) { $button .= ' '.$text; } if ($link) { $button .= ''; } if ($text) { $button .= ""
            ""; } } return $button; }",True,PHP,button,ButtonFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14002,"function HackingLog() { echo """" . _youReNotAllowedToUseThisProgram . ""! "" . _thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured . "".""; Warehouse('footer'); if ($_SERVER['HTTP_X_FORWARDED_FOR']) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } if ($openSISNotifyAddress) mail($openSISNotifyAddress, 'HACKING ATTEMPT', ""INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','"" . date('Y-m-d') . ""','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','"" . User('USERNAME') . ""')""); if (false && function_exists('query')) { if ($_SERVER['HTTP_X_FORWARDED_FOR']) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } $connection = new mysqli('os4ed.com', 'openSIS_log', 'openSIS_log', 'openSIS_log'); $connection->query(""INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','"" . date('Y-m-d') . ""','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','"" . optional_param('modname', '', PARAM_CLEAN) . ""','"" . User('USERNAME') . ""')""); mysqli_close($link); } }",True,PHP,HackingLog,HackingLogFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14003,"function HackingLog() { echo """" . _youReNotAllowedToUseThisProgram . ""! "" . _thisAttemptedViolationHasBeenLoggedAndYourIpAddressWasCaptured . "".""; Warehouse('footer'); if ($_SERVER['HTTP_X_FORWARDED_FOR']) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } if ($openSISNotifyAddress) mail($openSISNotifyAddress, 'HACKING ATTEMPT', ""INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','"" . date('Y-m-d') . ""','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','$_REQUEST[modname]','"" . User('USERNAME') . ""')""); if (false && function_exists('query')) { if ($_SERVER['HTTP_X_FORWARDED_FOR']) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } $connection = new mysqli('os4ed.com', 'openSIS_log', 'openSIS_log', 'openSIS_log'); $connection->query(""INSERT INTO hacking_log (HOST_NAME,IP_ADDRESS,LOGIN_DATE,VERSION,PHP_SELF,DOCUMENT_ROOT,SCRIPT_NAME,MODNAME,USERNAME) values('$_SERVER[SERVER_NAME]','$ip','"" . date('Y-m-d') . ""','$openSISVersion','$_SERVER[PHP_SELF]','$_SERVER[DOCUMENT_ROOT]','$_SERVER[SCRIPT_NAME]','"" . optional_param('modname', '', PARAM_CLEAN) . ""','"" . User('USERNAME') . ""')""); mysqli_close($link); } }",True,PHP,HackingLog,HackingLogFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14008,"function VerifyFixedSchedule($columns,$columns_var,$update=false) { $qr_teachers= DBGet(DBQuery('select TEACHER_ID,SECONDARY_TEACHER_ID from course_periods where course_period_id=\''.$_REQUEST['course_period_id'].'\'')); $teacher=($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']!=''?$_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']:$qr_teachers[1]['TEACHER_ID']); $secteacher=($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['SECONDARY_TEACHER_ID']!=''?$_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['SECONDARY_TEACHER_ID']:$qr_teachers[1]['SECONDARY_TEACHER_ID']); if($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']!='') $all_teacher=$teacher.($secteacher!=''?','.$secteacher:'');",True,PHP,VerifyFixedSchedule,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14009,"function VerifyFixedSchedule($columns,$columns_var,$update=false) { $qr_teachers= DBGet(DBQuery('select TEACHER_ID,SECONDARY_TEACHER_ID from course_periods where course_period_id=\''.$_REQUEST['course_period_id'].'\'')); $teacher=($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']!=''?$_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']:$qr_teachers[1]['TEACHER_ID']); $secteacher=($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['SECONDARY_TEACHER_ID']!=''?$_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['SECONDARY_TEACHER_ID']:$qr_teachers[1]['SECONDARY_TEACHER_ID']); if($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']!='') $all_teacher=$teacher.($secteacher!=''?','.$secteacher:'');",True,PHP,VerifyFixedSchedule,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14010,"foreach($course_RET as $period_day) { $period_days_append_sql .=""(sp.start_time<='$period_day[END_TIME]' AND '$period_day[START_TIME]'<=sp.end_time AND DAYS LIKE '%$period_day[DAYS]%') OR ""; }",True,PHP,foreach,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14011,"foreach($course_RET as $period_day) { $period_days_append_sql .=""(sp.start_time<='$period_day[END_TIME]' AND '$period_day[START_TIME]'<=sp.end_time AND DAYS LIKE '%$period_day[DAYS]%') OR ""; }",True,PHP,foreach,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14020,"function VerifyBlockedSchedule($columns,$course_period_id,$sec,$edit=false) { if($course_period_id!='new') { $cp_det_RET= DBGet(DBQuery(""SELECT * FROM course_periods WHERE course_period_id=$course_period_id"")); $cp_det_RET=$cp_det_RET[1]; $teacher=$cp_det_RET['TEACHER_ID']; $secteacher=$cp_det_RET['SECONDARY_TEACHER_ID']; $all_teacher=$teacher.($secteacher!=''?$secteacher:''); }",True,PHP,VerifyBlockedSchedule,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14021,"function VerifyBlockedSchedule($columns,$course_period_id,$sec,$edit=false) { if($course_period_id!='new') { $cp_det_RET= DBGet(DBQuery(""SELECT * FROM course_periods WHERE course_period_id=$course_period_id"")); $cp_det_RET=$cp_det_RET[1]; $teacher=$cp_det_RET['TEACHER_ID']; $secteacher=$cp_det_RET['SECONDARY_TEACHER_ID']; $all_teacher=$teacher.($secteacher!=''?$secteacher:''); }",True,PHP,VerifyBlockedSchedule,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14022,"function VerifyVariableSchedule($columns) { $teacher=($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']!=''?$_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']:$columns['TEACHER_ID']); $secteacher=($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['SECONDARY_TEACHER_ID']!=''?$_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['SECONDARY_TEACHER_ID']:$columns['SECONDARY_TEACHER_ID']); if($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']!='') $all_teacher=$teacher.($secteacher!=''?','.$secteacher:'');",True,PHP,VerifyVariableSchedule,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14023,"function VerifyVariableSchedule($columns) { $teacher=($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']!=''?$_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']:$columns['TEACHER_ID']); $secteacher=($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['SECONDARY_TEACHER_ID']!=''?$_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['SECONDARY_TEACHER_ID']:$columns['SECONDARY_TEACHER_ID']); if($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']!='') $all_teacher=$teacher.($secteacher!=''?','.$secteacher:'');",True,PHP,VerifyVariableSchedule,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14024,"$period_days_append_sql= substr($period_days_append_sql,0,-4).'))'; } $exist_RET= DBGet(DBQuery(""SELECT s.ID FROM schedule s WHERE student_id="". $student_id."" AND s.syear='"".UserSyear().""' {$mp_append_sql}{$period_days_append_sql} UNION SELECT s.ID FROM temp_schedule s WHERE student_id="". $student_id.""{$mp_append_sql}{$period_days_append_sql}"")); if($exist_RET) return 'There is a Period Conflict ('.$course_RET[1]['CP_TITLE'].')'; else { return true; } }",True,PHP,substr,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14025,"$period_days_append_sql= substr($period_days_append_sql,0,-4).'))'; } $exist_RET= DBGet(DBQuery(""SELECT s.ID FROM schedule s WHERE student_id="". $student_id."" AND s.syear='"".UserSyear().""' {$mp_append_sql}{$period_days_append_sql} UNION SELECT s.ID FROM temp_schedule s WHERE student_id="". $student_id.""{$mp_append_sql}{$period_days_append_sql}"")); if($exist_RET) return 'There is a Period Conflict ('.$course_RET[1]['CP_TITLE'].')'; else { return true; } }",True,PHP,substr,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14028,"foreach($course_RET as $period_date) { $period_days_append_sql .=""(sp.start_time<='$period_date[END_TIME]' AND '$period_date[START_TIME]'<=sp.end_time AND (cpv.course_period_date IS NULL OR cpv.course_period_date='$period_date[COURSE_PERIOD_DATE]') AND cpv.DAYS LIKE '%$period_date[DAYS]%') OR ""; }",True,PHP,foreach,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14029,"foreach($course_RET as $period_date) { $period_days_append_sql .=""(sp.start_time<='$period_date[END_TIME]' AND '$period_date[START_TIME]'<=sp.end_time AND (cpv.course_period_date IS NULL OR cpv.course_period_date='$period_date[COURSE_PERIOD_DATE]') AND cpv.DAYS LIKE '%$period_date[DAYS]%') OR ""; }",True,PHP,foreach,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14030,"function VerifyVariableSchedule_Update($columns) { $teacher=($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']!=''?$_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']:$columns['TEACHER_ID']); $secteacher=($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['SECONDARY_TEACHER_ID']!=''?$_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['SECONDARY_TEACHER_ID']:$columns['SECONDARY_TEACHER_ID']); if($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']!='') $all_teacher=$teacher.($secteacher!=''?','.$secteacher:'');",True,PHP,VerifyVariableSchedule_Update,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
14031,"function VerifyVariableSchedule_Update($columns) { $teacher=($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']!=''?$_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']:$columns['TEACHER_ID']); $secteacher=($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['SECONDARY_TEACHER_ID']!=''?$_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['SECONDARY_TEACHER_ID']:$columns['SECONDARY_TEACHER_ID']); if($_REQUEST['tables']['course_periods'][$_REQUEST['course_period_id']]['TEACHER_ID']!='') $all_teacher=$teacher.($secteacher!=''?','.$secteacher:'');",True,PHP,VerifyVariableSchedule_Update,VerifyAvailabilityFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
18288,"function _makeExtra($value, $title = '') { global $THIS_RET; if ($THIS_RET['WITH_TEACHER_ID']) $return .= ''._with.': ' . GetTeacher($THIS_RET['WITH_TEACHER_ID']) . '
            '; if ($THIS_RET['NOT_TEACHER_ID']) $return .= ''._notWith.': ' . GetTeacher($THIS_RET['NOT_TEACHER_ID']) . '
            '; if ($THIS_RET['WITH_PERIOD_ID']) $return .= ''._on.': ' . GetPeriod($THIS_RET['WITH_PERIOD_ID']) . '
            '; if ($THIS_RET['NOT_PERIOD_ID']) $return .= ''._notOn.': ' . GetPeriod($THIS_RET['NOT_PERIOD_ID']) . '
            '; if ($THIS_RET['PRIORITY']) $return .= ''._priority.': ' . $THIS_RET['PRIORITY'] . '
            '; if ($THIS_RET['MARKING_PERIOD_ID']) $return .= ''._markingPeriod.': ' . GetMP($THIS_RET['MARKING_PERIOD_ID']) . '
            '; return $return; }",True,PHP,_makeExtra,PrintRequests.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
18289,"function _makeExtra($value, $title = '') { global $THIS_RET; if ($THIS_RET['WITH_TEACHER_ID']) $return .= ''._with.': ' . GetTeacher($THIS_RET['WITH_TEACHER_ID']) . '
            '; if ($THIS_RET['NOT_TEACHER_ID']) $return .= ''._notWith.': ' . GetTeacher($THIS_RET['NOT_TEACHER_ID']) . '
            '; if ($THIS_RET['WITH_PERIOD_ID']) $return .= ''._on.': ' . GetPeriod($THIS_RET['WITH_PERIOD_ID']) . '
            '; if ($THIS_RET['NOT_PERIOD_ID']) $return .= ''._notOn.': ' . GetPeriod($THIS_RET['NOT_PERIOD_ID']) . '
            '; if ($THIS_RET['PRIORITY']) $return .= ''._priority.': ' . $THIS_RET['PRIORITY'] . '
            '; if ($THIS_RET['MARKING_PERIOD_ID']) $return .= ''._markingPeriod.': ' . GetMP($THIS_RET['MARKING_PERIOD_ID']) . '
            '; return $return; }",True,PHP,_makeExtra,PrintRequests.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
18290,function _makeMpName($value) { if ($value != '') { $get_name = DBGet(DBQuery('SELECT TITLE FROM marking_periods WHERE marking_period_id=' . $value)); return $get_name[1]['TITLE']; } else return ''._customCoursePeriod.''; },True,PHP,_makeMpName,PrintRequests.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
18291,function _makeMpName($value) { if ($value != '') { $get_name = DBGet(DBQuery('SELECT TITLE FROM marking_periods WHERE marking_period_id=' . $value)); return $get_name[1]['TITLE']; } else return ''._customCoursePeriod.''; },True,PHP,_makeMpName,PrintRequests.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
18296,"foreach($gc as $gcc=>$gcd) { if($gcd!='' && $gcc!='GRADE_LEVEL') { $sql_columns[]=$gcc; $sql_values[]=""'"".$gcd.""'""; } if($gcd!='' && $gcc=='GRADE_LEVEL') { foreach($get_cs_grade as $gcsgi=>$gcsgd) { if($gcd==$gcsd['ID']) { $sql_columns[]='GRADE_LEVEL'; $sql_values[]=""'"".$get_ts_grade[$gcsgi]['ID'].""'""; } } } }",True,PHP,foreach,CopySchool.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
18297,"foreach($gc as $gcc=>$gcd) { if($gcd!='' && $gcc!='GRADE_LEVEL') { $sql_columns[]=$gcc; $sql_values[]=""'"".$gcd.""'""; } if($gcd!='' && $gcc=='GRADE_LEVEL') { foreach($get_cs_grade as $gcsgi=>$gcsgd) { if($gcd==$gcsd['ID']) { $sql_columns[]='GRADE_LEVEL'; $sql_values[]=""'"".$get_ts_grade[$gcsgi]['ID'].""'""; } } } }",True,PHP,foreach,CopySchool.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
18304,"foreach ($value as $i => $j) { $column_check = explode('_', $i); if ($column_check[0] == 'CUSTOM') { $check_validity = DBGet(DBQuery('SELECT COUNT(*) as REC_EX FROM school_custom_fields WHERE ID=' . $column_check[1] . ' AND (SCHOOL_ID=' . $get_school_info[$key]['ID'].' OR SCHOOL_ID=0)')); if ($check_validity[1]['REC_EX'] == 0) $j = 'NOT_AVAILABLE_FOR'; } $get_school_info[$key][$i] = trim($j); }",True,PHP,foreach,Reports.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
18305,"foreach ($value as $i => $j) { $column_check = explode('_', $i); if ($column_check[0] == 'CUSTOM') { $check_validity = DBGet(DBQuery('SELECT COUNT(*) as REC_EX FROM school_custom_fields WHERE ID=' . $column_check[1] . ' AND (SCHOOL_ID=' . $get_school_info[$key]['ID'].' OR SCHOOL_ID=0)')); if ($check_validity[1]['REC_EX'] == 0) $j = 'NOT_AVAILABLE_FOR'; } $get_school_info[$key][$i] = trim($j); }",True,PHP,foreach,Reports.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
18306,"foreach ($cf_d as $cfd_i => $cfd_d) { if ($cfd_i == 'TYPE') { $fc = substr($cfd_d, 0, 1); $lc = substr($cfd_d, 1); $cfd_d = strtoupper($fc) . $lc; $get_schools_cf[$cf_i][$cfd_i] = $cfd_d; unset($fc); unset($lc); } if ($cfd_i == 'SELECT_OPTIONS' && $cf_d['TYPE'] != 'text') { for ($i = 0; $i < strlen($cfd_d); $i++) { $char = substr($cfd_d, $i, 1); if (ord($char) == '13') $char = '
            '; $new_char[] = $char; } $cfd_d = implode('', $new_char); $get_schools_cf[$cf_i][$cfd_i] = $cfd_d; unset($char); unset($new_char); } if ($cfd_i == 'SYSTEM_FIELD' || $cfd_i == 'REQUIRED') { if ($cfd_d == 'N') $get_schools_cf[$cf_i][$cfd_i] = 'No'; if ($cfd_d == 'Y') $get_schools_cf[$cf_i][$cfd_i] = 'Yes'; } }",True,PHP,foreach,Reports.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
18307,"foreach ($cf_d as $cfd_i => $cfd_d) { if ($cfd_i == 'TYPE') { $fc = substr($cfd_d, 0, 1); $lc = substr($cfd_d, 1); $cfd_d = strtoupper($fc) . $lc; $get_schools_cf[$cf_i][$cfd_i] = $cfd_d; unset($fc); unset($lc); } if ($cfd_i == 'SELECT_OPTIONS' && $cf_d['TYPE'] != 'text') { for ($i = 0; $i < strlen($cfd_d); $i++) { $char = substr($cfd_d, $i, 1); if (ord($char) == '13') $char = '
            '; $new_char[] = $char; } $cfd_d = implode('', $new_char); $get_schools_cf[$cf_i][$cfd_i] = $cfd_d; unset($char); unset($new_char); } if ($cfd_i == 'SYSTEM_FIELD' || $cfd_i == 'REQUIRED') { if ($cfd_d == 'N') $get_schools_cf[$cf_i][$cfd_i] = 'No'; if ($cfd_d == 'Y') $get_schools_cf[$cf_i][$cfd_i] = 'Yes'; } }",True,PHP,foreach,Reports.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }"
18310,"foreach ($fields as $field => $title) { if($i==0 && $j==0){ echo '
            '; }elseif($i==0 && $j>0){ echo '
            '; } echo '
            • \',\'names_div\',false);addHTML(\'\',\'fields_div\',false);addHTML(\'\',\'names_div_none\',true);this.disabled=true"">' . $title . '
    '; $i++; if($i==2){ $i = 0; } $j++; }",True,PHP,foreach,Reports.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-27340,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18311,"foreach ($fields as $field => $title) { if($i==0 && $j==0){ echo '
    '; }elseif($i==0 && $j>0){ echo '
    '; } echo '
    '; $i++; if($i==2){ $i = 0; } $j++; }",True,PHP,foreach,Reports.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,openSIS Administrator,2021-05-14 13:06:44-04:00,Commit with security and bug fixes,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-27341,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18328,"function decode_unicode_url($str) { $res = ''; $i = 0; $max = strlen($str) - 6; while ($i <= $max) { $character = $str[$i]; if ($character == '%' && $str[$i + 1] == 'u') { $value = hexdec(substr($str, $i + 2, 4)); $i += 6; if ($value < 0x0080) $character = chr($value); else if ($value < 0x0800) $character = chr((($value & 0x07c0) >> 6) | 0xc0) . chr(($value & 0x3f) | 0x80); else $character = chr((($value & 0xf000) >> 12) | 0xe0) . chr((($value & 0x0fc0) >> 6) | 0x80) . chr(($value & 0x3f) | 0x80); } else $i++; $res .= $character; } return $res . substr($str, $i); }",True,PHP,decode_unicode_url,Ajax.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18332,"function unescape($strIn, $iconv_to = 'UTF-8') { $strOut = ''; $iPos = 0; $len = strlen($strIn); while ($iPos < $len) { $charAt = substr($strIn, $iPos, 1); if ($charAt == '%') { $iPos++; $charAt = substr($strIn, $iPos, 1); if ($charAt == 'u') { $iPos++; $unicodeHexVal = substr($strIn, $iPos, 4); $unicode = hexdec($unicodeHexVal); $strOut .= code2utf($unicode); $iPos += 4; } else { $hexVal = substr($strIn, $iPos, 2); if (hexdec($hexVal) > 127) { $strOut .= code2utf(hexdec($hexVal)); } else { $strOut .= chr(hexdec($hexVal)); } $iPos += 2; } } else { $strOut .= $charAt; $iPos++; } } if ($iconv_to != ""UTF-8"") { $strOut = iconv(""UTF-8"", $iconv_to, $strOut); } return $strOut; }",True,PHP,unescape,Ajax.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18333,function code2utf($num) { if ($num < 128) return chr($num); if ($num < 1024) return chr(($num >> 6) + 192) . chr(($num & 63) + 128); if ($num < 32768) return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128); if ($num < 2097152) return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128); return ''; },True,PHP,code2utf,Ajax.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18337,"function _makeViewDate($value, $column) { if ($value) return ProperDate($value); else return '
    n/a
    '; }",True,PHP,_makeViewDate,CourseMoreInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18338,"function _makeViewLock($value, $column) { global $THIS_RET; if ($value == 'Y') $img = 'locked'; else $img = 'unlocked'; return ''; }",True,PHP,_makeViewLock,CourseMoreInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18340,"function db_show_error($sql, $failnote, $additional = '') { global $openSISTitle, $openSISVersion, $openSISNotifyAddress; PopTable('header', _error); $tb = debug_backtrace(); $error = $tb[1]['file'] . "" at "" . $tb[1]['line']; echo ""
    "" . _date . "": 
    "" . date(""m/d/Y h:i:s"") . ""
    "" . _failureNotice . "": 
     $failnote
    "" . _sql . "": $sql
    "" . _traceback . "": $error
    "" . _additionalInformation . "": $additional
    ""; echo ""
    "" . _date . "": 
    "" . date(""m/d/Y h:i:s"") . ""
    "" . _openSisHasEncounteredAnErrorThatCouldHaveResultedFromAnyOfTheFollowing . "":
    • "" . _invalidDataInput . ""
    • "" . _databaseSqlError . ""
    • "" . _programError . ""
    "" . _pleaseTakeThisScreenShotAndSendItToYourOpenSisRepresentativeForDebuggingAndResolution . "".
    ""; PopTable('footer'); echo """"; if ($openSISNotifyAddress) { $message = """" . _system . "": $openSISTitle \n""; $message .= """" . _date . "": "" . date(""m/d/Y h:i:s"") . ""\n""; $message .= """" . _page . "": "" . $_SERVER['PHP_SELF'] . ' ' . ProgramTitle() . "" \n\n""; $message .= """" . _failureNotice . "": $failnote \n""; $message .= """" . _additionalInfo . "": $additional \n""; $message .= ""\n $sql \n""; $message .= """" . _requestArray . "": \n"" . ShowVar($_REQUEST, 'Y', 'N'); $message .= ""\n\n"" . _sessionArray . "": \n"" . ShowVar($_SESSION, 'Y', 'N'); mail($openSISNotifyAddress, _openSisDatabaseError, $message); } die(); }",True,PHP,db_show_error,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18342,"$dt = date('Y-m-d', strtotime($match)); $sql = par_rep(""/'$match'/"", ""'$dt'"", $sql); } } if (substr($sql, 0, 6) == ""BEGIN;"") { $array = explode("";"", $sql); foreach ($array as $value) { if ($value != """") { $user_agent = explode('/', $_SERVER['HTTP_USER_AGENT']); if ($user_agent[0] == 'Mozilla') { $result = $connection->query($value); } if (!$result) { $user_agent = explode('/', $_SERVER['HTTP_USER_AGENT']); if ($user_agent[0] == 'Mozilla') { $connection->query(""ROLLBACK""); die(db_show_error($sql, _dbExecuteFailed, mysqli_error($connection))); } } } } } else { $user_agent = explode('/', $_SERVER['HTTP_USER_AGENT']); if ($user_agent[0] == 'Mozilla') { $result = $connection->query($sql) or die(db_show_error($sql, _dbExecuteFailed, mysqli_error($connection))); } } break; }",True,PHP,date,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18343,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType, $connection; switch ($DatabaseType) { case 'mysqli': $connection = new ConnectDBOpensis(); if ($connection->auto_init == true) { $connection = $connection->init($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName); mysqli_set_charset($connection, ""utf8""); } break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """" . _couldNotConnectToDatabase . "": $DatabaseServer"", $errstring); } return $connection; }",True,PHP,db_start,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18344,"function db_properties($table) { global $DatabaseType, $DatabaseUsername; switch ($DatabaseType) { case 'mysqli': $result = DBQuery(""SHOW COLUMNS FROM $table""); while ($row = db_fetch_row($result)) { $properties[strtoupper($row['FIELD'])]['TYPE'] = strtoupper($row['TYPE'], strpos($row['TYPE'], '(')); if (!$pos = strpos($row['TYPE'], ',')) { $pos = strpos($row['TYPE'], ')'); } else { $properties[strtoupper($row['FIELD'])]['SCALE'] = substr($row['TYPE'], $pos + 1); } $properties[strtoupper($row['FIELD'])]['SIZE'] = substr($row['TYPE'], strpos($row['TYPE'], '(') + 1, $pos); if ($row['NULL'] != '') { $properties[strtoupper($row['FIELD'])]['NULL'] = ""Y""; } else { $properties[strtoupper($row['FIELD'])]['NULL'] = ""N""; } } break; } return $properties; }",True,PHP,db_properties,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18347,"function db_fetch_row($result) { global $DatabaseType; switch ($DatabaseType) { case 'mysqli': $return = $result->fetch_assoc(); if (is_array($return)) { foreach ($return as $key => $value) { if (is_int($key)) { unset($return[$key]); } } } break; } return @array_change_key_case($return, CASE_UPPER); }",True,PHP,db_fetch_row,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18348,"$sql = par_rep(""/'$match'/"", ""'$dt'"", $sql); } } if (substr($sql, 0, 6) == ""BEGIN;"") { $array = explode("";"", $sql); foreach ($array as $value) { if ($value != """") { $user_agent = explode('/', $_SERVER['HTTP_USER_AGENT']); if ($user_agent[0] == 'Mozilla') { $result = $connection->query($value); } if (!$result) { $user_agent = explode('/', $_SERVER['HTTP_USER_AGENT']); if ($user_agent[0] == 'Mozilla') { $connection->query(""ROLLBACK""); die(db_show_error($sql, _dbExecuteFailed, mysqli_error($connection))); } } } } } else { $user_agent = explode('/', $_SERVER['HTTP_USER_AGENT']); if ($user_agent[0] == 'Mozilla') { $result = $connection->query($sql) or die(db_show_error($sql, _dbExecuteFailed, mysqli_error($connection))); } } break; } return $result; }",True,PHP,par_rep,DatabaseInc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"function quickfinder() { global $db; $search = $this->params['ordernum']; $searchInv = intval($search); $sql = ""SELECT DISTINCT(o.id), o.invoice_id, FROM_UNIXTIME(o.purchased,'%c/%e/%y %h:%i:%s %p') as purchased_date, b.firstname as bfirst, b.lastname as blast, concat('"".expCore::getCurrencySymbol().""',format(o.grand_total,2)) as grand_total, os.title as status_title, ot.title as order_type""; $sql .= "" from "" . $db->prefix . ""orders as o ""; $sql .= ""INNER JOIN "" . $db->prefix . ""orderitems as oi ON oi.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_type as ot ON ot.id = o.order_type_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""order_status as os ON os.id = o.order_status_id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""billingmethods as b ON b.orders_id = o.id ""; $sql .= ""INNER JOIN "" . $db->prefix . ""shippingmethods as s ON s.id = oi.shippingmethods_id ""; $sqlwhere = ""WHERE o.purchased != 0""; if ($searchInv != 0) $sqlwhere .= "" AND (o.invoice_id LIKE '%"" . $searchInv . ""%' OR""; else $sqlwhere .= "" AND (""; $sqlwhere .= "" b.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.firstname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR s.lastname LIKE '%"" . $search . ""%'""; $sqlwhere .= "" OR b.email LIKE '%"" . $search . ""%')""; $limit = empty($this->config['limit']) ? 350 : $this->config['limit']; $page = new expPaginator(array( 'sql' => $sql . $sqlwhere, 'limit' => $limit, 'order' => 'o.invoice_id', 'dir' => 'DESC', 'page' => (isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=> $this->baseclassname, 'action' => $this->params['action'], 'columns' => array( 'actupon' => true, gt('Order gt('Purchased Date')=> 'purchased_date', gt('First') => 'bfirst', gt('Last') => 'blast', gt('Total') => 'grand_total', gt('Order Type') => 'order_type', gt('Status') => 'status_title' ), )); assign_to_template(array( 'page'=> $page, 'term'=> $search )); }" 18351,foreach($programs as $program=>$title) { if(!is_numeric($program)) { if($can_use_RET[$program] && ($profile!='admin' || !$exceptions[$modcat][$program] || AllowEdit($program))) $_openSIS['Menu'][$modcat][$program] = $title; } else { $_openSIS['Menu'][$modcat][$program] = $title; } },True,PHP,foreach,Menu.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18352,"function makeChooseCheckbox($value, $title) { global $THIS_RET; if ($THIS_RET['BUTTON']) { return """"; } }",True,PHP,makeChooseCheckbox,ParentLookup.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18355,"function _makeChooseCheckbox($value, $title) { global $THIS_RET; if($_SESSION['PEGI_MODS']['modname'] == 'grades/ReportCards.php' || $_SESSION['PEGI_MODS']['modname'] == 'scheduling/PrintSchedules.php' || $_SESSION['PEGI_MODS']['modname'] == 'grades/FinalGrades.php' || $_SESSION['PEGI_MODS']['modname'] == 'users/TeacherPrograms.php?include=grades/ProgressReports.php' || $_SESSION['PEGI_MODS']['modname'] == 'grades/ProgressReports.php') { return ''; } else if($_SESSION['PEGI_MODS']['modname'] == 'attendance/AddAbsences.php' || $_SESSION['PEGI_MODS']['modname'] == 'eligibility/AddActivity.php' || $_SESSION['PEGI_MODS']['modname'] == 'scheduling/MassDrops.php') { return """"; } else if($_SESSION['PEGI_MODS']['modname'] == 'scheduling/MassSchedule.php' || $_SESSION['PEGI_MODS']['modname'] == 'grades/Transcripts.php') { return """"; } else if($_SESSION['PEGI_MODS']['modname'] == 'scheduling/MassRequests.php') { return """"; } else if($_SESSION['PEGI_MODS']['modname'] == 'students/AssignOtherInfo.php') { return """"; } else { return """"; } }",True,PHP,_makeChooseCheckbox,PrepareDataTable.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18357,"function db_start() { global $DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName, $DatabasePort, $DatabaseType; switch ($DatabaseType) { case 'mysqli': $connection = new mysqli($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName); break; } if ($connection === false) { switch ($DatabaseType) { case 'mysqli': $errormessage = mysqli_error($connection); break; } db_show_error("""", """"._couldNotConnectToDatabase."": $DatabaseServer"", $errstring); } return $connection; }",True,PHP,db_start,SchoolInfo.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18358,"$grade_post_date= DBGet(DBQuery('SELECT POST_START_DATE, POST_END_DATE FROM marking_periods WHERE SCHOOL_ID='. UserSchool().' AND SYEAR='. UserSyear().' AND MARKING_PERIOD_ID='. UserMP()));",True,PHP,DBGet.' AND SYEAR='.UserSyear.' AND MARKING_PERIOD_ID='.UserMP,AllowEditFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18359,"function ProgramLink($modname,$title='',$options='') { if(AllowUse($modname)) $link = ''; if($title) $link .= $title; if(AllowUse($modname)) $link .= ''; return $link; }",True,PHP,ProgramLink,AllowEditFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18361,"function ProgramLinkforExport($modname,$title='',$options='',$extra='') { if(AllowUse($modname)) $link = ''; if($title) $link .= $title; if(AllowUse($modname)) $link .= ''; return $link; }",True,PHP,ProgramLinkforExport,AllowEditFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18362,"function AllowUse($modname=false) { global $_openSIS; if(!$modname) $modname = $_REQUEST['modname']; if($modname=='students/Student.php' && $_REQUEST['category_id']) $modname = $modname.'&category_id='.$_REQUEST['category_id']; if(!$_openSIS['AllowUse']) { if(User('PROFILE_ID')!='') { $_openSIS['AllowUse'] = DBGet(DBQuery('SELECT MODNAME FROM profile_exceptions WHERE PROFILE_ID=\''.User('PROFILE_ID').'\' AND CAN_USE=\'Y\''),array(),array('MODNAME')); if(User('PROFILE_ID')==4) { $_openSIS['AllowUse']['scheduling/PrintSchedules.php'] ['1'] ['MODNAME'] = 'scheduling/PrintSchedules.php'; } } else { $profile_id_mod=DBGet(DBQuery(""SELECT PROFILE_ID FROM staff WHERE USER_ID='"".User('STAFF_ID'))); $profile_id_mod=$profile_id_mod[1]['PROFILE_ID']; $_openSIS['AllowUse'] = DBGet(DBQuery('SELECT MODNAME FROM profile_exceptions WHERE PROFILE_ID=\''.$profile_id_mod.'\' AND CAN_USE=\'Y\''),array(),array('MODNAME')); } } if(!$_openSIS['AllowUse']) $_openSIS['AllowUse'] = array(true); if(count($_openSIS['AllowUse'][$modname])) return true; else return false; }",True,PHP,AllowUse,AllowEditFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18366,"$column_name = strtoupper(str_replace(' ','_',$fields[$id][1]['TITLE'])); if($fields[$id][1]['TYPE']=='numeric') { $_REQUEST['cust_end'][$field_name] = par_rep('/[^0-9.-]+/','',$_REQUEST['cust_end'][$field_name]); $value = par_rep('/[^0-9.-]+/','',$value); } if($_REQUEST['cust_begin'][$field_name]!='' && $_REQUEST['cust_end'][$field_name]!='') { if($fields[$id][1]['TYPE']=='numeric' && $_REQUEST['cust_begin'][$field_name]>$_REQUEST['cust_end'][$field_name]) { $temp = $_REQUEST['cust_end'][$field_name]; $_REQUEST['cust_end'][$field_name] = $value; $value = $temp; } $string .= ' and s.'.$column_name.' BETWEEN \''.date('Y-m-d',strtotime($value)).'\' AND \''.date('Y-m-d',strtotime($_REQUEST['cust_end'][$field_name])).'\' '; if($fields[$id][1]['TYPE']=='date') $_openSIS['SearchTerms'] .= ''.$fields[$id][1]['TITLE'].' between: '.date('M/d/Y',strtotime($value)).' & '.date('M/d/Y',strtotime($_REQUEST['cust_end'][$field_name])).'
    '; else $_openSIS['SearchTerms'] .= ''.$fields[$id][1]['TITLE'].' between: '.$value.' & '.$_REQUEST['cust_end'][$field_name].'
    '; } } }",True,PHP,strtoupper,CustomFieldsFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18368,function getCSS() { $css = 'Blue'; if (User('STAFF_ID')) { $sql = 'select value from program_user_config where title=\'THEME\' and user_id=' . User('STAFF_ID'); $data = DBGet(DBQuery($sql)); if (count($data[1])) $css = $data[1]['VALUE']; } return $css; },True,PHP,getCSS,CustomFunctionsFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18369,"function SelectInput_Disonclick($value, $name, $title = '', $options, $allow_na = 'N/A', $extra = '', $div = true) { if (Preferences('HIDDEN') != 'Y') $div = false; if ($value != '' && !$options[$value]) $options[$value] = array($value, '' . $value . ''); $return = (((is_array($options[$value]) ? $options[$value][1] : $options[$value]) != '') ? (is_array($options[$value]) ? $options[$value][1] : $options[$value]) : ($allow_na !== false ? ($allow_na ? $allow_na : '-') : '-')) . ($title != '' ? '
    ' . (strpos(strtolower($title), '' : '') . $title . (strpos(strtolower($title), '' : '') . '' : '');",True,PHP,SelectInput_Disonclick,CustomFunctionsFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18373,"function singleQuoteReplace($param1 = false, $param2 = false, $param3) { return str_replace(""'"", ""''"", str_replace(""\'"", ""'"", $param3)); }",True,PHP,singleQuoteReplace,CustomFunctionsFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18374,"$key.=array_search($val,$days); } return $key; } }",True,PHP,array_search,DbDateFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18375,"function DeleteMail($title, $action = 'delete', $location, $isTrash = 0) { $tmp_REQUEST = $_REQUEST; unset($tmp_REQUEST['delete_ok']); $PHP_tmp_SELF = PreparePHP_SELF($tmp_REQUEST); $PHP_tmp_SELF = str_replace(' ', '+', $PHP_tmp_SELF); if (!$_REQUEST['delete_ok'] && !$_REQUEST['delete_cancel']) { if (!$isTrash) { PopTable('header', _confirm ."" "". (strpos($action, ' ') === false ? ' ' . ucwords($action) : '')); } else { PopTable('header', '' . (strpos($action, ' ') === false ? ' ' . ucwords($action) : '') . ' Forever'); }",True,PHP,DeleteMail,DeletePromptFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18379,"function DeletePromptMod($title, $queryString = '', $action = 'delete') { $tmp_REQUEST = $_REQUEST; unset($tmp_REQUEST['delete_ok']); $PHP_tmp_SELF = PreparePHP_SELF($tmp_REQUEST); if (!$_REQUEST['delete_ok'] && !$_REQUEST['delete_cancel']) { echo '
    '; PopTable('header', _confirm ."" "". (strpos($action, ' ') === false ? ucwords($action) : $action)); echo ""

    ""._areYouSureYouWantTo."" $action ""._that."" "" . (strpos($title, ' ') === false ? ucwords($title) : $title) . ""?


     
    "";",True,PHP,DeletePromptMod,DeletePromptFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18380,"function DeletePromptBigString($title = '', $queryString = '') { $tmp_REQUEST = $_REQUEST; unset($tmp_REQUEST['delete_ok']); $PHP_tmp_SELF = PreparePHP_SELF($tmp_REQUEST); if (!$_REQUEST['delete_ok'] && !$_REQUEST['delete_cancel']) { echo '
    ' . $queryString; PopTable('header', _confirmDelete); echo ""

    ""._areYouSureYouWantTo."" $action ""._that."" "" . (strpos($title, ' ') === false ? ucwords($title) : $title) . ""?


     
    ""; PopTable('footer'); return false; } else",True,PHP,DeletePromptBigString,DeletePromptFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18381,"function DrawLogo() { $sch_img_info= DBGet(DBQuery('SELECT * FROM user_file_upload WHERE SCHOOL_ID='. UserSchool().' AND FILE_INFO=\'schlogo\'')); if(!$_REQUEST['new_school'] && count($sch_img_info)>0){ $logo=$logo_ret[1]['VALUE']; $size = getimagesize($logo); $width=$size[0]; $height=$size[1]; $image=''; } else { $image= ''; } return $image; }",True,PHP,DrawLogo,DrawPngFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18383,"function ErrorMessage($errors, $code = 'error', $options = '') { $errors = array_unique($errors); if ($errors) { if (count($errors) == 1) { if ($code == 'error' || $code == 'fatal' || $code == 'note') $return .= '
    '; else $return .= '
    '; $return .= ($errors[0] ? $errors[0] : $errors[1]); } else { if ($code == 'error' || $code == 'fatal' || $code == 'note') $return .= '
    '; else $return .= '
    '; $return .= '
      '; foreach ($errors as $value) $return .= ""
    • $value
      • \n""; $return .= '
    '; } $return .= ""
    ""; if ($code == 'fatal') { $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $css = getCSS(); if (User('PROFILE') != 'teacher') { $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= _footerText; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= 'Version ' . $get_app_details[1][VALUE] . ''; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= ''; $return .= ''; } if ($isajax == """") echo $return; if (!$_REQUEST['_openSIS_PDF']) Warehouse('footer'); exit; } return $return; } }",True,PHP,ErrorMessage,ErrorMessageFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18385,"function ErrorMessage1($errors, $code = 'error') { if ($errors) { if (count($errors) == 1) { if ($code == 'error' || $code == 'fatal') $return .= '
    '; else $return .= '
    '; $return .= ($errors[0] ? $errors[0] : $errors[1]); } else { if ($code == 'error' || $code == 'fatal') $return .= '
    '; else $return .= '
    '; $return .= '
      '; foreach ($errors as $value) $return .= ""
    • $value
      • \n""; $return .= '
    '; } $return .= ""
    ""; if ($code == 'fatal') { $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= ''; $return .= ''; $css = getCSS(); $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= _footerText; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= 'Version ' . $get_app_details[1][VALUE] . ''; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= '
    '; $return .= ''; $return .= ''; if ($isajax == """") if (!$_REQUEST['_openSIS_PDF']) Warehouse('footer'); exit; } return $return; } }",True,PHP,ErrorMessage1,ErrorMessageFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18388,"function GetStaffList(& $extra) { global $profiles_RET; $functions = array('PROFILE'=>'makeProfile'); switch(User('PROFILE')) { case 'admin': $profiles_RET = DBGet(DBQuery('SELECT * FROM user_profiles'),array(),array('ID')); $sql = 'SELECT DISTINCT CONCAT(TRIM(s.LAST_NAME),\', \',s.FIRST_NAME,\' \',COALESCE(s.MIDDLE_NAME,\' \')) AS FULL_NAME, la.USERNAME,s.PROFILE,s.IS_DISABLE,s.PROFILE_ID,s.IS_DISABLE,s.STAFF_ID '.$extra['SELECT'].' FROM people s '.$extra['FROM'].',login_authentication la,students st,student_enrollment ssm WHERE st.STUDENT_ID=ssm.STUDENT_ID AND ssm.SYEAR='.UserSyear().' AND s.PROFILE IS NOT NULL AND s.PROFILE_ID in (SELECT ID FROM user_profiles WHERE PROFILE=\'parent\') AND s.STAFF_ID=la.USER_ID AND la.PROFILE_ID in (SELECT ID FROM user_profiles WHERE PROFILE=\'parent\')'; if($_REQUEST['_search_all_schools']!='Y') $sql .= ' AND ssm.SCHOOL_ID='.UserSchool().' AND s.STAFF_ID IN (SELECT PERSON_ID FROM students_join_people sjp WHERE ssm.STUDENT_ID = sjp.STUDENT_ID AND ssm.SCHOOL_ID='.UserSchool().' AND ssm.SYEAR='.UserSyear().' AND (ssm.end_date is NULL or ssm.end_date>=""'.DBDate().'"")) '; else $sql .= ' AND ssm.SCHOOL_ID IN('. GetUserSchools(UserID(),true).') AND s.STAFF_ID IN (SELECT PERSON_ID FROM students_join_people sjp WHERE ssm.STUDENT_ID = sjp.STUDENT_ID AND ssm.SCHOOL_ID IN ('. GetUserSchools(UserID(),true).') AND ssm.SYEAR='.UserSyear().' AND (ssm.end_date is NULL or ssm.end_date>=""'.DBDate().'""))'; if($_REQUEST['_dis_user']!='Y') $sql .= ' AND (s.IS_DISABLE<>\'Y\' OR s.IS_DISABLE IS NULL)'; if($_REQUEST['username']) $sql .= 'AND UPPER(la.USERNAME) LIKE \''.singleQuoteReplace(""'"",""\'"",strtoupper($_REQUEST['username'])).'%\' '; if($_REQUEST['last']) $sql .= 'AND UPPER(s.LAST_NAME) LIKE \''.singleQuoteReplace(""'"",""\'"",strtoupper($_REQUEST['last'])).'%\' '; if($_REQUEST['first']) $sql .= 'AND UPPER(s.FIRST_NAME) LIKE \''.singleQuoteReplace(""'"",""\'"",strtoupper($_REQUEST['first'])).'%\' '; if($_REQUEST['profile']) { if(is_number($_REQUEST['profile'])==FALSE) $sql .= ' AND s.PROFILE=\''.$_REQUEST['profile'].'\' AND s.PROFILE_ID IS NULL '; else $sql .= ' AND s.PROFILE_ID=\''.$_REQUEST['profile'].'\' '; } $sql .= $extra['WHERE'].' '; if ($extra['GROUP']) $sql .= ' GROUP BY ' . $extra['GROUP']; $sql .= 'ORDER BY FULL_NAME'; if($_SESSION['staf_search']['sql'] && $_REQUEST['return_session']) { $sql= $_SESSION['staf_search']['sql']; } else { if ($_REQUEST['sql_save_session_staf']) $_SESSION['staf_search']['sql'] = $sql; } if ($extra['functions']) { $functions += $extra['functions']; } return DBGet(DBQuery($sql),$functions); break; } }",True,PHP,GetStaffList,GetStaffListFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18393,"function makeProfile($value) { global $THIS_RET,$profiles_RET; if($THIS_RET['PROFILE_ID']!='') $return = $profiles_RET[$THIS_RET['PROFILE_ID']][1]['TITLE']; elseif($value=='admin') $return = 'Administrator w/Custom'; elseif($value=='teacher') $return = 'Teacher w/Custom'; elseif($value=='parent') $return = 'Parent w/Custom'; elseif($value=='none') $return = 'No Access'; else $return = $value; return $return; }",True,PHP,makeProfile,GetStaffListFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18394,"function GetStaffList_Miss_Atn(& $extra) { global $profiles_RET; $functions = array('PROFILE'=>'makeProfile'); switch(User('PROFILE')) { case 'admin': $profiles_RET = DBGet(DBQuery('SELECT * FROM user_profiles')); $sql = 'SELECT CONCAT(TRIM(s.LAST_NAME),\', \',s.FIRST_NAME,\' \',COALESCE(s.MIDDLE_NAME,\' \')) AS FULL_NAME, s.PROFILE,s.PROFILE_ID,s.STAFF_ID '.$extra['SELECT'].' FROM staff s INNER JOIN staff_school_relationship ssr USING(staff_id) '.$extra['FROM'].' WHERE ssr.SYEAR=\''.UserSyear().'\''; if($_REQUEST['_search_all_schools']!='Y') $sql .= ' AND ssr.school_id='.UserSchool().' '; if($_REQUEST['username']) $sql .= 'AND UPPER(s.USERNAME) LIKE \''.singleQuoteReplace(""'"",""\'"",strtoupper($_REQUEST['username'])).'%\' '; if($_REQUEST['last']) $sql .= 'AND UPPER(s.LAST_NAME) LIKE \''.singleQuoteReplace(""'"",""\'"",strtoupper($_REQUEST['last'])).'%\' '; if($_REQUEST['first']) $sql .= 'AND UPPER(s.FIRST_NAME) LIKE \''.singleQuoteReplace(""'"",""\'"",strtoupper($_REQUEST['first'])).'%\' '; if($_REQUEST['profile']) $sql .= 'AND s.PROFILE=\''.$_REQUEST['profile'].'\' '; $sql_st = 'SELECT cp.teacher_id FROM missing_attendance mi,course_periods cp,schools s,course_period_var cpv WHERE mi.COURSE_PERIOD_ID=cp.COURSE_PERIOD_ID AND cp.COURSE_PERIOD_ID=cpv.COURSE_PERIOD_ID AND cpv.PERIOD_ID=mi.PERIOD_ID AND s.ID=mi.SCHOOL_ID AND mi.SCHOOL_ID=\''. UserSchool().'\' AND (mi.SCHOOL_DATE=cpv.COURSE_PERIOD_DATE OR POSITION(IF(DATE_FORMAT(mi.SCHOOL_DATE,\'%a\') LIKE \'Thu\',\'H\',(IF(DATE_FORMAT(mi.SCHOOL_DATE,\'%a\') LIKE \'Sun\',\'U\',SUBSTR(DATE_FORMAT(mi.SCHOOL_DATE,\'%a\'),1,1)))) IN cpv.DAYS)>0)'.$extra['WHERE2'].' UNION select cp.SECONDARY_TEACHER_ID FROM missing_attendance mi,course_periods cp,schools s,course_period_var cpv WHERE mi.COURSE_PERIOD_ID=cp.COURSE_PERIOD_ID AND cp.COURSE_PERIOD_ID=cpv.COURSE_PERIOD_ID AND cpv.PERIOD_ID=mi.PERIOD_ID AND s.ID=mi.SCHOOL_ID AND mi.SCHOOL_ID=\''. UserSchool().'\' AND (mi.SCHOOL_DATE=cpv.COURSE_PERIOD_DATE OR POSITION(IF(DATE_FORMAT(mi.SCHOOL_DATE,\'%a\') LIKE \'Thu\',\'H\',(IF(DATE_FORMAT(mi.SCHOOL_DATE,\'%a\') LIKE \'Sun\',\'U\',SUBSTR(DATE_FORMAT(mi.SCHOOL_DATE,\'%a\'),1,1)))) IN cpv.DAYS)>0)'.$extra['WHERE2']; $res_st = DBGet(DBQuery($sql_st)); $a = 0; foreach($res_st as $row_st) { $teacher_str .= ""'"".$row_st['TEACHER_ID'].""',""; $a++; } if($a != 0){ $teacher_str = substr($teacher_str, 0, -1); $sql .= 'AND s.STAFF_ID IN ('.$teacher_str.')'; } $sql .= $extra['WHERE'].' '; if ($extra['GROUP']) $sql .= ' GROUP BY ' . $extra['GROUP']; $sql .= 'ORDER BY FULL_NAME'; if ($extra['functions']) $functions= $extra['functions']; if($a != 0) { if(count($functions)>0) return DBGet(DBQuery($sql),$functions); else return DBGet(DBQuery($sql)); } break; } }",True,PHP,GetStaffList_Miss_Atn,GetStaffListFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18395,"function GetUserStaffList(& $extra) { global $profiles_RET; $functions = array('PROFILE'=>'makeProfile'); switch(User('PROFILE')) { case 'admin': $profiles_RET = DBGet(DBQuery('SELECT * FROM user_profiles'),array(),array('ID')); $sql = 'SELECT DISTINCT CONCAT(TRIM(s.LAST_NAME),\', \',s.FIRST_NAME,\' \',COALESCE(s.MIDDLE_NAME,\' \')) AS FULL_NAME, s.PROFILE,s.IS_DISABLE,s.PROFILE_ID,ssr.END_DATE,s.STAFF_ID '.$extra['SELECT'].' FROM staff s INNER JOIN staff_school_relationship ssr USING(staff_id) '.$extra['FROM'].',login_authentication la WHERE (s.PROFILE_ID!=4 OR s.PROFILE_ID IS NULL) AND ssr.SYEAR=\''.UserSyear().'\' AND s.STAFF_ID=la.USER_ID AND la.PROFILE_ID NOT IN (3,4)'; if(User('PROFILE_ID')=='1') $sql.=' AND s.PROFILE_ID!=0 '; if($_REQUEST['_search_all_schools']!='Y') $sql .= ' AND school_id='. UserSchool().' '; else $sql .= ' AND school_id IN('. GetUserSchools(UserID(),true).') '; if($_REQUEST['_dis_user']!='Y') $sql .= ' AND (s.IS_DISABLE<>\'Y\' OR s.IS_DISABLE IS NULL) AND (ssr.END_DATE>=\''.date('Y-m-d').'\' OR ssr.END_DATE=\'0000-00-00\' OR ssr.END_DATE IS NULL)'; if($_REQUEST['username']) $sql .= 'AND UPPER(la.USERNAME) LIKE \''.singleQuoteReplace(""'"",""\'"",strtoupper($_REQUEST['username'])).'%\' '; if($_REQUEST['last']) $sql .= 'AND UPPER(s.LAST_NAME) LIKE \''.singleQuoteReplace(""'"",""\'"",strtoupper($_REQUEST['last'])).'%\' '; if($_REQUEST['first']) $sql .= 'AND UPPER(s.FIRST_NAME) LIKE \''.singleQuoteReplace(""'"",""\'"",strtoupper($_REQUEST['first'])).'%\' '; if($_REQUEST['profile']=="""") { $sql .= ' '; } else { if($_REQUEST['profile']==0 || $_REQUEST['profile']) { if(is_number($_REQUEST['profile'])==FALSE) $sql .= ' AND s.PROFILE=\''.$_REQUEST['profile'].'\' AND s.PROFILE_ID IS NULL '; else $sql .= ' AND s.PROFILE_ID=\''.$_REQUEST['profile'].'\' '; } } $sql .= $extra['WHERE'].' '; if (strpos($_REQUEST['modname'], 'users/TeacherPrograms.php') !== false) { $sql .= ' AND s.PROFILE_ID NOT IN(0,1) '; } if ($extra['GROUP']) $sql .= ' GROUP BY ' . $extra['GROUP']; $sql .= 'ORDER BY FULL_NAME '; if($_SESSION['staf_search']['sql'] && $_REQUEST['return_session']) { $sql= $_SESSION['staf_search']['sql']; } else { if ($_REQUEST['sql_save_session_staf']) $_SESSION['staf_search']['sql'] = $sql; if (strpos($_REQUEST['modname'], 'users/TeacherPrograms.php') !== false) { $_SESSION['staf_search_hold'] = $sql; } } if ($extra['functions']) $functions += $extra['functions']; return DBGet(DBQuery($sql),$functions); break; } }",True,PHP,GetUserStaffList,GetStaffListFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18396,"function GetStaffListNoAccess() { switch(User('PROFILE')) { case 'admin': $sql='SELECT DISTINCT CONCAT(TRIM(s.LAST_NAME),\', \',s.FIRST_NAME,\' \',COALESCE(s.MIDDLE_NAME,\' \')) AS FULL_NAME,CONCAT(UPPER(MID(s.PROFILE,1,1)),MID(s.PROFILE,2,LENGTH(s.PROFILE)-1)) AS PROFILE,s.PROFILE_ID,s.IS_DISABLE, s.STAFF_ID FROM people s ,students st,student_enrollment ssm WHERE st.STUDENT_ID=ssm.STUDENT_ID AND ssm.SYEAR='.UserSyear().' AND s.PROFILE IS NOT NULL AND s.PROFILE_ID=4 AND '.($_REQUEST['_search_all_schools']=='Y'?'ssm.SCHOOL_ID IN (SELECT SCHOOL_ID FROM school_years WHERE SYEAR='.UserSyear().')':'ssm.SCHOOL_ID='.UserSchool()).' AND s.STAFF_ID IN (SELECT PERSON_ID FROM students_join_people sjp WHERE ssm.STUDENT_ID = sjp.STUDENT_ID AND ssm.SCHOOL_ID='.($_REQUEST['_search_all_schools']=='Y'?'ssm.SCHOOL_ID IN (SELECT SCHOOL_ID FROM school_years WHERE SYEAR='.UserSyear().')':'ssm.SCHOOL_ID='.UserSchool()).'",True,PHP,GetStaffListNoAccess,GetStaffListFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18398,"function makePhone($phone, $column = '') { global $THIS_RET; if (strlen($phone) == 10) $return .= '(' . substr($phone, 0, 3) . ')' . substr($phone, 3, 7) . '-' . substr($phone, 7); if (strlen($phone) == '7') $return .= substr($phone, 0, 3) . '-' . substr($phone, 3); else $return .= $phone; return $return; }",True,PHP,makePhone,GetStuListFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18399,"function _make_Parents($value, $column) { global $THIS_RET; $sql = 'SELECT DISTINCT person_id AS STAFF_ID, CONCAT( people.LAST_NAME, \' \', people.FIRST_NAME ) AS PARENT FROM students_join_people sju, people, staff_school_relationship ssr WHERE people.staff_id = sju.person_id and sju.student_id=\'' . $value . '\' AND ssr.syear=\'' . UserSyear() . '\''; $parents_RET = DBGet(DBQuery($sql)); foreach ($parents_RET AS $parent) { $parents .=$parent['PARENT'] . ','; } return trim($parents, ','); }",True,PHP,_make_Parents,GetStuListFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18400,"function removeDot00($value, $column) { return str_replace('.00', '', $value); }",True,PHP,removeDot00,GetStuListFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18408,"$THIS_RET['PARENTS'] .= '' . button('dot', $color, '', 6) . '' . $THIS_RET['PARENTS'] . ''; }",True,PHP,''.button,GetStuListFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18411,"function makeContactInfo($student_id, $column) { global $THIS_RET, $contacts_RET; if (count($contacts_RET[$THIS_RET['STUDENT_ID']])) { foreach ($contacts_RET[$THIS_RET['STUDENT_ID']] as $person) { if ($person[1]['FIRST_NAME'] || $person[1]['LAST_NAME']) $tipmessage .= '' . $person[1]['STUDENT_RELATION'] . ': ' . $person[1]['FIRST_NAME'] . ' ' . $person[1]['LAST_NAME'] . ' | '; $tipmessage .= ''; if ($person[1]['PHONE']) $tipmessage .= ' ' . $person[1]['PHONE'] . ''; foreach ($person as $info) { if ($info['TITLE'] || $info['VALUE']) $tipmessage .= '' . $info['TITLE'] . '' . $info['VALUE'] . ''; } $tipmessage .= ''; } } else $tipmessage = 'This student has no contact information.'; return button('phone', '', '# alt=""' . $tipmessage . '"" title=""' . $tipmessage . '""'); }",True,PHP,makeContactInfo,GetStuListFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18414,"function DateInputAY_red($value, $name, $counter = 1, $cp_id) { if (AllowEdit() && !$_REQUEST['_openSIS_PDF']) { if ($value != '') { $month_names = array('JAN', 'FEB', 'MAR', 'APR', 'MAY', 'JUN', 'JUL', 'AUG', 'SEP', 'OCT', 'NOV', 'DEC'); $show = ""value='$value'""; $date_sep = explode('-', $value); $monthVal = ""value='"" . $month_names[$date_sep[1] - 1] . ""'""; $yearVal = ""value='$date_sep[0]'""; $dayVal = ""value='$date_sep[2]'""; $display = """"; } else { $show = """"; $date_sep = """"; $monthVal = """"; $yearVal = """"; $dayVal = """"; $display = """"; } if ($value != '') { $student_id = UserStudentID(); $qr = DBGet(DBQuery('select end_date from student_enrollment where student_id=' . $student_id . ' order by id desc limit 0,1')); $stu_end_date = $qr[1]['END_DATE']; $qr1 = DBGet(DBQuery('select end_date from course_periods where COURSE_PERIOD_ID=' . $cp_id . '')); $cr_end_date = $qr1[1]['END_DATE']; if (strtotime($cr_end_date) > strtotime($stu_end_date) && $stu_end_date != '') { return '
    ' . ProperDateAY($value) . '
    		 
    '; } else { return '
    ' . ProperDateAY($value) . '
    		 
    '; } return '
    ' . ProperDateAY($value) . '
    		 
    '; } else return '
     
    '; } else return ProperDateAY($value); }",True,PHP,DateInputAY_red,InputsFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18416,"foreach($column_names as $key=>$value) { $output .=''.par_rep_cb('/<[^>]+>/','',par_rep_cb(""/
    /"",'',par_rep_cb('/ +/',' ',par_rep_cb('/&[^;]+;/','',str_replace('
    ·',' : ',str_replace(' ',' ',$item[$key])))))).''; }",True,PHP,foreach,ListOutputFloatFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18417,"foreach($value as $name=>$val) { $val = par_rep_cb('/[^a-zA-Z0-9 _]/+','',strtolower($val)); if(strtolower($_REQUEST['LO_search'])==$val) $values[$key] += 25; foreach($terms as $term=>$one) { if(ereg($term,$val)) $values[$key] += 3; } }",True,PHP,foreach,ListOutputFloatFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18419,"$sort_array[] = substr($sort[$_REQUEST['LO_sort']],4,strpos($sort[$_REQUEST['LO_sort']],'-->')-5); } if($_REQUEST['LO_direction']==-1) $dir = SORT_DESC; else $dir = SORT_ASC; if($result_count>1) { if(is_int($sort_array[1]) || is_double($sort_array[1])) array_multisort($sort_array,$dir,SORT_NUMERIC,$result); else array_multisort($sort_array,$dir,$result); for($i=$result_count-1;$i>=0;$i--) $result[$i+1] = $result[$i]; unset($result[0]); } }",True,PHP,substr,ListOutputFloatFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18420,"foreach($item1 as $item2) { if($group_count==1) { $i++; if(count($group[0]) && $i!=1) { foreach($group[0] as $column) $item2[$column] = str_replace('','-->'; } $item2['row_color'] = $color; $result[] = $item2; } else { if($group_count==2) { if($color=='#F8F8F9') $color = $side_color; else $color = '#F8F8F9'; } foreach($item2 as $item3) { if($group_count==2) { $i++; if(count($group[0]) && $i!=1) { foreach($group[0] as $column) $item3[$column] = ''; } if(count($group[1]) && $i!=1) { foreach($group[1] as $column) $item3[$column] = ''; } $item3['row_color'] = $color; $result[] = $item3; } else { if($group_count==3) { if($color=='#F8F8F9') $color = $side_color; else $color = '#F8F8F9'; } foreach($item3 as $item4) { if($group_count==3) { $i++; if(count($group[2]) && $i!=1) { foreach($group[2] as $column) unset($item4[$column]); } $item4['row_color'] = $color; $result[] = $item4; } } } } } }",True,PHP,foreach,ListOutputFloatFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18424,"foreach ($item1 as $item2) { if ($group_count == 1) { $i++; if (count($group[0]) && $i != 1) { foreach ($group[0] as $column) $item2[$column] = str_replace('', '-->'; } $item2['row_color'] = $color; $result[] = $item2; } else { if ($group_count == 2) { if ($color == '') $color = $side_color; else $color = ''; } foreach ($item2 as $item3) { if ($group_count == 2) { $i++; if (count($group[0]) && $i != 1) { foreach ($group[0] as $column) $item3[$column] = ''; } if (count($group[1]) && $i != 1) { foreach ($group[1] as $column) $item3[$column] = ''; } $item3['row_color'] = $color; $result[] = $item3; } else { if ($group_count == 3) { if ($color == '') $color = $side_color; else $color = ''; } foreach ($item3 as $item4) { if ($group_count == 3) { $i++; if (count($group[2]) && $i != 1) { foreach ($group[2] as $column) unset($item4[$column]); } $item4['row_color'] = $color; $result[] = $item4; } } } } } }",True,PHP,foreach,ListOutputFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18425,"function paginationTabMarker($totalPages, $currentPage, $modname, $page_requests, $href_req_pages) { $opDT = ''; if($totalPages < 7) { for($ix = 1; $ix <= $totalPages; $ix++) { $paginate_active = ''; $paginate_event = ''; if($currentPage == $ix) { $paginate_active = 'current'; } if($currentPage != $ix) { if(in_array($modname, $href_req_pages)) { $paginate_event = 'href=""Modules.php'.$page_requests.'&loadpage='.$ix.'""'; } else { $paginate_event = 'onclick=""loadDataTablePagination('.$ix.')""'; } } $opDT .= '    '.$ix.''; } } else { if($currentPage >= 5 && $currentPage <= ($totalPages - 3)) { $paginate_event = ''; if(in_array($modname, $href_req_pages)) { $paginate_event = 'href=""Modules.php'.$page_requests.'&loadpage=1""'; } else { $paginate_event = 'onclick=""loadDataTablePagination(1)""'; } $opDT .= '1'; $opDT .= ''; for($ix = ($currentPage - 1); $ix <= ($currentPage + 1); $ix++) { $paginate_active = ''; $paginate_event = ''; if($currentPage == $ix) { $paginate_active = 'current'; } if($currentPage != $ix) { if(in_array($modname, $href_req_pages)) { $paginate_event = 'href=""Modules.php'.$page_requests.'&loadpage='.$ix.'""'; } else { $paginate_event = 'onclick=""loadDataTablePagination('.$ix.')""'; } } $opDT .= ''.$ix.''; } $opDT .= ''; $paginate_event = ''; if(in_array($modname, $href_req_pages)) { $paginate_event = 'href=""Modules.php'.$page_requests.'&loadpage='.$totalPages.'""'; } else { $paginate_event = 'onclick=""loadDataTablePagination('.$totalPages.')""'; } $opDT .= ''.$totalPages.''; } else if($currentPage < 5) { for($ix = 1; $ix <= 5; $ix++) { $paginate_active = ''; $paginate_event = ''; if($currentPage == $ix) { $paginate_active = 'current'; } if($currentPage != $ix) { if(in_array($modname, $href_req_pages)) { $paginate_event = 'href=""Modules.php'.$page_requests.'&loadpage='.$ix.'""'; } else { $paginate_event = 'onclick=""loadDataTablePagination('.$ix.')""'; } } $opDT .= ''.$ix.''; } $opDT .= ''; $paginate_event = ''; if(in_array($modname, $href_req_pages)) { $paginate_event = 'href=""Modules.php'.$page_requests.'&loadpage='.$totalPages.'""'; } else { $paginate_event = 'onclick=""loadDataTablePagination('.$totalPages.')""'; } $opDT .= ''.$totalPages.''; } else if($currentPage > ($totalPages - 3)) { $paginate_event = ''; if(in_array($modname, $href_req_pages)) { $paginate_event = 'href=""Modules.php'.$page_requests.'&loadpage=1""'; } else { $paginate_event = 'onclick=""loadDataTablePagination(1)""'; } $opDT .= '1'; $opDT .= ''; for($ix = ($totalPages - 3); $ix <= $totalPages; $ix++) { $paginate_active = ''; $paginate_event = ''; if($currentPage == $ix) { $paginate_active = 'current'; } if($currentPage != $ix) { if(in_array($modname, $href_req_pages)) { $paginate_event = 'href=""Modules.php'.$page_requests.'&loadpage='.$ix.'""'; } else { $paginate_event = 'onclick=""loadDataTablePagination('.$ix.')""'; } } $opDT .= ''.$ix.''; } } } return $opDT; }",True,PHP,paginationTabMarker,ListOutputFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18426,"foreach ($value as $name => $val) { if (strtolower($_REQUEST['LO_search']) == $val) $values[$key] += 25; foreach ($terms as $term => $one) { $search_q_res = DBGet(DBQuery('SELECT COUNT(1) AS RES FROM (SELECT \'c\') as Y WHERE \'' . strtolower(str_replace(""'"", ""''"", $val)) . '\' like \'%' . $term . '%\' ')); if ($search_q_res[1]['RES'] != 0) $values[$key] += 3; } } if ($values[$key] == 0) { unset($values[$key]); unset($result[$key]); $result_count--; $display_count--; } } if ($result_count) { array_multisort($values, SORT_DESC, $result); $result = ReindexResults($result); $values = ReindexResults($values); $last_value = 1; $scale = (100 / $values[$last_value]); for ($i = $last_value; $i <= $result_count; $i++) $result[$i]['RELEVANCE'] = '';",True,PHP,foreach,ListOutputFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18431,"foreach ($column_names as $key => $value) { if ($i == 1) echo '
    '; echo '
    '; echo ''; echo '
    ' . $link['add']['html'][$key] . '
    '; echo '
    '; $i++; if ($i == 2) { echo '
    '; $i = 0; } $j++; if ($j > 5) break; }",True,PHP,foreach,ListOutputFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18432,"function ListOutputPrintReportMod($result, $column_names) { $table = ''; $table .= ''; $table .= ''; foreach ($column_names as $key => $value) { $table .= ''; } $table .= ''; foreach ($result as $res_key => $res_val) { $table .= ''; foreach ($column_names as $key => $value) { $bg_color = ($res_key % 2 == 0 ? '#d3d3d3' : '#f5f5f5'); $table .= ''; } $table .= ''; } $table .= 'prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18435,"$sort_array[] = substr($sort[$_REQUEST['LO_sort']], 4, strpos($sort[$_REQUEST['LO_sort']], '-->') - 5); } if ($_REQUEST['LO_direction'] == -1) $dir = SORT_DESC; else $dir = SORT_ASC; if (count($t) > 1) { if (is_int($sort_array[1]) || is_double($sort_array[1])) array_multisort($sort_array, $dir, SORT_NUMERIC, $t[$h]); else array_multisort($sort_array, $dir, $t[$h]); $inc = 0; $pos = 0; $flag = true; $inc = 0; $select = $_REQUEST['LO_sort']; for ($c = 0; $c < count($t[$h]); $c++) { if (array_key_exists($_REQUEST['LO_sort'], $t[$h][$c])) { $temp = $t[$h][$c]; if ($temp[$select]) { $inc++; if ($flag) { $pos = $c; $flag = false; } } } } $abc = array_slice($t[$h], $pos, $inc); if ($pos == 0) $cde = array_slice($t[$h], $inc, (count($t[$h]) - 1)); else $cde = array_slice($t[$h], 0, $pos); if ($inc != 0) { $t[$h] = array_merge($abc, $cde); } echo ""
    ""; array_push($result, $t[$h]); } for ($i = $result_count - 1; $i >= 0; $i--) { $result[$i + 1] = $result[$i]; } unset($result[0]); $sort_array = """"; } $bgcolor_sort = array(); for ($h = 1; $h <= count($t); $h++) { for ($n = 0; $n < count($t[$h]); $n++) { if ($_REQUEST['LO_sort'] == ""FULL_NAME"") { if (array_key_exists(""FULL_NAME"", $t[$h][$n])) { $name_sort[] = array_shift($t[$h][$n]); } if (array_key_exists(""bgcolor"", $t[$h][$n])) { $bgcolor_sort[] = array_shift($t[$h][$n]); } } else { if (array_key_exists(""FULL_NAME"", $t[$h][$n])) { $FULL_NAME = array_shift($t[$h][$n]); } if (array_key_exists(""bgcolor"", $t[$h][$n])) { $bgcolor = array_shift($t[$h][$n]); } $t[$h][0][FULL_NAME] = $FULL_NAME; $t[$h][0][bgcolor] = $bgcolor; } } } for ($h = 1; $h <= count($t); $h++) { for ($n = 0; $n < count($t[$h]); $n++) { if (array_key_exists(""0"", $t[$h][$n])) { $mkperiod = $t[$h][$n]['MARKING_PERIOD_ID']; $t[$h][$n][$mkperiod] = $t[$h][$n][0]; } } } if ($_REQUEST['LO_sort'] == ""FULL_NAME"") { array_multisort($name_sort, $dir); for ($h = 1; $h <= count($t); $h++) { $t[$h][0][FULL_NAME] = $name_sort[$h - 1]; } } $result = """"; for ($n = 1; $n <= count($a); $n++) { $result = array_merge((array) $result, $t[$n]); } }",True,PHP,substr,ListOutputFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18438,"$res = clean_param($tag, PARAM_TAG); if ($res != '') { $result[] = $res; } } if ($result) { return implode(',', $result); } else { return ''; } default: echo ""Unknown parameter type: $type""; } }",True,PHP,clean_param,ParamLibFnc.php,https://github.com/OS4ED/openSIS-Classic,OS4ED,Sarika Lal,2022-12-31 07:52:00+05:18,"Version 9.0 release Older version shifted to branch: Version_8.0",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-45962,"public function search_external() { global $db; $sql = ""select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ""; $sql .= ""from "" . $db->prefix . ""external_addresses as a ""; $sql .= "" WHERE match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ""; $sql .= ""order by match (a.firstname,a.lastname,a.email,a.organization) against ('"" . $this->params['query'] . ""*' IN BOOLEAN MODE) ASC LIMIT 12""; $res = $db->selectObjectsBySql($sql); foreach ($res as $key=>$record) { $res[$key]->title = $record->firstname . ' ' . $record->lastname; } $ar = new expAjaxReply(200, gt('Here\'s the items you wanted'), $res); $ar->send(); }" 18439,"function html_is_blank($string) { return trim(strip_tags($string, '
    ' . $value . '
    ' . $res_val[$key] . '
    Keywords Meta Tag
    content['keywords'] . '"" id=""useo-meta-editor-keywords"" class=""qa-form-tall-text"" type=""text"" value=""'. $this->meta_keywords .'"" name=""useo-meta-editor-keywords"">
    A comma separated list of your most important keywords
    '); $this->output(''); $this->output('
    '); } if( (qa_get_logged_in_level() >= QA_USER_LEVEL_ADMIN) and ($this->template=='question') and (qa_opt('useo_social_enable_editor')) ){ $this->output('
    '); $this->output('
    '); $this->output('

    Social Tags Editor

    Only administrators can see this section.

    Open Graph

    Site Title
    metas['og-sitename']['content'] . '"" id=""useo-og-sitename"" class=""qa-form-tall-text"" type=""text"" value=""'. @$this->social_metas['og-sitename'] .'"" name=""useo-meta-editor-title"">
    Page Title
    metas['og-title']['content'] . '"" id=""useo-og-title"" class=""qa-form-tall-text"" type=""text"" value=""'. @$this->social_metas['og-title'] .'"" name=""useo-meta-editor-title"">
    Description Meta Tag
    Shared Page\'s URL
    metas['og-url']['content'] . '"" id=""useo-og-url"" class=""qa-form-tall-text"" type=""text"" value=""'. @$this->social_metas['og-url'] .'"" name=""useo-meta-editor-title"">
    Thumbnail Image
    metas['og-image']['content'] . '"" id=""useo-og-image"" class=""qa-form-tall-text"" type=""text"" value=""'. @$this->social_metas['og-image'] .'"" name=""useo-meta-editor-title"">

    Twitter Cards

    Page Title
    metas['tc-title']['content'] . '"" id=""useo-tc-title"" class=""qa-form-tall-text"" type=""text"" value=""'. @$this->social_metas['tc-title'] .'"" name=""useo-meta-editor-title"">
    Description
    Thumbnail Image
    metas['tc-image']['content'] . '"" id=""useo-tc-image"" class=""qa-form-tall-text"" type=""text"" value=""'. @$this->social_metas['tc-image'] .'"" name=""useo-meta-editor-title"">
    Twitter Handler
    metas['tc-handler']['content'] . '"" id=""useo-tc-handler"" class=""qa-form-tall-text"" type=""text"" value=""'. @$this->social_metas['tc-handler'] .'"" name=""useo-meta-editor-title"">

    Google+ Schemas

    Thumbnail Image
    metas['gp-image']['content'] . '"" id=""useo-gp-image"" class=""qa-form-tall-text"" type=""text"" value=""'. @$this->social_metas['gp-image'] .'"" name=""useo-meta-editor-title"">
    '); $this->output('
    '); $this->output('
    '); } }",True,PHP,main_parts,layer.php,https://github.com/q2a-projects/Q2A-Ultimate-SEO,q2a-projects,Towhid,2017-07-15 19:45:35-08:00,Sanitizing Meta output,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-3258,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25517,"function doctype(){ qa_html_theme_base::doctype(); require_once QA_INCLUDE_DIR.'qa-db-metas.php'; if( ($this->template=='question') and (qa_opt('useo_meta_editor_enable')) ){ $metas = json_decode(qa_db_postmeta_get($this->content['q_view']['raw']['postid'], 'useo-meta-info'),true); $this->meta_title = @$metas['title']; $this->meta_description = @$metas['description']; $this->meta_keywords = @$metas['keywords']; } $page_url = @$this->content['canonical']; if(! empty($this->meta_description)) $description = $this->meta_description; else $description = @$this->content['description']; if(! empty($this->meta_title)) $title = $this->meta_title; else $title = @$this->content['q_view']['raw']['title']; if($this->template=='question'){ if(qa_opt('useo_social_enable_editor')){ $this->social_metas = json_decode(qa_db_postmeta_get($this->content['q_view']['raw']['postid'], 'useo-social-info'),true); if(count($this->social_metas)) foreach ($this->social_metas as $index => $variable){ $this->metas[$index]['content'] = $variable; $this->metas[$index]['type'] = ''; } } if(qa_opt('useo_social_og_enable_auto')){ $this->metas['og-sitename']['content'] = @$this->content['site_title']; $this->metas['og-sitename']['type'] = 'property=""og:site_name""'; $this->metas['og-title']['content'] = $title; $this->metas['og-title']['type'] = 'property=""og:title""'; $gl_length = qa_opt('useo_social_og_desc_length'); if($gl_length<=0) $gl_length = 140; $this->metas['og-description']['content'] = useo_get_excerpt($description, 0, $gl_length); $this->metas['og-description']['type'] = 'property=""og:description""'; $this->metas['og-type']['content'] = 'website'; $this->metas['og-type']['type'] = 'property=""og:type""'; if(! empty($page_url)){ $this->metas['og-url']['content'] = $page_url; $this->metas['og-url']['type'] = 'property=""og:url""'; } $og_image = qa_opt('useo_social_og_image'); if(! empty($og_image)){ $this->metas['og-image']['content'] = $og_image; $this->metas['og-image']['type'] = 'property=""og:image""'; } } if(qa_opt('useo_social_tc_enable')){ $this->metas['tc-type']['content'] = 'summary'; $this->metas['tc-type']['type'] = 'property=""twitter:card""'; $this->metas['tc-title']['content'] = $title; $this->metas['tc-title']['type'] = 'property=""twitter:title""'; $useo_social_tc_desc_length = qa_opt('useo_social_og_desc_length'); if($useo_social_tc_desc_length<=0) $useo_social_tc_desc_length = 120; $this->metas['tc-description']['content'] = useo_get_excerpt($description, 0, $useo_social_tc_desc_length); $this->metas['tc-description']['type'] = 'property=""twitter:description""'; $tc_image = qa_opt('useo_social_tc_image'); if(! empty($tc_image)){ $this->metas['tc-image']['content'] = $tc_image; $this->metas['tc-image']['type'] = 'property=""twitter:image""'; } $tc_handler = qa_opt('useo_social_tc_handler'); if(! empty($tc_handler)){ $this->metas['tc-handler']['content'] = $tc_handler; $this->metas['tc-handler']['type'] = 'property=""twitter:site""'; } } if(qa_opt('useo_social_schema_enable')){ $this->metas['gp-title']['content'] = $title; $this->metas['gp-title']['type'] = 'itemprop=""name""'; $this->metas['gp-title']['content'] = $description; $this->metas['gp-title']['type'] = 'itemprop=""description""'; $gp_type = qa_opt('useo_social_schema_page_type'); if($gp_type==2) $gp_page_type = 'Question'; elseif($gp_type==3) $gp_page_type = 'Article'; if( isset($gp_page_type) ){ $this->metas['gp-title']['content'] = ''; $this->metas['gp-title']['type'] = 'itemscope itemtype=""http: } $gp_image = qa_opt('useo_social_gp_thumbnail'); if(! empty($gp_image)){ $this->metas['gp-image']['content'] = $gp_image; $this->metas['gp-image']['type'] = 'itemprop=""image""'; } } } $useo_cat_desc_map = array(); $categoryid_list = array(); if(isset($this->content['navigation']['cat']) && qa_opt('useo_cat_title_nav_enable')){ $category_nav = $this->content['navigation']['cat']; unset($category_nav['all']); foreach ($category_nav as $index => $item){ $categoryid_list[$item['categoryid']] = $item['categoryid']; } } if(isset($this->content[""q_list""][""qs""]) && qa_opt('useo_cat_title_qlist_enable')){ foreach ($this->content[""q_list""][""qs""] as $index => $item){ if($item['raw']['categoryid']) $categoryid_list[$item['raw']['categoryid']] = $item['raw']['categoryid']; } } if(count($categoryid_list)){ $result=qa_db_query_sub( 'SELECT categoryid, content FROM ^categorymetas WHERE categoryid IN ($) AND title=$', $categoryid_list,'useo_cat_title' ); $useo_cat_desc_map = qa_db_read_all_assoc($result,'categoryid'); if(isset($this->content[""q_list""][""qs""])) foreach ($this->content[""q_list""][""qs""] as $index => $item){ if(isset($item['raw']['categoryid']) && isset($useo_cat_desc_map[$item['raw']['categoryid']])) $this->content[""q_list""][""qs""][$index]['where']['title'] = $useo_cat_desc_map[$item['raw']['categoryid']]['content']; } } if(count(@$this->content['navigation']['cat']) && qa_opt('useo_cat_title_nav_enable')){ foreach ($this->content['navigation']['cat'] as $index => $item){ if(isset($item['categoryid']) && isset($useo_cat_desc_map[$item['categoryid']])) $this->content['navigation']['cat'][$index][""popup""] = $useo_cat_desc_map[$item['categoryid']]['content']; } } if ($this->request == 'admin/ulitmate_seo') { if(empty($this->content['navigation']['sub'])) $this->content['navigation']['sub']=array(); require_once QA_INCLUDE_DIR.'qa-app-admin.php'; $admin_nav = qa_admin_sub_navigation(); $this->content['navigation']['sub'] = array_merge( $admin_nav, $this->content['navigation']['sub'] ); } if ( ($this->template=='admin') or ($this->request == 'ulitmate_seo') ){ $this->content['navigation']['sub']['ulitmate_seo'] = array( 'label' => 'Ultimate SEO', 'url' => qa_path_html('admin/ulitmate_seo'), ); if ($this->request == 'admin/ulitmate_seo'){ $this->content['navigation']['sub']['ulitmate_seo']['selected'] = true; } } }",True,PHP,doctype,layer.php,https://github.com/q2a-projects/Q2A-Ultimate-SEO,q2a-projects,Towhid,2017-07-15 19:45:35-08:00,Sanitizing Meta output,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-3258,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25522,"protected function secure(Hostname $hostname, Request $request) { $this->emitEvent(new Secured($hostname)); return $this->redirect->secure($request->getRequestUri()); }",True,PHP,secure,HostnameActions.php,https://github.com/tenancy/multi-tenant,tenancy,GitHub,2021-05-27 12:40:08+08:00,Trim slashes from request uri before redirecting (#1001),CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2021-32645,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25524,"protected function OnCheckCredentials(&$iErrorCode) { if (Session::Get('login_mode') == 'basic') { list($sAuthUser, $sAuthPwd) = $this->GetAuthUserAndPassword(); if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal')) { $_SESSION['auth_user'] = $sAuthUser; $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; return LoginWebPage::LOGIN_FSM_ERROR; } Session::Set('auth_user', $sAuthUser); } return LoginWebPage::LOGIN_FSM_CONTINUE; }",True,PHP,OnCheckCredentials,loginbasic.class.inc.php,https://github.com/Combodo/iTop,Combodo,Eric Espie,2022-12-08 08:21:13+01:00,N°5394 - use session for the FSM (use Session object),CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-39214,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25525,"protected function OnCheckCredentials(&$iErrorCode) { if (Session::Get('login_mode') == 'external') { $sAuthUser = $this->GetAuthUser(); if (!UserRights::CheckCredentials($sAuthUser, '', Session::Get('login_mode'), 'external')) { $_SESSION['auth_user'] = $sAuthUser; $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; return LoginWebPage::LOGIN_FSM_ERROR; } Session::Set('auth_user', $sAuthUser); } return LoginWebPage::LOGIN_FSM_CONTINUE; }",True,PHP,OnCheckCredentials,loginexternal.class.inc.php,https://github.com/Combodo/iTop,Combodo,Eric Espie,2022-12-08 08:21:13+01:00,N°5394 - use session for the FSM (use Session object),CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-39214,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25526,"protected function OnCheckCredentials(&$iErrorCode) { if (Session::Get('login_mode') == 'form') { $sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data'); $sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data'); if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal')) { $_SESSION['auth_user'] = $sAuthUser; $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; return LoginWebPage::LOGIN_FSM_ERROR; } Session::Set('auth_user', $sAuthUser); } return LoginWebPage::LOGIN_FSM_CONTINUE; }",True,PHP,OnCheckCredentials,loginform.class.inc.php,https://github.com/Combodo/iTop,Combodo,Eric Espie,2022-12-08 08:21:13+01:00,N°5394 - use session for the FSM (use Session object),CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-39214,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25527,"protected function OnCheckCredentials(&$iErrorCode) { if (Session::Get('login_mode') == 'url') { $sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data'); $sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data'); if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal')) { $_SESSION['auth_user'] = $sAuthUser; $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; return LoginWebPage::LOGIN_FSM_ERROR; } Session::Set('auth_user', $sAuthUser); } return LoginWebPage::LOGIN_FSM_CONTINUE; }",True,PHP,OnCheckCredentials,loginurl.class.inc.php,https://github.com/Combodo/iTop,Combodo,Eric Espie,2022-12-08 08:21:13+01:00,N°5394 - use session for the FSM (use Session object),CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-39214,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25528,"static function FromJSON($sJson) { if (is_array($sJson)) { $aJson = $sJson; } else { $aJson = json_decode($sJson, true); } $oFormManager = parent::FromJSON($sJson); if (!isset($aJson['formobject_class'])) { throw new Exception('Object class must be defined in order to generate the form'); } $sObjectClass = $aJson['formobject_class']; if (!isset($aJson['formobject_id'])) { $oObject = MetaModel::NewObject($sObjectClass); } else { $oObject = MetaModel::GetObject($sObjectClass, $aJson['formobject_id'], true, true); } $oFormManager->SetObject($oObject); if (!isset($aJson['formmode'])) { throw new Exception('Form mode must be defined in order to generate the form'); } $oFormManager->SetMode($aJson['formmode']); if (isset($aJson['formactionrulestoken'])) { $oFormManager->SetActionRulesToken($aJson['formactionrulestoken']); } if (isset($aJson['formproperties'])) { if (!isset($aJson['formproperties']['fields'])) { $aJson['formproperties']['fields'] = array(); } $oFormManager->SetFormProperties($aJson['formproperties']); } if (!isset($aJson['formcallbacks'])) { } return $oFormManager; }",True,PHP,FromJSON,ObjectFormManager.php,https://github.com/Combodo/iTop,Combodo,Pierre Goiffon,2021-11-25 16:07:40+01:00,N°4384 Security hardening,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-24780,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25532,"public static function FromJSON($sJson, $bTrustContent = false) { if (is_array($sJson)) { $aJson = $sJson; } else { $aJson = json_decode($sJson, true); } if (false === $bTrustContent) { if (isset($aJson['formproperties']['layout']['type']) && ($aJson['formproperties']['layout']['type'] === 'twig')) { IssueLog::Error('Portal received a query with forbidden twig content!', \LogChannels::PORTAL, ['formmanager_data' => $aJson]); throw new \SecurityException('Twig content not allowed in this context!'); } } $oFormManager = parent::FromJSON($sJson); if (!isset($aJson['formobject_class'])) { throw new Exception('Object class must be defined in order to generate the form'); } $sObjectClass = $aJson['formobject_class']; if (!isset($aJson['formobject_id'])) { $oObject = MetaModel::NewObject($sObjectClass); } else { $oObject = MetaModel::GetObject($sObjectClass, $aJson['formobject_id'], true, true); } $oFormManager->SetObject($oObject); if (!isset($aJson['formmode'])) { throw new Exception('Form mode must be defined in order to generate the form'); } $oFormManager->SetMode($aJson['formmode']); if (isset($aJson['formactionrulestoken'])) { $oFormManager->SetActionRulesToken($aJson['formactionrulestoken']); } if (isset($aJson['formproperties'])) { if (!isset($aJson['formproperties']['fields'])) { $aJson['formproperties']['fields'] = array(); } $oFormManager->SetFormProperties($aJson['formproperties']); } if (!isset($aJson['formcallbacks'])) { } return $oFormManager; }",True,PHP,FromJSON,ObjectFormManager.php,https://github.com/Combodo/iTop,Combodo,Pierre Goiffon,2021-12-09 12:08:23+01:00,"N°4384 Security hardening Module parameter flag for extensions",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-24780,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25533,"public static function CanTrustFormLayoutContent($sPostedFormManagerData, $aOriginalFormProperties) { $aPostedFormManagerData = json_decode($sPostedFormManagerData, true); $sPostedFormLayoutType = (isset($aPostedFormManagerData['formproperties']['layout']['type'])) ? $aPostedFormManagerData['formproperties']['layout']['type'] : ''; if ($sPostedFormLayoutType === 'xhtml') { return true; } $oHtmlDocument = new \DOMDocument(); $sPostedFormLayoutContent = (isset($aPostedFormManagerData['formproperties']['layout']['content'])) ? $aPostedFormManagerData['formproperties']['layout']['content'] : ''; $oHtmlDocument->loadXML(''.$sPostedFormLayoutContent.''); $sPostedFormLayoutRendered = $oHtmlDocument->saveHTML(); $sOriginalFormLayoutContent = (isset($aOriginalFormProperties['layout']['content'])) ? $aOriginalFormProperties['layout']['content'] : ''; $oHtmlDocument->loadXML(''.$sOriginalFormLayoutContent.''); $sOriginalFormLayoutContentRendered = $oHtmlDocument->saveHTML(); return ($sPostedFormLayoutRendered === $sOriginalFormLayoutContentRendered); }",True,PHP,CanTrustFormLayoutContent,ObjectFormManager.php,https://github.com/Combodo/iTop,Combodo,Pierre Goiffon,2021-12-10 17:10:46+01:00,N°4384 Fix PHP warning when decoding formmanager_data when it is already in a PHP array form,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-24780,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25537,"public static function FromJSON($sJson, $bTrustContent = false) { if (is_array($sJson)) { $aJson = $sJson; } else { $aJson = json_decode($sJson, true); } $oConfig = utils::GetConfig(); $bIsContentCheckEnabled = $oConfig->GetModuleSetting(PORTAL_ID, 'enable_formmanager_content_check', true); if ($bIsContentCheckEnabled && (false === $bTrustContent)) { if (isset($aJson['formproperties']['layout']['type']) && ($aJson['formproperties']['layout']['type'] === 'twig')) { IssueLog::Error('Portal received a query with forbidden twig content!', \LogChannels::PORTAL, ['formmanager_data' => $aJson]); throw new \SecurityException('Twig content not allowed in this context!'); } } $oFormManager = parent::FromJSON($sJson); if (!isset($aJson['formobject_class'])) { throw new Exception('Object class must be defined in order to generate the form'); } $sObjectClass = $aJson['formobject_class']; if (!isset($aJson['formobject_id'])) { $oObject = MetaModel::NewObject($sObjectClass); } else { $oObject = MetaModel::GetObject($sObjectClass, $aJson['formobject_id'], true, true); } $oFormManager->SetObject($oObject); if (!isset($aJson['formmode'])) { throw new Exception('Form mode must be defined in order to generate the form'); } $oFormManager->SetMode($aJson['formmode']); if (isset($aJson['formactionrulestoken'])) { $oFormManager->SetActionRulesToken($aJson['formactionrulestoken']); } if (isset($aJson['formproperties'])) { if (!isset($aJson['formproperties']['fields'])) { $aJson['formproperties']['fields'] = array(); } $oFormManager->SetFormProperties($aJson['formproperties']); } if (!isset($aJson['formcallbacks'])) { } return $oFormManager; }",True,PHP,FromJSON,ObjectFormManager.php,https://github.com/Combodo/iTop,Combodo,Pierre Goiffon,2021-12-10 17:10:46+01:00,N°4384 Fix PHP warning when decoding formmanager_data when it is already in a PHP array form,CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-24780,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25538,"protected function ForgotPwdGo() { $sAuthUser = utils::ReadParam('auth_user', '', true, 'raw_data'); try { UserRights::Login($sAuthUser); $oUser = UserRights::GetUserObject(); if ($oUser != null) { if (!MetaModel::IsValidAttCode(get_class($oUser), 'reset_pwd_token')) { throw new Exception(Dict::S('UI:ResetPwd-Error-NotPossible')); } if (!$oUser->CanChangePassword()) { throw new Exception(Dict::S('UI:ResetPwd-Error-FixedPwd')); } $sTo = $oUser->GetResetPasswordEmail(); if ($sTo == '') { throw new Exception(Dict::S('UI:ResetPwd-Error-NoEmail')); } $sToken = substr(md5(APPROOT.uniqid()), 0, 16); $oUser->Set('reset_pwd_token', $sToken); CMDBObject::SetTrackInfo('Reset password'); $oUser->AllowWrite(true); $oUser->DBUpdate(); $oEmail = new Email(); $oEmail->SetRecipientTO($sTo); $sFrom = MetaModel::GetConfig()->Get('forgot_password_from'); $oEmail->SetRecipientFrom($sFrom); $oEmail->SetSubject(Dict::S('UI:ResetPwd-EmailSubject', $oUser->Get('login'))); $sResetUrl = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?loginop=reset_pwd&auth_user='.urlencode($oUser->Get('login')).'&token='.urlencode($sToken); $oEmail->SetBody(Dict::Format('UI:ResetPwd-EmailBody', $sResetUrl, $oUser->Get('login'))); $iRes = $oEmail->Send($aIssues, true ); switch ($iRes) { case EMAIL_SEND_OK: break; case EMAIL_SEND_ERROR: default: IssueLog::Error('Failed to send the email with the NEW password for '.$oUser->Get('friendlyname').': '.implode(', ', $aIssues)); throw new Exception(Dict::S('UI:ResetPwd-Error-Send')); } } $oTwigContext = new LoginTwigRenderer(); $aVars = $oTwigContext->GetDefaultVars(); $oTwigContext->Render($this, 'forgotpwdsent.html.twig', $aVars); } catch(Exception $e) { $this->DisplayForgotPwdForm(true, $e->getMessage()); } }",True,PHP,ForgotPwdGo,loginwebpage.class.inc.php,https://github.com/Combodo/iTop,Combodo,Stephen Abello,2022-08-12 09:54:35+02:00,N°5393 Security hardening,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2022-39216,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25541,"protected function ForgotPwdGo() { $sAuthUser = utils::ReadParam('auth_user', '', true, 'raw_data'); try { UserRights::Login($sAuthUser); $oUser = UserRights::GetUserObject(); if ($oUser != null) { if (!MetaModel::IsValidAttCode(get_class($oUser), 'reset_pwd_token')) { throw new Exception(Dict::S('UI:ResetPwd-Error-NotPossible')); } if (!$oUser->CanChangePassword()) { throw new Exception(Dict::S('UI:ResetPwd-Error-FixedPwd')); } $sTo = $oUser->GetResetPasswordEmail(); if ($sTo == '') { throw new Exception(Dict::S('UI:ResetPwd-Error-NoEmail')); } $sToken = substr(md5(APPROOT.uniqid()), 0, 16); $oUser->Set('reset_pwd_token', $sToken); CMDBObject::SetTrackInfo('Reset password'); $oUser->AllowWrite(true); $oUser->DBUpdate(); $oEmail = new Email(); $oEmail->SetRecipientTO($sTo); $sFrom = MetaModel::GetConfig()->Get('forgot_password_from'); $oEmail->SetRecipientFrom($sFrom); $oEmail->SetSubject(Dict::S('UI:ResetPwd-EmailSubject', $oUser->Get('login'))); $sResetUrl = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?loginop=reset_pwd&auth_user='.urlencode($oUser->Get('login')).'&token='.urlencode($sToken); $oEmail->SetBody(Dict::Format('UI:ResetPwd-EmailBody', $sResetUrl, $oUser->Get('login'))); $iRes = $oEmail->Send($aIssues, true ); switch ($iRes) { case EMAIL_SEND_OK: break; case EMAIL_SEND_ERROR: default: IssueLog::Error('Failed to send the email with the NEW password for '.$oUser->Get('friendlyname').': '.implode(', ', $aIssues)); throw new Exception(Dict::S('UI:ResetPwd-Error-Send')); } } $oTwigContext = new LoginTwigRenderer(); $aVars = $oTwigContext->GetDefaultVars(); $oTwigContext->Render($this, 'forgotpwdsent.html.twig', $aVars); } catch(Exception $e) { $this->DisplayForgotPwdForm(true, $e->getMessage()); } }",True,PHP,ForgotPwdGo,loginwebpage.class.inc.php,https://github.com/Combodo/iTop,Combodo,Stephen Abello,2022-08-12 11:33:55+02:00,N°5393 Security hardening,CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2022-39216,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25543,"protected function OnCredentialsOK(&$iErrorCode) { if ($_SESSION['login_mode'] == 'basic') { list($sAuthUser) = $this->GetAuthUserAndPassword(); LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']); } return LoginWebPage::LOGIN_FSM_CONTINUE; }",True,PHP,OnCredentialsOK,loginbasic.class.inc.php,https://github.com/Combodo/iTop,Combodo,Eric Espie,2022-09-12 09:45:30+02:00,N°5394 - use session for the FSM,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-39214,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25545,"protected function OnCredentialsOK(&$iErrorCode) { if ($_SESSION['login_mode'] == 'external') { $sAuthUser = $this->GetAuthUser(); LoginWebPage::OnLoginSuccess($sAuthUser, 'external', $_SESSION['login_mode']); } return LoginWebPage::LOGIN_FSM_CONTINUE; }",True,PHP,OnCredentialsOK,loginexternal.class.inc.php,https://github.com/Combodo/iTop,Combodo,Eric Espie,2022-09-12 09:45:30+02:00,N°5394 - use session for the FSM,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-39214,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25548,"protected function OnCredentialsOK(&$iErrorCode) { if ($_SESSION['login_mode'] == 'form') { if (isset($_SESSION['auth_user'])) { $sAuthUser = $_SESSION['auth_user']; } else { $sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data'); } LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']); } return LoginWebPage::LOGIN_FSM_CONTINUE; }",True,PHP,OnCredentialsOK,loginform.class.inc.php,https://github.com/Combodo/iTop,Combodo,Eric Espie,2022-09-12 09:45:30+02:00,N°5394 - use session for the FSM,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-39214,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25553,"protected function OnCredentialsOK(&$iErrorCode) { if ($_SESSION['login_mode'] == 'url') { $sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data'); LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']); } return LoginWebPage::LOGIN_FSM_CONTINUE; }",True,PHP,OnCredentialsOK,loginurl.class.inc.php,https://github.com/Combodo/iTop,Combodo,Eric Espie,2022-09-12 09:45:30+02:00,N°5394 - use session for the FSM,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-39214,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25554,"function json_decode($json, $assoc=null) { return array(); }",True,PHP,json_decode,index.php,https://github.com/Combodo/iTop,Combodo,Eric,2021-05-27 09:29:50+02:00,N°3952 - code hardening,CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32663,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25560,"protected function Start() { $sCurrentStepClass = $this->sInitialStepClass; $oStep = new $sCurrentStepClass($this, $this->sInitialState); $this->DisplayStep($oStep); }",True,PHP,Start,wizardcontroller.class.inc.php,https://github.com/Combodo/iTop,Combodo,Eric,2021-05-27 09:29:50+02:00,N°3952 - code hardening,CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2021-32663,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25564,"public function GetJsForUpdateFields() { $sWizardHelperJsVar = (!is_null($this->m_aData['m_sWizHelperJsVarName'])) ? utils::Sanitize($this->m_aData['m_sWizHelperJsVarName'], utils::ENUM_SANITIZATION_FILTER_PARAMETER) : 'oWizardHelper'.$this->GetFormPrefix(); $sWizardHelperJson = $this->ToJSON(); return <<params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25568,"public static function IsTransactionValid($id, $bRemoveTransaction = true) { $sTransactionDir = realpath(APPROOT.'data/transactions'); $sFilepath = utils::RealPath($sTransactionDir.'/'.$id, $sTransactionDir); if (($sFilepath === false) || (strlen($sTransactionDir) == strlen($sFilepath))) { return false; } clearstatcache(true, $sFilepath); $bResult = file_exists($sFilepath); if ($bResult) { if ($bRemoveTransaction) { $bResult = @unlink($sFilepath); if (!$bResult) { self::Error('IsTransactionValid: FAILED to remove transaction '.$id); } else { self::Info('IsTransactionValid: OK. Removed transaction: '.$id); } } } else { self::Info(""IsTransactionValid: Transaction '$id' not found. Pending transactions for this user:\n"".implode(""\n"", self::GetPendingTransactions())); } return $bResult; }",True,PHP,IsTransactionValid,transaction.class.inc.php,https://github.com/Combodo/iTop,Combodo,Pierre Goiffon,2021-10-21 12:43:03+02:00,N°4289 Security hardening,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-41245,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25570,"public static function RemoveTransaction($id) { $sFilepath = APPROOT.'data/transactions/'.$id; clearstatcache(true, $sFilepath); if (!file_exists($sFilepath)) { $bSuccess = false; self::Error(""RemoveTransaction: Transaction '$id' not found. Pending transactions for this user:\n"" .implode(""\n"", self::GetPendingTransactions())); } else { $bSuccess = @unlink($sFilepath); } if (!$bSuccess) { self::Error('RemoveTransaction: FAILED to remove transaction '.$id); } else { self::Info('RemoveTransaction: OK '.$id); } return $bSuccess; }",True,PHP,RemoveTransaction,transaction.class.inc.php,https://github.com/Combodo/iTop,Combodo,Pierre Goiffon,2021-10-21 12:43:03+02:00,N°4289 Security hardening,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-41245,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25571,"public static function GetNewTransactionId() { if (!is_dir(APPROOT.'data/transactions')) { if (!is_writable(APPROOT.'data')) { throw new Exception('The directory ""'.APPROOT.'data"" must be writable to the application.'); } if (!@mkdir(APPROOT.'data/transactions')) { throw new Exception('Failed to create the directory ""'.APPROOT.'data/transactions"". Ajust the rights on the parent directory or let an administrator create the transactions directory and give the web sever enough rights to write into it.'); } } if (!is_writable(APPROOT.'data/transactions')) { throw new Exception('The directory ""'.APPROOT.'data/transactions"" must be writable to the application.'); } self::CleanupOldTransactions(); $id = basename(tempnam(APPROOT.'data/transactions', static::GetUserPrefix())); self::Info('GetNewTransactionId: Created transaction: '.$id); return (string)$id; }",True,PHP,GetNewTransactionId,transaction.class.inc.php,https://github.com/Combodo/iTop,Combodo,Pierre Goiffon,2021-10-21 12:43:03+02:00,N°4289 Security hardening,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-41245,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25573,"public static function ListProfiles($oUser = null) { if (is_null($oUser)) { $oUser = self::$m_oUser; } if ($oUser === null) { $aProfiles = array(); } elseif ((self::$m_oUser !== null) && ($oUser->GetKey() == self::$m_oUser->GetKey())) { if (array_key_exists('profile_list', $_SESSION)) { $aProfiles = $_SESSION['profile_list']; } } if (!isset($aProfiles)) { $aProfiles = self::$m_oAddOn->ListProfiles($oUser); } return $aProfiles; }",True,PHP,ListProfiles,userrights.class.inc.php,https://github.com/Combodo/iTop,Combodo,Pierre Goiffon,2021-10-21 12:43:03+02:00,N°4289 Security hardening,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-41245,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25578,public function initializeObject() { $this->initializeFormStateFromRequest(); $this->initializeCurrentPageFromRequest(); if (!$this->isFirstRequest()) { $this->processSubmittedFormValues(); } },True,PHP,initializeObject,FormRuntime.php,https://github.com/neos/form,neos,Sebastian Kurfürst,2013-10-23 20:36:55+02:00,"[BUGFIX] fix reconstituting a form from its internal state This is an edge case which is only exposed when persisting the formState in e.g. a database, and accessing it with GET requests as well. Change-Id: Ib3d24628f10160f2c170d01fc3daab873595a292 Releases: master",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-32697,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25580,"public function goingForthAndBackStoresFormValuesOfSecondPageAndTriggersValidationOnlyWhenGoingForward() { $this->browser->request('http: $this->gotoNextFormPage($this->browser->getForm()); $form = $this->browser->getForm(); $form['--three-page-form-with-validation']['text2-1']->setValue('My Text on the second page'); $this->gotoPreviousFormPage($form); $this->gotoNextFormPage($this->browser->getForm()); $r = $this->gotoNextFormPage($this->browser->getForm()); $this->assertSame(' error', $this->browser->getCrawler()->filterXPath('//*[contains(@class,""error"")] $form = $this->browser->getForm(); $form['--three-page-form-with-validation']['text2-1']->setValue('42'); $this->gotoNextFormPage($form); $form = $this->browser->getForm(); $this->assertSame('', $form['--three-page-form-with-validation']['text3-1']->getValue()); }",True,PHP,goingForthAndBackStoresFormValuesOfSecondPageAndTriggersValidationOnlyWhenGoingForward,SimpleFormTest.php,https://github.com/neos/form,neos,Sebastian Kurfürst,2013-10-23 20:36:55+02:00,"[BUGFIX] fix reconstituting a form from its internal state This is an edge case which is only exposed when persisting the formState in e.g. a database, and accessing it with GET requests as well. Change-Id: Ib3d24628f10160f2c170d01fc3daab873595a292 Releases: master",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-32697,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25582,"public function __construct(public Request $Request, public SessionInterface $Session, public Config $Config, public Logger $Log, public Csrf $Csrf) { $flashBag = $this->Session->getBag('flashes'); if ($flashBag instanceof FlashBag) { $this->ok = $flashBag->get('ok'); $this->ko = $flashBag->get('ko'); $this->warning = $flashBag->get('warning'); } $this->Log->pushHandler(new ErrorLogHandler()); $this->Users = new Users(); $this->Db = Db::getConnection(); $Update = new Update($this->Config, new Sql()); $Update->checkSchema(); }",True,PHP,__construct,App.php,https://github.com/elabftw/elabftw,elabftw,GitHub,2021-08-08 21:13:04+02:00,"Add JWT anti brute-force login protection (#2831) * WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2021-41171,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25584,public function __construct(App $app) { $this->Config = $app->Config; $this->Request = $app->Request; $this->Session = $app->Session; },True,PHP,__construct,Auth.php,https://github.com/elabftw/elabftw,elabftw,GitHub,2021-08-08 21:13:04+02:00,"Add JWT anti brute-force login protection (#2831) * WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2021-41171,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25587,"public function __construct(public Config $Config, private Sql $Sql) { $this->Db = Db::getConnection(); }",True,PHP,__construct,Update.php,https://github.com/elabftw/elabftw,elabftw,GitHub,2021-08-08 21:13:04+02:00,"Add JWT anti brute-force login protection (#2831) * WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2021-41171,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25589,"protected function execute(InputInterface $input, OutputInterface $output) { $command = $this->getApplication()->find('db:check'); $arguments = array( 'command' => 'db:check', ); $cmdInput = new ArrayInput($arguments); $returnCode = $command->run($cmdInput, $output); if ($returnCode === 1) { $output->writeln(array( 'Database update starting', '========================', )); $Config = Config::getConfig(); $Update = new Update($Config, new Sql()); $Update->runUpdateScript(); $output->writeln('All done.'); } return 0; }",True,PHP,execute,UpdateDatabase.php,https://github.com/elabftw/elabftw,elabftw,GitHub,2021-08-08 21:13:04+02:00,"Add JWT anti brute-force login protection (#2831) * WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2021-41171,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25592,"public function __construct($message, $code = 0, Exception $previous = null) { parent::__construct($message, $code, $previous); }",True,PHP,__construct,DatabaseErrorException.php,https://github.com/elabftw/elabftw,elabftw,GitHub,2021-08-08 21:13:04+02:00,"Add JWT anti brute-force login protection (#2831) * WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2021-41171,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25593,"public function __construct($message, $code = 0, Exception $previous = null) { parent::__construct($message, $code, $previous); }",True,PHP,__construct,FilesystemErrorException.php,https://github.com/elabftw/elabftw,elabftw,GitHub,2021-08-08 21:13:04+02:00,"Add JWT anti brute-force login protection (#2831) * WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2021-41171,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25594,"public function __construct($message, $code = 0, Exception $previous = null) { parent::__construct($message, $code, $previous); }",True,PHP,__construct,IllegalActionException.php,https://github.com/elabftw/elabftw,elabftw,GitHub,2021-08-08 21:13:04+02:00,"Add JWT anti brute-force login protection (#2831) * WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2021-41171,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25595,"public function __construct($message, $code = 0, Exception $previous = null) { parent::__construct($message, $code, $previous); }",True,PHP,__construct,ImproperActionException.php,https://github.com/elabftw/elabftw,elabftw,GitHub,2021-08-08 21:13:04+02:00,"Add JWT anti brute-force login protection (#2831) * WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2021-41171,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25596,"public function __construct(?string $message = null) { if ($message === null) { $message = _('Invalid email/password combination.'); } parent::__construct($message, 0); }",True,PHP,__construct,InvalidCredentialsException.php,https://github.com/elabftw/elabftw,elabftw,GitHub,2021-08-08 21:13:04+02:00,"Add JWT anti brute-force login protection (#2831) * WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2021-41171,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25599,"public function __construct($message, $code = 0, Exception $previous = null) { parent::__construct($message, $code, $previous); }",True,PHP,__construct,ProcessFailedException.php,https://github.com/elabftw/elabftw,elabftw,GitHub,2021-08-08 21:13:04+02:00,"Add JWT anti brute-force login protection (#2831) * WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2021-41171,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25601,"public function __construct($message = null, $code = 404, Exception $previous = null) { if ($message === null) { $message = _('Nothing to show with this id'); } parent::__construct($message, $code, $previous); }",True,PHP,__construct,ResourceNotFoundException.php,https://github.com/elabftw/elabftw,elabftw,GitHub,2021-08-08 21:13:04+02:00,"Add JWT anti brute-force login protection (#2831) * WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2021-41171,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25602,"public function __construct($message = null, $code = 0, Exception $previous = null) { if ($message === null) { $message = _('Authentication required'); } parent::__construct($message, $code, $previous); }",True,PHP,__construct,UnauthorizedException.php,https://github.com/elabftw/elabftw,elabftw,GitHub,2021-08-08 21:13:04+02:00,"Add JWT anti brute-force login protection (#2831) * WIP: better brute force login protection * split device token classes * mv schema to 63 * use int(10) in schema too * add sysadmin action to clear locked users/devices * remove the FK on authfail * remove authfail users_id fk constraint in structure.sql * catch the invalid device token exception * remove the banned users stuff * change invalid token message * cleanup the exceptions a bit * get rid of the useless InvalidCsrfTokenException * remove unused js import * introduce the AuthenticatedUser and AnonymousUser classes and improve the App and init.inc.php files * remove the populateFromEmail method from Users * get rid of the useless SessionAuth and rearrange init Auth and App * be more specific about which kind of user can be loaded in App * change Update class signature * use init.inc.php in ApiController * don't store the whole teamconfigarr in app",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2021-41171,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25610,"public function __construct(PromotionGatewayInterface $gateway, PromotionItemBuilder $itemBuilder) { $this->gateway = $gateway; $this->itemBuilder = $itemBuilder; $this->requiredDalAssociations = [ 'personaRules', 'personaCustomers', 'cartRules', 'orderRules', 'discounts.discountRules', 'discounts.promotionDiscountPrices', 'setgroups', 'setgroups.setGroupRules', ]; }",True,PHP,__construct,PromotionCollector.php,https://github.com/shopware/platform,shopware,Patrick Weyck,2022-02-04 13:20:46+01:00,NEXT-19276 - Add filtering to promotion and product codes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-24746,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25612,"public function __construct( CartService $cartService, SalesChannelRepositoryInterface $productRepository, PromotionItemBuilder $promotionItemBuilder, ProductLineItemFactory $productLineItemFactory ) { $this->cartService = $cartService; $this->productRepository = $productRepository; $this->promotionItemBuilder = $promotionItemBuilder; $this->productLineItemFactory = $productLineItemFactory; }",True,PHP,__construct,CartLineItemController.php,https://github.com/shopware/platform,shopware,Patrick Weyck,2022-02-04 13:20:46+01:00,NEXT-19276 - Add filtering to promotion and product codes,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-24746,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25615,"public function __construct( CartService $cartService, int $defaultTtl, bool $httpCacheEnabled, MaintenanceModeResolver $maintenanceModeResolver ) { $this->cartService = $cartService; $this->defaultTtl = $defaultTtl; $this->httpCacheEnabled = $httpCacheEnabled; $this->maintenanceResolver = $maintenanceModeResolver; }",True,PHP,__construct,CacheResponseSubscriber.php,https://github.com/shopware/platform,shopware,Soner Sayakci,2022-03-02 08:32:14+01:00,NEXT-20309 - Fix cache control,CWE-668,Exposure of Resource to Wrong Sphere,"The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.",https://cwe.mitre.org/data/definitions/668.html,CVE-2022-24747,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25616,"private function getStateId(string $state, string $machine) { return $this->getContainer()->get(Connection::class) ->fetchColumn(' SELECT LOWER(HEX(state_machine_state.id)) FROM state_machine_state INNER JOIN state_machine ON state_machine.id = state_machine_state.state_machine_id AND state_machine.technical_name = :machine WHERE state_machine_state.technical_name = :state ', [ 'state' => $state, 'machine' => $machine, ]); }",True,PHP,getStateId,CartRestorerTest.php,https://github.com/shopware/platform,shopware,Soner Sayakci,2022-04-12 11:58:45+02:00,NEXT-21034 - Dont restore permissions,CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2022-24871,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25617,"private function getStateId(string $state, string $machine) { return $this->getContainer()->get(Connection::class) ->fetchColumn(' SELECT LOWER(HEX(state_machine_state.id)) FROM state_machine_state INNER JOIN state_machine ON state_machine.id = state_machine_state.state_machine_id AND state_machine.technical_name = :machine WHERE state_machine_state.technical_name = :state ', [ 'state' => $state, 'machine' => $machine, ]); }",True,PHP,getStateId,CartRestorerTest.php,https://github.com/shopware/platform,shopware,Soner Sayakci,2022-04-12 11:58:45+02:00,NEXT-21034 - Dont restore permissions,CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2022-24872,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25619,public function __construct(OrderService $orderService) { $this->orderService = $orderService; },True,PHP,__construct,CancelOrderRoute.php,https://github.com/shopware/platform,shopware,Philip Gatzka,2021-06-08 10:17:07+02:00,NEXT-15183 - Add Dangerfile,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-32716,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25622,"public static function onLoadExtensionSchemaUpdates( DatabaseUpdater $updater ) { $config = MediaWikiServices::getInstance()->getConfigFactory()->makeConfig( 'globalnewfiles' ); if ( $config->get( 'CreateWikiDatabase' ) === $config->get( 'DBname' ) ) { $updater->addExtensionTable( 'gnf_files', __DIR__ . '/../sql/gnf_files.sql' ); $updater->modifyExtensionField( 'gnf_files', 'files_timestamp', __DIR__ . '/../sql/patches/patch-gnf_files-binary.sql' ); $updater->modifyTable( 'gnf_files', __DIR__ . '/../sql/patches/patch-gnf_files-add-indexes.sql', true ); } return true; }",True,PHP,onLoadExtensionSchemaUpdates,GlobalNewFilesHooks.php,https://github.com/miraheze/GlobalNewFiles,miraheze,Taavi Väänänen,2021-09-01 19:59:49+03:00,"SECURITY: Fix XSS issues GlobalNewFilesPager Fix XSS issues in GlobalNewFilesPager by using MediaWiki's LinkRenderer and Html utilities instead of constructing (unescaped) HTML messages directly. For more details, see https://phabricator.miraheze.org/T7935.",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-39186,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25624,"function formatValue( $name, $value ) { $row = $this->mCurrentRow; $wiki = $row->files_dbname; switch ( $name ) { case 'files_timestamp': $formatted = htmlspecialchars( $this->getLanguage()->userTimeAndDate( $row->files_timestamp, $this->getUser() ) ); break; case 'files_dbname': $formatted = $row->files_dbname; break; case 'files_url': $formatted = ""files_url}\"" style=\""width:135px;height:135px;\"">""; break; case 'files_name': $formatted = ""files_page}\"">{$row->files_name}""; break; case 'files_user': $formatted = ""files_user}\"">{$row->files_user}""; break; default: $formatted = ""Unable to format $name""; break; } return $formatted; }",True,PHP,formatValue,GlobalNewFilesPager.php,https://github.com/miraheze/GlobalNewFiles,miraheze,Taavi Väänänen,2021-09-01 19:59:49+03:00,"SECURITY: Fix XSS issues GlobalNewFilesPager Fix XSS issues in GlobalNewFilesPager by using MediaWiki's LinkRenderer and Html utilities instead of constructing (unescaped) HTML messages directly. For more details, see https://phabricator.miraheze.org/T7935.",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-39186,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25626,"function __construct() { $this->mDb = GlobalNewFilesHooks::getGlobalDB( DB_REPLICA, 'gnf_files' ); if ( $this->getRequest()->getText( 'sort', 'files_date' ) == 'files_date' ) { $this->mDefaultDirection = IndexPager::DIR_DESCENDING; } else { $this->mDefaultDirection = IndexPager::DIR_ASCENDING; } parent::__construct( $this->getContext() ); }",True,PHP,__construct,GlobalNewFilesPager.php,https://github.com/miraheze/GlobalNewFiles,miraheze,Taavi Väänänen,2021-09-01 19:59:49+03:00,"SECURITY: Fix XSS issues GlobalNewFilesPager Fix XSS issues in GlobalNewFilesPager by using MediaWiki's LinkRenderer and Html utilities instead of constructing (unescaped) HTML messages directly. For more details, see https://phabricator.miraheze.org/T7935.",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-39186,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25628,function __construct() { parent::__construct( 'GlobalNewFiles' ); },True,PHP,__construct,SpecialGlobalNewFiles.php,https://github.com/miraheze/GlobalNewFiles,miraheze,Taavi Väänänen,2021-09-01 19:59:49+03:00,"SECURITY: Fix XSS issues GlobalNewFilesPager Fix XSS issues in GlobalNewFilesPager by using MediaWiki's LinkRenderer and Html utilities instead of constructing (unescaped) HTML messages directly. For more details, see https://phabricator.miraheze.org/T7935.",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-39186,"public function manage() { expHistory::set('viewable', $this->params); $page = new expPaginator(array( 'model'=>'order_status', 'where'=>1, 'limit'=>10, 'order'=>'rank', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25631,function execute( $par ) { $this->setHeaders(); $this->outputHeader(); $pager = new GlobalNewFilesPager(); $this->getOutput()->addParserOutputContent( $pager->getFullOutput() ); },True,PHP,execute,SpecialGlobalNewFiles.php,https://github.com/miraheze/GlobalNewFiles,miraheze,Taavi Väänänen,2021-09-01 19:59:49+03:00,"SECURITY: Fix XSS issues GlobalNewFilesPager Fix XSS issues in GlobalNewFilesPager by using MediaWiki's LinkRenderer and Html utilities instead of constructing (unescaped) HTML messages directly. For more details, see https://phabricator.miraheze.org/T7935.",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-39186,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25632,"$formatted = wfMessage( 'datadump-table-column-failed' )->text(); } else { $formatted = wfMessage( 'datadump-table-column-queued' )->text(); } break; case 'dumps_size': $formatted = htmlspecialchars( $this->getLanguage()->formatSize( isset( $row->dumps_size ) ? $row->dumps_size : 0 ) ); break; case 'dumps_delete': $linkRenderer = MediaWikiServices::getInstance()->getLinkRenderer(); $query = [ 'action' => 'delete', 'type' => $row->dumps_type, 'dump' => $row->dumps_filename ]; $formatted = $linkRenderer->makeLink( $this->pageTitle, wfMessage( 'datadump-delete-button' )->text(), [], $query ); break; default: $formatted = ""Unable to format $name""; break; } return $formatted; }",True,PHP,text,DataDumpPager.php,https://github.com/miraheze/DataDump,miraheze,GitHub,2021-07-07 21:40:02-04:00,"Merge pull request from GHSA-29mh-4vhv-x8mr * Add CSRF token check for generating dumps * Update SpecialDataDump.php * Add token for action=download * Fix indendation * Fix indendation * fix indentation * Convert to forms * fix link generation * don't check on download pt1 * don't check on download pt2 * rm stray code * rm accidentally added character * rm stray whitespace * rm unused variable * standardize Co-authored-by: R4356th <61620631+R4356th@users.noreply.github.com> Co-authored-by: The-Voidwalker Co-authored-by: R4356th ",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-32774,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25634,"$this->doDelete( $type, $dump ); } } $pager = new DataDumpPager( $this->getContext(), $this->getPageTitle() ); $out->addModuleStyles( 'mediawiki.special' ); $pager->getForm(); $out->addParserOutputContent( $pager->getFullOutput() ); }",True,PHP,doDelete,SpecialDataDump.php,https://github.com/miraheze/DataDump,miraheze,GitHub,2021-07-07 21:40:02-04:00,"Merge pull request from GHSA-29mh-4vhv-x8mr * Add CSRF token check for generating dumps * Update SpecialDataDump.php * Add token for action=download * Fix indendation * Fix indendation * fix indentation * Convert to forms * fix link generation * don't check on download pt1 * don't check on download pt2 * rm stray code * rm accidentally added character * rm stray whitespace * rm unused variable * standardize Co-authored-by: R4356th <61620631+R4356th@users.noreply.github.com> Co-authored-by: The-Voidwalker Co-authored-by: R4356th ",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-32774,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25637,"function mso_url_get() { $CI = &get_instance(); if (isset($_SERVER['REQUEST_URI']) and $_SERVER['REQUEST_URI'] and (strpos($_SERVER['REQUEST_URI'], '?') !== FALSE)) { $url = getinfo('site_protocol') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $url = str_replace($CI->config->config['base_url'], """", $url); $url = explode('?', $url); return $url[1]; } else { return ''; } }",True,PHP,mso_url_get,url.php,https://github.com/maxsite/cms,maxsite,MAX,2020-10-21 12:51:57+03:00,Fix #414,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-35265,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25638,"function mso_current_url($absolute = false, $explode = false, $delete_request = false) { $url = getinfo('site_protocol') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; if ($delete_request) { $url = explode('?', $url); $url = $url[0]; } if ($absolute) return $url; $url = str_replace(getinfo('site_url'), '', $url); $url = trim(str_replace('/', ' ', $url)); $url = str_replace(' ', '/', $url); $url = urldecode($url); if ($explode) $url = explode('/', $url); return $url; }",True,PHP,mso_current_url,url.php,https://github.com/maxsite/cms,maxsite,MAX,2020-10-21 12:51:57+03:00,Fix #414,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-35265,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25641,"function mso_segment_array() { $CI = &get_instance(); if (isset($_SERVER['REQUEST_URI']) and $_SERVER['REQUEST_URI']) { $url = getinfo('site_protocol'); $url .= $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $url = str_replace($CI->config->config['base_url'], '', $url); if (strpos($url, '?') !== FALSE) { $url = explode('?', $url); $url = $url[0]; $url = explode('/', $url); $out = []; $i = 1; foreach ($url as $val) { if ($val) { $out[$i] = $val; $i++; } } return $out; } else { return $CI->uri->segment_array(); } } else { return $CI->uri->segment_array(); } }",True,PHP,mso_segment_array,url.php,https://github.com/maxsite/cms,maxsite,MAX,2020-10-21 12:51:57+03:00,Fix #414,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-35265,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25643,"function global_cache_key($dir = true) { $cache_key = $_SERVER['REQUEST_URI']; $cache_key = str_replace('/', '-', $cache_key); $cache_key = mso_slug(' ' . $cache_key); if (!$cache_key) $cache_key = 'home'; if ($dir) $cache_key = 'html/' . $cache_key . '.html'; else $cache_key = $cache_key . '.html'; return $cache_key; }",True,PHP,global_cache_key,index.php,https://github.com/maxsite/cms,maxsite,MAX,2020-10-21 12:51:57+03:00,Fix #414,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-35265,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25657,"function yourls_create_nonce( $action, $user = false ) { if( false == $user ) $user = defined( 'YOURLS_USER' ) ? YOURLS_USER : '-1'; $tick = yourls_tick(); $nonce = substr( yourls_salt($tick . $action . $user), 0, 10 ); return yourls_apply_filter( 'create_nonce', $nonce, $action, $user ); }",True,PHP,yourls_create_nonce,functions-auth.php,https://github.com/yourls/yourls,yourls,GitHub,2022-04-02 13:49:37+02:00,"Add nonce to the logout link (#3264) * Add nonce to the logout link * Add tests for cookies being set or reset * More tests: check nonces are different for different actions & users Fixes #3170",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-0088,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25658,"function yourls_verify_nonce( $action, $nonce = false, $user = false, $return = '' ) { if( false == $user ) $user = defined( 'YOURLS_USER' ) ? YOURLS_USER : '-1'; if( false == $nonce && isset( $_REQUEST['nonce'] ) ) $nonce = $_REQUEST['nonce']; $valid = yourls_apply_filter( 'verify_nonce', false, $action, $nonce, $user, $return ); if ($valid) { return true; } $valid = yourls_create_nonce( $action, $user ); if( $nonce == $valid ) { return true; } else { if( $return ) die( $return ); yourls_die( yourls__( 'Unauthorized action or expired link' ), yourls__( 'Error' ), 403 ); } }",True,PHP,yourls_verify_nonce,functions-auth.php,https://github.com/yourls/yourls,yourls,GitHub,2022-04-02 13:49:37+02:00,"Add nonce to the logout link (#3264) * Add nonce to the logout link * Add tests for cookies being set or reset * More tests: check nonces are different for different actions & users Fixes #3170",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-0088,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25661,"function yourls_html_menu() { if( defined( 'YOURLS_USER' ) ) { $logout_link = yourls_apply_filter( 'logout_link', sprintf( yourls__('Hello %s'), YOURLS_USER ) . ' (' . yourls__( 'Logout' ) . ')' ); } else { $logout_link = yourls_apply_filter( 'logout_link', '' ); } $help_link = yourls_apply_filter( 'help_link', '' . yourls__( 'Help' ) . '' ); $admin_links = array(); $admin_sublinks = array(); $admin_links['admin'] = array( 'url' => yourls_admin_url( 'index.php' ), 'title' => yourls__( 'Go to the admin interface' ), 'anchor' => yourls__( 'Admin interface' ) ); if( yourls_is_admin() ) { $admin_links['tools'] = array( 'url' => yourls_admin_url( 'tools.php' ), 'anchor' => yourls__( 'Tools' ) ); $admin_links['plugins'] = array( 'url' => yourls_admin_url( 'plugins.php' ), 'anchor' => yourls__( 'Manage Plugins' ) ); $admin_sublinks['plugins'] = yourls_list_plugin_admin_pages(); } $admin_links = yourls_apply_filter( 'admin_links', $admin_links ); $admin_sublinks = yourls_apply_filter( 'admin_sublinks', $admin_sublinks ); echo '\n""; yourls_do_action( 'admin_notices' ); yourls_do_action( 'admin_notice' ); }",True,PHP,yourls_html_menu,functions-html.php,https://github.com/yourls/yourls,yourls,GitHub,2022-04-02 13:49:37+02:00,"Add nonce to the logout link (#3264) * Add nonce to the logout link * Add tests for cookies being set or reset * More tests: check nonces are different for different actions & users Fixes #3170",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-0088,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25669,"public function test_create_nonce_url() { $url = yourls_nonce_url( rand_str(), rand_str(), rand_str(), rand_str() ); $this->assertTrue( is_string($url) ); }",True,PHP,test_create_nonce_url,nonces.php,https://github.com/yourls/yourls,yourls,GitHub,2022-04-02 13:49:37+02:00,"Add nonce to the logout link (#3264) * Add nonce to the logout link * Add tests for cookies being set or reset * More tests: check nonces are different for different actions & users Fixes #3170",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-0088,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25671,"function create_thumbs($updir, $img, $name, $thumbnail_width, $thumbnail_height, $quality){ $arr_image_details = GetImageSize(""$updir/$img""); $original_width = $arr_image_details[0]; $original_height = $arr_image_details[1]; $a = $thumbnail_width / $thumbnail_height; $b = $original_width / $original_height; if ($a<$b) { $new_width = $thumbnail_width; $new_height = intval($original_height*$new_width/$original_width); } else { $new_height = $thumbnail_height; $new_width = intval($original_width*$new_height/$original_height); } if(($original_width <= $thumbnail_width) AND ($original_height <= $thumbnail_height)) { $new_width = $original_width; $new_height = $original_height; } if($arr_image_details[2]==1) { $imgt = ""imagegif""; $imgcreatefrom = ""imagecreatefromgif""; } if($arr_image_details[2]==2) { $imgt = ""imagejpeg""; $imgcreatefrom = ""imagecreatefromjpeg""; } if($arr_image_details[2]==3) { $imgt = ""imagepng""; $imgcreatefrom = ""imagecreatefrompng""; } if($imgt) { $old_image = $imgcreatefrom(""$updir/$img""); $new_image = imagecreatetruecolor($new_width, $new_height); imagecopyresampled($new_image,$old_image,0,0,0,0,$new_width,$new_height,$original_width,$original_height); imagejpeg($new_image,""$updir/$name"",$quality); imagedestroy($new_image); } }",True,PHP,create_thumbs,files.upload_gallery.php,https://github.com/flatcore/flatcore-cms,flatcore,Patrick,2021-10-20 10:18:27+02:00,"secure gallery upload - add csrf token - add random int to filenmae - check for image file suffix",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2021-3745,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25676,"$query->whereExists(function ($permissionQuery) use (&$tableDetails, $action) { $permissionQuery->select(['role_id'])->from('joint_permissions') ->whereColumn('joint_permissions.entity_id', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn']) ->whereColumn('joint_permissions.entity_type', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn']) ->where('action', '=', $action) ->whereIn('role_id', $this->getCurrentUserRoles()) ->where(function (QueryBuilder $query) { $this->addJointHasPermissionCheck($query, $this->currentUser()->id); }); }); });",True,PHP,whereExists,PermissionService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-11-30 00:06:17+00:00,"Fixed related permissions query not considering drafts Page-related items added on drafts could be visible in certain scenarios since the applied permissions query filters would not consider page draft visibility. This commit alters queries on related items to apply such filtering. Included test to cover API scenario. Thanks to @haxatron for reporting.",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-4026,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25678,"$tableDetails = ['tableName' => $tableName, 'entityIdColumn' => $entityIdColumn];",True,PHP,$tableDetails,PermissionService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-11-30 00:06:17+00:00,"Fixed related permissions query not considering drafts Page-related items added on drafts could be visible in certain scenarios since the applied permissions query filters would not consider page draft visibility. This commit alters queries on related items to apply such filtering. Included test to cover API scenario. Thanks to @haxatron for reporting.",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-4026,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25681,"$query->whereExists(function ($permissionQuery) use (&$tableDetails, $morphClass) { $permissionQuery->select('id')->from('joint_permissions') ->whereColumn('joint_permissions.entity_id', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn']) ->where('entity_type', '=', $morphClass) ->where('action', '=', 'view') ->whereIn('role_id', $this->getCurrentUserRoles()) ->where(function (QueryBuilder $query) { $this->addJointHasPermissionCheck($query, $this->currentUser()->id); }); });",True,PHP,use,PermissionService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-11-30 00:06:17+00:00,"Fixed related permissions query not considering drafts Page-related items added on drafts could be visible in certain scenarios since the applied permissions query filters would not consider page draft visibility. This commit alters queries on related items to apply such filtering. Included test to cover API scenario. Thanks to @haxatron for reporting.",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-4026,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25682,"->where('owned_by', '=', $userIdToCheck); }); }",True,PHP,where,PermissionService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-11-30 00:06:17+00:00,"Fixed related permissions query not considering drafts Page-related items added on drafts could be visible in certain scenarios since the applied permissions query filters would not consider page draft visibility. This commit alters queries on related items to apply such filtering. Included test to cover API scenario. Thanks to @haxatron for reporting.",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-4026,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25684,"$query->whereExists(function ($permissionQuery) use (&$tableDetails, $action) { $permissionQuery->select(['role_id'])->from('joint_permissions') ->whereColumn('joint_permissions.entity_id', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityIdColumn']) ->whereColumn('joint_permissions.entity_type', '=', $tableDetails['tableName'] . '.' . $tableDetails['entityTypeColumn']) ->where('action', '=', $action) ->whereIn('role_id', $this->getCurrentUserRoles()) ->where(function (QueryBuilder $query) { $this->addJointHasPermissionCheck($query, $this->currentUser()->id); }); });",True,PHP,use,PermissionService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-11-30 00:06:17+00:00,"Fixed related permissions query not considering drafts Page-related items added on drafts could be visible in certain scenarios since the applied permissions query filters would not consider page draft visibility. This commit alters queries on related items to apply such filtering. Included test to cover API scenario. Thanks to @haxatron for reporting.",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2021-4026,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25688,"->orWhere('name', 'like', '%' . $search . '%'); }); } $users = $query->get(); return view('form.user-select-list', compact('users')); }",True,PHP,orWhere,UserSearchController.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-12-14 18:47:22+00:00,"Addressed user detail harvesting issue Altered access & usage of the /search/users/select endpoint with the following changes: - Removed searching of email address to prevent email detail discovery via hunting via search queries. - Required the user to be logged in and have permission to manage users or manage permissions on items in some way. - Removed the user migration option on user delete unless they have permission to manage users. For #3108 Reported in https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca/ Reported by @haxatron",NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2021-4119,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25696,"public function __construct(ImageService $imageService, PdfGenerator $pdfGenerator) { $this->imageService = $imageService; $this->pdfGenerator = $pdfGenerator; }",True,PHP,__construct,ExportFormatter.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2022-03-07 14:27:41+00:00,"Updated CSP with frame-src rules - Configurable via 'ALLOWED_IFRAME_SOURCES' .env option. - Also updated how CSP rules are set, with a single header being used instead of many. - Also applied CSP rules to HTML export outputs. - Updated tests to cover. For #3314",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0877,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25697,"public function chapterToContainedHtml(Chapter $chapter) { $pages = $chapter->getVisiblePages(); $pages->each(function ($page) { $page->html = (new PageContent($page))->render(); }); $html = view('chapters.export', [ 'chapter' => $chapter, 'pages' => $pages, 'format' => 'html', ])->render(); return $this->containHtml($html); }",True,PHP,chapterToContainedHtml,ExportFormatter.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2022-03-07 14:27:41+00:00,"Updated CSP with frame-src rules - Configurable via 'ALLOWED_IFRAME_SOURCES' .env option. - Also updated how CSP rules are set, with a single header being used instead of many. - Also applied CSP rules to HTML export outputs. - Updated tests to cover. For #3314",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0877,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25700,"public function pageToContainedHtml(Page $page) { $page->html = (new PageContent($page))->render(); $pageHtml = view('pages.export', [ 'page' => $page, 'format' => 'html', ])->render(); return $this->containHtml($pageHtml); }",True,PHP,pageToContainedHtml,ExportFormatter.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2022-03-07 14:27:41+00:00,"Updated CSP with frame-src rules - Configurable via 'ALLOWED_IFRAME_SOURCES' .env option. - Also updated how CSP rules are set, with a single header being used instead of many. - Also applied CSP rules to HTML export outputs. - Updated tests to cover. For #3314",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0877,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25704,"public function handle($request, Closure $next) { view()->share('cspNonce', $this->cspService->getNonce()); if ($this->cspService->allowedIFrameHostsConfigured()) { config()->set('session.same_site', 'none'); } $response = $next($request); $this->cspService->setFrameAncestors($response); $this->cspService->setScriptSrc($response); $this->cspService->setObjectSrc($response); $this->cspService->setBaseUri($response); return $response; }",True,PHP,handle,ApplyCspRules.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2022-03-07 14:27:41+00:00,"Updated CSP with frame-src rules - Configurable via 'ALLOWED_IFRAME_SOURCES' .env option. - Also updated how CSP rules are set, with a single header being used instead of many. - Also applied CSP rules to HTML export outputs. - Updated tests to cover. For #3314",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0877,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25705,"public function setScriptSrc(Response $response) { if (config('app.allow_content_scripts')) { return; } $parts = [ 'http:', 'https:', '\'nonce-' . $this->nonce . '\'', '\'strict-dynamic\'', ]; $value = 'script-src ' . implode(' ', $parts); $response->headers->set('Content-Security-Policy', $value, false); }",True,PHP,setScriptSrc,CspService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2022-03-07 14:27:41+00:00,"Updated CSP with frame-src rules - Configurable via 'ALLOWED_IFRAME_SOURCES' .env option. - Also updated how CSP rules are set, with a single header being used instead of many. - Also applied CSP rules to HTML export outputs. - Updated tests to cover. For #3314",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0877,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25706,"public function setBaseUri(Response $response) { $response->headers->set('Content-Security-Policy', 'base-uri \'self\'', false); }",True,PHP,setBaseUri,CspService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2022-03-07 14:27:41+00:00,"Updated CSP with frame-src rules - Configurable via 'ALLOWED_IFRAME_SOURCES' .env option. - Also updated how CSP rules are set, with a single header being used instead of many. - Also applied CSP rules to HTML export outputs. - Updated tests to cover. For #3314",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0877,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25707,"public function setObjectSrc(Response $response) { if (config('app.allow_content_scripts')) { return; } $response->headers->set('Content-Security-Policy', 'object-src \'self\'', false); }",True,PHP,setObjectSrc,CspService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2022-03-07 14:27:41+00:00,"Updated CSP with frame-src rules - Configurable via 'ALLOWED_IFRAME_SOURCES' .env option. - Also updated how CSP rules are set, with a single header being used instead of many. - Also applied CSP rules to HTML export outputs. - Updated tests to cover. For #3314",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0877,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25708,"public function setFrameAncestors(Response $response) { $iframeHosts = $this->getAllowedIframeHosts(); array_unshift($iframeHosts, ""'self'""); $cspValue = 'frame-ancestors ' . implode(' ', $iframeHosts); $response->headers->set('Content-Security-Policy', $cspValue, false); }",True,PHP,setFrameAncestors,CspService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2022-03-07 14:27:41+00:00,"Updated CSP with frame-src rules - Configurable via 'ALLOWED_IFRAME_SOURCES' .env option. - Also updated how CSP rules are set, with a single header being used instead of many. - Also applied CSP rules to HTML export outputs. - Updated tests to cover. For #3314",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0877,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25710,$resp = $this->asEditor()->get($entity->getUrl('/export/html')); $resp->assertDontSee('window.donkey'); $resp->assertDontSee('script'); $resp->assertSee('.my-test-class { color: red; }'); },True,PHP,get,ExportTest.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2022-03-07 14:27:41+00:00,"Updated CSP with frame-src rules - Configurable via 'ALLOWED_IFRAME_SOURCES' .env option. - Also updated how CSP rules are set, with a single header being used instead of many. - Also applied CSP rules to HTML export outputs. - Updated tests to cover. For #3314",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0877,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25716,"$pageView = $this->get($page->getUrl()); $pageView->assertStatus(200); $pageView->assertElementNotContains('.page-content', ''); $pageView->assertElementNotContains('.page-content', 'href=javascript:'); }",True,PHP,get,PageContentTest.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-09-02 22:02:30+01:00,"Added extra HTML filtering of dangerous content In particular, That around the casing of dangerous values within attributes. This uses some xpath translation to handle different casing in contains searching.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-3768,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25720,"public function saveUpdatedUpload(UploadedFile $uploadedFile, Attachment $attachment) { if (!$attachment->external) { $this->deleteFileInStorage($attachment); } $attachmentName = $uploadedFile->getClientOriginalName(); $attachmentPath = $this->putFileInStorage($uploadedFile); $attachment->name = $attachmentName; $attachment->path = $attachmentPath; $attachment->external = false; $attachment->extension = $uploadedFile->getClientOriginalExtension(); $attachment->save(); return $attachment; }",True,PHP,saveUpdatedUpload,AttachmentService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-10-08 17:47:14+01:00,"Added protections against path traversal in file system operations - Files within the storage/ path could be accessed via path traversal references in content, accessed upon HTML export. - This addresses this via two layers: - Scoped local flysystem filesystems down to the specific image & file folders since flysystem has built-in checking against the escaping of the root folder. - Added path normalization before enforcement of uploads/{images,file} prefix to prevent traversal at a path level. Thanks to @Haxatron via huntr.dev for discovery and reporting. Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-3874,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25721,"public function saveNewUpload(UploadedFile $uploadedFile, $page_id) { $attachmentName = $uploadedFile->getClientOriginalName(); $attachmentPath = $this->putFileInStorage($uploadedFile); $largestExistingOrder = Attachment::where('uploaded_to', '=', $page_id)->max('order'); $attachment = Attachment::forceCreate([ 'name' => $attachmentName, 'path' => $attachmentPath, 'extension' => $uploadedFile->getClientOriginalExtension(), 'uploaded_to' => $page_id, 'created_by' => user()->id, 'updated_by' => user()->id, 'order' => $largestExistingOrder + 1, ]); return $attachment; }",True,PHP,saveNewUpload,AttachmentService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-10-08 17:47:14+01:00,"Added protections against path traversal in file system operations - Files within the storage/ path could be accessed via path traversal references in content, accessed upon HTML export. - This addresses this via two layers: - Scoped local flysystem filesystems down to the specific image & file folders since flysystem has built-in checking against the escaping of the root folder. - Added path normalization before enforcement of uploads/{images,file} prefix to prevent traversal at a path level. Thanks to @Haxatron via huntr.dev for discovery and reporting. Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-3874,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25722,protected function deleteFileInStorage(Attachment $attachment) { $storage = $this->getStorage(); $dirPath = dirname($attachment->path); $storage->delete($attachment->path); if (count($storage->allFiles($dirPath)) === 0) { $storage->deleteDirectory($dirPath); } },True,PHP,deleteFileInStorage,AttachmentService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-10-08 17:47:14+01:00,"Added protections against path traversal in file system operations - Files within the storage/ path could be accessed via path traversal references in content, accessed upon HTML export. - This addresses this via two layers: - Scoped local flysystem filesystems down to the specific image & file folders since flysystem has built-in checking against the escaping of the root folder. - Added path normalization before enforcement of uploads/{images,file} prefix to prevent traversal at a path level. Thanks to @Haxatron via huntr.dev for discovery and reporting. Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-3874,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25723,"protected function putFileInStorage(UploadedFile $uploadedFile) { $attachmentData = file_get_contents($uploadedFile->getRealPath()); $storage = $this->getStorage(); $basePath = 'uploads/files/' . date('Y-m-M') . '/'; $uploadFileName = Str::random(16) . '.' . $uploadedFile->getClientOriginalExtension(); while ($storage->exists($basePath . $uploadFileName)) { $uploadFileName = Str::random(3) . $uploadFileName; } $attachmentPath = $basePath . $uploadFileName; try { $storage->put($attachmentPath, $attachmentData); } catch (Exception $e) { Log::error('Error when attempting file upload:' . $e->getMessage()); throw new FileUploadException(trans('errors.path_not_writable', ['filePath' => $attachmentPath])); } return $attachmentPath; }",True,PHP,putFileInStorage,AttachmentService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-10-08 17:47:14+01:00,"Added protections against path traversal in file system operations - Files within the storage/ path could be accessed via path traversal references in content, accessed upon HTML export. - This addresses this via two layers: - Scoped local flysystem filesystems down to the specific image & file folders since flysystem has built-in checking against the escaping of the root folder. - Added path normalization before enforcement of uploads/{images,file} prefix to prevent traversal at a path level. Thanks to @Haxatron via huntr.dev for discovery and reporting. Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-3874,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25724,public function destroy(Image $image) { $this->destroyImagesFromPath($image->path); $image->delete(); },True,PHP,destroy,ImageService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-10-08 17:47:14+01:00,"Added protections against path traversal in file system operations - Files within the storage/ path could be accessed via path traversal references in content, accessed upon HTML export. - This addresses this via two layers: - Scoped local flysystem filesystems down to the specific image & file folders since flysystem has built-in checking against the escaping of the root folder. - Added path normalization before enforcement of uploads/{images,file} prefix to prevent traversal at a path level. Thanks to @Haxatron via huntr.dev for discovery and reporting. Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-3874,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25728,"public function __construct(Image $image, File $file, ImageRepo $imageRepo) { $this->image = $image; $this->file = $file; $this->imageRepo = $imageRepo; }",True,PHP,__construct,ImageController.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-10-31 23:53:17+00:00,"Updated showImage file serving to not be traversable For #3030",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-3916,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25730,public function showImage(string $path) { $path = storage_path('uploads/images/' . $path); if (!file_exists($path)) { throw (new NotFoundException(trans('errors.image_not_found'))) ->setSubtitle(trans('errors.image_not_found_subtitle')) ->setDetails(trans('errors.image_not_found_details')); } return response()->file($path); },True,PHP,showImage,ImageController.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-10-31 23:53:17+00:00,"Updated showImage file serving to not be traversable For #3030",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-3916,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25732,protected function deleteFileInStorage(Attachment $attachment) { $storage = $this->getStorage(); $dirPath = $this->adjustPathForStorageDisk(dirname($attachment->path)); $storage->delete($this->adjustPathForStorageDisk($attachment->path)); if (count($storage->allFiles($dirPath)) === 0) { $storage->deleteDirectory($dirPath); } },True,PHP,deleteFileInStorage,AttachmentService.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-10-31 23:53:17+00:00,"Updated showImage file serving to not be traversable For #3030",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-3916,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25738,"public function confirm(string $token) { try { $userId = $this->emailConfirmationService->checkTokenAndGetUserId($token); } catch (UserTokenNotFoundException $exception) { $this->showErrorNotification(trans('errors.email_confirmation_invalid')); return redirect('/register'); } catch (UserTokenExpiredException $exception) { $user = $this->userRepo->getById($exception->userId); $this->emailConfirmationService->sendConfirmation($user); $this->showErrorNotification(trans('errors.email_confirmation_expired')); return redirect('/register/confirm'); } $user = $this->userRepo->getById($userId); $user->email_confirmed = true; $user->save(); $this->emailConfirmationService->deleteByUser($user); $this->showSuccessNotification(trans('auth.email_confirm_success')); $this->loginService->login($user, auth()->getDefaultDriver()); return redirect('/'); }",True,PHP,confirm,ConfirmEmailController.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-11-15 10:50:28+00:00,"Prevented auto-login from direct email confirmation actions Was done for convenience but could potentially be exploited by an attacker using signing up via one of these routes, then forwarding an email confirmation to another user so they unknowingly utilise an account someone else controls. Tweaks the flow of confirming email, and the user invite flow. For #3050",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3944,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25739,"public function __construct(UserInviteService $inviteService, LoginService $loginService, UserRepo $userRepo) { $this->middleware('guest'); $this->middleware('guard:standard'); $this->inviteService = $inviteService; $this->loginService = $loginService; $this->userRepo = $userRepo; }",True,PHP,__construct,UserInviteController.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-11-15 10:50:28+00:00,"Prevented auto-login from direct email confirmation actions Was done for convenience but could potentially be exploited by an attacker using signing up via one of these routes, then forwarding an email confirmation to another user so they unknowingly utilise an account someone else controls. Tweaks the flow of confirming email, and the user invite flow. For #3050",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3944,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25740,"public function setPassword(Request $request, string $token) { $this->validate($request, [ 'password' => ['required', 'min:8'], ]); try { $userId = $this->inviteService->checkTokenAndGetUserId($token); } catch (Exception $exception) { return $this->handleTokenException($exception); } $user = $this->userRepo->getById($userId); $user->password = bcrypt($request->get('password')); $user->email_confirmed = true; $user->save(); $this->inviteService->deleteByUser($user); $this->showSuccessNotification(trans('auth.user_invite_success', ['appName' => setting('app-name')])); $this->loginService->login($user, auth()->getDefaultDriver()); return redirect('/'); }",True,PHP,setPassword,UserInviteController.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-11-15 10:50:28+00:00,"Prevented auto-login from direct email confirmation actions Was done for convenience but could potentially be exploited by an attacker using signing up via one of these routes, then forwarding an email confirmation to another user so they unknowingly utilise an account someone else controls. Tweaks the flow of confirming email, and the user invite flow. For #3050",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3944,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25744,"public function test_invite_set_password() { Notification::fake(); $user = $this->getViewer(); $inviteService = app(UserInviteService::class); $inviteService->sendInvitation($user); $token = DB::table('user_invites')->where('user_id', '=', $user->id)->first()->token; $setPasswordPageResp = $this->get('/register/invite/' . $token); $setPasswordPageResp->assertSuccessful(); $setPasswordPageResp->assertSee('Welcome to BookStack!'); $setPasswordPageResp->assertSee('Password'); $setPasswordPageResp->assertSee('Confirm Password'); $setPasswordResp = $this->followingRedirects()->post('/register/invite/' . $token, [ 'password' => 'my test password', ]); $setPasswordResp->assertSee('Password set, you now have access to BookStack!'); $newPasswordValid = auth()->validate([ 'email' => $user->email, 'password' => 'my test password', ]); $this->assertTrue($newPasswordValid); $this->assertDatabaseMissing('user_invites', [ 'user_id' => $user->id, ]); }",True,PHP,test_invite_set_password,UserInviteTest.php,https://github.com/bookstackapp/bookstack,bookstackapp,Dan Brown,2021-11-15 10:50:28+00:00,"Prevented auto-login from direct email confirmation actions Was done for convenience but could potentially be exploited by an attacker using signing up via one of these routes, then forwarding an email confirmation to another user so they unknowingly utilise an account someone else controls. Tweaks the flow of confirming email, and the user invite flow. For #3050",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3944,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25746,"$find = str_replace(['.', '*', '+'], ['\.', '.*', '\+'], $type); if ($isMime) { $match = preg_match('#' . $find . '$ if (!$match) { $errors[] = 'The MIME type ""' . $mime . '"" for the file ""' . $filename . '"" is not an accepted.'; } else { $accepted = true; break; } } else { $match = preg_match('#' . $find . '$ if (!$match) { $errors[] = 'The File Extension for the file ""' . $filename . '"" is not an accepted.'; } else { $accepted = true; break; } } } if (!$accepted) { $this->admin->json_response = [ 'status' => 'error', 'message' => implode('
    ', $errors) ]; return false; } unset($upload->file->error); $tmp_dir = Admin::getTempDir(); $tmp_file = $upload->file->tmp_name; $tmp = $tmp_dir . '/uploaded-files/' . basename($tmp_file); Folder::create(dirname($tmp)); if (!move_uploaded_file($tmp_file, $tmp)) { $this->admin->json_response = [ 'status' => 'error', 'message' => sprintf($this->admin::translate('PLUGIN_ADMIN.FILEUPLOAD_UNABLE_TO_MOVE', null), '', $tmp) ]; return false; } if (Utils::contains($mime, 'svg', false)) { Security::sanitizeSVG($tmp); } $upload->file->tmp_name = $tmp; $sessionField = base64_encode($this->grav['uri']->url()); $flash = $this->admin->session()->getFlashObject('files-upload') ?? []; if (!isset($flash[$sessionField])) { $flash[$sessionField] = []; } if (!isset($flash[$sessionField][$upload->field])) { $flash[$sessionField][$upload->field] = []; } if ($this->grav['locator']->isStream($settings->destination)) { $destination = $this->grav['locator']->findResource($settings->destination, false, true); } else { $destination = Folder::getRelativePath(rtrim($settings->destination, '/')); $destination = $this->admin->getPagePathFromToken($destination); } if (!is_dir($destination)) { Folder::mkdir($destination); } if ($settings->random_name) { $extension = pathinfo($upload->file->name, PATHINFO_EXTENSION); $upload->file->name = Utils::generateRandomString(15) . '.' . $extension; } if ($settings->avoid_overwriting) { if (file_exists($destination . '/' . $upload->file->name)) { $upload->file->name = date('YmdHis') . '-' . $upload->file->name; } } $path = $destination . '/' . $upload->file->name; $upload->file->path = $path; $flash[$sessionField][$upload->field][$path] = (array)$upload->file; $this->admin->session()->setFlashObject('files-upload', $flash); $this->admin->json_response = [ 'status' => 'success', 'session' => \json_encode([ 'sessionField' => base64_encode($this->grav['uri']->url()), 'path' => $upload->file->path, 'field' => $settings->name ]) ]; return true; }",True,PHP,str_replace,AdminBaseController.php,https://github.com/getgrav/grav-plugin-admin,getgrav,Matias Griese,2021-11-03 12:42:27+02:00,Fixed unescaped messages in JSON responses,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-3920,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25748,"$this->admin->json_response = ['status' => 'error', 'message' => $e->getMessage()];",True,PHP,json_response,AdminController.php,https://github.com/getgrav/grav-plugin-admin,getgrav,Matias Griese,2021-11-03 12:42:27+02:00,Fixed unescaped messages in JSON responses,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-3920,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25749,"protected function taskBackup() { if (!$this->authorizeTask('backup', ['admin.maintenance', 'admin.super'])) { $this->admin->json_response = [ 'status' => 'error', 'message' => $this->admin::translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') ]; return false; } $param_sep = $this->grav['config']->get('system.param_sep', ':'); $download = $this->grav['uri']->param('download'); try { if ($download) { $filename = basename(base64_decode(urldecode($download))); $file = $this->grav['locator']->findResource(""backup: if (!$file || !Utils::endsWith($filename, '.zip', false)) { header('HTTP/1.1 401 Unauthorized'); exit(); } Utils::download($file, true); } $id = $this->grav['uri']->param('id', 0); $backup = Backups::backup($id); } catch (\Exception $e) { $debugger = $this->grav['debugger']; $debugger->addException($e); $this->admin->json_response = [ 'status' => 'error', 'message' => $this->admin::translate('PLUGIN_ADMIN.AN_ERROR_OCCURRED') . '. ' . $e->getMessage() ]; return true; } $download = urlencode(base64_encode($backup)); $url = rtrim($this->grav['uri']->rootUrl(false), '/') . '/' . trim($this->admin->base, '/') . '/task' . $param_sep . 'backup/download' . $param_sep . $download . '/admin-nonce' . $param_sep . Utils::getNonce('admin-form'); $this->admin->json_response = [ 'status' => 'success', 'message' => $this->admin::translate('PLUGIN_ADMIN.YOUR_BACKUP_IS_READY_FOR_DOWNLOAD') . '.     ' . $this->admin::translate('PLUGIN_ADMIN.DOWNLOAD_BACKUP') . '', 'toastr' => [ 'timeOut' => 0, 'extendedTimeOut' => 0, 'closeButton' => true ] ]; return true; }",True,PHP,taskBackup,AdminController.php,https://github.com/getgrav/grav-plugin-admin,getgrav,Matias Griese,2021-11-03 12:42:27+02:00,Fixed unescaped messages in JSON responses,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-3920,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25750,"$json_response = ['status' => 'error', 'message' => $e->getMessage()];",True,PHP,$json_response,AdminController.php,https://github.com/getgrav/grav-plugin-admin,getgrav,Matias Griese,2021-11-03 12:42:27+02:00,Fixed unescaped messages in JSON responses,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-3920,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25753,$ipaddress = getenv('REMOTE_ADDR'); } else { $ipaddress = 'UNKNOWN'; } return $ipaddress; },True,PHP,getenv,class.login.php,https://github.com/wbce/wbce_cms,wbce,Martin Hecht,2022-11-13 22:31:22+01:00,"fix for #524 usually, ip addresses with multiple failed login attempts should be blocked. An attacker could bypass this by sending an X-forwarded-for header and change that IP with each attempt. Since REMMOTE_ADDR is harder to fake we should first check that one and only if that one is not set for some reason, rely on other variables.",CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2022-4006,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25754,"function adodb_addslashes($s) { $len = strlen($s); if ($len == 0) return ""''""; if (strncmp($s,""'"",1) === 0 && substr($s,$len-1) == ""'"") return $s; return ""'"".addslashes($s).""'""; }",True,PHP,adodb_addslashes,adodb-postgres64.inc.php,https://github.com/adodb/adodb,adodb,Damien Regad,2022-01-16 16:50:06+01:00,"Prevent auth bypass with PostgreSQL connections Thanks to Emmet Leahy of Sorcery Ltd for reporting this vulnerability (CVE-2021-3850). This is a minimalistic approach to patch the issue, to reduce the risk of causing regressions in the legacy stable branch. Fixes #793",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2021-3850,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25756,"public function password() { $user = Auth::user(); return view('account/change-password', compact('user')); }",True,PHP,password,ProfileController.php,https://github.com/snipe/snipe-it,snipe,snipe,2022-08-25 12:24:26-07:00,"Log user out of other devices when they change their password Signed-off-by: snipe ",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-2997,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25758,public static function parseEscapedMarkedown($str) { $Parsedown = new \Parsedown(); if ($str) { return $Parsedown->text(e($str)); } },True,PHP,parseEscapedMarkedown,Helper.php,https://github.com/snipe/snipe-it,snipe,snipe,2022-08-29 11:26:47-07:00,"Set safeMode to true and use helper for all parsedown Signed-off-by: snipe ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-3035,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25760,return $Parsedown->text(e(Setting::getSettings()->default_eula_text));,True,PHP,text,Accessory.php,https://github.com/snipe/snipe-it,snipe,snipe,2022-08-29 11:26:47-07:00,"Set safeMode to true and use helper for all parsedown Signed-off-by: snipe ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-3035,"public function manage_messages() { expHistory::set('manageable', $this->params); $page = new expPaginator(array( 'model'=>'order_status_messages', 'where'=>1, 'limit'=>10, 'order'=>'body', 'page'=>(isset($this->params['page']) ? $this->params['page'] : 1), 'controller'=>$this->params['controller'], 'action'=>$this->params['action'], )); assign_to_template(array( 'page'=>$page )); }" 25762,return $Parsedown->text(e(Setting::getSettings()->default_eula_text)); } else {,True,PHP,text,Asset.php,https://github.com/snipe/snipe-it,snipe,snipe,2022-08-29 11:26:47-07:00,"Set safeMode to true and use helper for all parsedown Signed-off-by: snipe ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-3035,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25764,return $Parsedown->text(e(Setting::getSettings()->default_eula_text));,True,PHP,text,Category.php,https://github.com/snipe/snipe-it,snipe,snipe,2022-08-29 11:26:47-07:00,"Set safeMode to true and use helper for all parsedown Signed-off-by: snipe ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-3035,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25765,return $Parsedown->text(e(Setting::getSettings()->default_eula_text));,True,PHP,text,Consumable.php,https://github.com/snipe/snipe-it,snipe,snipe,2022-08-29 11:26:47-07:00,"Set safeMode to true and use helper for all parsedown Signed-off-by: snipe ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-3035,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25768,return $Parsedown->text(e(Setting::getSettings()->default_eula_text));,True,PHP,text,License.php,https://github.com/snipe/snipe-it,snipe,snipe,2022-08-29 11:26:47-07:00,"Set safeMode to true and use helper for all parsedown Signed-off-by: snipe ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-3035,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25769,public function note() { $Parsedown = new \Parsedown(); if ($this->model->note) { return $Parsedown->text($this->model->note); } },True,PHP,note,AssetModelPresenter.php,https://github.com/snipe/snipe-it,snipe,snipe,2022-08-29 11:26:47-07:00,"Set safeMode to true and use helper for all parsedown Signed-off-by: snipe ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-3035,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25772,"public function show($licenseId = null, $fileId = null, $download = true) { \Log::info('Private filesystem is: '.config('filesystems.default')); $license = License::find($licenseId); if (isset($license->id)) { $this->authorize('view', $license); if (! $log = Actionlog::find($fileId)) { return response('No matching record for that asset/file', 500) ->header('Content-Type', 'text/plain'); } $file = 'private_uploads/licenses/'.$log->filename; if (Storage::missing($file)) { \Log::debug('NOT EXISTS for '.$file); \Log::debug('NOT EXISTS URL should be '.Storage::url($file)); return response('File '.$file.' ('.Storage::url($file).') not found on server', 404) ->header('Content-Type', 'text/plain'); } else { if (config('filesystems.default') == 'local') { return StorageHelper::downloader($file); } else { if ($download != 'true') { \Log::debug('display the file'); if ($contents = file_get_contents(Storage::url($file))) { return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file))); } return JsonResponse::create(['error' => 'Failed validation: '], 500); } return StorageHelper::downloader($file); } } } return redirect()->route('license.index')->with('error', trans('admin/licenses/message.does_not_exist', ['id' => $fileId])); }",True,PHP,show,LicenseFilesController.php,https://github.com/snipe/snipe-it,snipe,snipe,2022-09-16 14:00:27-07:00,"Check for licenses.files permissions Signed-off-by: snipe ",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-3173,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25773,public function files(User $user) { return $user->hasAccess($this->columnName().'.files'); },True,PHP,files,LicensePolicy.php,https://github.com/snipe/snipe-it,snipe,snipe,2022-09-16 14:00:27-07:00,"Check for licenses.files permissions Signed-off-by: snipe ",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-3173,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25778,"public function getClone($modelId = null) { $this->authorize('view', AssetModel::class); if (is_null($model_to_clone = AssetModel::find($modelId))) { return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist')); } $model = clone $model_to_clone; $model->id = null; return view('models/edit') ->with('depreciation_list', Helper::depreciationList()) ->with('item', $model) ->with('clone_model', $model_to_clone); }",True,PHP,getClone,AssetModelsController.php,https://github.com/snipe/snipe-it,snipe,GitHub,2021-12-09 21:42:18+08:00,Update AssetModelsController.php,CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2021-4089,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25779,"public function transformAssignedTo($asset) { if ($asset->checkedOutToUser()) { return $asset->assigned ? [ 'id' => (int) $asset->assigned->id, 'username' => e($asset->assigned->username), 'name' => e($asset->assigned->getFullNameAttribute()), 'first_name'=> e($asset->assigned->first_name), 'last_name'=> ($asset->assigned->last_name) ? e($asset->assigned->last_name) : null, 'employee_number' => ($asset->assigned->employee_num) ? e($asset->assigned->employee_num) : null, 'type' => 'user' ] : null; } return $asset->assigned ? [ 'id' => $asset->assigned->id, 'name' => $asset->assigned->display_name, 'type' => $asset->assignedType() ] : null; }",True,PHP,transformAssignedTo,AssetsTransformer.php,https://github.com/snipe/snipe-it,snipe,snipe,2021-12-13 12:03:03-08:00,"Added escape to assigned_to API response Signed-off-by: snipe ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-4108,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25781,"public function getRequestAsset($assetId = null) { $user = Auth::user(); if (is_null($asset = Asset::RequestableAssets()->find($assetId))) { return redirect()->route('requestable-assets') ->with('error', trans('admin/hardware/message.does_not_exist_or_not_requestable')); } if (!Company::isCurrentUserHasAccess($asset)) { return redirect()->route('requestable-assets') ->with('error', trans('general.insufficient_permissions')); } $data['item'] = $asset; $data['target'] = Auth::user(); $data['item_quantity'] = 1; $settings = Setting::getSettings(); $logaction = new Actionlog(); $logaction->item_id = $data['asset_id'] = $asset->id; $logaction->item_type = $data['item_type'] = Asset::class; $logaction->created_at = $data['requested_date'] = date(""Y-m-d H:i:s""); if ($user->location_id) { $logaction->location_id = $user->location_id; } $logaction->target_id = $data['user_id'] = Auth::user()->id; $logaction->target_type = User::class; if ($asset->isRequestedBy(Auth::user())) { $asset->cancelRequest(); $asset->decrement('requests_counter', 1); $logaction->logaction('request canceled'); $settings->notify(new RequestAssetCancelation($data)); return redirect()->route('requestable-assets') ->with('success')->with('success', trans('admin/hardware/message.requests.cancel-success')); } $logaction->logaction('requested'); $asset->request(); $asset->increment('requests_counter', 1); $settings->notify(new RequestAssetNotification($data)); return redirect()->route('requestable-assets')->with('success')->with('success', trans('admin/hardware/message.requests.success')); }",True,PHP,getRequestAsset,ViewAssetsController.php,https://github.com/snipe/snipe-it,snipe,snipe,2021-12-16 20:36:08-08:00,"Switch GET to POST for asset request Signed-off-by: snipe ",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4130,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25785,"public function handle($request, Closure $next) { if ($this->auth->guest()) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { return redirect()->guest('login'); } } return $next($request); }",True,PHP,handle,CheckUserIsActivated.php,https://github.com/snipe/snipe-it,snipe,snipe,2022-03-29 13:44:53+01:00,"Logout user when their activated status is switched to off Signed-off-by: snipe ",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2022-1155,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25787,"public function transformAsset(Asset $asset) { $purchase_cost = null; $depreciated_value = null; $monthly_depreciation = null; $diff = null; $checkout_target = null; if ($asset->location && $asset->location->currency) { $purchase_cost_currency = $asset->location->currency; } else { $purchase_cost_currency = \App\Models\Setting::getSettings()->default_currency; } if ($asset->purchase_cost!='') { $purchase_cost = $asset->purchase_cost; } if (($asset->model) && ($asset->model->depreciation)) { $depreciated_value = \App\Helpers\Helper::formatCurrencyOutput($asset->getDepreciatedValue()); $monthly_depreciation = \App\Helpers\Helper::formatCurrencyOutput(($asset->model->eol > 0 ? ($asset->purchase_cost / $asset->model->eol) : 0)); $diff = \App\Helpers\Helper::formatCurrencyOutput(($asset->purchase_cost - $asset->getDepreciatedValue())); } if ($asset->assigned) { $checkout_target = $asset->assigned->name; if ($asset->checkedOutToUser()) { $checkout_target = $asset->assigned->getFullNameAttribute(); } } $array = [ 'company' => ($asset->company) ? e($asset->company->name) : null, 'name' => e($asset->name), 'asset_tag' => e($asset->asset_tag), 'serial' => e($asset->serial), 'model' => ($asset->model) ? e($asset->model->name) : null, 'model_number' => (($asset->model) && ($asset->model->model_number)) ? e($asset->model->model_number) : null, 'eol' => ($asset->purchase_date!='') ? Helper::getFormattedDateObject($asset->present()->eol_date(), 'date') : null , 'status_label' => ($asset->assetstatus) ? e($asset->assetstatus->name) : null, 'status' => ($asset->assetstatus) ? e($asset->present()->statusMeta) : null, 'category' => (($asset->model) && ($asset->model->category)) ? e($asset->model->category->name) : null, 'manufacturer' => (($asset->model) && ($asset->model->manufacturer)) ? e($asset->model->manufacturer->name) : null, 'supplier' => ($asset->supplier) ? e($asset->supplier->name) : null, 'notes' => ($asset->notes) ? e($asset->notes) : null, 'order_number' => ($asset->order_number) ? e($asset->order_number) : null, 'location' => ($asset->location) ? e($asset->location->name) : null, 'warranty_expires' => ($asset->warranty_months > 0) ? Helper::getFormattedDateObject($asset->warranty_expires, 'date') : null, 'currency' => $purchase_cost_currency, 'purchase_date' => Helper::getFormattedDateObject($asset->purchase_date, 'date'), 'purchase_cost' => Helper::formatCurrencyOutput($asset->purchase_cost), 'book_value' => Helper::formatCurrencyOutput($depreciated_value), 'monthly_depreciation' => $monthly_depreciation, 'checked_out_to' => $checkout_target, 'diff' => Helper::formatCurrencyOutput($diff), 'number_of_months' => ($asset->model && $asset->model->depreciation) ? e($asset->model->depreciation->months) : null, 'depreciation' => (($asset->model) && ($asset->model->depreciation)) ? e($asset->model->depreciation->name) : null, ]; return $array; }",True,PHP,transformAsset,DepreciationReportTransformer.php,https://github.com/snipe/snipe-it,snipe,snipe,2022-04-24 15:27:11+01:00,"Escape checkout target name Signed-off-by: snipe ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1445,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25790,"public function scopeSearch(Builder $query, array $search = []) { if (empty($search)) { return $query; } if (!array_intersect(array_keys($search), $this->searchable)) { return $query; } return $query->where($search); }",True,PHP,scopeSearch,SearchableTrait.php,https://github.com/fiveai/Cachet,fiveai,Seb Dangerfield,2021-01-15 14:17:35+00:00,Ensure only allowed searchable columns are used in DB Query,CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2021-39165,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25791,"public function scopeSearch(Builder $query, array $search = []) { if (empty($search)) { return $query; } if (!array_intersect(array_keys($search), $this->searchable)) { return $query; } return $query->where($search); }",True,PHP,scopeSearch,SearchableTrait.php,https://github.com/fiveai/Cachet,fiveai,Seb Dangerfield,2021-01-15 14:17:35+00:00,Ensure only allowed searchable columns are used in DB Query,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-39165,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25794,"protected function execute(InputInterface $input, OutputInterface $output) { $io = new SymfonyStyle($input, $output); $io->title('Kimai installation running ...'); $application = $this->getApplication(); $kernel = $application->getKernel(); $environment = $kernel->getEnvironment(); try { $this->createDatabase($io, $input, $output); } catch (\Exception $ex) { $io->error('Failed to create database: ' . $ex->getMessage()); return self::ERROR_DATABASE; } try { $this->importMigrations($io, $output); } catch (\Exception $ex) { $io->error('Failed to set migration status: ' . $ex->getMessage()); return self::ERROR_MIGRATIONS; } if (!$input->getOption('no-cache')) { $this->rebuildCaches($environment, $io, $input, $output); } $io->success( sprintf('Congratulations! Successfully installed %s version %s (%s)', Constants::SOFTWARE, Constants::VERSION, Constants::STATUS) ); return 0; }",True,PHP,execute,InstallCommand.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-04-29 18:29:03+02:00,"version 1.14.1 (#2532) * no back links in modal pages * remove unused service links to bountysource and gitter * add validation for budget and time-budget fields * display time budget if set * remove console log * sanitize DDE payloads * do not show status and name in version string",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2021-43515,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25796,"protected function execute(InputInterface $input, OutputInterface $output) { $io = new SymfonyStyle($input, $output); $io->title('Kimai updates running ...'); $application = $this->getApplication(); $kernel = $application->getKernel(); $environment = $kernel->getEnvironment(); try { if (!$this->connection->isConnected() && !$this->connection->connect()) { throw new \Exception( sprintf('Database connection could not be established: %s', $this->connection->getDatabase()) ); } if (!$this->connection->getSchemaManager()->tablesExist(['kimai2_users', 'kimai2_timesheet'])) { $io->error('Tables missing. Did you run the installer already?'); return self::ERROR_DATABASE; } if (!$this->connection->getSchemaManager()->tablesExist(['migration_versions'])) { $io->error('Unknown migration status, aborting database update'); return self::ERROR_DATABASE; } } catch (\Exception $ex) { $io->error('Failed to validate database: ' . $ex->getMessage()); return self::ERROR_DATABASE; } try { $command = $this->getApplication()->find('doctrine:migrations:migrate'); $cmdInput = new ArrayInput(['--allow-no-migration' => true]); $cmdInput->setInteractive(false); if (0 !== $command->run($cmdInput, $output)) { throw new \RuntimeException('CRITICAL: problem when migrating database'); } $io->writeln(''); } catch (\Exception $ex) { $io->error($ex->getMessage()); return self::ERROR_MIGRATIONS; } $cacheResult = $this->rebuildCaches($environment, $io, $input, $output); if ($cacheResult !== 0) { $io->warning( [ sprintf('Updated %s to version %s (%s) but the cache could not be rebuilt.', Constants::SOFTWARE, Constants::VERSION, Constants::STATUS), 'Please run the cache commands manually:', 'bin/console cache:clear --env=' . $environment . PHP_EOL . 'bin/console cache:warmup --env=' . $environment ] ); } else { $io->success( sprintf('Congratulations! Successfully updated %s to version %s (%s)', Constants::SOFTWARE, Constants::VERSION, Constants::STATUS) ); } return 0; }",True,PHP,execute,UpdateCommand.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-04-29 18:29:03+02:00,"version 1.14.1 (#2532) * no back links in modal pages * remove unused service links to bountysource and gitter * add validation for budget and time-budget fields * display time budget if set * remove console log * sanitize DDE payloads * do not show status and name in version string",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2021-43515,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25798,"protected function configure() { $this ->setName('kimai:version') ->setDescription('Receive version information') ->setHelp('This command allows you to fetch various version information about Kimai.') ->addOption('name', null, InputOption::VALUE_NONE, 'Display the major release name') ->addOption('candidate', null, InputOption::VALUE_NONE, 'Display the current version candidate (e.g. ""stable"" or ""dev"")') ->addOption('short', null, InputOption::VALUE_NONE, 'Display the version only') ->addOption('semver', null, InputOption::VALUE_NONE, 'Semantical versioning (SEMVER) compatible version string') ; }",True,PHP,configure,VersionCommand.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-04-29 18:29:03+02:00,"version 1.14.1 (#2532) * no back links in modal pages * remove unused service links to bountysource and gitter * add validation for budget and time-budget fields * display time budget if set * remove console log * sanitize DDE payloads * do not show status and name in version string",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2021-43515,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25800,"protected function execute(InputInterface $input, OutputInterface $output) { $io = new SymfonyStyle($input, $output); if ($input->getOption('semver')) { $io->writeln(Constants::VERSION . '-' . Constants::STATUS); return 0; } if ($input->getOption('short')) { $io->writeln(Constants::VERSION); return 0; } if ($input->getOption('name')) { $io->writeln(Constants::NAME); return 0; } if ($input->getOption('candidate')) { $io->writeln(Constants::STATUS); return 0; } $io->writeln(Constants::SOFTWARE . ' - ' . Constants::VERSION . ' ' . Constants::STATUS . ' (' . Constants::NAME . ') by Kevin Papst and contributors.'); return 0; }",True,PHP,execute,VersionCommand.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-04-29 18:29:03+02:00,"version 1.14.1 (#2532) * no back links in modal pages * remove unused service links to bountysource and gitter * add validation for budget and time-budget fields * display time budget if set * remove console log * sanitize DDE payloads * do not show status and name in version string",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2021-43515,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25803,"public function testVersion() { $client = $this->getClientForAuthenticatedUser(User::ROLE_USER); $this->assertAccessIsGranted($client, '/api/version'); $result = json_decode($client->getResponse()->getContent(), true); $this->assertIsArray($result); $this->assertArrayHasKey('version', $result); $this->assertArrayHasKey('versionId', $result); $this->assertArrayHasKey('candidate', $result); $this->assertArrayHasKey('semver', $result); $this->assertArrayHasKey('name', $result); $this->assertArrayHasKey('copyright', $result); $this->assertSame(Constants::VERSION, $result['version']); $this->assertSame(Constants::VERSION_ID, $result['versionId']); $this->assertEquals(Constants::STATUS, $result['candidate']); $this->assertEquals(Constants::VERSION . '-' . Constants::STATUS, $result['semver']); $this->assertEquals(Constants::NAME, $result['name']); $this->assertEquals( 'Kimai - ' . Constants::VERSION . ' ' . Constants::STATUS . ' (' . Constants::NAME . ') by Kevin Papst and contributors.', $result['copyright'] ); }",True,PHP,testVersion,StatusControllerTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-04-29 18:29:03+02:00,"version 1.14.1 (#2532) * no back links in modal pages * remove unused service links to bountysource and gitter * add validation for budget and time-budget fields * display time budget if set * remove console log * sanitize DDE payloads * do not show status and name in version string",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2021-43515,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25805,"public function testFullRun() { $command = $this->getCommand(); $commandTester = new CommandTester($command); $commandTester->setInputs(['no']); $commandTester->execute([ 'command' => $command->getName(), ]); $result = $commandTester->getDisplay(); self::assertStringContainsString('Kimai updates running', $result); self::assertStringContainsString('Application Migrations', $result); self::assertStringContainsString('No migrations to execute.', $result); self::assertStringContainsString( sprintf('[OK] Congratulations! Successfully updated Kimai to version %s (%s)', Constants::VERSION, Constants::STATUS), $result ); self::assertEquals(0, $commandTester->getStatusCode()); }",True,PHP,testFullRun,UpdateCommandTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-04-29 18:29:03+02:00,"version 1.14.1 (#2532) * no back links in modal pages * remove unused service links to bountysource and gitter * add validation for budget and time-budget fields * display time budget if set * remove console log * sanitize DDE payloads * do not show status and name in version string",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2021-43515,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25806,"public function getTestData() { return [ [[], 'Kimai - ' . Constants::VERSION . ' ' . Constants::STATUS . ' (' . Constants::NAME . ') by Kevin Papst and contributors.'], [['--name' => true], Constants::NAME], [['--candidate' => true], Constants::STATUS], [['--short' => true], Constants::VERSION], [['--semver' => true], Constants::VERSION . '-' . Constants::STATUS], ]; }",True,PHP,getTestData,VersionCommandTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-04-29 18:29:03+02:00,"version 1.14.1 (#2532) * no back links in modal pages * remove unused service links to bountysource and gitter * add validation for budget and time-budget fields * display time budget if set * remove console log * sanitize DDE payloads * do not show status and name in version string",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2021-43515,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25808,"public function testBuild() { $version = Constants::VERSION; $versionParts = explode('.', $version); $major = (int) $versionParts[0]; $minor = (int) $versionParts[1]; $patch = isset($versionParts[2]) ? (int) $versionParts[2] : 0; $expectedId = $major * 10000 + $minor * 100 + $patch; self::assertEquals('1.14', Constants::VERSION, 'Invalid release number'); self::assertTrue(\in_array(Constants::STATUS, ['dev', 'stable']), 'Invalid status'); self::assertEquals($expectedId, Constants::VERSION_ID, 'Invalid version ID'); }",True,PHP,testBuild,ConstantsTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-04-29 18:29:03+02:00,"version 1.14.1 (#2532) * no back links in modal pages * remove unused service links to bountysource and gitter * add validation for budget and time-budget fields * display time budget if set * remove console log * sanitize DDE payloads * do not show status and name in version string",CWE-1236,Improper Neutralization of Formula Elements in a CSV File,"The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.",https://cwe.mitre.org/data/definitions/1236.html,CVE-2021-43515,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25812,"public function pinCommentAction(CustomerComment $comment) { $comment->setPinned(!$comment->isPinned()); try { $this->repository->saveComment($comment); } catch (\Exception $ex) { $this->flashUpdateException($ex); } return $this->redirectToRoute('customer_details', ['id' => $comment->getCustomer()->getId()]); }",True,PHP,pinCommentAction,CustomerController.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-16 10:17:26+01:00,improve csrf handling (#2936),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3963,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25814,"public function deleteCommentAction(CustomerComment $comment) { $customerId = $comment->getCustomer()->getId(); try { $this->repository->deleteComment($comment); } catch (\Exception $ex) { $this->flashDeleteException($ex); } return $this->redirectToRoute('customer_details', ['id' => $customerId]); }",True,PHP,deleteCommentAction,CustomerController.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-16 10:17:26+01:00,improve csrf handling (#2936),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3963,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25815,"public function deleteCommentAction(ProjectComment $comment) { $projectId = $comment->getProject()->getId(); try { $this->repository->deleteComment($comment); } catch (\Exception $ex) { $this->flashDeleteException($ex); } return $this->redirectToRoute('project_details', ['id' => $projectId]); }",True,PHP,deleteCommentAction,ProjectController.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-16 10:17:26+01:00,improve csrf handling (#2936),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3963,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25817,"public function pinCommentAction(ProjectComment $comment) { $comment->setPinned(!$comment->isPinned()); try { $this->repository->saveComment($comment); } catch (\Exception $ex) { $this->flashUpdateException($ex); } return $this->redirectToRoute('project_details', ['id' => $comment->getProject()->getId()]); }",True,PHP,pinCommentAction,ProjectController.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-16 10:17:26+01:00,improve csrf handling (#2936),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3963,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25819,"public function testPinCommentAction() { $client = $this->getClientForAuthenticatedUser(User::ROLE_ADMIN); $this->assertAccessIsGranted($client, '/admin/customer/1/details'); $form = $client->getCrawler()->filter('form[name=customer_comment_form]')->form(); $client->submit($form, [ 'customer_comment_form' => [ 'message' => 'Blah foo bar', ] ]); $this->assertIsRedirect($client, $this->createUrl('/admin/customer/1/details')); $client->followRedirect(); $node = $client->getCrawler()->filter('div.box self::assertStringContainsString('Blah foo bar', $node->html()); $node = $client->getCrawler()->filter('div.box self::assertEquals(0, $node->count()); $comments = $this->getEntityManager()->getRepository(CustomerComment::class)->findAll(); $id = $comments[0]->getId(); $this->request($client, '/admin/customer/' . $id . '/comment_pin'); $this->assertIsRedirect($client, $this->createUrl('/admin/customer/1/details')); $client->followRedirect(); $node = $client->getCrawler()->filter('div.box self::assertEquals(1, $node->count()); self::assertEquals($this->createUrl('/admin/customer/' . $id . '/comment_pin'), $node->attr('href')); }",True,PHP,testPinCommentAction,CustomerControllerTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-16 10:17:26+01:00,improve csrf handling (#2936),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3963,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25822,"public function testDeleteCommentAction() { $client = $this->getClientForAuthenticatedUser(User::ROLE_ADMIN); $this->assertAccessIsGranted($client, '/admin/customer/1/details'); $form = $client->getCrawler()->filter('form[name=customer_comment_form]')->form(); $client->submit($form, [ 'customer_comment_form' => [ 'message' => 'Blah foo bar', ] ]); $this->assertIsRedirect($client, $this->createUrl('/admin/customer/1/details')); $client->followRedirect(); $node = $client->getCrawler()->filter('div.box self::assertStringContainsString('Blah foo bar', $node->html()); $node = $client->getCrawler()->filter('div.box self::assertStringEndsWith('/comment_delete', $node->attr('href')); $comments = $this->getEntityManager()->getRepository(CustomerComment::class)->findAll(); $id = $comments[0]->getId(); $this->request($client, '/admin/customer/' . $id . '/comment_delete'); $this->assertIsRedirect($client, $this->createUrl('/admin/customer/1/details')); $client->followRedirect(); $node = $client->getCrawler()->filter('div.box self::assertStringContainsString('There were no comments posted yet', $node->html()); }",True,PHP,testDeleteCommentAction,CustomerControllerTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-16 10:17:26+01:00,improve csrf handling (#2936),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3963,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25824,"public function testDeleteTemplateAction() { $client = $this->getClientForAuthenticatedUser(User::ROLE_ADMIN); $fixture = new InvoiceTemplateFixtures(); $template = $this->importFixture($fixture); $id = $template[0]->getId(); $this->request($client, '/invoice/template/' . $id . '/delete'); $this->assertIsRedirect($client, '/invoice/template'); $client->followRedirect(); $this->assertTrue($client->getResponse()->isSuccessful()); $this->assertHasFlashSuccess($client); $this->assertEquals(0, $this->getEntityManager()->getRepository(InvoiceTemplate::class)->count([])); }",True,PHP,testDeleteTemplateAction,InvoiceControllerTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-16 10:17:26+01:00,improve csrf handling (#2936),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3963,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25827,"public function testDeleteCommentAction() { $client = $this->getClientForAuthenticatedUser(User::ROLE_ADMIN); $this->assertAccessIsGranted($client, '/admin/project/1/details'); $form = $client->getCrawler()->filter('form[name=project_comment_form]')->form(); $client->submit($form, [ 'project_comment_form' => [ 'message' => 'Foo bar blub', ] ]); $this->assertIsRedirect($client, $this->createUrl('/admin/project/1/details')); $client->followRedirect(); $node = $client->getCrawler()->filter('div.box self::assertStringContainsString('Foo bar blub', $node->html()); $node = $client->getCrawler()->filter('div.box $comments = $this->getEntityManager()->getRepository(ProjectComment::class)->findAll(); $id = $comments[0]->getId(); self::assertEquals($this->createUrl('/admin/project/' . $id . '/comment_delete'), $node->attr('href')); $this->request($client, '/admin/project/' . $id . '/comment_delete'); $this->assertIsRedirect($client, $this->createUrl('/admin/project/1/details')); $client->followRedirect(); $node = $client->getCrawler()->filter('div.box self::assertStringContainsString('There were no comments posted yet', $node->html()); }",True,PHP,testDeleteCommentAction,ProjectControllerTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-16 10:17:26+01:00,improve csrf handling (#2936),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3963,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25828,"public function testPinCommentAction() { $client = $this->getClientForAuthenticatedUser(User::ROLE_ADMIN); $this->assertAccessIsGranted($client, '/admin/project/1/details'); $form = $client->getCrawler()->filter('form[name=project_comment_form]')->form(); $client->submit($form, [ 'project_comment_form' => [ 'message' => 'Foo bar blub', ] ]); $this->assertIsRedirect($client, $this->createUrl('/admin/project/1/details')); $client->followRedirect(); $node = $client->getCrawler()->filter('div.box self::assertStringContainsString('Foo bar blub', $node->html()); $node = $client->getCrawler()->filter('div.box self::assertEquals(0, $node->count()); $comments = $this->getEntityManager()->getRepository(ProjectComment::class)->findAll(); $id = $comments[0]->getId(); $this->request($client, '/admin/project/' . $id . '/comment_pin'); $this->assertIsRedirect($client, $this->createUrl('/admin/project/1/details')); $client->followRedirect(); $node = $client->getCrawler()->filter('div.box self::assertEquals(1, $node->count()); self::assertEquals($this->createUrl('/admin/project/' . $id . '/comment_pin'), $node->attr('href')); }",True,PHP,testPinCommentAction,ProjectControllerTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-16 10:17:26+01:00,improve csrf handling (#2936),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3963,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25831,"public function duplicateAction(Project $project, Request $request, ProjectDuplicationService $projectDuplicationService) { $newProject = $projectDuplicationService->duplicate($project, $project->getName() . ' [COPY]'); return $this->redirectToRoute('project_details', ['id' => $newProject->getId()]); }",True,PHP,duplicateAction,ProjectController.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-18 12:33:13+01:00,"version 1.16.2 (#2942) * bump version * include calendar week in week chooser * table names in SQL * show save flash message * prevent migration warning * drop default value to prevent error when server version is not set * csrf token for duplicate actions * updated translations",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3976,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25832,"public function duplicateTeam(Team $team, Request $request) { $newTeam = clone $team; $newTeam->setName($team->getName() . ' [COPY]'); try { $this->repository->saveTeam($newTeam); $this->flashSuccess('action.update.success'); return $this->redirectToRoute('admin_team_edit', ['id' => $newTeam->getId()]); } catch (\Exception $ex) { $this->flashUpdateException($ex); } return $this->redirectToRoute('admin_team'); }",True,PHP,duplicateTeam,TeamController.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-18 12:33:13+01:00,"version 1.16.2 (#2942) * bump version * include calendar week in week chooser * table names in SQL * show save flash message * prevent migration warning * drop default value to prevent error when server version is not set * csrf token for duplicate actions * updated translations",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3976,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25836,"foreach ($indexesOld as $index) { if (\in_array('name', $index->getColumns()) || \in_array('mail', $index->getColumns())) { $this->indexesOld[] = $index; $this->addSql('DROP INDEX ' . $index->getName() . ' ON ' . $users); } }",True,PHP,foreach,Version20180715160326.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-18 12:33:13+01:00,"version 1.16.2 (#2942) * bump version * include calendar week in week chooser * table names in SQL * show save flash message * prevent migration warning * drop default value to prevent error when server version is not set * csrf token for duplicate actions * updated translations",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3976,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25839,foreach ($indexToDelete as $indexName) { $this->addSql('DROP INDEX ' . $indexName . ' ON ' . $users); },True,PHP,foreach,Version20180715160326.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-18 12:33:13+01:00,"version 1.16.2 (#2942) * bump version * include calendar week in week chooser * table names in SQL * show save flash message * prevent migration warning * drop default value to prevent error when server version is not set * csrf token for duplicate actions * updated translations",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3976,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25842,"public function testDuplicateAction() { $client = $this->getClientForAuthenticatedUser(User::ROLE_ADMIN); $em = $this->getEntityManager(); $project = $em->find(Project::class, 1); $project->setMetaField((new ProjectMeta())->setName('foo')->setValue('bar')); $project->setEnd(new \DateTime()); $em->persist($project); $team = new Team(); $team->addTeamlead($this->getUserByRole(User::ROLE_ADMIN)); $team->addProject($project); $team->setName('project 1'); $em->persist($team); $rate = new ProjectRate(); $rate->setProject($project); $rate->setRate(123.45); $em->persist($rate); $activity = new Activity(); $activity->setName('blub'); $activity->setProject($project); $activity->setMetaField((new ActivityMeta())->setName('blub')->setValue('blab')); $em->persist($activity); $rate = new ActivityRate(); $rate->setActivity($activity); $rate->setRate(123.45); $em->persist($rate); $em->flush(); $this->request($client, '/admin/project/1/duplicate'); $this->assertIsRedirect($client, '/details'); $client->followRedirect(); $node = $client->getCrawler()->filter('div.box self::assertEquals(1, $node->count()); $node = $client->getCrawler()->filter('div.box self::assertEquals(1, $node->count()); self::assertStringContainsString('123.45', $node->text(null, true)); }",True,PHP,testDuplicateAction,ProjectControllerTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-18 12:33:13+01:00,"version 1.16.2 (#2942) * bump version * include calendar week in week chooser * table names in SQL * show save flash message * prevent migration warning * drop default value to prevent error when server version is not set * csrf token for duplicate actions * updated translations",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3976,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25846,"public function testDuplicateAction() { $client = $this->getClientForAuthenticatedUser(User::ROLE_ADMIN); $this->request($client, '/admin/teams/1/duplicate'); $this->assertIsRedirect($client, '/edit'); $client->followRedirect(); $node = $client->getCrawler()->filter('#team_edit_form_name'); self::assertEquals(1, $node->count()); self::assertEquals('Test team [COPY]', $node->attr('value')); }",True,PHP,testDuplicateAction,TeamControllerTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-18 12:33:13+01:00,"version 1.16.2 (#2942) * bump version * include calendar week in week chooser * table names in SQL * show save flash message * prevent migration warning * drop default value to prevent error when server version is not set * csrf token for duplicate actions * updated translations",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3976,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25850,"public function testDuplicateAction() { $client = $this->getClientForAuthenticatedUser(User::ROLE_ADMIN); $dateTime = new DateTimeFactory(new \DateTimeZone('Europe/London')); $fixture = new TimesheetFixtures(); $fixture->setAmount(1); $fixture->setAmountRunning(0); $fixture->setUser($this->getUserByRole(User::ROLE_USER)); $fixture->setStartDate($dateTime->createDateTime()); $fixture->setCallback(function (Timesheet $timesheet) { $timesheet->setDescription('Testing is fun!'); $begin = clone $timesheet->getBegin(); $begin->setTime(0, 0, 0); $timesheet->setBegin($begin); $end = clone $timesheet->getBegin(); $end->modify('+ 8 hours'); $timesheet->setEnd($end); $timesheet->setFixedRate(2016); $timesheet->setHourlyRate(127); }); $ids = $this->importFixture($fixture); $newId = $ids[0]->getId(); $this->request($client, '/timesheet/' . $newId . '/duplicate'); $this->assertTrue($client->getResponse()->isSuccessful()); $form = $client->getCrawler()->filter('form[name=timesheet_edit_form]')->form(); $client->submit($form, $form->getPhpValues()); $this->assertIsRedirect($client, $this->createUrl('/timesheet/')); $client->followRedirect(); $this->assertTrue($client->getResponse()->isSuccessful()); $this->assertHasFlashSuccess($client); $em = $this->getEntityManager(); $timesheet = $em->getRepository(Timesheet::class)->find($newId++); $this->assertInstanceOf(\DateTime::class, $timesheet->getBegin()); $this->assertEquals('Europe/London', $timesheet->getBegin()->getTimezone()->getName()); $this->assertEquals('Testing is fun!', $timesheet->getDescription()); $this->assertEquals(2016, $timesheet->getRate()); $this->assertEquals(127, $timesheet->getHourlyRate()); $this->assertEquals(2016, $timesheet->getFixedRate()); $this->assertEquals(2016, $timesheet->getRate()); }",True,PHP,testDuplicateAction,TimesheetControllerTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-18 12:33:13+01:00,"version 1.16.2 (#2942) * bump version * include calendar week in week chooser * table names in SQL * show save flash message * prevent migration warning * drop default value to prevent error when server version is not set * csrf token for duplicate actions * updated translations",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3976,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25852,"public function testDuplicateAction() { $client = $this->getClientForAuthenticatedUser(User::ROLE_ADMIN); $dateTime = new DateTimeFactory(new \DateTimeZone('Europe/London')); $fixture = new TimesheetFixtures(); $fixture->setAmount(1); $fixture->setAmountRunning(0); $fixture->setUser($this->getUserByRole(User::ROLE_USER)); $fixture->setStartDate($dateTime->createDateTime()); $fixture->setCallback(function (Timesheet $timesheet) { $timesheet->setDescription('Testing is fun!'); $begin = clone $timesheet->getBegin(); $begin->setTime(0, 0, 0); $timesheet->setBegin($begin); $end = clone $timesheet->getBegin(); $end->modify('+ 8 hours'); $timesheet->setEnd($end); $timesheet->setFixedRate(2016); $timesheet->setHourlyRate(127); }); $ids = $this->importFixture($fixture); $newId = $ids[0]->getId(); $this->request($client, '/team/timesheet/' . $newId . '/duplicate'); $this->assertTrue($client->getResponse()->isSuccessful()); $form = $client->getCrawler()->filter('form[name=timesheet_admin_edit_form]')->form(); $client->submit($form, $form->getPhpValues()); $this->assertIsRedirect($client, $this->createUrl('/team/timesheet/')); $client->followRedirect(); $this->assertTrue($client->getResponse()->isSuccessful()); $this->assertHasFlashSuccess($client); $em = $this->getEntityManager(); $timesheet = $em->getRepository(Timesheet::class)->find($newId++); $this->assertInstanceOf(\DateTime::class, $timesheet->getBegin()); $this->assertEquals('Europe/London', $timesheet->getBegin()->getTimezone()->getName()); $this->assertEquals('Testing is fun!', $timesheet->getDescription()); $this->assertEquals(2016, $timesheet->getRate()); $this->assertEquals(127, $timesheet->getHourlyRate()); $this->assertEquals(2016, $timesheet->getFixedRate()); $this->assertEquals(2016, $timesheet->getRate()); }",True,PHP,testDuplicateAction,TimesheetTeamControllerTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-18 12:33:13+01:00,"version 1.16.2 (#2942) * bump version * include calendar week in week chooser * table names in SQL * show save flash message * prevent migration warning * drop default value to prevent error when server version is not set * csrf token for duplicate actions * updated translations",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-3976,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25856,"private function renderInvoice(InvoiceQuery $query, Request $request) { if (null !== $query->getTemplate() && null === $query->getTemplate()->getLanguage()) { $query->getTemplate()->setLanguage($request->getLocale()); } try { $invoices = $this->service->createInvoices($query, $this->dispatcher); $this->flashSuccess('action.update.success'); if (\count($invoices) === 1) { return $this->redirectToRoute('admin_invoice_list', ['id' => $invoices[0]->getId()]); } return $this->redirectToRoute('admin_invoice_list'); } catch (Exception $ex) { $this->flashUpdateException($ex); } return $this->redirectToRoute('invoice'); }",True,PHP,renderInvoice,InvoiceController.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-21 16:41:03+01:00,improve permissison handling in invoice screen (#2965),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2021-3992,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25861,"public function testPrintAction() { $client = $this->getClientForAuthenticatedUser(User::ROLE_TEAMLEAD); $fixture = new InvoiceTemplateFixtures(); $templates = $this->importFixture($fixture); $id = $templates[0]->getId(); $begin = new \DateTime('first day of this month'); $end = new \DateTime('last day of this month'); $fixture = new TimesheetFixtures(); $fixture ->setUser($this->getUserByRole(User::ROLE_TEAMLEAD)) ->setAmount(20) ->setStartDate($begin) ; $this->importFixture($fixture); $this->request($client, '/invoice/'); $this->assertTrue($client->getResponse()->isSuccessful()); $dateRange = $begin->format('Y-m-d') . DateRangeType::DATE_SPACER . $end->format('Y-m-d'); $params = [ 'daterange' => $dateRange, 'projects' => [1], ]; $action = '/invoice/preview/1/' . $id . '?' . http_build_query($params); $this->request($client, $action); $this->assertTrue($client->getResponse()->isSuccessful()); $node = $client->getCrawler()->filter('body'); $this->assertEquals(1, $node->count()); $this->assertEquals('invoice_print', $node->getIterator()[0]->getAttribute('class')); }",True,PHP,testPrintAction,InvoiceControllerTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-21 16:41:03+01:00,improve permissison handling in invoice screen (#2965),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2021-3992,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25862,"public function testCreateActionAsAdminWithDownloadAndStatusChangeAndDelete() { $client = $this->getClientForAuthenticatedUser(User::ROLE_ADMIN); $fixture = new InvoiceTemplateFixtures(); $templates = $this->importFixture($fixture); $template = $templates[0]; $begin = new \DateTime('first day of this month'); $end = new \DateTime('last day of this month'); $fixture = new TimesheetFixtures(); $fixture ->setUser($this->getUserByRole(User::ROLE_ADMIN)) ->setAmount(20) ->setStartDate($begin) ; $this->importFixture($fixture); $this->request($client, '/invoice/'); $this->assertTrue($client->getResponse()->isSuccessful()); $dateRange = $begin->format('Y-m-d') . DateRangeType::DATE_SPACER . $end->format('Y-m-d'); $form = $client->getCrawler()->filter('#invoice-print-form')->form(); $node = $form->getFormNode(); $node->setAttribute('action', $this->createUrl('/invoice/?preview=')); $node->setAttribute('method', 'GET'); $client->submit($form, [ 'template' => $template->getId(), 'daterange' => $dateRange, 'customers' => [1], ]); $this->assertTrue($client->getResponse()->isSuccessful()); $node = $client->getCrawler()->filter('div.callout.callout-warning.lead'); $this->assertEquals(0, $node->count()); $this->assertDataTableRowCount($client, 'datatable_invoice', 20); $form = $client->getCrawler()->filter('#invoice-print-form')->form(); $node = $form->getFormNode(); $node->setAttribute('action', $this->createUrl('/invoice/?createInvoice=true')); $node->setAttribute('method', 'GET'); $client->submit($form, [ 'template' => $template->getId(), 'daterange' => $dateRange, 'customers' => [1], 'projects' => [1], 'markAsExported' => 1, ]); $invoices = $this->getEntityManager()->getRepository(Invoice::class)->findAll(); $id = $invoices[0]->getId(); $this->assertIsRedirect($client, '/invoice/show?id=' . $id); $client->followRedirect(); $this->assertTrue($client->getResponse()->isSuccessful()); $this->assertHasFlashSuccess($client); $this->assertHasDataTable($client); $this->assertDataTableRowCount($client, 'datatable_invoices', 1); $this->request($client, '/invoice/download/' . $id); $response = $client->getResponse(); $this->assertTrue($response->isSuccessful()); self::assertInstanceOf(BinaryFileResponse::class, $response); self::assertFileExists($response->getFile()); $this->request($client, '/invoice/change-status/' . $id . '/pending'); $this->assertIsRedirect($client, '/invoice/show'); $client->followRedirect(); $this->assertTrue($client->getResponse()->isSuccessful()); $this->request($client, '/invoice/change-status/' . $id . '/paid'); $this->assertTrue($client->getResponse()->isSuccessful()); $this->assertHasValidationError( $client, '/invoice/change-status/' . $id . '/paid', 'form[name=invoice_payment_date_form]', [ 'invoice_payment_date_form' => [ 'paymentDate' => 'invalid' ] ], ['#invoice_payment_date_form_paymentDate'] ); $this->assertTrue($client->getResponse()->isSuccessful()); $form = $client->getCrawler()->filter('form[name=invoice_payment_date_form]')->form(); $client->submit($form, [ 'invoice_payment_date_form' => [ 'paymentDate' => (new \DateTime())->format('Y-m-d') ] ]); $this->assertIsRedirect($client, '/invoice/show'); $client->followRedirect(); $this->assertTrue($client->getResponse()->isSuccessful()); $this->request($client, '/invoice/change-status/' . $id . '/new'); $this->assertIsRedirect($client, '/invoice/show'); $client->followRedirect(); $this->assertTrue($client->getResponse()->isSuccessful()); $this->request($client, '/invoice/delete/' . $id . '/fghfkjhgkjhg'); $this->assertIsRedirect($client, '/invoice/show'); $client->followRedirect(); $this->assertTrue($client->getResponse()->isSuccessful()); }",True,PHP,testCreateActionAsAdminWithDownloadAndStatusChangeAndDelete,InvoiceControllerTest.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-11-21 16:41:03+01:00,improve permissison handling in invoice screen (#2965),CWE-639,Authorization Bypass Through User-Controlled Key,The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.,https://cwe.mitre.org/data/definitions/639.html,CVE-2021-3992,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25865,"public function buildView(FormView $view, FormInterface $form, array $options) { if (!isset($options['api_data'])) { return; } $apiData = $options['api_data']; if (!\is_array($apiData)) { throw new \InvalidArgumentException('Option ""api_data"" must be an array for form ""' . $form->getName() . '""'); } if (!isset($apiData['select'])) { return; } if (!isset($apiData['route'])) { throw new \InvalidArgumentException('Missing ""route"" option for ""api_data"" option for form ""' . $form->getName() . '""'); } if (!isset($apiData['route_params'])) { $apiData['route_params'] = []; } $formPrefixes = []; $parent = $form->getParent(); do { $formPrefixes[] = $parent->getName(); } while (($parent = $parent->getParent()) !== null); $formPrefix = implode('_', array_reverse($formPrefixes)); $formField = $formPrefix . '_' . $apiData['select']; $view->vars['attr'] = array_merge($view->vars['attr'], [ 'data-form-prefix' => $formPrefix, 'data-related-select' => $formField, 'data-api-url' => $this->router->generate($apiData['route'], $apiData['route_params']), ]); if (isset($apiData['empty_route_params'])) { $view->vars['attr'] = array_merge($view->vars['attr'], [ 'data-empty-url' => $this->router->generate($apiData['route'], $apiData['empty_route_params']), ]); } }",True,PHP,buildView,SelectWithApiDataExtension.php,https://github.com/kevinpapst/kimai2,kevinpapst,GitHub,2021-12-04 01:18:49+01:00,fix invoice create and search (#2990),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4033,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25884,"protected function handle_file_upload($uploaded_file, $name, $size, $type, $error, $index = null, $content_range = null) { $matches = array(); if (strpos($name, '.') === false && preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) { $name = $uploadFileName = 'clipboard.' . $matches[1]; } else { $uploadFileName = $name; } if (!preg_match($this->options['accept_file_types_lhc'], $uploadFileName)) { throw new Exception($this->get_error_message('accept_file_types')); return false; } $file = parent::handle_file_upload_parent( $uploaded_file, $name, $size, $type, $error, $index, $content_range ); if (empty($file->error)) { $fileUpload = new erLhcoreClassModelChatFile(); $fileUpload->size = $file->size; $fileUpload->type = $file->type; $fileUpload->name = $file->name; $fileUpload->date = time(); $fileUpload->user_id = isset($this->options['user_id']) ? $this->options['user_id'] : 0; $fileUpload->upload_name = (isset($this->options['file_name_manual']) && $this->options['file_name_manual'] != '') ? $this->options['file_name_manual'] . ' - ' . $name : $name; $fileUpload->file_path = $this->options['upload_dir']; $fileUpload->chat_id = (isset($this->options['chat_id']) && $this->options['chat_id'] > 0) ? (int)$this->options['chat_id'] : 0; $fileUpload->persistent = (isset($this->options['persistent']) && $this->options['persistent'] == true) ? 1 : 0; if (isset($this->options['file_name_replace']) && $this->options['file_name_replace'] != '') { $fileUpload->upload_name = $this->options['file_name_replace']; } $matches = array(); if (strpos($name, '.') === false && preg_match('/^image\/(gif|jpe?g|png)/', $fileUpload->type, $matches)) { $fileUpload->extension = strtolower($matches[1]); } else { $partsFile = explode('.', $name); $fileUpload->extension = strtolower(end($partsFile)); } if (isset($this->options['remove_meta']) && $this->options['remove_meta'] == true && in_array($fileUpload->extension, array('jpg', 'jpeg', 'png', 'gif'))) { self::removeExif($fileUpload->file_path_server, $fileUpload->file_path_server . '_exif'); unlink($fileUpload->file_path_server); rename($fileUpload->file_path_server . '_exif', $fileUpload->file_path_server); $fileUpload->size = filesize($fileUpload->file_path_server); } $fileUpload->saveThis(); $this->uploadedFile = $fileUpload; } else { throw new Exception($file->error); } return $file; }",True,PHP,handle_file_upload,lhfileuploadadmin.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,Remigijus Kiminas,2021-12-07 08:10:30-05:00,Clean SVG and adjust file size,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-4050,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25888,"$cfgSite->setSetting( 'db', $key, $value); } $cfgSite->setSetting( 'site', 'secrethash', substr(md5(time() . "":"" . mt_rand()),0,10)); return true; } else { return $Errors; } }",True,PHP,setSetting,install.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,Remigijus Kiminas,2022-03-31 00:39:39-04:00,Increase size of secret hash and chagne it's algorithm,CWE-916,Use of Password Hash With Insufficient Computational Effort,"The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.",https://cwe.mitre.org/data/definitions/916.html,CVE-2022-1235,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25889,public static function getHost() { if (isset($_SERVER['HTTP_HOST'])) { $site_address = (erLhcoreClassSystem::$httpsMode == true ? 'https:' : 'http:') . '//' . $_SERVER['HTTP_HOST'] ; } else if (class_exists('erLhcoreClassInstance')) { $site_address = 'https: } else if (class_exists('erLhcoreClassExtensionLhcphpresque')) { $site_address = erLhcoreClassModule::getExtensionInstance('erLhcoreClassExtensionLhcphpresque')->settings['site_address']; } else { $site_address = ''; } return $site_address; },True,PHP,getHost,lhbbcode.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,GitHub,2022-04-06 13:07:00+03:00,"Migrate to static HTTP_HOST (#1754) Static HTTP_HOST option and security section in update page.",CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-0935,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25892,public static function getHost() { if (isset($_SERVER['HTTP_HOST'])) { $site_address = (erLhcoreClassSystem::$httpsMode == true ? 'https:' : 'http:') . '//' . $_SERVER['HTTP_HOST'] ; } else if (class_exists('erLhcoreClassInstance')) { $site_address = 'https: } else if (class_exists('erLhcoreClassExtensionLhcphpresque')) { $site_address = erLhcoreClassModule::getExtensionInstance('erLhcoreClassExtensionLhcphpresque')->settings['site_address']; } else { $site_address = ''; } return $site_address; },True,PHP,getHost,lhbbcode_cleanup.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,GitHub,2022-04-06 13:07:00+03:00,"Migrate to static HTTP_HOST (#1754) Static HTTP_HOST option and security section in update page.",CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-0935,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25893,"public static function showModal($params) { if (!isset($params['argument']) || empty($params['argument'])) { return array( 'processed' => true, 'process_status' => erTranslationClassLhTranslation::getInstance()->getTranslation('chat/chatcommand', 'Please provide modal URL!') ); } $paramsURL = explode(' ',$params['argument']); $URL = array_shift($paramsURL); if (is_numeric($URL)) { $URL = (erLhcoreClassSystem::$httpsMode == true ? 'https:' : 'http:') . '//' . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '') . erLhcoreClassDesign::baseurldirect('form/formwidget') . '/' . $URL; }",True,PHP,showModal,lhchatcommand.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,GitHub,2022-04-06 13:07:00+03:00,"Migrate to static HTTP_HOST (#1754) Static HTTP_HOST option and security section in update page.",CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-0935,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25899,"self::$collectedInfo[$params['name']] = array('definition' => $params, 'value' => $_FILES[$params['name']]); } } else { if (isset(self::$collectedInfo[$params['name']]['value'])){ $valueContent = self::$collectedInfo[$params['name']]['value']; $downloadLink = """"; }",True,PHP,array,lhformrenderer.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,GitHub,2022-04-06 13:07:00+03:00,"Migrate to static HTTP_HOST (#1754) Static HTTP_HOST option and security section in update page.",CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-0935,function update_vendor() { $vendor = new vendor(); $vendor->update($this->params['vendor']); expHistory::back(); } 25902,$chats[$index]->link = erLhcoreClassXMP::getBaseHost() . $_SERVER['HTTP_HOST'] . erLhcoreClassDesign::baseurl('user/login').'/(r)/'.rawurlencode(base64_encode('chat/single/'.$chat->id)); } },True,PHP,baseurl.'/(r)/'.rawurlencode,lhrestapivalidator.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,GitHub,2022-04-06 13:07:00+03:00,"Migrate to static HTTP_HOST (#1754) Static HTTP_HOST option and security section in update page.",CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-0935,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25904,"public function __get($var) { switch ($var) { case 'left_menu': $this->left_menu = ''; return $this->left_menu; break; case 'custom_status_css_front': $attr = str_replace('_front', '', $var); $this->$var = false; if ($this->$attr != '') { $this->$var = str_replace($this->replace_array['search'], $this->replace_array['replace'], $this->$attr); } return $this->$var; break; case 'replace_array': $host = '//'.$_SERVER['HTTP_HOST']; $this->replace_array = array( 'search' => array( '{{host}}', '{{logo_image_url}}', '{{minimize_image_url}}', '{{restore_image_url}}', '{{close_image_url}}', '{{popup_image_url}}', '{{operator_image_url}}', '{{copyright_image_url}}', '{{need_help_image_url}}', '{{online_image_url}}', '{{offline_image_url}}', ), 'replace' => array( $host, $this->logo_image_url, $this->minimize_image_url, $this->restore_image_url, $this->close_image_url, $this->popup_image_url, $this->operator_image_url, $this->copyright_image_url, $this->need_help_image_url, $this->online_image_url, $this->offline_image_url, )); return $this->replace_array; break; case 'operator_image_avatar': return $this->operator_image_url !== false || (isset($this->bot_configuration_array['operator_avatar']) && $this->bot_configuration_array['operator_avatar'] != ''); case 'notification_icon_url': case 'logo_image_url': case 'minimize_image_url': case 'restore_image_url': case 'close_image_url': case 'popup_image_url': case 'operator_image_url': case 'copyright_image_url': case 'need_help_image_url': case 'online_image_url': case 'offline_image_url': $attr = str_replace('_url', '', $var); $this->$var = false; if ($this->$attr != ''){ $this->$var = ($this->{$attr.'_path'} != '' ? (erLhcoreClassSystem::$httpsMode == true ? 'https:' : 'http:') . '//' . $_SERVER['HTTP_HOST'] . erLhcoreClassSystem::instance()->wwwDir() : erLhcoreClassSystem::instance()->wwwImagesDir() ) . '/' . $this->{$attr.'_path'} . $this->$attr; } return $this->$var; break; case 'need_help_image_url_img': case 'online_image_url_img': case 'offline_image_url_img': case 'logo_image_url_img': case 'copyright_image_url_img': case 'operator_image_url_img': case 'popup_image_url_img': case 'close_image_url_img': case 'restore_image_url_img': case 'minimize_image_url_img': $attr = str_replace('_url_img', '', $var); $this->$var = false; if($this->$attr != ''){ $this->$var = '{$attr.'_path'} != '' ? (erLhcoreClassSystem::$httpsMode == true ? 'https:' : 'http:') . '//' . $_SERVER['HTTP_HOST'] . erLhcoreClassSystem::instance()->wwwDir() : erLhcoreClassSystem::instance()->wwwImagesDir() ) .'/'.$this->{$attr.'_path'} . $this->$attr.'""/>'; } return $this->$var; break; case 'notification_icon': case 'notification_icon_path': $configurationArray = $this->notification_configuration_array; if (isset($configurationArray[$var]) && $configurationArray[$var] != '') { $this->$var = $configurationArray[$var]; } else { $this->$var = ''; } return $this->$var; break; case 'notification_icon_url_img': $attr = str_replace('_url_img', '', $var); $configurationArray = $this->notification_configuration_array; if (isset($configurationArray[$attr]) && $configurationArray[$attr] != '') { $this->$var = '{$attr.'_path'} != '' ? erLhcoreClassSystem::instance()->wwwDir() : erLhcoreClassSystem::instance()->wwwImagesDir() ) .'/'.$this->{$attr.'_path'} . $configurationArray[$attr].'""/>'; } else {",True,PHP,__get,erlhabstractmodelwidgettheme.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,GitHub,2022-04-06 13:07:00+03:00,"Migrate to static HTTP_HOST (#1754) Static HTTP_HOST option and security section in update page.",CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-0935,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25905,"public function __get($var) { switch ($var) { case 'configuration_array': $this->configuration_array = array(); if ($this->configuration != ''){ $jsonData = json_decode($this->configuration,true); if ($jsonData !== null) { $this->configuration_array = $jsonData; } else { $this->configuration_array = array(); } } return $this->configuration_array; break; case 'name_support': return $this->name_support = $this->nick; break; case 'has_photo': return $this->filename != ''; break; case 'has_photo_avatar': return $this->filename != '' || $this->avatar != ''; break; case 'photo_path': $this->photo_path = ($this->filepath != '' ? '//' . $_SERVER['HTTP_HOST'] . erLhcoreClassSystem::instance()->wwwDir() : erLhcoreClassSystem::instance()->wwwImagesDir() ) .'/'. $this->filepath . $this->filename; return $this->photo_path; break; case 'file_path_server': return $this->filepath . $this->filename; break; default: break; } }",True,PHP,__get,erlhcoreclassmodelgenericbotbot.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,GitHub,2022-04-06 13:07:00+03:00,"Migrate to static HTTP_HOST (#1754) Static HTTP_HOST option and security section in update page.",CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-0935,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25908,"public function __get($var) { switch ($var) { case 'configuration_array': $this->configuration_array = array(); if ($this->configuration != ''){ $jsonData = json_decode($this->configuration,true); if ($jsonData !== null) { $this->configuration_array = $jsonData; } else { $this->configuration_array = array(); } } return $this->configuration_array; break; case 'name_support': return $this->name_support = $this->nick; break; case 'has_photo': return $this->filename != ''; break; case 'photo_path': $this->photo_path = ($this->filepath != '' ? '//' . $_SERVER['HTTP_HOST'] . erLhcoreClassSystem::instance()->wwwDir() : erLhcoreClassSystem::instance()->wwwImagesDir() ) .'/'. $this->filepath . $this->filename; return $this->photo_path; break; case 'file_path_server': return $this->filepath . $this->filename; break; default: break; } }",True,PHP,__get,erlhcoreclassmodelgenericbottrgroup.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,GitHub,2022-04-06 13:07:00+03:00,"Migrate to static HTTP_HOST (#1754) Static HTTP_HOST option and security section in update page.",CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-0935,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25910,"foreach ($matches[1] as $index => $body) { $parts = explode('_', $body); $fileID = $parts[0]; $hash = $parts[1]; try { $file = erLhcoreClassModelChatFile::fetch($fileID); if (is_object($file) && $hash == $file->security_hash) { $url = (erLhcoreClassSystem::$httpsMode == true ? 'https:' : 'http:') . '//' . $_SERVER['HTTP_HOST'] . erLhcoreClassDesign::baseurldirect('file/downloadfile') . ""/{$file->id}/{$hash}""; $media[] = array( 'id' => $file->id, 'size' => $file->size, 'upload_name' => $file->upload_name, 'type' => $file->type, 'extension' => $file->extension, 'hash' => $hash, 'url' => $url, ); $msg_text_cleaned = str_replace($matches[0][$index],'',$msg_text_cleaned); } } catch (Exception $e) { } }",True,PHP,foreach,fetchchatmessages.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,GitHub,2022-04-06 13:07:00+03:00,"Migrate to static HTTP_HOST (#1754) Static HTTP_HOST option and security section in update page.",CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-0935,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25912,"function generateAutoLoginLink($params){ $dataRequest = array(); $dataRequestAppend = array(); if (isset($params['r'])){ $dataRequest['r'] = $params['r']; $dataRequestAppend[] = '/(r)/'.rawurlencode(base64_encode($params['r'])); } if (isset($params['u']) && is_numeric($params['u'])){ $dataRequest['u'] = $params['u']; $dataRequestAppend[] = '/(u)/'.rawurlencode($params['u']); } if (isset($params['l'])){ $dataRequest['l'] = $params['l']; $dataRequestAppend[] = '/(l)/'.rawurlencode($params['l']); } if (!isset($params['l']) && !isset($params['u'])) { throw new Exception('Username or User ID has to be provided'); } $ts = time() + $params['t']; if (isset($params['t'])) { $dataRequest['t'] = $ts; $dataRequestAppend[] = '/(t)/'.rawurlencode($ts); } $hashValidation = sha1($params['secret_hash'].sha1($params['secret_hash'].implode(',', $dataRequest))); return $_SERVER['HTTP_HOST'] . erLhcoreClassDesign::baseurldirect(""user/autologin"") . ""/{$hashValidation}"".implode('', $dataRequestAppend); }",True,PHP,generateAutoLoginLink,generateautologin.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,GitHub,2022-04-06 13:07:00+03:00,"Migrate to static HTTP_HOST (#1754) Static HTTP_HOST option and security section in update page.",CWE-116,Improper Encoding or Escaping of Output,"The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.",https://cwe.mitre.org/data/definitions/116.html,CVE-2022-0935,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25914,public static function doTablesUpdate($definition){ $updateInformation = self::getTablesStatus($definition); $db = ezcDbInstance::get(); $errorMessages = array(); try { $db->query('SET GLOBAL innodb_strict_mode = 0;'); $db->query('SET GLOBAL innodb_file_per_table=1;'); $db->query('SET GLOBAL innodb_large_prefix=1;'); } catch (Exception $e) { } foreach ($updateInformation as $table => $tableData) { if ($tableData['error'] == true) { foreach ($tableData['queries'] as $query) { try { $db->query($query); } catch (Exception $e) { $errorMessages[] = $e->getMessage(); } } } } return $errorMessages; },True,PHP,doTablesUpdate,lhupdate.php,https://github.com/livehelperchat/livehelperchat,livehelperchat,Remigijus Kiminas,2022-04-27 01:40:03-04:00,3.99v,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1530,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25917,"public function __invoke(UpdateSettingsRequest $request) { $company = Company::find($request->header('company')); $this->authorize('manage company', $company); $companyCurrency = CompanySetting::getSetting('currency', $request->header('company')); $data = $request->settings; if ($companyCurrency !== $data['currency'] && $company->hasTransactions()) { return response()->json([ 'success' => false, 'message' => 'Cannot update company currency after transactions are created.' ]); } CompanySetting::setSettings($data, $request->header('company')); return response()->json([ 'success' => true, ]); }",True,PHP,__invoke,UpdateCompanySettingsController.php,https://github.com/crater-invoice/crater,crater-invoice,harshjagad20,2022-03-04 11:56:03+05:18,Fix tax per item issue & check currency key,NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2022-0514,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25923,"public function rules() { return [ 'upload_receipt' => [ 'nullable', new Base64Mime(['gif', 'jpg', 'png']) ] ]; }",True,PHP,rules,UploadExpenseReceiptRequest.php,https://github.com/crater-invoice/crater,crater-invoice,GitHub,2022-03-22 16:46:55+05:18,"Expense attachment validation fix (#855) https://huntr.dev/bounties/4d7d4fc9-e0cf-42d3-b89c-6ea57a769045/",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-1033,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25925,"public function __invoke(Request $request) { $this->authorize('manage modules'); $path = ModuleInstaller::unzip($request->module, $request->path); return response()->json([ 'success' => true, 'path' => $path ]); }",True,PHP,__invoke,UnzipModuleController.php,https://github.com/crater-invoice/crater,crater-invoice,GitHub,2022-03-29 12:43:35+05:18,"Module upload validation (#857) https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622/",CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-1032,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25926,public function __invoke(Request $request) { $this->authorize('manage modules'); $response = ModuleInstaller::upload($request); return response()->json($response); },True,PHP,__invoke,UploadModuleController.php,https://github.com/crater-invoice/crater,crater-invoice,GitHub,2022-03-29 12:43:35+05:18,"Module upload validation (#857) https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622/",CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-1032,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25934,"public function __invoke(Request $request, Expense $expense) { $this->authorize('update', $expense); $data = json_decode($request->attachment_receipt); if ($data) { if ($request->type === 'edit') { $expense->clearMediaCollection('receipts'); } $expense->addMediaFromBase64($data->data) ->usingFileName($data->name) ->toMediaCollection('receipts'); } return response()->json([ 'success' => 'Expense receipts uploaded successfully', ], 200); }",True,PHP,__invoke,UploadReceiptController.php,https://github.com/crater-invoice/crater,crater-invoice,GitHub,2021-12-29 17:51:20+05:18,"Unrestricted php file upload fix (#681) https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db/",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2021-4080,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25935,"public function __invoke(Request $request, Expense $expense) { $this->authorize('update', $expense); $data = json_decode($request->attachment_receipt); if ($data) { if ($request->type === 'edit') { $expense->clearMediaCollection('receipts'); } $expense->addMediaFromBase64($data->data) ->usingFileName($data->name) ->toMediaCollection('receipts'); } return response()->json([ 'success' => 'Expense receipts uploaded successfully', ], 200); }",True,PHP,__invoke,UploadReceiptController.php,https://github.com/crater-invoice/crater,crater-invoice,GitHub,2021-12-29 17:51:20+05:18,"Unrestricted php file upload fix (#681) https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db/",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0372,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25938,public function uploadAvatar(Request $request) { $user = auth()->user(); if ($user && $request->hasFile('admin_avatar')) { $user->clearMediaCollection('admin_avatar'); $user->addMediaFromRequest('admin_avatar') ->toMediaCollection('admin_avatar'); } if ($user && $request->has('avatar')) { $data = json_decode($request->avatar); $user->clearMediaCollection('admin_avatar'); $user->addMediaFromBase64($data->data) ->usingFileName($data->name) ->toMediaCollection('admin_avatar'); } return new UserResource($user); },True,PHP,uploadAvatar,CompanyController.php,https://github.com/crater-invoice/crater,crater-invoice,GitHub,2021-12-29 17:51:20+05:18,"Unrestricted php file upload fix (#681) https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db/",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2021-4080,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25939,public function uploadAvatar(Request $request) { $user = auth()->user(); if ($user && $request->hasFile('admin_avatar')) { $user->clearMediaCollection('admin_avatar'); $user->addMediaFromRequest('admin_avatar') ->toMediaCollection('admin_avatar'); } if ($user && $request->has('avatar')) { $data = json_decode($request->avatar); $user->clearMediaCollection('admin_avatar'); $user->addMediaFromBase64($data->data) ->usingFileName($data->name) ->toMediaCollection('admin_avatar'); } return new UserResource($user); },True,PHP,uploadAvatar,CompanyController.php,https://github.com/crater-invoice/crater,crater-invoice,GitHub,2021-12-29 17:51:20+05:18,"Unrestricted php file upload fix (#681) https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db/",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0372,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25942,"public function uploadCompanyLogo(Request $request) { $company = Company::find($request->header('company')); $this->authorize('manage company', $company); $data = json_decode($request->company_logo); if ($data) { $company = Company::find($request->header('company')); if ($company) { $company->clearMediaCollection('logo'); $company->addMediaFromBase64($data->data) ->usingFileName($data->name) ->toMediaCollection('logo'); } } return response()->json([ 'success' => true, ]); }",True,PHP,uploadCompanyLogo,CompanyController.php,https://github.com/crater-invoice/crater,crater-invoice,GitHub,2021-12-29 17:51:20+05:18,"Unrestricted php file upload fix (#681) https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db/",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2021-4080,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25943,"public function uploadCompanyLogo(Request $request) { $company = Company::find($request->header('company')); $this->authorize('manage company', $company); $data = json_decode($request->company_logo); if ($data) { $company = Company::find($request->header('company')); if ($company) { $company->clearMediaCollection('logo'); $company->addMediaFromBase64($data->data) ->usingFileName($data->name) ->toMediaCollection('logo'); } } return response()->json([ 'success' => true, ]); }",True,PHP,uploadCompanyLogo,CompanyController.php,https://github.com/crater-invoice/crater,crater-invoice,GitHub,2021-12-29 17:51:20+05:18,"Unrestricted php file upload fix (#681) https://huntr.dev/bounties/d7453360-baca-4e56-985f-481275fa38db/",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0372,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25960,"public function delete(DeleteInvoiceRequest $request) { $this->authorize('delete multiple invoices'); Invoice::destroy($request->ids); return response()->json([ 'success' => true, ]); }",True,PHP,delete,InvoicesController.php,https://github.com/crater-invoice/crater,crater-invoice,jayvirsinh_gohil,2022-01-13 12:11:26+05:18,solve payment method delete issue,CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-0203,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25962,"public function destroy(PaymentMethod $paymentMethod) { $this->authorize('delete', $paymentMethod); $payments = $paymentMethod->payments; if ($payments->count() > 0) { return respondJson('payments_attached', 'Payments Attached.'); } $paymentMethod->delete(); return response()->json([ 'success' => 'Payment method deleted successfully', ]); }",True,PHP,destroy,PaymentMethodsController.php,https://github.com/crater-invoice/crater,crater-invoice,jayvirsinh_gohil,2022-01-13 12:11:26+05:18,solve payment method delete issue,CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-0203,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25967,public function validateRequest(App\Request $request) { $request->validateReadAccess(); },True,PHP,validateRequest,Logout.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Mariusz Krzaczkowski,2021-12-10 10:29:46+01:00,Added minor improvements,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-4092,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25968,"public function getValidator() { $validator = []; $fieldName = $this->getName(); switch ($fieldName) { case 'birthday': $funcName = ['name' => 'lessThanToday']; $validator[] = $funcName; break; case 'targetenddate': case 'actualenddate': case 'enddate': $funcName = ['name' => 'greaterThanDependentField', 'params' => ['startdate'], ]; $validator[] = $funcName; break; case 'startdate': if ('Project' === $this->getModule()->get('name')) { $params = ['targetenddate']; } else { $params = ['enddate']; } $funcName = ['name' => 'lessThanDependentField', 'params' => $params, ]; $validator[] = $funcName; break; case 'expiry_date': case 'due_date': $funcName = ['name' => 'greaterThanDependentField', 'params' => ['start_date'], ]; $validator[] = $funcName; break; case 'sales_end_date': $funcName = ['name' => 'greaterThanDependentField', 'params' => ['sales_start_date'], ]; $validator[] = $funcName; break; case 'sales_start_date': $funcName = ['name' => 'lessThanDependentField', 'params' => ['sales_end_date'], ]; $validator[] = $funcName; break; case 'qty_per_unit': case 'qtyindemand': case 'hours': case 'days': $funcName = ['name' => 'PositiveNumber']; $validator[] = $funcName; break; case 'employees': $funcName = ['name' => 'WholeNumber']; $validator[] = $funcName; break; case 'related_to': $funcName = ['name' => 'ReferenceField']; $validator[] = $funcName; break; case 'end_period': $funcName1 = ['name' => 'greaterThanDependentField', 'params' => ['start_period'], ]; $validator[] = $funcName1; $funcName2 = ['name' => 'lessThanDependentField', 'params' => ['duedate'], ]; $validator[] = $funcName2; case 'start_period': $funcName = ['name' => 'lessThanDependentField', 'params' => ['end_period'], ]; $validator[] = $funcName; break; default: break; } return $validator; }",True,PHP,getValidator,Field.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Radosław Skrzypczak,2021-12-13 14:43:29+01:00,Improved validation for multi-currency fields,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-4111,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25969,"$fieldPickListValues[$value] = \App\Language::translate($value, $this->getModuleName(),false,false); } if ('picklist' === $fieldDataType) { $fieldValue = $this->get('fieldvalue'); if (!empty($fieldValue) && !isset($fieldPickListValues[$fieldValue])) { $fieldPickListValues[$fieldValue] = \App\Language::translate($fieldValue, $this->getModuleName(),false,false); $this->set('isEditableReadOnly', true); } } } elseif (method_exists($this->getUITypeModel(), 'getPicklistValues')) {",True,PHP,translate,Field.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Radosław Skrzypczak,2021-12-13 14:43:29+01:00,Improved validation for multi-currency fields,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-4111,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25972,"$params = ['uitype' => 71, 'displaytype' => 1, 'typeofdata' => 'N~O', 'isEditableReadOnly' => false, 'maximumlength' => '99999999999999999'];",True,PHP,$params,MultiCurrency.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Radosław Skrzypczak,2021-12-13 14:43:29+01:00,Improved validation for multi-currency fields,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-4111,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25974,"public function validate($value, $isUserFormat = false) { if (empty($value)) { return; } if (\is_string($value)) { $value = \App\Json::decode($value); } if (!\is_array($value)) { throw new \App\Exceptions\Security('ERR_ILLEGAL_FIELD_VALUE||' . $this->getFieldModel()->getFieldName() . '||' . $this->getFieldModel()->getModuleName() . '||' . $value, 406); } $currencies = \App\Fields\Currency::getAll(true); foreach ($value['currencies'] ?? [] as $id => $currency) { if (!isset($currencies[$id])) { throw new \App\Exceptions\Security('ERR_ILLEGAL_FIELD_VALUE||' . $this->getFieldModel()->getFieldName() . '||' . $this->getFieldModel()->getModuleName() . '||' . $id, 406); } $price = $currency['price']; if ($isUserFormat) { $price = App\Fields\Double::formatToDb($price); } if (!is_numeric($price)) { throw new \App\Exceptions\Security('ERR_ILLEGAL_FIELD_VALUE||' . $this->getFieldModel()->getFieldName() . '||' . $this->getFieldModel()->getModuleName() . '||' . $price, 406); } } }",True,PHP,validate,MultiCurrency.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Radosław Skrzypczak,2021-12-13 14:43:29+01:00,Improved validation for multi-currency fields,CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-4111,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25976,public function __construct() { parent::__construct(); $this->exposeMethod('getOwners'); $this->exposeMethod('getReference'); $this->exposeMethod('getUserRole'); $this->exposeMethod('verifyPhoneNumber'); $this->exposeMethod('findAddress'); $this->exposeMethod('verifyIsHolidayDate'); $this->exposeMethod('changeFavoriteOwner'); },True,PHP,__construct,Fields.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Mariusz Krzaczkowski,2021-12-13 15:18:13+01:00,Added additional data validation in the wysiwyg editor when inputting data in the source.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-4107,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25979,"private function validateImageMetadata($data) { if (\is_array($data)) { foreach ($data as $value) { if (!$this->validateImageMetadata($value)) { return false; } } } else { if (1 === preg_match('/(<\?php?(.*?))/i', $data) || false !== stripos($data, 'params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25980,"private function validateCodeInjection() { $shortMimeType = $this->getShortMimeType(0); if ($this->validateAllCodeInjection || \in_array($shortMimeType, static::$phpInjection)) { $contents = $this->getContents(); if ((1 === preg_match('/(<\?php?(.*?))/si', $contents) || false !== stripos($contents, 'searchCodeInjection() ) { throw new \App\Exceptions\DangerousFile('ERR_FILE_PHP_CODE_INJECTION'); } } }",True,PHP,validateCodeInjection,File.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Mariusz Krzaczkowski,2021-12-14 14:20:27+01:00,Improved validation of uploaded files,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-4116,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25982,"private function validateCodeInjectionInMetadata() { if ( \function_exists('exif_read_data') && \in_array($this->getMimeType(), ['image/jpeg', 'image/tiff']) && \in_array(exif_imagetype($this->path), [IMAGETYPE_JPEG, IMAGETYPE_TIFF_II, IMAGETYPE_TIFF_MM]) ) { $imageSize = getimagesize($this->path, $imageInfo); if ( $imageSize && (empty($imageInfo['APP1']) || 0 === strpos($imageInfo['APP1'], 'Exif')) && ($exifdata = exif_read_data($this->path)) && !$this->validateImageMetadata($exifdata) ) { throw new \App\Exceptions\DangerousFile('ERR_FILE_PHP_CODE_INJECTION'); } } }",True,PHP,validateCodeInjectionInMetadata,File.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Mariusz Krzaczkowski,2021-12-14 14:20:27+01:00,Improved validation of uploaded files,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-4116,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25984,"public function validate($type = false) { $return = true; try { if ($type && $this->getShortMimeType(0) !== $type) { throw new \App\Exceptions\DangerousFile('ERR_FILE_ILLEGAL_FORMAT'); } $this->checkFile(); if (!empty($this->validateAllowedFormat)) { $this->validateFormat(); } $this->validateCodeInjection(); if (($type && 'image' === $type) || 'image' === $this->getShortMimeType(0)) { $this->validateImage(); } } catch (\Exception $e) { $return = false; $message = $e->getMessage(); if (false === strpos($message, '||')) { $message = \App\Language::translateSingleMod($message, 'Other.Exceptions'); } else { $params = explode('||', $message); $message = \call_user_func_array('vsprintf', [\App\Language::translateSingleMod(array_shift($params), 'Other.Exceptions'), $params]); } $this->validateError = $message; Log::error(""Error: {$e->getMessage()} | {$this->getName()} | {$this->getSize()}"", __CLASS__); } return $return; }",True,PHP,validate,File.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Mariusz Krzaczkowski,2021-12-14 14:20:27+01:00,Improved validation of uploaded files,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-4116,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25988,public static function loadFromPath($path) { $instance = new self(); $instance->name = basename($path); $instance->path = $path; return $instance; },True,PHP,loadFromPath,File.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Mariusz Krzaczkowski,2021-12-14 14:20:27+01:00,Improved validation of uploaded files,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-4116,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25990,public function __construct() { $this->headers = \App\Controller\Headers::getInstance(); if (!self::$activatedLocale && \App\Config::performance('CHANGE_LOCALE')) { \App\Language::initLocale(); self::$activatedLocale = true; } if (!self::$activatedCsrf) { if ($this->csrfActive && \App\Config::security('csrfActive')) { require_once 'config/csrf_config.php'; \CsrfMagic\Csrf::init(); $this->csrfActive = true; } else { $this->csrfActive = false; } self::$activatedCsrf = true; } },True,PHP,__construct,Base.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Radosław Skrzypczak,2022-01-18 12:25:46+01:00,Improved CSRF protection,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-0269,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25992,public function validateWriteAccess($skipRequestTypeCheck = false) { if (!$skipRequestTypeCheck && 'POST' !== $_SERVER['REQUEST_METHOD']) { throw new \App\Exceptions\Csrf('Invalid request - validate Write Access'); } $this->validateReadAccess(); if (class_exists('CSRFConfig') && !\CsrfMagic\Csrf::check(false)) { throw new \App\Exceptions\Csrf('Unsupported request'); } },True,PHP,validateWriteAccess,Request.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Radosław Skrzypczak,2022-01-18 12:25:46+01:00,Improved CSRF protection,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-0269,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25993,"\CsrfMagic\Csrf::$callback = function ($tokens) { throw new \App\Exceptions\AppException('Invalid request - Response For Illegal Access', 403); };",True,PHP,$callback,csrf_config.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Radosław Skrzypczak,2022-01-18 12:25:46+01:00,Improved CSRF protection,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-0269,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25994,"public static function startup() { \CsrfMagic\Csrf::$expires = 259200; \CsrfMagic\Csrf::$callback = function ($tokens) { throw new \App\Exceptions\AppException('Invalid request - Response For Illegal Access', 403); }; $js = 'vendor/yetiforce/csrf-magic/src/Csrf.min.js'; if (!IS_PUBLIC_DIR) { $js = 'public_html/' . $js; } \CsrfMagic\Csrf::$dirSecret = __DIR__; \CsrfMagic\Csrf::$rewriteJs = $js; \CsrfMagic\Csrf::$cspToken = \App\Session::get('CSP_TOKEN'); \CsrfMagic\Csrf::$frameBreaker = \Config\Security::$csrfFrameBreaker; \CsrfMagic\Csrf::$windowVerification = \Config\Security::$csrfFrameBreakerWindow; if (static::isAjax()) { \CsrfMagic\Csrf::$frameBreaker = false; \CsrfMagic\Csrf::$rewriteJs = null; } }",True,PHP,startup,csrf_config.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Radosław Skrzypczak,2022-01-18 12:25:46+01:00,Improved CSRF protection,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-0269,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25997,"$contentType = str_replace('data:', '', $cur); } } } else {",True,PHP,str_replace,File.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Mariusz Krzaczkowski,2022-05-05 11:49:50+02:00,Added validation to pasted files to the wysiwyg editor,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-1411,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 25999,"public function validateByMode(App\Request $request) { if ($request->isEmpty('purifyMode') || !$request->has('value')) { throw new \App\Exceptions\NoPermitted('ERR_ILLEGAL_VALUE', 406); } $response = new Vtiger_Response(); $response->setResult([ 'raw' => $request->getByType('value', $request->getByType('purifyMode')), ]); $response->emit(); }",True,PHP,validateByMode,Fields.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Mariusz Krzaczkowski,2022-05-05 11:49:50+02:00,Added validation to pasted files to the wysiwyg editor,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-1411,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26000,"public function findAddress(App\Request $request) { $instance = \App\Map\Address::getInstance($request->getByType('type')); $response = new Vtiger_Response(); if ($instance) { $response->setResult($instance->find($request->getByType('value', 'Text'))); } $response->emit(); }",True,PHP,findAddress,Fields.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Mariusz Krzaczkowski,2022-05-05 11:49:50+02:00,Added validation to pasted files to the wysiwyg editor,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-1411,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26002,"public function verifyPhoneNumber(App\Request $request) { if ('phone' !== $this->fieldModel->getFieldDataType()) { throw new \App\Exceptions\NoPermitted('ERR_NO_PERMISSIONS_TO_FIELD'); } $response = new Vtiger_Response(); $data = ['isValidNumber' => false]; if ($request->isEmpty('phoneCountry', true)) { $data['message'] = \App\Language::translate('LBL_NO_PHONE_COUNTRY'); } if (empty($data['message'])) { try { $data = App\Fields\Phone::verifyNumber($request->getByType('phoneNumber', 'Text'), $request->getByType('phoneCountry', 1)); } catch (\App\Exceptions\FieldException $e) { $data = ['isValidNumber' => false]; } } if (!$data['isValidNumber'] && empty($data['message'])) { $data['message'] = \App\Language::translate('LBL_INVALID_PHONE_NUMBER'); } $response->setResult($data); $response->emit(); }",True,PHP,verifyPhoneNumber,Fields.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Mariusz Krzaczkowski,2022-05-05 11:49:50+02:00,Added validation to pasted files to the wysiwyg editor,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-1411,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26003,"public function validateForField(App\Request $request) { $fieldModel = Vtiger_Module_Model::getInstance($request->getModule())->getFieldByName($request->getByType('fieldName', 2)); if (!$fieldModel || !$fieldModel->isActiveField() || !$fieldModel->isViewEnabled()) { throw new \App\Exceptions\NoPermitted('ERR_NO_PERMISSIONS_TO_FIELD', 406); } $recordModel = \Vtiger_Record_Model::getCleanInstance($fieldModel->getModuleName()); $fieldModel->getUITypeModel()->setValueFromRequest($request, $recordModel, 'fieldValue'); $response = new Vtiger_Response(); $response->setResult([ 'raw' => $recordModel->get($fieldModel->getName()), 'display' => $recordModel->getDisplayValue($fieldModel->getName()), ]); $response->emit(); }",True,PHP,validateForField,Fields.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Mariusz Krzaczkowski,2022-05-05 11:49:50+02:00,Added validation to pasted files to the wysiwyg editor,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-1411,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26005,"public function setRssValues($rss) { $this->set('rsstitle', \App\Purifier::purifyByType((string) $rss->title, 'Text')); $this->set('url', $rss->link); }",True,PHP,setRssValues,Record.php,https://github.com/yetiforcecompany/yetiforcecrm,yetiforcecompany,Mariusz Krzaczkowski,2022-08-13 10:18:52+02:00,Improved input data cleanup,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-2885,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26012,"protected function loadPreferences() { if ($this->user_preferences === null) { if (!$this->getUser()) { return false; } $this->user_preferences = array(); foreach ( $this->db_connection->query('SELECT `key`,`value` FROM `' . PSM_DB_PREFIX . 'users_preferences` WHERE `user_id` = ' . $this->user_id) as $row ) { $this->user_preferences[$row['key']] = $row['value']; } } return true; }",True,PHP,loadPreferences,User.php,https://github.com/phpservermon/phpservermon,phpservermon,Tim Zandbergen,2021-06-23 22:05:58+02:00,"SECURITY: Replaced mt_rand with random_bytes https://huntr.dev/bounties/1-phpservermon/phpservermon/ CWE-1241: Use of Predictable Algorithm in Random Number Generator",CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-4241,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26013,"private function loginWithCookieData() { if (isset($_COOKIE['rememberme'])) { list ($user_id, $token, $hash) = explode(':', $_COOKIE['rememberme']); if ($hash == hash('sha256', $user_id . ':' . $token . PSM_LOGIN_COOKIE_SECRET_KEY) && !empty($token)) { $user = $this->getUser($user_id); if (!empty($user) && $token === $user->rememberme_token) { $this->setUserLoggedIn($user->user_id, true); $this->newRememberMeCookie(); return true; } } $this->doLogout(); } return false; }",True,PHP,loginWithCookieData,User.php,https://github.com/phpservermon/phpservermon,phpservermon,Tim Zandbergen,2021-06-23 22:05:58+02:00,"SECURITY: Replaced mt_rand with random_bytes https://huntr.dev/bounties/1-phpservermon/phpservermon/ CWE-1241: Use of Predictable Algorithm in Random Number Generator",CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-4241,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26015,"public function loginWithPostData($user_name, $user_password, $user_rememberme = false) { $user_name = trim($user_name); $user_password = trim($user_password); $ldapauthstatus = false; if (empty($user_name) && empty($user_password)) { return false; } $dirauthconfig = psm_get_conf('dirauth_status'); if ($dirauthconfig === '1') { $ldaplibpath = realpath( PSM_PATH_SRC . '..' . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'viharm' . DIRECTORY_SEPARATOR . 'psm-ldap-auth' . DIRECTORY_SEPARATOR . 'psmldapauth.php' ); if ($ldaplibpath) { include_once($ldaplibpath); $ldapauthstatus = psmldapauth($user_name, $user_password, $GLOBALS['sm_config'], $this->db_connection); } } $user = $this->getUserByUsername($user_name); if ($ldapauthstatus === true) { $user_password = null; @fn_Debug('Authenticated', $user); } else { if (!isset($user->user_id)) { password_verify($user_password, 'dummy_call_against_timing'); return false; } elseif (!password_verify($user_password, $user->password)) { return false; } } $this->setUserLoggedIn($user->user_id, true); if ($user_rememberme) { $this->newRememberMeCookie(); } if (defined('PSM_LOGIN_HASH_COST_FACTOR')) { if (password_needs_rehash($user->password, PASSWORD_DEFAULT, array('cost' => PSM_LOGIN_HASH_COST_FACTOR))) { $this->changePassword($user->user_id, $user_password); } } return true; }",True,PHP,loginWithPostData,User.php,https://github.com/phpservermon/phpservermon,phpservermon,Tim Zandbergen,2021-06-23 22:06:34+02:00,"SECURITY: Replaced mt_rand with random_bytes https://huntr.dev/bounties/2-phpservermon/phpservermon/ CWE-1241: Use of Predictable Algorithm in Random Number Generator",CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-4240,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26017,"public function generatePasswordResetToken($user_id) { $user_id = intval($user_id); if ($user_id == 0) { return false; } $temporary_timestamp = time(); $user_password_reset_hash = sha1(uniqid(mt_rand(), true)); $query_update = $this->db_connection->prepare('UPDATE ' . PSM_DB_PREFIX . 'users SET password_reset_hash = :user_password_reset_hash, password_reset_timestamp = :user_password_reset_timestamp WHERE user_id = :user_id'); $query_update->bindValue(':user_password_reset_hash', $user_password_reset_hash, \PDO::PARAM_STR); $query_update->bindValue(':user_password_reset_timestamp', $temporary_timestamp, \PDO::PARAM_INT); $query_update->bindValue(':user_id', $user_id, \PDO::PARAM_INT); $query_update->execute(); if ($query_update->rowCount() == 1) { return $user_password_reset_hash; } else { return false; } }",True,PHP,generatePasswordResetToken,User.php,https://github.com/phpservermon/phpservermon,phpservermon,Tim Zandbergen,2021-06-23 22:06:34+02:00,"SECURITY: Replaced mt_rand with random_bytes https://huntr.dev/bounties/2-phpservermon/phpservermon/ CWE-1241: Use of Predictable Algorithm in Random Number Generator",CWE-330,Use of Insufficiently Random Values,The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.,https://cwe.mitre.org/data/definitions/330.html,CVE-2021-4240,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26021,"$backup = ['sys' => $GLOBALS['TYPO3_CONF_VARS']['SYS'], 'server' => $_SERVER];",True,PHP,$backup,GeneralUtilityTest.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2021-10-05 13:02:47+02:00,"[SECURITY] Verify HTTP_HOST via FE/BE middleware Avoid a dependency cycle between HTTP_HOST generation and verification. As $GLOBALS['TYPO3_REQUEST'] is not available during ServerRequestFactory::fromGlobals(), HTTP_HOST verification can not be performed at that point. It is therefore delayed into a context aware middleware instead of being skipped because of missing $GLOBALS. Positive advantage of moving the verification into frontend and backend middlewares, is that context checks to exclude CLI/installtool can be dropped. As a side effect this also fixes the frontend to installtool redirect if TYPO3 is not yet configured and running with an invalid SERVER_NAME, as ServerRequestFactory::fromGlobals() doesn't fail. Releases: master Resolves: #95395 Change-Id: Idd3a3449a878cd625dad0d04892d9f0e710ca1a9 Security-Bulletin: TYPO3-CORE-SA-2021-015 Security-References: CVE-2021-41114 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/71438 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-41114,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26022,"$backup = ['sys' => $GLOBALS['TYPO3_CONF_VARS']['SYS'], 'server' => $_SERVER];",True,PHP,$backup,GeneralUtilityTest.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2021-10-05 13:02:47+02:00,"[SECURITY] Verify HTTP_HOST via FE/BE middleware Avoid a dependency cycle between HTTP_HOST generation and verification. As $GLOBALS['TYPO3_REQUEST'] is not available during ServerRequestFactory::fromGlobals(), HTTP_HOST verification can not be performed at that point. It is therefore delayed into a context aware middleware instead of being skipped because of missing $GLOBALS. Positive advantage of moving the verification into frontend and backend middlewares, is that context checks to exclude CLI/installtool can be dropped. As a side effect this also fixes the frontend to installtool redirect if TYPO3 is not yet configured and running with an invalid SERVER_NAME, as ServerRequestFactory::fromGlobals() doesn't fail. Releases: master Resolves: #95395 Change-Id: Idd3a3449a878cd625dad0d04892d9f0e710ca1a9 Security-Bulletin: TYPO3-CORE-SA-2021-015 Security-References: CVE-2021-41114 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/71438 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-644,Improper Neutralization of HTTP Headers for Scripting Syntax,"The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.",https://cwe.mitre.org/data/definitions/644.html,CVE-2021-41114,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26027,"protected function checkTrustedHostPattern() { if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] === GeneralUtility::ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL) { $this->messageQueue->enqueue(new FlashMessage( 'Trusted hosts pattern is configured to allow all header values. Check the pattern defined in Admin' . ' Tools -> Settings -> Configure Installation-Wide Options -> System -> trustedHostsPattern' . ' and adapt it to expected host value(s).', 'Trusted hosts pattern is insecure', FlashMessage::WARNING )); } else { if (GeneralUtility::hostHeaderValueMatchesTrustedHostsPattern($_SERVER['HTTP_HOST'])) { $this->messageQueue->enqueue(new FlashMessage( '', 'Trusted hosts pattern is configured to allow current host value.' )); } else { $this->messageQueue->enqueue(new FlashMessage( 'The trusted hosts pattern will be configured to allow all header values. This is because your $SERVER_NAME:$SERVER_PORT' . ' is ""' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . '"" while your HTTP_HOST is ""' . $_SERVER['HTTP_HOST'] . '"". Check the pattern defined in Admin' . ' Tools -> Settings -> Configure Installation-Wide Options -> System -> trustedHostsPattern' . ' and adapt it to expected host value(s).', 'Trusted hosts pattern mismatch', FlashMessage::ERROR )); } } }",True,PHP,checkTrustedHostPattern,SetupCheck.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2021-10-05 13:02:47+02:00,"[SECURITY] Verify HTTP_HOST via FE/BE middleware Avoid a dependency cycle between HTTP_HOST generation and verification. As $GLOBALS['TYPO3_REQUEST'] is not available during ServerRequestFactory::fromGlobals(), HTTP_HOST verification can not be performed at that point. It is therefore delayed into a context aware middleware instead of being skipped because of missing $GLOBALS. Positive advantage of moving the verification into frontend and backend middlewares, is that context checks to exclude CLI/installtool can be dropped. As a side effect this also fixes the frontend to installtool redirect if TYPO3 is not yet configured and running with an invalid SERVER_NAME, as ServerRequestFactory::fromGlobals() doesn't fail. Releases: master Resolves: #95395 Change-Id: Idd3a3449a878cd625dad0d04892d9f0e710ca1a9 Security-Bulletin: TYPO3-CORE-SA-2021-015 Security-References: CVE-2021-41114 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/71438 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-20,Improper Input Validation,"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.",https://cwe.mitre.org/data/definitions/20.html,CVE-2021-41114,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26028,"protected function checkTrustedHostPattern() { if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] === GeneralUtility::ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL) { $this->messageQueue->enqueue(new FlashMessage( 'Trusted hosts pattern is configured to allow all header values. Check the pattern defined in Admin' . ' Tools -> Settings -> Configure Installation-Wide Options -> System -> trustedHostsPattern' . ' and adapt it to expected host value(s).', 'Trusted hosts pattern is insecure', FlashMessage::WARNING )); } else { if (GeneralUtility::hostHeaderValueMatchesTrustedHostsPattern($_SERVER['HTTP_HOST'])) { $this->messageQueue->enqueue(new FlashMessage( '', 'Trusted hosts pattern is configured to allow current host value.' )); } else { $this->messageQueue->enqueue(new FlashMessage( 'The trusted hosts pattern will be configured to allow all header values. This is because your $SERVER_NAME:$SERVER_PORT' . ' is ""' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . '"" while your HTTP_HOST is ""' . $_SERVER['HTTP_HOST'] . '"". Check the pattern defined in Admin' . ' Tools -> Settings -> Configure Installation-Wide Options -> System -> trustedHostsPattern' . ' and adapt it to expected host value(s).', 'Trusted hosts pattern mismatch', FlashMessage::ERROR )); } } }",True,PHP,checkTrustedHostPattern,SetupCheck.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2021-10-05 13:02:47+02:00,"[SECURITY] Verify HTTP_HOST via FE/BE middleware Avoid a dependency cycle between HTTP_HOST generation and verification. As $GLOBALS['TYPO3_REQUEST'] is not available during ServerRequestFactory::fromGlobals(), HTTP_HOST verification can not be performed at that point. It is therefore delayed into a context aware middleware instead of being skipped because of missing $GLOBALS. Positive advantage of moving the verification into frontend and backend middlewares, is that context checks to exclude CLI/installtool can be dropped. As a side effect this also fixes the frontend to installtool redirect if TYPO3 is not yet configured and running with an invalid SERVER_NAME, as ServerRequestFactory::fromGlobals() doesn't fail. Releases: master Resolves: #95395 Change-Id: Idd3a3449a878cd625dad0d04892d9f0e710ca1a9 Security-Bulletin: TYPO3-CORE-SA-2021-015 Security-References: CVE-2021-41114 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/71438 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-644,Improper Neutralization of HTTP Headers for Scripting Syntax,"The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.",https://cwe.mitre.org/data/definitions/644.html,CVE-2021-41114,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26030,"public function getFileIdentifiersInFolder($folderIdentifier, $useFilters = true, $recursive = false) { $filters = $useFilters == true ? $this->fileAndFolderNameFilters : []; return $this->driver->getFilesInFolder($folderIdentifier, 0, 0, $recursive, $filters); }",True,PHP,getFileIdentifiersInFolder,ResourceStorage.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2022-06-14 09:13:00+02:00,"[SECURITY] Restrict export functionality to allowed users The import functionality of the import/export module is already restricted to admin users or users, who explicitly have access through the user TSConfig setting ""options.impexp.enableImportForNonAdminUser"". The export functionality has the following security drawbacks: * Export for editors is not limited on field level * The ""Save to filename"" functionality saves to a shared folder, which other editors with different access rights may have access to. Both issues are not easy to resolve and also the target audience for the Import/Export functionality are mainly TYPO3 admins. Therefore, now also the export functionality is restricted to TYPO3 admin users and to users, who explicitly have access through the new user TSConfig setting ""options.impexp.enableExportForNonAdminUser"". Additionally, the contents of the temporary ""importexport"" folder in file storages is now only visible to users who have access to the export functionality. In general, it is recommended to only install the Import/Export extension when the functionality is required. Resolves: #94951 Releases: main, 11.5, 10.4 Change-Id: Iae020baf051aeec0613366687aa8ebcbf9b3d8b2 Security-Bulletin: TYPO3-CORE-SA-2022-001 Security-References: CVE-2022-31046 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74902 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-319,Cleartext Transmission of Sensitive Information,The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.,https://cwe.mitre.org/data/definitions/319.html,CVE-2022-31046,"function delete_vendor() { global $db; if (!empty($this->params['id'])){ $db->delete('vendor', 'id =' .$this->params['id']); } expHistory::back(); }" 26034,"public function countFoldersInFolder(Folder $folder, $useFilters = true, $recursive = false) { $this->assureFolderReadPermission($folder); $filters = $useFilters ? $this->fileAndFolderNameFilters : []; return $this->driver->countFoldersInFolder($folder->getIdentifier(), $recursive, $filters); }",True,PHP,countFoldersInFolder,ResourceStorage.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2022-06-14 09:13:00+02:00,"[SECURITY] Restrict export functionality to allowed users The import functionality of the import/export module is already restricted to admin users or users, who explicitly have access through the user TSConfig setting ""options.impexp.enableImportForNonAdminUser"". The export functionality has the following security drawbacks: * Export for editors is not limited on field level * The ""Save to filename"" functionality saves to a shared folder, which other editors with different access rights may have access to. Both issues are not easy to resolve and also the target audience for the Import/Export functionality are mainly TYPO3 admins. Therefore, now also the export functionality is restricted to TYPO3 admin users and to users, who explicitly have access through the new user TSConfig setting ""options.impexp.enableExportForNonAdminUser"". Additionally, the contents of the temporary ""importexport"" folder in file storages is now only visible to users who have access to the export functionality. In general, it is recommended to only install the Import/Export extension when the functionality is required. Resolves: #94951 Releases: main, 11.5, 10.4 Change-Id: Iae020baf051aeec0613366687aa8ebcbf9b3d8b2 Security-Bulletin: TYPO3-CORE-SA-2022-001 Security-References: CVE-2022-31046 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74902 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-319,Cleartext Transmission of Sensitive Information,The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.,https://cwe.mitre.org/data/definitions/319.html,CVE-2022-31046,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26035,"public function getFolderIdentifiersInFolder($folderIdentifier, $useFilters = true, $recursive = false) { $filters = $useFilters == true ? $this->fileAndFolderNameFilters : []; return $this->driver->getFoldersInFolder($folderIdentifier, 0, 0, $recursive, $filters); }",True,PHP,getFolderIdentifiersInFolder,ResourceStorage.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2022-06-14 09:13:00+02:00,"[SECURITY] Restrict export functionality to allowed users The import functionality of the import/export module is already restricted to admin users or users, who explicitly have access through the user TSConfig setting ""options.impexp.enableImportForNonAdminUser"". The export functionality has the following security drawbacks: * Export for editors is not limited on field level * The ""Save to filename"" functionality saves to a shared folder, which other editors with different access rights may have access to. Both issues are not easy to resolve and also the target audience for the Import/Export functionality are mainly TYPO3 admins. Therefore, now also the export functionality is restricted to TYPO3 admin users and to users, who explicitly have access through the new user TSConfig setting ""options.impexp.enableExportForNonAdminUser"". Additionally, the contents of the temporary ""importexport"" folder in file storages is now only visible to users who have access to the export functionality. In general, it is recommended to only install the Import/Export extension when the functionality is required. Resolves: #94951 Releases: main, 11.5, 10.4 Change-Id: Iae020baf051aeec0613366687aa8ebcbf9b3d8b2 Security-Bulletin: TYPO3-CORE-SA-2022-001 Security-References: CVE-2022-31046 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74902 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-319,Cleartext Transmission of Sensitive Information,The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.,https://cwe.mitre.org/data/definitions/319.html,CVE-2022-31046,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26036,"public function countFilesInFolder(Folder $folder, $useFilters = true, $recursive = false) { $this->assureFolderReadPermission($folder); $filters = $useFilters ? $this->fileAndFolderNameFilters : []; return $this->driver->countFilesInFolder($folder->getIdentifier(), $recursive, $filters); }",True,PHP,countFilesInFolder,ResourceStorage.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2022-06-14 09:13:00+02:00,"[SECURITY] Restrict export functionality to allowed users The import functionality of the import/export module is already restricted to admin users or users, who explicitly have access through the user TSConfig setting ""options.impexp.enableImportForNonAdminUser"". The export functionality has the following security drawbacks: * Export for editors is not limited on field level * The ""Save to filename"" functionality saves to a shared folder, which other editors with different access rights may have access to. Both issues are not easy to resolve and also the target audience for the Import/Export functionality are mainly TYPO3 admins. Therefore, now also the export functionality is restricted to TYPO3 admin users and to users, who explicitly have access through the new user TSConfig setting ""options.impexp.enableExportForNonAdminUser"". Additionally, the contents of the temporary ""importexport"" folder in file storages is now only visible to users who have access to the export functionality. In general, it is recommended to only install the Import/Export extension when the functionality is required. Resolves: #94951 Releases: main, 11.5, 10.4 Change-Id: Iae020baf051aeec0613366687aa8ebcbf9b3d8b2 Security-Bulletin: TYPO3-CORE-SA-2022-001 Security-References: CVE-2022-31046 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74902 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-319,Cleartext Transmission of Sensitive Information,The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.,https://cwe.mitre.org/data/definitions/319.html,CVE-2022-31046,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26039,"public function getFilesInFolder(Folder $folder, $start = 0, $maxNumberOfItems = 0, $useFilters = true, $recursive = false, $sort = '', $sortRev = false) { $this->assureFolderReadPermission($folder); $rows = $this->getFileIndexRepository()->findByFolder($folder); $filters = $useFilters == true ? $this->fileAndFolderNameFilters : []; $fileIdentifiers = array_values($this->driver->getFilesInFolder($folder->getIdentifier(), $start, $maxNumberOfItems, $recursive, $filters, $sort, $sortRev)); $items = []; foreach ($fileIdentifiers as $identifier) { if (isset($rows[$identifier])) { $fileObject = $this->getFileFactory()->getFileObject($rows[$identifier]['uid'], $rows[$identifier]); } else { $fileObject = $this->getFileByIdentifier($identifier); } if ($fileObject instanceof FileInterface) { $key = $fileObject->getName(); while (isset($items[$key])) { $key .= 'z'; } $items[$key] = $fileObject; } } return $items; }",True,PHP,getFilesInFolder,ResourceStorage.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2022-06-14 09:13:00+02:00,"[SECURITY] Restrict export functionality to allowed users The import functionality of the import/export module is already restricted to admin users or users, who explicitly have access through the user TSConfig setting ""options.impexp.enableImportForNonAdminUser"". The export functionality has the following security drawbacks: * Export for editors is not limited on field level * The ""Save to filename"" functionality saves to a shared folder, which other editors with different access rights may have access to. Both issues are not easy to resolve and also the target audience for the Import/Export functionality are mainly TYPO3 admins. Therefore, now also the export functionality is restricted to TYPO3 admin users and to users, who explicitly have access through the new user TSConfig setting ""options.impexp.enableExportForNonAdminUser"". Additionally, the contents of the temporary ""importexport"" folder in file storages is now only visible to users who have access to the export functionality. In general, it is recommended to only install the Import/Export extension when the functionality is required. Resolves: #94951 Releases: main, 11.5, 10.4 Change-Id: Iae020baf051aeec0613366687aa8ebcbf9b3d8b2 Security-Bulletin: TYPO3-CORE-SA-2022-001 Security-References: CVE-2022-31046 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74902 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-319,Cleartext Transmission of Sensitive Information,The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.,https://cwe.mitre.org/data/definitions/319.html,CVE-2022-31046,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26040,public function getFileAndFolderNameFilters() { return $this->fileAndFolderNameFilters; },True,PHP,getFileAndFolderNameFilters,ResourceStorage.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2022-06-14 09:13:00+02:00,"[SECURITY] Restrict export functionality to allowed users The import functionality of the import/export module is already restricted to admin users or users, who explicitly have access through the user TSConfig setting ""options.impexp.enableImportForNonAdminUser"". The export functionality has the following security drawbacks: * Export for editors is not limited on field level * The ""Save to filename"" functionality saves to a shared folder, which other editors with different access rights may have access to. Both issues are not easy to resolve and also the target audience for the Import/Export functionality are mainly TYPO3 admins. Therefore, now also the export functionality is restricted to TYPO3 admin users and to users, who explicitly have access through the new user TSConfig setting ""options.impexp.enableExportForNonAdminUser"". Additionally, the contents of the temporary ""importexport"" folder in file storages is now only visible to users who have access to the export functionality. In general, it is recommended to only install the Import/Export extension when the functionality is required. Resolves: #94951 Releases: main, 11.5, 10.4 Change-Id: Iae020baf051aeec0613366687aa8ebcbf9b3d8b2 Security-Bulletin: TYPO3-CORE-SA-2022-001 Security-References: CVE-2022-31046 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74902 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-319,Cleartext Transmission of Sensitive Information,The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.,https://cwe.mitre.org/data/definitions/319.html,CVE-2022-31046,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26041,public function isAuthorizedBackendUserSession() { if (!$this->hasSessionCookie()) { return false; } $this->initializeSession(); if (empty($_SESSION['authorized']) || empty($_SESSION['isBackendSession'])) { return false; } return !$this->isExpired(); },True,PHP,isAuthorizedBackendUserSession,SessionService.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2022-06-14 09:19:06+02:00,"[SECURITY] Synchronize admin tools session with backend user session Admin tools sessions are revoked in case the initiatin backend user does not have admin or system maintainer privileges anymore. Besides that, revoking backend user interface sessions now also revokes access to admin tools. Standalone install tool is not affected. Resolves: #92019 Releases: main, 11.5, 10.4 Change-Id: I367098abd632fa34caa59e4e165f5ab1916894c5 Security-Bulletin: TYPO3-CORE-SA-2022-005 Security-References: CVE-2022-31050 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74905 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-31050,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26043,public function setAuthorizedBackendSession() { $_SESSION['authorized'] = true; $_SESSION['lastSessionId'] = time(); $_SESSION['tstamp'] = time(); $_SESSION['expires'] = time() + $this->expireTimeInMinutes * 60; $_SESSION['isBackendSession'] = true; $this->renewSession(); },True,PHP,setAuthorizedBackendSession,SessionService.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2022-06-14 09:19:06+02:00,"[SECURITY] Synchronize admin tools session with backend user session Admin tools sessions are revoked in case the initiatin backend user does not have admin or system maintainer privileges anymore. Besides that, revoking backend user interface sessions now also revokes access to admin tools. Standalone install tool is not affected. Resolves: #92019 Releases: main, 11.5, 10.4 Change-Id: I367098abd632fa34caa59e4e165f5ab1916894c5 Security-Bulletin: TYPO3-CORE-SA-2022-005 Security-References: CVE-2022-31050 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74905 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2022-31050,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26047,protected static function getPathThisScriptNonCli() { $isCgi = Environment::isRunningOnCgiServer(); if ($isCgi && Environment::usesCgiFixPathInfo()) { return $_SERVER['SCRIPT_FILENAME']; } $cgiPath = $_SERVER['ORIG_PATH_TRANSLATED'] ?? $_SERVER['PATH_TRANSLATED'] ?? ''; if ($cgiPath && $isCgi) { return $cgiPath; } return $_SERVER['ORIG_SCRIPT_FILENAME'] ?? $_SERVER['SCRIPT_FILENAME']; },True,PHP,getPathThisScriptNonCli,SystemEnvironmentBuilder.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2023-02-07 10:25:10+01:00,"[SECURITY] Prevent XSS due to wrong PATH_INFO evaluation As already started in #88304 (but only for NormalizedParams) and later reverted in #89312 (because of cgi-bin problems), PATH_INFO is no longer considered as a preferable SCRIPT_NAME alternative. All known server configurations set SCRIPT_NAME these days to a proper value when cgi.fix_pathinfo is set. The fallback to PATH_INFO has been introduced with the initial revision of TYPO3 and isn't needed at all nowadays, it's actually wrong, as a REQUEST_URI like /index.php/foo/bar would incorrectly be interpreted as $scriptName == ""/foo/bar"", which let's all calculations on $scriptName fail and even leads to XSS where values derived from $scriptName are printed without being escaped. Also any ORIG_SCRIPT_NAME evaluation is dropped, as this variable contains the SCRIPT_NAME that was set by the webserver configuration before PHP applied cgi.fix_pathinfo. Using ORIG_SCRIPT_NAME effectively meant bypassing PHP's pathinfo fix. It usually contains the cgi-wrapper paths, which is why PATH_INFO was used to overrule wrong ORIG_SCRIPT_NAME values. GeneralUtility::getIndpEnv('PATH_INFO') is adapted to trust the servers PATH_INFO information, now that we no longer allow servers to send SCRIPT_NAME as PATH_INFO (we enforce cgi.fix_pathinfo=1 for CGI installations). The normalized SCRIPT_NAME is now adapted to be encoded as a URL path by default, as all TYPO3 usages expect this to be an URL path. Note that $_SERVER['SCRIPT_NAME'] refers to the servers file system path, not the URL encoded value. This SCRIPT_NAME sanitization actually enables: a) TYPO3 to be run in a subfolder that contains characters that need URL encoding e.g. `/test:site/` – url encoded that'd be `/test3Asite/`. b) prevention of XSS in case third party extensions missed to escape any URL that is derived from SCRIPT_NAME (while making sure that properly escaped output is not double escaped) Resolves: #99651 Related: #88304 Related: #89312 Releases: main, 11.5, 10.4 Change-Id: Ief95253d764665db5182a15ce8ffd02ea02ee61e Security-Bulletin: TYPO3-CORE-SA-2023-001 Security-References: CVE-2023-24814 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77739 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-24814,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26050,"public function __construct(array $serverParams, array $configuration, string $pathThisScript, string $pathSite) { $isBehindReverseProxy = $this->isBehindReverseProxy = self::determineIsBehindReverseProxy( $serverParams, $configuration ); $httpHost = $this->httpHost = self::determineHttpHost($serverParams, $configuration, $isBehindReverseProxy); $isHttps = $this->isHttps = self::determineHttps($serverParams, $configuration); $requestHost = $this->requestHost = ($isHttps ? 'https: $requestHostOnly = $this->requestHostOnly = self::determineRequestHostOnly($httpHost); $this->requestPort = self::determineRequestPort($httpHost, $requestHostOnly); $scriptName = $this->scriptName = self::determineScriptName( $serverParams, $configuration, $isHttps, $isBehindReverseProxy ); $requestUri = $this->requestUri = self::determineRequestUri( $serverParams, $configuration, $isHttps, $scriptName, $isBehindReverseProxy ); $requestUrl = $this->requestUrl = $requestHost . $requestUri; $this->requestScript = $requestHost . $scriptName; $requestDir = $this->requestDir = $requestHost . GeneralUtility::dirname($scriptName) . '/'; $this->remoteAddress = self::determineRemoteAddress($serverParams, $configuration, $isBehindReverseProxy); $scriptFilename = $this->scriptFilename = $pathThisScript; $this->documentRoot = self::determineDocumentRoot($scriptName, $scriptFilename); $siteUrl = $this->siteUrl = self::determineSiteUrl($requestDir, $pathThisScript, $pathSite . '/'); $this->sitePath = self::determineSitePath($requestHost, $siteUrl); $this->siteScript = self::determineSiteScript($requestUrl, $siteUrl); $this->pathInfo = $serverParams['PATH_INFO'] ?? ''; $this->httpReferer = $serverParams['HTTP_REFERER'] ?? ''; $this->httpUserAgent = $serverParams['HTTP_USER_AGENT'] ?? ''; $this->httpAcceptEncoding = $serverParams['HTTP_ACCEPT_ENCODING'] ?? ''; $this->httpAcceptLanguage = $serverParams['HTTP_ACCEPT_LANGUAGE'] ?? ''; $this->remoteHost = $serverParams['REMOTE_HOST'] ?? ''; $this->queryString = $serverParams['QUERY_STRING'] ?? ''; }",True,PHP,__construct,NormalizedParams.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2023-02-07 10:25:10+01:00,"[SECURITY] Prevent XSS due to wrong PATH_INFO evaluation As already started in #88304 (but only for NormalizedParams) and later reverted in #89312 (because of cgi-bin problems), PATH_INFO is no longer considered as a preferable SCRIPT_NAME alternative. All known server configurations set SCRIPT_NAME these days to a proper value when cgi.fix_pathinfo is set. The fallback to PATH_INFO has been introduced with the initial revision of TYPO3 and isn't needed at all nowadays, it's actually wrong, as a REQUEST_URI like /index.php/foo/bar would incorrectly be interpreted as $scriptName == ""/foo/bar"", which let's all calculations on $scriptName fail and even leads to XSS where values derived from $scriptName are printed without being escaped. Also any ORIG_SCRIPT_NAME evaluation is dropped, as this variable contains the SCRIPT_NAME that was set by the webserver configuration before PHP applied cgi.fix_pathinfo. Using ORIG_SCRIPT_NAME effectively meant bypassing PHP's pathinfo fix. It usually contains the cgi-wrapper paths, which is why PATH_INFO was used to overrule wrong ORIG_SCRIPT_NAME values. GeneralUtility::getIndpEnv('PATH_INFO') is adapted to trust the servers PATH_INFO information, now that we no longer allow servers to send SCRIPT_NAME as PATH_INFO (we enforce cgi.fix_pathinfo=1 for CGI installations). The normalized SCRIPT_NAME is now adapted to be encoded as a URL path by default, as all TYPO3 usages expect this to be an URL path. Note that $_SERVER['SCRIPT_NAME'] refers to the servers file system path, not the URL encoded value. This SCRIPT_NAME sanitization actually enables: a) TYPO3 to be run in a subfolder that contains characters that need URL encoding e.g. `/test:site/` – url encoded that'd be `/test3Asite/`. b) prevention of XSS in case third party extensions missed to escape any URL that is derived from SCRIPT_NAME (while making sure that properly escaped output is not double escaped) Resolves: #99651 Related: #88304 Related: #89312 Releases: main, 11.5, 10.4 Change-Id: Ief95253d764665db5182a15ce8ffd02ea02ee61e Security-Bulletin: TYPO3-CORE-SA-2023-001 Security-References: CVE-2023-24814 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77739 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-24814,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26052,"protected function setAbsRefPrefix() { if (!$this->absRefPrefix) { return; } $search = [ '""_assets/', '""typo3temp/', '""' . PathUtility::stripPathSitePrefix(Environment::getExtensionsPath()) . '/', '""' . PathUtility::stripPathSitePrefix(Environment::getFrameworkBasePath()) . '/', ]; $replace = [ '""' . $this->absRefPrefix . '_assets/', '""' . $this->absRefPrefix . 'typo3temp/', '""' . $this->absRefPrefix . PathUtility::stripPathSitePrefix(Environment::getExtensionsPath()) . '/', '""' . $this->absRefPrefix . PathUtility::stripPathSitePrefix(Environment::getFrameworkBasePath()) . '/', ]; $directories = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['FE']['additionalAbsRefPrefixDirectories'], true); foreach ($directories as $directory) { $search[] = '""' . $directory; $replace[] = '""' . $this->absRefPrefix . $directory; } $this->content = str_replace( $search, $replace, $this->content ); }",True,PHP,setAbsRefPrefix,TypoScriptFrontendController.php,https://github.com/TYPO3/typo3,TYPO3,Oliver Hader,2023-02-07 10:25:10+01:00,"[SECURITY] Prevent XSS due to wrong PATH_INFO evaluation As already started in #88304 (but only for NormalizedParams) and later reverted in #89312 (because of cgi-bin problems), PATH_INFO is no longer considered as a preferable SCRIPT_NAME alternative. All known server configurations set SCRIPT_NAME these days to a proper value when cgi.fix_pathinfo is set. The fallback to PATH_INFO has been introduced with the initial revision of TYPO3 and isn't needed at all nowadays, it's actually wrong, as a REQUEST_URI like /index.php/foo/bar would incorrectly be interpreted as $scriptName == ""/foo/bar"", which let's all calculations on $scriptName fail and even leads to XSS where values derived from $scriptName are printed without being escaped. Also any ORIG_SCRIPT_NAME evaluation is dropped, as this variable contains the SCRIPT_NAME that was set by the webserver configuration before PHP applied cgi.fix_pathinfo. Using ORIG_SCRIPT_NAME effectively meant bypassing PHP's pathinfo fix. It usually contains the cgi-wrapper paths, which is why PATH_INFO was used to overrule wrong ORIG_SCRIPT_NAME values. GeneralUtility::getIndpEnv('PATH_INFO') is adapted to trust the servers PATH_INFO information, now that we no longer allow servers to send SCRIPT_NAME as PATH_INFO (we enforce cgi.fix_pathinfo=1 for CGI installations). The normalized SCRIPT_NAME is now adapted to be encoded as a URL path by default, as all TYPO3 usages expect this to be an URL path. Note that $_SERVER['SCRIPT_NAME'] refers to the servers file system path, not the URL encoded value. This SCRIPT_NAME sanitization actually enables: a) TYPO3 to be run in a subfolder that contains characters that need URL encoding e.g. `/test:site/` – url encoded that'd be `/test3Asite/`. b) prevention of XSS in case third party extensions missed to escape any URL that is derived from SCRIPT_NAME (while making sure that properly escaped output is not double escaped) Resolves: #99651 Related: #88304 Related: #89312 Releases: main, 11.5, 10.4 Change-Id: Ief95253d764665db5182a15ce8ffd02ea02ee61e Security-Bulletin: TYPO3-CORE-SA-2023-001 Security-References: CVE-2023-24814 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77739 Tested-by: Oliver Hader Reviewed-by: Oliver Hader ",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-24814,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26053,"$escapedArgument .= '^%""'.substr($part, 1, -1).'""^%'; } else { if ('\\' === substr($part, -1)) { $part .= '\\'; } $quote = true; $escapedArgument .= $part; } } if ($quote) { $escapedArgument = '""'.$escapedArgument.'""'; } return $escapedArgument; }",True,PHP,"'^%""'.substr",ProcessExecutor.php,https://github.com/composer/composer,composer,Jordi Boggiano,2021-10-05 09:39:50+02:00,"Fix escaping issues on Windows which could lead to command injection, fixes GHSA-frqg-7g38-6gcf",CWE-77,Improper Neutralization of Special Elements used in a Command ('Command Injection'),"The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/77.html,CVE-2021-41116,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26056,"public function testUpdateDoesntThrowsRuntimeExceptionIfGitCommandFailsAtFirstButIsAbleToRecover() { $expectedFirstGitUpdateCommand = $this->winCompat(""(git remote set-url composer -- '' && git rev-parse --quiet --verify 'ref^{commit}' || (git fetch composer && git fetch --tags composer)) && git remote set-url composer -- ''""); $expectedSecondGitUpdateCommand = $this->winCompat(""(git remote set-url composer -- 'https: $packageMock = $this->getMockBuilder('Composer\Package\PackageInterface')->getMock(); $packageMock->expects($this->any()) ->method('getSourceReference') ->will($this->returnValue('ref')); $packageMock->expects($this->any()) ->method('getVersion') ->will($this->returnValue('1.0.0.0')); $packageMock->expects($this->any()) ->method('getSourceUrls') ->will($this->returnValue(array('/foo/bar', 'https: $processExecutor = $this->getMockBuilder('Composer\Util\ProcessExecutor')->getMock(); $processExecutor->expects($this->at(0)) ->method('execute') ->with($this->equalTo($this->winCompat(""git show-ref --head -d""))) ->will($this->returnValue(0)); $processExecutor->expects($this->at(1)) ->method('execute') ->with($this->equalTo($this->winCompat(""git status --porcelain --untracked-files=no""))) ->will($this->returnValue(0)); $processExecutor->expects($this->at(2)) ->method('execute') ->with($this->equalTo($this->winCompat(""git remote -v""))) ->will($this->returnValue(0)); $processExecutor->expects($this->at(3)) ->method('execute') ->with($this->equalTo($this->winCompat(""git remote -v""))) ->will($this->returnValue(0)); $processExecutor->expects($this->at(4)) ->method('execute') ->with($this->equalTo($expectedFirstGitUpdateCommand)) ->will($this->returnValue(1)); $processExecutor->expects($this->at(6)) ->method('execute') ->with($this->equalTo($this->winCompat(""git --version""))) ->will($this->returnValue(0)); $processExecutor->expects($this->at(7)) ->method('execute') ->with($this->equalTo($this->winCompat(""git remote -v""))) ->will($this->returnValue(0)); $processExecutor->expects($this->at(8)) ->method('execute') ->with($this->equalTo($this->winCompat(""git remote -v""))) ->will($this->returnValue(0)); $processExecutor->expects($this->at(9)) ->method('execute') ->with($this->equalTo($expectedSecondGitUpdateCommand)) ->will($this->returnValue(0)); $processExecutor->expects($this->at(11)) ->method('execute') ->with($this->equalTo($this->winCompat(""git checkout 'ref' -- && git reset --hard 'ref' --"")), $this->equalTo(null), $this->equalTo($this->winCompat($this->workingDir))) ->will($this->returnValue(0)); $this->fs->ensureDirectoryExists($this->workingDir.'/.git'); $downloader = $this->getDownloaderMock(null, new Config(), $processExecutor); $downloader->update($packageMock, $packageMock, $this->workingDir); }",True,PHP,testUpdateDoesntThrowsRuntimeExceptionIfGitCommandFailsAtFirstButIsAbleToRecover,GitDownloaderTest.php,https://github.com/composer/composer,composer,Jordi Boggiano,2021-10-05 09:39:50+02:00,"Fix escaping issues on Windows which could lead to command injection, fixes GHSA-frqg-7g38-6gcf",CWE-77,Improper Neutralization of Special Elements used in a Command ('Command Injection'),"The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/77.html,CVE-2021-41116,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26058,public function urlProvider() { return array( array('http: array('http: array('svn: ); },True,PHP,urlProvider,SvnTest.php,https://github.com/composer/composer,composer,Jordi Boggiano,2021-10-05 09:39:50+02:00,"Fix escaping issues on Windows which could lead to command injection, fixes GHSA-frqg-7g38-6gcf",CWE-77,Improper Neutralization of Special Elements used in a Command ('Command Injection'),"The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/77.html,CVE-2021-41116,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26061,"public function getBranches() { if (null === $this->branches) { $branches = array(); $this->process->execute('git branch --no-color --no-abbrev -v', $output, $this->repoDir); foreach ($this->process->splitLines($output) as $branch) { if ($branch && !Preg::isMatch('{^ *[^/]+/HEAD }', $branch)) { if (Preg::isMatch('{^(?:\* )? *(\S+) *([a-f0-9]+)(?: .*)?$}', $branch, $match)) { $branches[$match[1]] = $match[2]; } } } $this->branches = $branches; } return $this->branches; }",True,PHP,getBranches,GitDriver.php,https://github.com/composer/composer,composer,GitHub,2022-04-13 15:54:58+02:00,"Merge pull request from GHSA-x7cr-6qr6-2hh6 * GitDriver: filter branch names starting with a - character * GitDriver: getFileContent prevent identifiers starting with a - * HgDriver: prevent invalid identifiers and prevent file from running commands * HgDriver: filter branches starting with a - character",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-24828,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26062,"public function getFileContent($file, $identifier) { $resource = sprintf('hg cat -r %s %s', ProcessExecutor::escape($identifier), ProcessExecutor::escape($file)); $this->process->execute($resource, $content, $this->repoDir); if (!trim($content)) { return null; } return $content; }",True,PHP,getFileContent,HgDriver.php,https://github.com/composer/composer,composer,GitHub,2022-04-13 15:54:58+02:00,"Merge pull request from GHSA-x7cr-6qr6-2hh6 * GitDriver: filter branch names starting with a - character * GitDriver: getFileContent prevent identifiers starting with a - * HgDriver: prevent invalid identifiers and prevent file from running commands * HgDriver: filter branches starting with a - character",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-24828,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26064,"public function getBranches() { if (null === $this->branches) { $branches = array(); $bookmarks = array(); $this->process->execute('hg branches', $output, $this->repoDir); foreach ($this->process->splitLines($output) as $branch) { if ($branch && Preg::isMatch('(^([^\s]+)\s+\d+:([a-f0-9]+))', $branch, $match)) { $branches[$match[1]] = $match[2]; } } $this->process->execute('hg bookmarks', $output, $this->repoDir); foreach ($this->process->splitLines($output) as $branch) { if ($branch && Preg::isMatch('(^(?:[\s*]*)([^\s]+)\s+\d+:(.*)$)', $branch, $match)) { $bookmarks[$match[1]] = $match[2]; } } $this->branches = array_merge($bookmarks, $branches); } return $this->branches; }",True,PHP,getBranches,HgDriver.php,https://github.com/composer/composer,composer,GitHub,2022-04-13 15:54:58+02:00,"Merge pull request from GHSA-x7cr-6qr6-2hh6 * GitDriver: filter branch names starting with a - character * GitDriver: getFileContent prevent identifiers starting with a - * HgDriver: prevent invalid identifiers and prevent file from running commands * HgDriver: filter branches starting with a - character",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-24828,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26074,"public function __construct( $title, $namespace ) { $this->mTitle = $title; $this->mNamespace = $namespace; }",True,PHP,__construct,Article.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26075,"public static function newFromRow( $row, Parameters $parameters, \Title $title, $pageNamespace, $pageTitle ) { global $wgLang; $article = new Article( $title, $pageNamespace ); $revActorName = null; if ( isset( $row['revactor_actor'] ) ) { $revActorName = User::newFromActorId( $row['revactor_actor'] )->getName(); } $titleText = $title->getText(); if ( $parameters->getParameter( 'shownamespace' ) === true ) { $titleText = $title->getPrefixedText(); } $replaceInTitle = $parameters->getParameter( 'replaceintitle' ); if ( is_array( $replaceInTitle ) && count( $replaceInTitle ) === 2 ) { $titleText = preg_replace( $replaceInTitle[0], $replaceInTitle[1], $titleText ); } if ( $parameters->getParameter( 'titlemaxlen' ) !== null && strlen( $titleText ) > $parameters->getParameter( 'titlemaxlen' ) ) { $titleText = substr( $titleText, 0, $parameters->getParameter( 'titlemaxlen' ) ) . '...'; } if ( $parameters->getParameter( 'showcurid' ) === true && isset( $row['page_id'] ) ) { $articleLink = '[' . $title->getLinkURL( [ 'curid' => $row['page_id'] ] ) . ' ' . htmlspecialchars( $titleText ) . ']'; } else { $articleLink = '[[' . ( $parameters->getParameter( 'escapelinks' ) && ( $pageNamespace == NS_CATEGORY || $pageNamespace == NS_FILE ) ? ':' : '' ) . $title->getFullText() . '|' . htmlspecialchars( $titleText ) . ']]'; }",True,PHP,newFromRow,Article.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26077,"return $wgLang->timeanddate( $article->mDate, true ); } return null; }",True,PHP,timeanddate,Article.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26080,"public static function getSetting( $setting ) { return ( array_key_exists( $setting, self::$settings ) ? self::$settings[$setting] : null ); }",True,PHP,getSetting,Config.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26082,"public static function init( $settings = false ) { if ( $settings === false ) { global $wgDplSettings; $settings = $wgDplSettings; } if ( !is_array( $settings ) ) { throw new MWException( __METHOD__ . "": Invalid settings passed."" ); } self::$settings = array_merge( self::$settings, $settings ); }",True,PHP,init,Config.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26083,"private static function executeTag( $input, array $args, Parser $parser, PPFrame $frame ) { $parse = new \DPL\Parse(); if ( \DPL\Config::getSetting( 'recursiveTagParse' ) ) { $input = $parser->recursiveTagParse( $input, $frame ); } $text = $parse->parse( $input, $parser, $reset, $eliminate, true ); if ( isset( $reset['templates'] ) && $reset['templates'] ) { $saveTemplates = $parser->getOutput()->mTemplates; } if ( isset( $reset['categories'] ) && $reset['categories'] ) { $saveCategories = $parser->getOutput()->mCategories; } if ( isset( $reset['images'] ) && $reset['images'] ) { $saveImages = $parser->getOutput()->mImages; } $parsedDPL = $parser->recursiveTagParse( $text ); if ( isset( $reset['templates'] ) && $reset['templates'] ) { $parser->getOutput()->mTemplates = $saveTemplates; } if ( isset( $reset['categories'] ) && $reset['categories'] ) { $parser->getOutput()->mCategories = $saveCategories; } if ( isset( $reset['images'] ) && $reset['images'] ) { $parser->getOutput()->mImages = $saveImages; } return $parsedDPL; }",True,PHP,executeTag,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26084,return \DPL\Variables::setVarDefault( $args ); } return \DPL\Variables::getVar( $cmd ); },True,PHP,setVarDefault,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26087,"public static function endReset( &$parser, $text ) { if ( !self::$createdLinks['resetdone'] ) { self::$createdLinks['resetdone'] = true; foreach ( $parser->getOutput()->mCategories as $key => $val ) { if ( array_key_exists( $key, self::$fixedCategories ) ) { self::$fixedCategories[$key] = $val; } } if ( self::$createdLinks['resetLinks'] ) { $parser->getOutput()->mLinks = []; } if ( self::$createdLinks['resetCategories'] ) { $parser->getOutput()->mCategories = self::$fixedCategories; } if ( self::$createdLinks['resetTemplates'] ) { $parser->getOutput()->mTemplates = []; } if ( self::$createdLinks['resetImages'] ) { $parser->getOutput()->mImages = []; } self::$fixedCategories = []; } return true; }",True,PHP,endReset,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26091,"public static function onParserFirstCallInit( Parser &$parser ) { self::init(); if ( \DPL\Config::getSetting( 'handleSectionTag' ) ) { $parser->setHook( 'section', [ __CLASS__, 'dplTag' ] ); } $parser->setHook( 'DPL', [ __CLASS__, 'dplTag' ] ); $parser->setHook( 'DynamicPageList', [ __CLASS__, 'intersectionTag' ] ); $parser->setFunctionHook( 'dpl', [ __CLASS__, 'dplParserFunction' ] ); $parser->setFunctionHook( 'dplnum', [ __CLASS__, 'dplNumParserFunction' ] ); $parser->setFunctionHook( 'dplvar', [ __CLASS__, 'dplVarParserFunction' ] ); $parser->setFunctionHook( 'dplreplace', [ __CLASS__, 'dplReplaceParserFunction' ] ); $parser->setFunctionHook( 'dplchapter', [ __CLASS__, 'dplChapterParserFunction' ] ); $parser->setFunctionHook( 'dplmatrix', [ __CLASS__, 'dplMatrixParserFunction' ] ); return true; }",True,PHP,onParserFirstCallInit,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26092,"public static function dplReplaceParserFunction( &$parser, $text, $pat = '', $repl = '' ) { $parser->addTrackingCategory( 'dplreplace-parserfunc-tracking-category' ); if ( $text == '' || $pat == '' ) { return ''; } $repl = str_replace( '\n', ""\n"", $repl ); if ( !self::isRegexp( $pat ) ) { $pat = '`' . str_replace( '`', '\`', $pat ) . '`'; } return @preg_replace( $pat, $repl, $text ); }",True,PHP,dplReplaceParserFunction,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26094,"private static function init() { \DPL\Config::init(); if ( !isset( self::$createdLinks ) ) { self::$createdLinks = [ 'resetLinks' => false, 'resetTemplates' => false, 'resetCategories' => false, 'resetImages' => false, 'resetdone' => false, 'elimdone' => false ]; } }",True,PHP,init,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26095,"$parser->getOutput()->mTemplates[$nsp] = array_diff_assoc( $parser->getOutput()->mTemplates[$nsp], self::$createdLinks[1][$nsp] ); if ( count( $parser->getOutput()->mTemplates[$nsp] ) == 0 ) { unset( $parser->getOutput()->mTemplates[$nsp] ); } } }",True,PHP,array_diff_assoc,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26098,"public static function dplNumParserFunction( &$parser, $text = '' ) { $parser->addTrackingCategory( 'dplnum-parserfunc-tracking-category' ); $num = str_replace( '& $num = str_replace( ' ', ' ', $text ); $num = preg_replace( '/([0-9])([.])([0-9][0-9]?[^0-9,])/', '\1,\3', $num ); $num = preg_replace( '/([0-9.]+),([0-9][0-9][0-9])\s*Mrd/', '\1\2 000000 ', $num ); $num = preg_replace( '/([0-9.]+),([0-9][0-9])\s*Mrd/', '\1\2 0000000 ', $num ); $num = preg_replace( '/([0-9.]+),([0-9])\s*Mrd/', '\1\2 00000000 ', $num ); $num = preg_replace( '/\s*Mrd/', '000000000 ', $num ); $num = preg_replace( '/([0-9.]+),([0-9][0-9][0-9])\s*Mio/', '\1\2 000 ', $num ); $num = preg_replace( '/([0-9.]+),([0-9][0-9])\s*Mio/', '\1\2 0000 ', $num ); $num = preg_replace( '/([0-9.]+),([0-9])\s*Mio/', '\1\2 00000 ', $num ); $num = preg_replace( '/\s*Mio/', '000000 ', $num ); $num = preg_replace( '/[. ]/', '', $num ); $num = preg_replace( '/^[^0-9]+/', '', $num ); $num = preg_replace( '/[^0-9].*/', '', $num ); return $num; }",True,PHP,dplNumParserFunction,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26100,"public static function dplParserFunction( &$parser ) { self::setLikeIntersection( false ); $parser->addTrackingCategory( 'dpl-parserfunc-tracking-category' ); $input = """"; $numargs = func_num_args(); if ( $numargs < 2 ) { $input = ""#dpl: no arguments specified""; return str_replace( '§', '<', '§pre>§nowiki>' . $input . '§/nowiki>§/pre>' ); } $arg_list = func_get_args(); for ( $i = 1; $i < $numargs; $i++ ) { $p1 = $arg_list[$i]; $input .= str_replace( ""\n"", """", $p1 ) . ""\n""; } $parse = new \DPL\Parse(); $dplresult = $parse->parse( $input, $parser, $reset, $eliminate, false ); return [ $parser->getPreprocessor()->preprocessToObj( $dplresult, Parser::PTD_FOR_INCLUSION ), 'isLocalObj' => true, 'title' => $parser->getTitle() ]; }",True,PHP,dplParserFunction,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26104,"private static function dumpParsedRefs( $parser, $label ) { echo '
    parser mLinks: '; ob_start(); var_dump( $parser->getOutput()->mLinks ); $a = ob_get_contents(); ob_end_clean(); echo htmlspecialchars( $a, ENT_QUOTES ); echo '
    '; echo '
    parser mTemplates: '; ob_start(); var_dump( $parser->getOutput()->mTemplates ); $a = ob_get_contents(); ob_end_clean(); echo htmlspecialchars( $a, ENT_QUOTES ); echo '
    '; }",True,PHP,dumpParsedRefs,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26106,"public static function onRegistration() { if ( !defined( 'DPL_VERSION' ) ) { define( 'DPL_VERSION', '3.3.5' ); } }",True,PHP,onRegistration,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26108,"public static function dplChapterParserFunction( &$parser, $text = '', $heading = ' ', $maxLength = -1, $page = '?page?', $link = 'default', $trim = false ) { $parser->addTrackingCategory( 'dplchapter-parserfunc-tracking-category' ); $output = \DPL\LST::extractHeadingFromText( $parser, $page, '?title?', $text, $heading, '', $sectionHeading, true, $maxLength, $link, $trim ); return $output[0]; }",True,PHP,dplChapterParserFunction,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26109,"public static function setupMigration( Parser &$parser ) { $parser->setHook( 'Intersection', [ __CLASS__, 'intersectionTag' ] ); $parser->addTrackingCategory( 'dpl-intersection-tracking-category' ); self::init(); return true; }",True,PHP,setupMigration,DynamicPageListHooks.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26111,"$text = preg_replace( $skipPat, '', $text ); } if ( self::open( $parser, $part1 ) ) { if ( $recursionCheck == false ) { $text = $parser->preprocess( $text, $parser->mTitle, $parser->mOptions ); self::close( $parser, $part1 ); } if ( $maxLength > 0 ) { $text = self::limitTranscludedText( $text, $maxLength, $link ); } if ( $trim ) { return trim( $text ); } else { return $text; } } else { return ""[["" . $title->getPrefixedText() . ""]]"" . """"; } }",True,PHP,preg_replace,LST.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26115,"public function addMessage( $errorId ) { $args = func_get_args(); $args = array_map( 'htmlspecialchars', $args ); return call_user_func_array( [ $this, 'msg' ], $args ); }",True,PHP,addMessage,Logger.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26117,"$text = wfMessage( 'intersection_noincludecats', $args )->text(); } } if ( empty( $text ) ) { $text = wfMessage( 'dpl_log_' . $errorMessageId, $args )->text(); } $this->buffer[] = '

    Extension:DynamicPageList (DPL), version ' . DPL_VERSION . ': ' . $text . '

    '; } return false; }",True,PHP,text,Logger.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26123,"private function setDefaults() { $this->setParameter( 'defaulttemplatesuffix', '.default' ); $parameters = $this->getParametersForRichness(); foreach ( $parameters as $parameter ) { if ( $this->getData( $parameter )['default'] !== null && !( $this->getData( $parameter )['default'] === false && $this->getData( $parameter )['boolean'] === true ) ) { if ( $parameter == 'debug' ) { \DynamicPageListHooks::setDebugLevel( $this->getData( $parameter )['default'] ); } $this->setParameter( $parameter, $this->getData( $parameter )['default'] ); } } }",True,PHP,setDefaults,Parameters.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26124,"public static function sortByPriority( $parameters ) { if ( !is_array( $parameters ) ) { throw new \MWException( __METHOD__ . ': A non-array was passed.' ); } $priority = [ 'distinct' => 1, 'openreferences' => 2, 'ignorecase' => 3, 'category' => 4, 'title' => 5, 'goal' => 6, 'ordercollation' => 7, 'ordermethod' => 8, 'includepage' => 9, 'include' => 10 ]; $_first = []; foreach ( $priority as $parameter => $order ) { if ( isset( $parameters[$parameter] ) ) { $_first[$parameter] = $parameters[$parameter]; unset( $parameters[$parameter] ); } } $parameters = $_first + $parameters; return $parameters; }",True,PHP,sortByPriority,Parameters.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26126,"public function __construct() { $this->setRichness( Config::getSetting( 'functionalRichness' ) ); if ( \DynamicPageListHooks::isLikeIntersection() ) { $this->data['ordermethod'] = [ 'default' => 'categoryadd', 'values' => [ 'categoryadd', 'lastedit', 'none' ] ]; $this->data['order'] = [ 'default' => 'descending', 'values' => [ 'ascending', 'descending' ] ]; $this->data['mode'] = [ 'default' => 'unordered', 'values' => [ 'none', 'ordered', 'unordered' ] ]; $this->data['userdateformat'] = [ 'default' => 'Y-m-d: ' ]; $this->data['allowcachedresults']['default'] = 'true'; } }",True,PHP,__construct,ParametersData.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26139,private function setFooter( $footer ) { if ( \DynamicPageListHooks::getDebugLevel() == 5 ) { $footer .= ''; } $this->footer = $this->replaceVariables( $footer ); },True,PHP,setFooter,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26140,"private function getFullOutput( $totalResults = false, $skipHeaderFooter = true ) { if ( !$skipHeaderFooter ) { $header = ''; $footer = ''; $_headerType = $this->getHeaderFooterType( 'header', $totalResults ); if ( $_headerType !== false ) { $header = $this->parameters->getParameter( $_headerType ); } $_footerType = $this->getHeaderFooterType( 'footer', $totalResults ); if ( $_footerType !== false ) { $footer = $this->parameters->getParameter( $_footerType ); } $this->setHeader( $header ); $this->setFooter( $footer ); } if ( !$totalResults && !strlen( $this->getHeader() ) && !strlen( $this->getFooter() ) ) { $this->logger->addMessage( \DynamicPageListHooks::WARN_NORESULTS ); } $messages = $this->logger->getMessages( false ); return ( count( $messages ) ? implode( ""
    \n"", $messages ) : null ) . $this->getHeader() . $this->getOutput() . $this->getFooter(); }",True,PHP,getFullOutput,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26144,"$dplArg = $this->wgRequest->getVal( $arg, '' ); if ( $dplArg == '' ) { $input = preg_replace( '/\{%' . $arg . ':(.*)%\}/U', '\1', $input ); $input = str_replace( '{%' . $arg . '%}', '', $input ); } else { $input = preg_replace( '/\{%' . $arg . ':.*%\}/U ', $dplArg, $input ); $input = str_replace( '{%' . $arg . '%}', $dplArg, $input ); } } return $input; }",True,PHP,getVal,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26147,"foreach ( $option as $_option ) { if ( $this->parameters->$parameter( $_option ) === false ) { $this->logger->addMessage( \DynamicPageListHooks::WARN_WRONGPARAM, $parameter, $_option ); } }",True,PHP,foreach,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26148,"public function __construct() { global $wgRequest; $this->DB = wfGetDB( DB_REPLICA, 'dpl' ); $this->parameters = new Parameters(); $this->logger = new Logger( $this->parameters->getData( 'debug' )['default'] ); $this->tableNames = Query::getTableNames(); $this->wgRequest = $wgRequest; }",True,PHP,__construct,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26150,"$parameter = strtolower( $parameter ); if ( empty( $parameter ) || substr( $parameter, 0, 1 ) == '#' || ( $this->parameters->exists( $parameter ) && !$this->parameters->testRichness( $parameter ) ) ) { continue; } if ( !$this->parameters->exists( $parameter ) ) { $this->logger->addMessage( \DynamicPageListHooks::WARN_UNKNOWNPARAM, $parameter, implode( ', ', $this->parameters->getParametersForRichness() ) ); continue; } if ( !strlen( $option ) ) { if ( $parameter != 'namespace' && $parameter != 'notnamespace' && $parameter != 'category' && $this->parameters->exists( $parameter ) ) { continue; } } $parameters[$parameter][] = $option; } return $parameters; }",True,PHP,strtolower,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26152,"$tokens = preg_split( '/ - */', $title ); $newKey = ''; foreach ( $tokens as $token ) { $initial = substr( $token, 0, 1 ); if ( $initial >= '1' && $initial <= '7' ) { $newKey .= $initial; $suit = substr( $token, 1 ); if ( $suit == '♣' ) { $newKey .= '1'; } elseif ( $suit == '♦' ) { $newKey .= '2'; } elseif ( $suit == '♥' ) { $newKey .= '3'; } elseif ( $suit == '♠' ) { $newKey .= '4'; } elseif ( strtolower( $suit ) == 'sa' || strtolower( $suit ) == 'nt' ) { $newKey .= '5 '; } else { $newKey .= $suit; } } elseif ( strtolower( $initial ) == 'p' ) { $newKey .= '0 '; } elseif ( strtolower( $initial ) == 'x' ) { $newKey .= '8 '; } else { $newKey .= $token; } } $sortKeys[$key] = $newKey; } asort( $sortKeys ); foreach ( $sortKeys as $oldKey => $newKey ) { $sortedArticles[] = $articles[$oldKey]; } return $sortedArticles; }",True,PHP,preg_split,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage_vendors () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); assign_to_template(array( 'vendors'=>$vendors )); }" 26155,private function setHeader( $header ) { if ( \DynamicPageListHooks::getDebugLevel() == 5 ) { $header = '
    ' . $header; } $this->header = $this->replaceVariables( $header ); },True,PHP,setHeader,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26157,"Variables::setVar( [ '', '', $argName, $argValue ] ); if ( defined( 'ExtVariables::VERSION' ) ) { \ExtVariables::get( $this->parser )->setVarValue( $argName, $argValue ); } } }",True,PHP,setVar,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26158,"private function triggerEndResets( $output, &$reset, &$eliminate, $isParserTag ) { global $wgHooks; $localParser = \MediaWiki\MediaWikiServices::getInstance()->getParserFactory()->create(); $parserOutput = $localParser->parse( $output, $this->parser->mTitle, $this->parser->mOptions ); if ( !is_array( $reset ) ) { $reset = []; } $reset = array_merge( $reset, (array)$this->parameters->getParameter( 'reset' ) ); if ( !is_array( $eliminate ) ) { $eliminate = []; } $eliminate = array_merge( $eliminate, (array)$this->parameters->getParameter( 'eliminate' ) ); if ( $isParserTag === true ) { if ( isset( $eliminate['templates'] ) && $eliminate['templates'] ) { $reset['templates'] = true; $eliminate['templates'] = false; } if ( isset( $eliminate['categories'] ) && $eliminate['categories'] ) { $reset['categories'] = true; $eliminate['categories'] = false; } if ( isset( $eliminate['images'] ) && $eliminate['images'] ) { $reset['images'] = true; $eliminate['images'] = false; } } else { if ( isset( $reset['templates'] ) && $reset['templates'] ) { \DynamicPageListHooks::$createdLinks['resetTemplates'] = true; } if ( isset( $reset['categories'] ) && $reset['categories'] ) { \DynamicPageListHooks::$createdLinks['resetCategories'] = true; } if ( isset( $reset['images'] ) && $reset['images'] ) { \DynamicPageListHooks::$createdLinks['resetImages'] = true; } } if ( ( $isParserTag === true && isset( $reset['links'] ) ) || $isParserTag === false ) { if ( isset( $reset['links'] ) ) { \DynamicPageListHooks::$createdLinks['resetLinks'] = true; } if ( !isset( $wgHooks['ParserAfterTidy'] ) || !is_array( $wgHooks['ParserAfterTidy'] ) || !in_array( 'DynamicPageListHooks::endReset', $wgHooks['ParserAfterTidy'] ) ) { $wgHooks['ParserAfterTidy'][] = 'DynamicPageListHooks::endReset'; } } if ( array_sum( $eliminate ) ) { if ( !isset( $wgHooks['ParserAfterTidy'] ) || !is_array( $wgHooks['ParserAfterTidy'] ) || !in_array( 'DynamicPageListHooks::endEliminate', $wgHooks['ParserAfterTidy'] ) ) { $wgHooks['ParserAfterTidy'][] = 'DynamicPageListHooks::endEliminate'; } if ( isset( $eliminate['links'] ) && $eliminate['links'] ) { \DynamicPageListHooks::$createdLinks[0] = []; foreach ( $parserOutput->getLinks() as $nsp => $link ) { \DynamicPageListHooks::$createdLinks[0][$nsp] = $link; } } if ( isset( $eliminate['templates'] ) && $eliminate['templates'] ) { \DynamicPageListHooks::$createdLinks[1] = []; foreach ( $parserOutput->getTemplates() as $nsp => $tpl ) { \DynamicPageListHooks::$createdLinks[1][$nsp] = $tpl; } } if ( isset( $eliminate['categories'] ) && $eliminate['categories'] ) { \DynamicPageListHooks::$createdLinks[2] = $parserOutput->mCategories; } if ( isset( $eliminate['images'] ) && $eliminate['images'] ) { \DynamicPageListHooks::$createdLinks[3] = $parserOutput->mImages; } } }",True,PHP,triggerEndResets,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26167,"Variables::setVar( [ '', '', $variable, $value ] ); if ( defined( 'ExtVariables::VERSION' ) ) { \ExtVariables::get( $this->parser )->setVarValue( $variable, $value ); } } }",True,PHP,setVar,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26168,"private function processQueryResults( $result ) { $randomCount = $this->parameters->getParameter( 'randomcount' ); if ( $randomCount > 0 ) { $nResults = $this->DB->numRows( $result ); if ( $randomCount > $nResults ) { $randomCount = $nResults; } $pick = range( 1, $nResults ); shuffle( $pick ); $pick = array_slice( $pick, 0, $randomCount ); } $articles = []; $i = 0; while ( $row = $result->fetchRow() ) { $i++; if ( $randomCount > 0 && !in_array( $i, $pick ) ) { continue; } if ( $this->parameters->getParameter( 'goal' ) == 'categories' ) { $pageNamespace = NS_CATEGORY; $pageTitle = $row['cl_to']; } elseif ( $this->parameters->getParameter( 'openreferences' ) ) { if ( count( $this->parameters->getParameter( 'imagecontainer' ) ) > 0 ) { $pageNamespace = NS_FILE; $pageTitle = $row['il_to']; } else { $pageNamespace = $row['pl_namespace']; $pageTitle = $row['pl_title']; } } else { $pageNamespace = $row['page_namespace']; $pageTitle = $row['page_title']; } if ( !$this->parameters->getParameter( 'includesubpages' ) && strpos( $pageTitle, '/' ) !== false ) { continue; } $title = \Title::makeTitle( $pageNamespace, $pageTitle ); $thisTitle = $this->parser->getTitle(); if ( $this->parameters->getParameter( 'skipthispage' ) && $thisTitle->equals( $title ) ) { continue; } $articles[] = Article::newFromRow( $row, $this->parameters, $title, $pageNamespace, $pageTitle ); } $this->DB->freeResult( $result ); return $articles; }",True,PHP,processQueryResults,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26170,private function getOutput() { return $this->output; },True,PHP,getOutput,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26171,"$cols = explode( '}:', $label ); if ( count( $cols ) <= 1 ) { if ( array_key_exists( $t, $_tableRow ) ) { $tableRow[$groupNr] = $_tableRow[$t]; } } else { $n = count( explode( ':', $cols[1] ) ); $colNr = -1; $t--; for ( $i = 1; $i <= $n; $i++ ) { $colNr++; $t++; if ( array_key_exists( $t, $_tableRow ) ) { $tableRow[$groupNr . '.' . $colNr] = $_tableRow[$t]; } } } } return $tableRow; }",True,PHP,explode,Parse.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26179,"private function _modifiedby( $option ) { $this->addTable( 'revision_actor_temp', 'change_rev' ); $user = new \User; $this->addWhere( $this->DB->addQuotes( $user->newFromName( $option )->getActorId() ) . ' = change_rev.revactor_actor AND change_rev.revactor_page = page_id' ); }",True,PHP,_modifiedby,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26180,"private function _minoredits( $option ) { if ( isset( $option ) && $option == 'exclude' ) { $this->addTable( 'revision', 'revision' ); $this->addWhere( 'revision.rev_minor_edit = 0' ); } }",True,PHP,_minoredits,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26182,"private function _minrevisions( $option ) { $this->addWhere( ""((SELECT count(rev_aux2.revactor_page) FROM {$this->tableNames['revision_actor_temp']} AS rev_aux2 WHERE rev_aux2.revactor_page = {$this->tableNames['page']}.page_id) >= {$option})"" ); }",True,PHP,_minrevisions,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26186,"private function _lastrevisionbefore( $option ) { $this->addTable( 'revision_actor_temp', 'rev' ); $this->addSelect( [ 'rev.revactor_rev', 'rev.revactor_timestamp' ] ); $this->addWhere( [ $this->tableNames['page'] . '.page_id = rev.revactor_page', 'rev.revactor_timestamp < ' . $this->convertTimestamp( $option ) ] ); $this->addWhere( [ $this->tableNames['page'] . '.page_id = rev.revactor_page', 'rev.revactor_timestamp = (SELECT MAX(rev_aux_bef.revactor_timestamp) FROM ' . $this->tableNames['revision_actor_temp'] . ' AS rev_aux_bef WHERE rev_aux_bef.revactor_page=rev.revactor_page AND rev_aux_bef.revactor_timestamp < ' . $this->convertTimestamp( $option ) . ')' ] ); }",True,PHP,_lastrevisionbefore,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26188,"private function _stablepages( $option ) { if ( function_exists( 'efLoadFlaggedRevs' ) ) { if ( !$this->parametersProcessed['qualitypages'] ) { $this->addJoin( 'flaggedpages', [ ""LEFT JOIN"", ""page_id = fp_page_id"" ] ); } switch ( $option ) { case 'only': $this->addWhere( [ 'fp_stable IS NOT NULL' ] ); break; case 'exclude': $this->addWhere( [ 'fp_stable' => null ] ); break; } } }",True,PHP,_stablepages,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26192,public function addOrderBy( $orderBy ) { if ( empty( $orderBy ) ) { throw new \MWException( __METHOD__ . ': An empty order by clause was passed.' ); } $this->orderBy[] = $orderBy; return true; },True,PHP,addOrderBy,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26194,"private function _createdby( $option ) { $this->addTable( 'revision', 'creation_rev' ); $this->addTable( 'revision_actor_temp', 'creation_rev_actor' ); $this->_adduser( null, 'creation_rev_actor' ); $user = new \User; $this->addWhere( [ $this->DB->addQuotes( $user->newFromName( $option )->getActorId() ) . ' = creation_rev_actor.revactor_actor', 'creation_rev_actor.revactor_page = page_id', 'creation_rev.rev_parent_id = 0' ] ); }",True,PHP,_createdby,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26199,private function _categoriesminmax( $option ) { if ( is_numeric( $option[0] ) ) { $this->addWhere( intval( $option[0] ) . ' <= (SELECT count(*) FROM ' . $this->tableNames['categorylinks'] . ' WHERE ' . $this->tableNames['categorylinks'] . '.cl_from=page_id)' ); } if ( is_numeric( $option[1] ) ) { $this->addWhere( intval( $option[1] ) . ' >= (SELECT count(*) FROM ' . $this->tableNames['categorylinks'] . ' WHERE ' . $this->tableNames['categorylinks'] . '.cl_from=page_id)' ); } },True,PHP,_categoriesminmax,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26200,"private function _namespace( $option ) { $option === 0 ?? $option = '0'; if ( is_array( $option ) && count( $option ) ) { if ( $this->parameters->getParameter( 'openreferences' ) ) { $this->addWhere( [ ""{$this->tableNames['pagelinks']}.pl_namespace"" => $option ] ); } else { $this->addWhere( [ ""{$this->tableNames['page']}.page_namespace"" => $option ] ); } } }",True,PHP,_namespace,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26201,"public function __construct( Parameters $parameters ) { $this->parameters = $parameters; $this->tableNames = self::getTableNames(); $this->DB = wfGetDB( DB_REPLICA, 'dpl' ); }",True,PHP,__construct,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26202,"private function _addeditdate( $option ) { $this->addTable( 'revision_actor_temp', 'rev' ); $this->addSelect( [ 'rev.revactor_timestamp' ] ); $this->addWhere( [ $this->tableNames['page'] . '.page_id = rev.revactor_page', ] ); }",True,PHP,_addeditdate,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26204,"private function _notcreatedby( $option ) { $this->addTable( 'revision', 'no_creation_rev' ); $this->addTable( 'revision_actor_temp', 'no_creation_rev_actor' ); $user = new \User; $this->addWhere( $this->DB->addQuotes( $user->newFromName( $option )->getActorId() ) . ' != no_creation_rev_actor.revactor_actor AND no_creation_rev_actor.revactor_page = page_id AND no_creation_rev.rev_parent_id = 0' ); }",True,PHP,_notcreatedby,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26205,private function _lastmodifiedby( $option ) { $user = new \User; $this->addWhere( $this->DB->addQuotes( $user->newFromName( $option )->getActorId() ) . ' = (SELECT revactor_actor FROM ' . $this->tableNames['revision_actor_temp'] . ' WHERE ' . $this->tableNames['revision_actor_temp'] . '.revactor_page=page_id ORDER BY ' . $this->tableNames['revision_actor_temp'] . '.revactor_timestamp DESC LIMIT 1)' ); },True,PHP,_lastmodifiedby,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26209,public function addGroupBy( $groupBy ) { if ( empty( $groupBy ) ) { throw new \MWException( __METHOD__ . ': An empty group by clause was passed.' ); } $this->groupBy[] = $groupBy; return true; },True,PHP,addGroupBy,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26210,"private function _qualitypages( $option ) { if ( function_exists( 'efLoadFlaggedRevs' ) ) { if ( !$this->parametersProcessed['stablepages'] ) { $this->addJoin( 'flaggedpages', [ ""LEFT JOIN"", ""page_id = fp_page_id"" ] ); } switch ( $option ) { case 'only': $this->addWhere( 'fp_quality >= 1' ); break; case 'exclude': $this->addWhere( 'fp_quality = 0' ); break; } } }",True,PHP,_qualitypages,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26215,"private function _maxrevisions( $option ) { $this->addWhere( ""((SELECT count(rev_aux3.revactor_page) FROM {$this->tableNames['revision_actor_temp']} AS rev_aux3 WHERE rev_aux3.revactor_page = {$this->tableNames['page']}.page_id) <= {$option})"" ); }",True,PHP,_maxrevisions,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26217,"public function addJoin( $tableAlias, $joinConditions ) { if ( empty( $tableAlias ) || empty( $joinConditions ) ) { throw new \MWException( __METHOD__ . ': An empty join clause was passed.' ); } if ( isset( $this->join[$tableAlias] ) ) { throw new \MWException( __METHOD__ . ': Attempted to overwrite existing join clause.' ); } $this->join[$tableAlias] = $joinConditions; return true; }",True,PHP,addJoin,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26219,"$options['LIMIT'] = $this->parameters->getParameter( 'count' ); } if ( $this->parameters->getParameter( 'openreferences' ) ) { if ( count( $this->parameters->getParameter( 'imagecontainer' ) ) > 0 ) { $tables = [ 'ic' => 'imagelinks' ]; } else { $this->addSelect( [ 'pl_namespace', 'pl_title' ] ); $tables = [ 'pagelinks' ]; } } else { $tables = $this->tables; if ( count( $this->groupBy ) ) { $options['GROUP BY'] = $this->groupBy; } if ( count( $this->orderBy ) ) { $options['ORDER BY'] = $this->orderBy; foreach ( $options['ORDER BY'] as $key => $value ) { $options['ORDER BY'][$key] .= "" "" . $this->direction; } } } if ( $this->parameters->getParameter( 'goal' ) == 'categories' ) { $categoriesGoal = true; $select = [ $this->tableNames['page'] . '.page_id' ]; $options[] = 'DISTINCT'; } else { if ( $calcRows ) { $options[] = 'SQL_CALC_FOUND_ROWS'; } if ( $this->distinct ) { $options[] = 'DISTINCT'; } $categoriesGoal = false; $select = $this->select; } $queryError = false; try { if ( $categoriesGoal ) { $result = $this->DB->select( $tables, $select, $this->where, __METHOD__, $options, $this->join ); while ( $row = $result->fetchRow() ) { $pageIds[] = $row['page_id']; } $sql = $this->DB->selectSQLText( [ 'clgoal' => 'categorylinks' ], [ 'clgoal.cl_to' ], [ 'clgoal.cl_from' => $pageIds ], __METHOD__, [ 'ORDER BY' => 'clgoal.cl_to ' . $this->direction ] ); } else { $sql = $this->DB->selectSQLText( $tables, $select, $this->where, __METHOD__, $options, $this->join ); } $this->sqlQuery = $sql; $result = $this->DB->query( $sql, __METHOD__ ); if ( $calcRows ) { $calcRowsResult = $this->DB->query( 'SELECT FOUND_ROWS() AS rowcount', __METHOD__ ); $total = $this->DB->fetchRow( $calcRowsResult ); $this->foundRows = intval( $total['rowcount'] ); $this->DB->freeResult( $calcRowsResult ); } } catch ( Exception $e ) { $queryError = true; } if ( $queryError == true || $result === false ) { throw new \MWException( __METHOD__ . "": "" . wfMessage( 'dpl_query_error', DPL_VERSION, $this->DB->lastError() )->text() ); } return $result; }",True,PHP,getParameter,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26221,"private function _addfirstcategorydate( $option ) { $this->addSelect( [ 'cl_timestamp' => ""DATE_FORMAT(cl1.cl_timestamp, '%Y%m%d%H%i%s')"" ] ); }",True,PHP,_addfirstcategorydate,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26223,"private function _adduser( $option, $tableAlias = '' ) { $tableAlias = ( !empty( $tableAlias ) ? $tableAlias . '.' : '' ); $this->addSelect( [ $tableAlias . 'revactor_actor', ] ); }",True,PHP,_adduser,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26227,"private function _allrevisionsbefore( $option ) { $this->addTable( 'revision_actor_temp', 'rev' ); $this->addSelect( [ 'rev.revactor_rev', 'rev.revactor_timestamp' ] ); $this->addOrderBy( 'rev.revactor_rev' ); $this->setOrderDir( 'DESC' ); $this->addWhere( [ $this->tableNames['page'] . '.page_id = rev.revactor_page', 'rev.revactor_timestamp < ' . $this->convertTimestamp( $option ) ] ); }",True,PHP,_allrevisionsbefore,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26230,"private function _addlasteditor( $option ) { if ( !isset( $this->parametersProcessed['addauthor'] ) || !$this->parametersProcessed['addauthor'] ) { $this->addTable( 'revision_actor_temp', 'rev' ); $this->addWhere( [ $this->tableNames['page'] . '.page_id = rev.revactor_page', 'rev.revactor_timestamp = (SELECT MAX(rev_aux_max.revactor_timestamp) FROM ' . $this->tableNames['revision_actor_temp'] . ' AS rev_aux_max WHERE rev_aux_max.revactor_page = rev.revactor_page)' ] ); $this->_adduser( null, 'rev' ); } }",True,PHP,_addlasteditor,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26237,private function _hiddencategories( $option ) { },True,PHP,_hiddencategories,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26238,"public function addSelect( $fields ) { if ( !is_array( $fields ) ) { throw new \MWException( __METHOD__ . ': A non-array was passed.' ); } foreach ( $fields as $alias => $field ) { if ( !is_numeric( $alias ) && array_key_exists( $alias, $this->select ) && $this->select[$alias] != $field ) { throw new \MWException( __METHOD__ . "": Attempted to overwrite existing field alias `{$this->select[$alias]}` AS `{$alias}` with `{$field}` AS `{$alias}`."" ); } if ( !is_numeric( $alias ) && !array_key_exists( $alias, $this->select ) ) { $this->select[$alias] = $field; } if ( is_numeric( $alias ) && !isset( $this->selectedFields[$field] ) ) { $this->select[] = $field; $this->selectedFields[$field] = true; } } return true; }",True,PHP,addSelect,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26240,private function convertTimestamp( $inputDate ) { $timestamp = $inputDate; switch ( $inputDate ) { case 'today': $timestamp = date( 'YmdHis' ); break; case 'last hour': $date = new \DateTime(); $date->sub( new \DateInterval( 'P1H' ) ); $timestamp = $date->format( 'YmdHis' ); break; case 'last day': $date = new \DateTime(); $date->sub( new \DateInterval( 'P1D' ) ); $timestamp = $date->format( 'YmdHis' ); break; case 'last week': $date = new \DateTime(); $date->sub( new \DateInterval( 'P7D' ) ); $timestamp = $date->format( 'YmdHis' ); break; case 'last month': $date = new \DateTime(); $date->sub( new \DateInterval( 'P1M' ) ); $timestamp = $date->format( 'YmdHis' ); break; case 'last year': $date = new \DateTime(); $date->sub( new \DateInterval( 'P1Y' ) ); $timestamp = $date->format( 'YmdHis' ); break; } if ( is_numeric( $timestamp ) ) { return $this->DB->addQuotes( $timestamp ); } return 0; },True,PHP,convertTimestamp,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26242,private function _notmodifiedby( $option ) { $user = new \User; $this->addWhere( 'NOT EXISTS (SELECT 1 FROM ' . $this->tableNames['revision_actor_temp'] . ' WHERE ' . $this->tableNames['revision_actor_temp'] . '.revactor_page=page_id AND ' . $this->tableNames['revision_actor_temp'] . '.revactor_actor = ' . $this->DB->addQuotes( $user->newFromName( $option )->getActorId() ) . ' LIMIT 1)' ); },True,PHP,_notmodifiedby,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26247,"$this->where = array_merge( $this->where, $where ); } else { throw new \MWException( __METHOD__ . ': An invalid where clause was passed.' ); return false; } return true; }",True,PHP,array_merge,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26248,private function _notlastmodifiedby( $option ) { $user = new \User; $this->addWhere( $this->DB->addQuotes( $user->newFromName( $option )->getActorId() ) . ' != (SELECT revactor_actor FROM ' . $this->tableNames['revision_actor_temp'] . ' WHERE ' . $this->tableNames['revision_actor_temp'] . '.revactor_page=page_id ORDER BY ' . $this->tableNames['revision_actor_temp'] . '.revactor_timestamp DESC LIMIT 1)' ); },True,PHP,_notlastmodifiedby,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26250,"public static function getSubcategories( $categoryName, $depth = 1 ) { $DB = wfGetDB( DB_REPLICA, 'dpl' ); if ( $depth > 2 ) { $depth = 2; } $categories = []; $result = $DB->select( [ 'page', 'categorylinks' ], [ 'page_title' ], [ 'page_namespace' => intval( NS_CATEGORY ), 'categorylinks.cl_to' => str_replace( ' ', '_', $categoryName ) ], __METHOD__, [ 'DISTINCT' ], [ 'categorylinks' => [ 'INNER JOIN', 'page.page_id = categorylinks.cl_from' ] ] ); while ( $row = $result->fetchRow() ) { $categories[] = $row['page_title']; if ( $depth > 1 ) { $categories = array_merge( $categories, self::getSubcategories( $row['page_title'], $depth - 1 ) ); } } $categories = array_unique( $categories ); $DB->freeResult( $result ); return $categories; }",True,PHP,getSubcategories,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26252,"private function _notlinksto( $option ) { if ( $this->parameters->getParameter( 'distinct' ) == 'strict' ) { $this->addGroupBy( 'page_title' ); } if ( count( $option ) ) { $where = $this->tableNames['page'] . '.page_id NOT IN (SELECT ' . $this->tableNames['pagelinks'] . '.pl_from FROM ' . $this->tableNames['pagelinks'] . ' WHERE '; $ors = []; foreach ( $option as $linkGroup ) { foreach ( $linkGroup as $link ) { $_or = '(' . $this->tableNames['pagelinks'] . '.pl_namespace=' . intval( $link->getNamespace() ); if ( strpos( $link->getDbKey(), '%' ) >= 0 ) { $operator = 'LIKE'; } else { $operator = '='; } if ( $this->parameters->getParameter( 'ignorecase' ) ) { $_or .= ' AND LOWER(CAST(' . $this->tableNames['pagelinks'] . '.pl_title AS char)) ' . $operator . ' LOWER(' . $this->DB->addQuotes( $link->getDbKey() ) . '))'; } else { $_or .= ' AND ' . $this->tableNames['pagelinks'] . '.pl_title ' . $operator . ' ' . $this->DB->addQuotes( $link->getDbKey() ) . ')'; } $ors[] = $_or; } } $where .= '(' . implode( ' OR ', $ors ) . '))'; } $this->addWhere( $where ); }",True,PHP,_notlinksto,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26254,"private function _titlegt( $option ) { $where = '('; if ( substr( $option, 0, 2 ) == '=_' ) { if ( $this->parameters->getParameter( 'openreferences' ) ) { $where .= 'pl_title >= ' . $this->DB->addQuotes( substr( $sTitleGE, 2 ) ); } else { $where .= $this->tableNames['page'] . '.page_title >= ' . $this->DB->addQuotes( substr( $option, 2 ) ); } } else { if ( $this->parameters->getParameter( 'openreferences' ) ) { $where .= 'pl_title > ' . $this->DB->addQuotes( $option ); } else { $where .= $this->tableNames['page'] . '.page_title > ' . $this->DB->addQuotes( $option ); } } $where .= ')'; $this->addWhere( $where ); }",True,PHP,_titlegt,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26255,"private function _notuses( $option ) { if ( count( $option ) > 0 ) { $where = $this->tableNames['page'] . '.page_id NOT IN (SELECT ' . $this->tableNames['templatelinks'] . '.tl_from FROM ' . $this->tableNames['templatelinks'] . ' WHERE ('; $ors = []; foreach ( $option as $linkGroup ) { foreach ( $linkGroup as $link ) { $_or = '(' . $this->tableNames['templatelinks'] . '.tl_namespace=' . intval( $link->getNamespace() ); if ( $this->parameters->getParameter( 'ignorecase' ) ) { $_or .= ' AND LOWER(CAST(' . $this->tableNames['templatelinks'] . '.tl_title AS char))=LOWER(' . $this->DB->addQuotes( $link->getDbKey() ) . '))'; } else { $_or .= ' AND ' . $this->tableNames['templatelinks'] . '.tl_title=' . $this->DB->addQuotes( $link->getDbKey() ) . ')'; } $ors[] = $_or; } } $where .= implode( ' OR ', $ors ) . '))'; } $this->addWhere( $where ); }",True,PHP,_notuses,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26258,"private function _allrevisionssince( $option ) { $this->addTable( 'revision_actor_temp', 'rev' ); $this->addSelect( [ 'rev.revactor_rev', 'rev.revactor_timestamp' ] ); $this->addOrderBy( 'rev.revactor_rev' ); $this->setOrderDir( 'DESC' ); $this->addWhere( [ $this->tableNames['page'] . '.page_id = rev.revactor_page', 'rev.revactor_timestamp >= ' . $this->convertTimestamp( $option ) ] ); }",True,PHP,_allrevisionssince,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26261,"private function _addcontribution( $option ) { $this->addTable( 'recentchanges', 'rc' ); $field = 'rc.rc_actor'; $this->addSelect( [ 'contribution' => 'SUM(ABS(rc.rc_new_len - rc.rc_old_len))', 'contributor' => $field ] ); $this->addWhere( [ $this->tableNames['page'] . '.page_id = rc.rc_cur_id' ] ); $this->addGroupBy( 'rc.rc_cur_id' ); }",True,PHP,_addcontribution,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26263,"private function _firstrevisionsince( $option ) { $this->addTable( 'revision_actor_temp', 'rev' ); $this->addSelect( [ 'rev.revactor_rev', 'rev.revactor_timestamp' ] ); $this->addWhere( [ $this->tableNames['page'] . '.page_id = rev.revactor_page', 'rev.revactor_timestamp >= ' . $this->DB->addQuotes( $option ) ] ); $this->addWhere( [ $this->tableNames['page'] . '.page_id = rev.revactor_page', 'rev.revactor_timestamp = (SELECT MIN(rev_aux_snc.revactor_timestamp) FROM ' . $this->tableNames['revision_actor_temp'] . ' AS rev_aux_snc WHERE rev_aux_snc.revactor_page=rev.revactor_page AND rev_aux_snc.revactor_timestamp >= ' . $this->convertTimestamp( $option ) . ')' ] ); }",True,PHP,_firstrevisionsince,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26266,"public function addTable( $table, $alias ) { if ( empty( $table ) ) { throw new \MWException( __METHOD__ . ': An empty table name was passed.' ); } if ( empty( $alias ) || is_numeric( $alias ) ) { throw new \MWException( __METHOD__ . ': An empty or numeric table alias was passed.' ); } if ( !isset( $this->tables[$alias] ) ) { $this->tables[$alias] = $this->DB->tableName( $table ); return true; } else { return false; } }",True,PHP,addTable,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26267,"private function _addauthor( $option ) { if ( !isset( $this->parametersProcessed['addlasteditor'] ) || !$this->parametersProcessed['addlasteditor'] ) { $this->addTable( 'revision_actor_temp', 'rev' ); $this->addWhere( [ $this->tableNames['page'] . '.page_id = rev.revactor_page', 'rev.revactor_timestamp = (SELECT MIN(rev_aux_min.revactor_timestamp) FROM ' . $this->tableNames['revision_actor_temp'] . ' AS rev_aux_min WHERE rev_aux_min.revactor_page = rev.revactor_page)' ] ); $this->_adduser( null, 'rev' ); } }",True,PHP,_addauthor,Query.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26273,"public static function setArray( $arg ) { $numargs = count( $arg ); if ( $numargs < 5 ) { return ''; } $var = trim( $arg[2] ); $value = $arg[3]; $delimiter = $arg[4]; if ( $var == '' ) { return ''; } if ( $value == '' ) { self::$memoryArray[$var] = []; return; } if ( $delimiter == '' ) { self::$memoryArray[$var] = [ $value ]; return; } if ( 0 !== strpos( $delimiter, '/' ) || ( strlen( $delimiter ) - 1 ) !== strrpos( $delimiter, '/' ) ) { $delimiter = '/\s*' . $delimiter . '\s*/'; } self::$memoryArray[$var] = preg_split( $delimiter, $value ); return ""value={$value}, delimiter={$delimiter},"" . count( self::$memoryArray[$var] ); }",True,PHP,setArray,Variables.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26275,"$temp_result_value = str_replace( $search, $v, $subject ); $rendered_values[] = $temp_result_value; } return [ implode( $delimiter, $rendered_values ), 'noparse' => false, 'isHTML' => false ]; }",True,PHP,str_replace,Variables.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26279,"public static function dumpArray( $arg ) { $numargs = count( $arg ); if ( $numargs < 3 ) { return ''; } $var = trim( $arg[2] ); $text = "" array {$var} = {""; $n = 0; if ( array_key_exists( $var, self::$memoryArray ) ) { foreach ( self::$memoryArray[$var] as $value ) { if ( $n++ > 0 ) { $text .= ', '; } $text .= ""{$value}""; } } return $text . ""}\n""; }",True,PHP,dumpArray,Variables.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function manage () { expHistory::set('viewable', $this->params); $vendor = new vendor(); $vendors = $vendor->find('all'); if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } assign_to_template(array( 'purchase_orders'=>$purchase_orders, 'vendors' => $vendors, 'vendor_id' => @$this->params['vendor'] )); }"
26281,"public function setListAttributes( $attributes ) { $this->listAttributes = \Sanitizer::fixTagAttributes( $attributes, 'ul' ); }",True,PHP,setListAttributes,Heading.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26283,"} elseif ( $rowSize > 0 ) { $nstart = 0; $nsize = $rowSize; $count = count( $articles ); $output .= '{|' . $rowColFormat . ""\n|\n""; do { if ( $nstart + $nsize > $count ) { $nsize = $count - $nstart; } $output .= $lister->formatList( $articles, $nstart, $nsize ); $output .= ""\n|-\n|\n""; $nstart = $nstart + $nsize; if ( $nstart >= $count ) { break; } } while ( true ); $output .= ""\n|}\n""; } else {",True,PHP,elseif,Heading.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26286,"public function setItemAttributes( $attributes ) { $this->itemAttributes = \Sanitizer::fixTagAttributes( $attributes, 'li' ); }",True,PHP,setItemAttributes,Heading.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26287,"public static function newFromStyle( $style, \DPL\Parameters $parameters ) { $style = strtolower( $style ); switch ( $style ) { case 'definition': $class = 'DefinitionHeading'; break; case 'h1': case 'h2': case 'h3': case 'h4': case 'h5': case 'h6': case 'header': $class = 'TieredHeading'; break; case 'ordered': $class = 'OrderedHeading'; break; case 'unordered': $class = 'UnorderedHeading'; break; default: return null; break; } $class = '\DPL\Heading\\' . $class; return new $class( $parameters ); }",True,PHP,newFromStyle,Heading.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26291,"$rest = $count - ( floor( $nsize ) * floor( $iGroup ) ); if ( $rest > 0 ) { $nsize += 1; } $output .= ""{|"" . $rowColFormat . ""\n|\n""; for ( $g = 0; $g < $iGroup; $g++ ) { $output .= $lister->formatList( $articles, $nstart, $nsize ); if ( $columns != 1 ) { $output .= ""\n|valign=top|\n""; } else { $output .= ""\n|-\n|\n""; } $nstart = $nstart + $nsize; if ( $nstart + $nsize > $count ) { $nsize = $count - $nstart; } } $output .= ""\n|}\n""; } elseif ( $rowSize > 0 ) {",True,PHP,floor,Heading.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26295,"return ""__NOTOC____NOEDITSECTION__"" . \CategoryViewer::shortList( $articleLinks, $articleStartChars ); } return ''; }",True,PHP,shortList,CategoryList.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26298,"public function formatItem( Article $article, $pageText = null ) { $item = $article->mTitle; if ( $pageText !== null ) { $item .= $pageText; } $item = $this->getItemStart() . $item . $this->itemEnd; $item = $this->replaceTagParameters( $item, $article ); return $item; }",True,PHP,formatItem,GalleryList.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26300,"public function __construct( \DPL\Parameters $parameters, \Parser $parser ) { parent::__construct( $parameters, $parser ); $this->textSeparator = $parameters->getParameter( 'inlinetext' ); }",True,PHP,__construct,InlineList.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26301,"public function __construct( \DPL\Parameters $parameters, \Parser $parser ) { $this->setHeadListAttributes( $parameters->getParameter( 'hlistattr' ) ); $this->setHeadItemAttributes( $parameters->getParameter( 'hitemattr' ) ); $this->setListAttributes( $parameters->getParameter( 'listattr' ) ); $this->setItemAttributes( $parameters->getParameter( 'itemattr' ) ); $this->setDominantSectionCount( $parameters->getParameter( 'dominantsection' ) ); $this->setTemplateSuffix( $parameters->getParameter( 'defaulttemplatesuffix' ) ); $this->setTrimIncluded( $parameters->getParameter( 'includetrim' ) ); $this->setTableSortColumn( $parameters->getParameter( 'tablesortcol' ) ); $this->setTableSortMethod($parameters->getParameter('tablesortmethod')); $this->setTitleMaxLength( $parameters->getParameter( 'titlemaxlen' ) ); $this->setEscapeLinks( $parameters->getParameter( 'escapelinks' ) ); $this->setSectionSeparators( $parameters->getParameter( 'secseparators' ) ); $this->setMultiSectionSeparators( $parameters->getParameter( 'multisecseparators' ) ); $this->setIncludePageText( $parameters->getParameter( 'incpage' ) ); $this->setIncludePageMaxLength( $parameters->getParameter( 'includemaxlen' ) ); $this->setPageTextMatch( (array)$parameters->getParameter( 'seclabels' ) ); $this->setPageTextMatchRegex( (array)$parameters->getParameter( 'seclabelsmatch' ) ); $this->setPageTextMatchNotRegex( (array)$parameters->getParameter( 'seclabelsnotmatch' ) ); $this->setIncludePageParsed( $parameters->getParameter( 'incparsed' ) ); $this->parameters = $parameters; $this->parser = clone $parser; }",True,PHP,__construct,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26302,"public function setItemAttributes( $attributes ) { $this->itemAttributes = \Sanitizer::fixTagAttributes( $attributes, 'li' ); }",True,PHP,setItemAttributes,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26304,"public function setHeadListAttributes( $attributes ) { $this->headListAttributes = \Sanitizer::fixTagAttributes( $attributes, 'ul' ); }",True,PHP,setHeadListAttributes,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26305,"protected function replaceTagParameters( $tag, Article $article ) { $contLang = MediaWikiServices::getInstance()->getContentLanguage(); $namespaces = $contLang->getNamespaces(); if ( strpos( $tag, '%' ) === false ) { return $tag; } $imageUrl = $this->parseImageUrlWithPath( $article ); $pagename = $article->mTitle->getPrefixedText(); if ( $this->getEscapeLinks() && ( $article->mNamespace == NS_CATEGORY || $article->mNamespace == NS_FILE ) ) { $pagename = ':' . $pagename; } $tag = str_replace( '%PAGE%', $pagename, $tag ); $tag = str_replace( '%PAGEID%', $article->mID, $tag ); $tag = str_replace( '%NAMESPACE%', $namespaces[$article->mNamespace], $tag ); $tag = str_replace( '%IMAGE%', $imageUrl, $tag ); $tag = str_replace( '%EXTERNALLINK%', $article->mExternalLink, $tag ); $tag = str_replace( '%EDITSUMMARY%', $article->mComment, $tag ); $title = $article->mTitle->getText(); $replaceInTitle = $this->getParameters()->getParameter( 'replaceintitle' ); if ( is_array( $replaceInTitle ) && count( $replaceInTitle ) === 2 ) { $title = preg_replace( $replaceInTitle[0], $replaceInTitle[1], $title ); } $titleMaxLength = $this->getTitleMaxLength(); if ( $titleMaxLength !== null && ( strlen( $title ) > $titleMaxLength ) ) { $title = substr( $title, 0, $titleMaxLength ) . '...'; } $tag = str_replace( '%TITLE%', $title, $tag ); $tag = str_replace( '%COUNT%', $article->mCounter, $tag ); $tag = str_replace( '%COUNTFS%', floor( log( $article->mCounter ) * 0.7 ), $tag ); $tag = str_replace( '%COUNTFS2%', floor( sqrt( log( $article->mCounter ) ) ), $tag ); $tag = str_replace( '%SIZE%', $article->mSize, $tag ); $tag = str_replace( '%SIZEFS%', floor( sqrt( log( $article->mSize ) ) * 2.5 - 5 ), $tag ); $tag = str_replace( '%DATE%', $article->getDate(), $tag ); $tag = str_replace( '%REVISION%', $article->mRevision, $tag ); $tag = str_replace( '%CONTRIBUTION%', $article->mContribution, $tag ); $tag = str_replace( '%CONTRIB%', $article->mContrib, $tag ); $tag = str_replace( '%CONTRIBUTOR%', $article->mContributor, $tag ); $tag = str_replace( '%USER%', $article->mUser, $tag ); if ( $article->mSelTitle != null ) { if ( $article->mSelNamespace == 0 ) { $tag = str_replace( '%PAGESEL%', str_replace( '_', ' ', $article->mSelTitle ), $tag ); } else { $tag = str_replace( '%PAGESEL%', $namespaces[$article->mSelNamespace] . ':' . str_replace( '_', ' ', $article->mSelTitle ), $tag ); } } $tag = str_replace( '%IMAGESEL%', str_replace( '_', ' ', $article->mImageSelTitle ), $tag ); $tag = $this->replaceTagCategory( $tag, $article ); return $tag; }",True,PHP,replaceTagParameters,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26308,"public function formatTemplateArg( $arg, $s, $argNr, $firstCall, $maxLength, Article $article ) { $tableFormat = $this->getParameters()->getParameter( 'tablerow' ); if ( array_key_exists( ""$s.$argNr"", $tableFormat ) ) { $n = -1; if ( $s >= 1 && $argNr == 0 && !$firstCall ) { $n = strpos( $tableFormat[""$s.$argNr""], '|' ); if ( $n === false || !( strpos( substr( $tableFormat[""$s.$argNr""], 0, $n ), '{' ) === false ) || !( strpos( substr( $tableFormat[""$s.$argNr""], 0, $n ), '[' ) === false ) ) { $n = -1; } } $result = str_replace( '%%', $arg, substr( $tableFormat[""$s.$argNr""], $n + 1 ) ); $result = str_replace( '%PAGE%', $article->mTitle->getPrefixedText(), $result ); $result = str_replace( '%IMAGE%', $this->parseImageUrlWithPath( $arg ), $result ); $result = $this->cutAt( $maxLength, $result ); if ( strlen( $result ) > 0 && $result[0] == '-' ) { return ' ' . $result; } else { return $result; } } $result = $this->cutAt( $maxLength, $arg ); if ( strlen( $result ) > 0 && $result[0] == '-' ) { return ' ' . $result; } else { return $result; } }",True,PHP,formatTemplateArg,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26310,"protected function replaceTagCount( $tag, $nr ) { return str_replace( '%NR%', $nr, $tag ); }",True,PHP,replaceTagCount,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26313,public function setMultiSectionSeparators( ?array $separators ) { $this->multiSectionSeparators = (array)$separators ?? []; },True,PHP,setMultiSectionSeparators,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26317,public function setSectionSeparators( ?array $separators ) { $this->sectionSeparators = (array)$separators ?? []; },True,PHP,setSectionSeparators,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26322,"public function setHeadItemAttributes( $attributes ) { $this->headItemAttributes = \Sanitizer::fixTagAttributes( $attributes, 'li' ); }",True,PHP,setHeadItemAttributes,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26323,"public function formatItem( Article $article, $pageText = null ) { global $wgLang; $item = ''; $date = $article->getDate(); if ( $date !== null ) { $item .= $date . ' '; if ( $article->mRevision !== null ) { $item .= '[{{fullurl:' . $article->mTitle . '|oldid=' . $article->mRevision . '}} ' . htmlspecialchars( $article->mTitle ) . ']'; } else { $item .= $article->mLink; } } else { $item .= $article->mLink; } if ( $article->mSize != null ) { $byte = 'B'; $pageLength = $wgLang->formatNum( $article->mSize ); $item .= "" [{$pageLength} {$byte}]""; } if ( $article->mCounter !== null ) { $contLang = MediaWikiServices::getInstance()->getContentLanguage(); $item .= ' ' . $contLang->getDirMark() . '(' . wfMessage( 'hitcounters-nviews', $wgLang->formatNum( $article->mCounter ) )->escaped() . ')'; } if ( $article->mUserLink !== null ) { $item .= ' . . [[User:' . $article->mUser . '|' . $article->mUser . ']]'; if ( $article->mComment != '' ) { $item .= ' { ' . $article->mComment . ' }'; } } if ( $article->mContributor !== null ) { $item .= ' . . [[User:' . $article->mContributor . '|' . $article->mContributor . "" $article->mContrib]]""; } if ( !empty( $article->mCategoryLinks ) ) { $item .= ' . . ' . wfMessage( 'categories' ) . ': ' . implode( ' | ', $article->mCategoryLinks ) . ''; } if ( $this->getParameters()->getParameter( 'addexternallink' ) && $article->mExternalLink !== null ) { $item .= ' → ' . $article->mExternalLink; } if ( $pageText !== null ) { $item .= $pageText; } $item = $this->getItemStart() . $item . $this->getItemEnd(); $item = $this->replaceTagParameters( $item, $article ); return $item; }",True,PHP,formatItem,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26324,"public static function newFromStyle( $style, \DPL\Parameters $parameters, \Parser $parser ) { $style = strtolower( $style ); switch ( $style ) { case 'category': $class = 'CategoryList'; break; case 'definition': $class = 'DefinitionList'; break; case 'gallery': $class = 'GalleryList'; break; case 'inline': $class = 'InlineList'; break; case 'ordered': $class = 'OrderedList'; break; case 'subpage': $class = 'SubPageList'; break; default: case 'unordered': $class = 'UnorderedList'; break; case 'userformat': $class = 'UserFormatList'; break; } $class = '\DPL\Lister\\' . $class; return new $class( $parameters, $parser ); }",True,PHP,newFromStyle,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26326,public function setPageTextMatchNotRegex( array $pageTextMatchNotRegex = [] ) { $this->pageTextMatchNotRegex = (array)$pageTextMatchNotRegex; },True,PHP,setPageTextMatchNotRegex,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26329,"public function setListAttributes( $attributes ) { $this->listAttributes = \Sanitizer::fixTagAttributes( $attributes, 'ul' ); }",True,PHP,setListAttributes,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26330,public function setPageTextMatch( array $pageTextMatch = [] ) { $this->pageTextMatch = (array)$pageTextMatch; },True,PHP,setPageTextMatch,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26331,public function setPageTextMatchRegex( array $pageTextMatchRegex = [] ) { $this->pageTextMatchRegex = (array)$pageTextMatchRegex; },True,PHP,setPageTextMatchRegex,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26332,"} elseif ( $sSecLabel[0] == '#' || $sSecLabel[0] == '@' ) { $sectionHeading[0] = substr( $sSecLabel, 1 ); $secPieces = LST::includeHeading( $this->parser, $article->mTitle->getPrefixedText(), substr( $sSecLabel, 1 ), '', $sectionHeading, false, $maxLength, $cutLink, $this->getTrimIncluded(), $skipPattern ); if ( $mustMatch != '' || $mustNotMatch != '' ) { $secPiecesTmp = $secPieces; $offset = 0; foreach ( $secPiecesTmp as $nr => $onePiece ) { if ( ( $mustMatch != '' && preg_match( $mustMatch, $onePiece ) == false ) || ( $mustNotMatch != '' && preg_match( $mustNotMatch, $onePiece ) != false ) ) { array_splice( $secPieces, $nr - $offset, 1 ); $offset++; } } } if ( $maxLength == 0 ) { $secPieces = [ '' ]; } $this->replaceTagTableRow( $secPieces, $s, $article ); if ( !array_key_exists( 0, $secPieces ) ) { if ( $mustMatch != '' || $mustNotMatch != '' ) { $matchFailed = true; } break; } $secPiece[$s] = $secPieces[0]; for ( $sp = 1; $sp < count( $secPieces ); $sp++ ) { if ( isset( $this->multiSectionSeparators[$s] ) ) { $secPiece[$s] .= str_replace( '%SECTION%', $sectionHeading[$sp], $this->replaceTagCount( $this->multiSectionSeparators[$s], $filteredCount ) ); } $secPiece[$s] .= $secPieces[$sp]; } if ( $this->getDominantSectionCount() >= 0 && $s == $this->getDominantSectionCount() && count( $secPieces ) > 1 ) { $dominantPieces = $secPieces; } if ( ( $mustMatch != '' || $mustNotMatch != '' ) && count( $secPieces ) <= 0 ) { $matchFailed = true; break; } } elseif ( $sSecLabel[0] == '{' ) {",True,PHP,elseif,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26337,"} elseif ( $sSecLabel[0] == '{' ) { $template1 = trim( substr( $sSecLabel, 1, strpos( $sSecLabel, '}' ) - 1 ) ); $template2 = trim( str_replace( '}', '', substr( $sSecLabel, 1 ) ) ); if ( $template2 == $template1 && strpos( $template1, '|' ) > 0 ) { $template1 = preg_replace( '/\|.*/', '', $template1 ); $template2 = preg_replace( '/^.+\|/', '', $template2 ); } $secPieces = LST::includeTemplate( $this->parser, $this, $s, $article, $template1, $template2, $template2 . $this->getTemplateSuffix(), $mustMatch, $mustNotMatch, $this->includePageParsed, implode( ', ', $article->mCategoryLinks ) ); $secPiece[$s] = implode( isset( $this->multiSectionSeparators[$s] ) ? $this->replaceTagCount( $this->multiSectionSeparators[$s], $filteredCount ) : '', $secPieces ); if ( $this->getDominantSectionCount() >= 0 && $s == $this->getDominantSectionCount() && count( $secPieces ) > 1 ) { $dominantPieces = $secPieces; } if ( ( $mustMatch != '' || $mustNotMatch != '' ) && count( $secPieces ) <= 1 && $secPieces[0] == '' ) { $matchFailed = true; break; } } else {",True,PHP,elseif,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26340,"protected function parseImageUrlWithPath( $article ) { $imageUrl = ''; if ( $article instanceof \DPL\Article ) { if ( $article->mNamespace == NS_FILE ) { $img = wfFindFile( \Title::makeTitle( NS_FILE, $article->mTitle->getText() ) ); if ( $img && $img->exists() ) { $imageUrl = $img->getURL(); } else { $fileTitle = \Title::makeTitleSafe( NS_FILE, $article->mTitle->getDBKey() ); $imageUrl = \RepoGroup::singleton()->getLocalRepo()->newFile( $fileTitle )->getPath(); } } } else { $title = \Title::newfromText( 'File:' . $article ); if ( $title !== null ) { $fileTitle = \Title::makeTitleSafe( 6, $title->getDBKey() ); $imageUrl = \RepoGroup::singleton()->getLocalRepo()->newFile( $fileTitle )->getPath(); } } $imageUrl = preg_replace( '~^.*images/(.*)~', '\1', $imageUrl ); return $imageUrl; }",True,PHP,parseImageUrlWithPath,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26341,public function setTableSortMethod($method = null) { $this->tableSortMethod = $method === null ? 'standard' : $method; },True,PHP,setTableSortMethod,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26344,"} elseif ( $sSecLabel[0] != '{' ) { $limpos = strpos( $sSecLabel, '[' ); $cutLink = 'default'; $skipPattern = []; if ( $limpos > 0 && $sSecLabel[strlen( $sSecLabel ) - 1] == ']' ) { $fmtSec = explode( '~', substr( $sSecLabel, $limpos + 1, strlen( $sSecLabel ) - $limpos - 2 ) ); $sSecLabel = substr( $sSecLabel, 0, $limpos ); $cutInfo = explode( "" "", $fmtSec[count( $fmtSec ) - 1], 2 ); $maxLength = intval( $cutInfo[0] ); if ( array_key_exists( '1', $cutInfo ) ) { $cutLink = $cutInfo[1]; } foreach ( $fmtSec as $skipKey => $skipPat ) { if ( $skipKey == count( $fmtSec ) - 1 ) { continue; } $skipPattern[] = $skipPat; } } if ( $maxLength < 0 ) { $maxLength = -1; } }",True,PHP,elseif,Lister.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26347,"public function getListStart() { $offset = $this->getParameters()->getParameter( 'offset' ) + 1; if ( $offset != 0 ) { } return sprintf( $this->listStart, $this->listAttributes . ' start=""' . $offset . '""' ); }",True,PHP,getListStart,OrderedList.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26351,"public function formatItem( Article $article, $pageText = null ) { $item = ''; if ( $pageText !== null ) { $item .= $pageText; } $item = $this->getItemStart() . $item . $this->getItemEnd(); $item = $this->replaceTagParameters( $item, $article ); return $item; }",True,PHP,formatItem,UserFormatList.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26353,"public function __construct( \DPL\Parameters $parameters, \Parser $parser ) { parent::__construct( $parameters, $parser ); $this->textSeparator = $parameters->getParameter( 'inlinetext' ); $listSeparators = $parameters->getParameter( 'listseparators' ); if ( isset( $listSeparators[0] ) ) { $this->listStart = $listSeparators[0]; } if ( isset( $listSeparators[1] ) ) { $this->itemStart = $listSeparators[1]; } if ( isset( $listSeparators[2] ) ) { $this->itemEnd = $listSeparators[2]; } if ( isset( $listSeparators[3] ) ) { $this->listEnd = $listSeparators[3]; } }",True,PHP,__construct,UserFormatList.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26356,"protected function sort(&$rowsKey, $sortColumn) { $sortMethod = $this->getTableSortMethod(); if ($sortColumn < 0) { switch ($sortMethod) { case 'natural': uasort($rowsKey, function($first, $second) { return strnatcmp($second, $first); }); break; case 'standard': default: arsort($rowsKey); break; } } else { switch ($sortMethod) { case 'natural': natsort($rowsKey); break; case 'standard': default: asort($rowsKey); break; } } }",True,PHP,sort,UserFormatList.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26357,"$item = trim( $item ); if ( strpos( $item, '|-' ) === 0 ) { $item = explode( '|-', $item, 2 ); if ( count( $item ) == 2 ) { $item = $item[1]; } else { $rowsKey[$index] = $item; continue; } } if ( strlen( $item ) > 0 ) { $word = explode( ""\n|"", $item ); if ( isset( $word[0] ) && empty( $word[0] ) ) { array_shift( $word ); } if ( isset( $word[abs( $sortColumn ) - 1] ) ) { $test = trim( $word[abs( $sortColumn ) - 1] ); if ( strpos( $test, '|' ) > 0 ) { $test = trim( explode( '|', $test )[1] ); } $rowsKey[$index] = $test; } } } $this->sort($rowsKey, $sortColumn); $newItems = []; foreach ( $rowsKey as $index => $val ) { $newItems[] = $items[$index]; } $items = $newItems; } return $this->listStart . $this->implodeItems( $items ) . $this->listEnd; }",True,PHP,trim,UserFormatList.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26361,"protected function doDBUpdates() { $title = Title::newFromText( 'Template:Extension DPL' ); if ( !$title->exists() ) { $wikipage = WikiPage::factory( $title ); $updater = $wikipage->newPageUpdater( User::newSystemUser( 'DynamicPageList3 extension' ) ); $content = $wikipage->getContentHandler()->makeContent( 'This page was automatically created. It serves as an anchor page for all \'\'\'[[Special:WhatLinksHere/Template:Extension_DPL|invocations]]\'\'\' of [https: $updater->setContent( SlotRecord::MAIN, $content ); $comment = CommentStoreComment::newUnsavedComment( 'Autogenerated DPL\'s necessary template for content inclusion' ); $updater->saveRevision( $comment, EDIT_NEW | EDIT_FORCE_BOT ); } return true; }",True,PHP,doDBUpdates,createTemplate.php,https://github.com/Universal-Omega/DynamicPageList3,Universal-Omega,GitHub,2021-10-01 16:52:30-06:00,Major cleanup (#57),CWE-400,Uncontrolled Resource Consumption,"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",https://cwe.mitre.org/data/definitions/400.html,CVE-2021-41118,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26368,"public function __construct(AuthManager $auth, Repository $config) { $this->lockoutTime = $config->get('auth.lockout.time'); $this->maxLoginAttempts = $config->get('auth.lockout.attempts'); $this->auth = $auth; $this->config = $config; }",True,PHP,__construct,AbstractLoginController.php,https://github.com/pterodactyl/panel,pterodactyl,Dane Everitt,2021-09-21 21:30:08-07:00,"Fix security vulnerability when authenticating a two-factor authentication token for a user

See associated security advisory for technical details on the content of this security fix.

GHSA ID: GHSA-5vfx-8w6m-h3v4",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2021-41129,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26369,"public function __construct( AuthManager $auth, Encrypter $encrypter, Google2FA $google2FA, Repository $config, CacheRepository $cache, RecoveryTokenRepository $recoveryTokenRepository, UserRepositoryInterface $repository ) { parent::__construct($auth, $config); $this->google2FA = $google2FA; $this->cache = $cache; $this->repository = $repository; $this->encrypter = $encrypter; $this->recoveryTokenRepository = $recoveryTokenRepository; }",True,PHP,__construct,LoginCheckpointController.php,https://github.com/pterodactyl/panel,pterodactyl,Dane Everitt,2021-09-21 21:30:08-07:00,"Fix security vulnerability when authenticating a two-factor authentication token for a user

See associated security advisory for technical details on the content of this security fix.

GHSA ID: GHSA-5vfx-8w6m-h3v4",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2021-41129,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26372,"public function __construct( AuthManager $auth, Repository $config, CacheRepository $cache, UserRepositoryInterface $repository, ViewFactory $view ) { parent::__construct($auth, $config); $this->view = $view; $this->cache = $cache; $this->repository = $repository; }",True,PHP,__construct,LoginController.php,https://github.com/pterodactyl/panel,pterodactyl,Dane Everitt,2021-09-21 21:30:08-07:00,"Fix security vulnerability when authenticating a two-factor authentication token for a user

See associated security advisory for technical details on the content of this security fix.

GHSA ID: GHSA-5vfx-8w6m-h3v4",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2021-41129,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26374,"public function handle(Request $request, Closure $next, int $keyType) { if (is_null($request->bearerToken()) && is_null($request->user())) { throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']); } if ($request->user() instanceof User) { $model = (new ApiKey())->forceFill([ 'user_id' => $request->user()->id, 'key_type' => ApiKey::TYPE_ACCOUNT, ]); } else { $model = $this->authenticateApiKey($request->bearerToken(), $keyType); $this->auth->guard()->loginUsingId($model->user_id); } $request->attributes->set('api_key', $model); return $next($request); }",True,PHP,handle,AuthenticateKey.php,https://github.com/pterodactyl/panel,pterodactyl,Dane Everitt,2021-11-16 20:02:18-08:00,Add consistent CSRF token verification to API endpoints; address security concern with non-CSRF protected endpoints,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-41273,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26383,"public function testResolveTranslation() { $translator = $this->prophesize(TranslatorInterface::class); $translator->getLocale()->willReturn('de'); $translator->setLocale('de')->shouldBeCalled(); $translator->trans('test-key')->willReturn('TEST'); $entity = $this->prophesize(RoutableInterface::class); $entity->getLocale()->willReturn('en'); $provider = new SymfonyExpressionTokenProvider($translator->reveal()); $this->assertEquals('TEST', $provider->provide($entity, 'translator.trans(""test-key"")')); }",True,PHP,testResolveTranslation,SymfonyExpressionTokenProviderTest.php,https://github.com/sulu/sulu,sulu,GitHub,2021-12-07 13:16:26+01:00,Merge pull request from GHSA-vx6j-pjrh-vgjh,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2021-43836,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26386,"public function putAction(Request $request) { $this->checkArguments($request); $user = $this->tokenStorage->getToken()->getUser(); $this->userManager->save($request->request->all(), $request->get('locale'), $user->getId(), true); $user->setFirstName($request->get('firstName')); $user->setLastName($request->get('lastName')); $this->objectManager->flush(); $view = View::create($user); $context = new Context(); $context->setGroups(['profile']); $view->setContext($context); return $this->viewHandler->handle($view); }",True,PHP,putAction,ProfileController.php,https://github.com/sulu/sulu,sulu,GitHub,2021-12-15 14:49:33+01:00,Merge pull request from GHSA-84px-q68r-2fc9,CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2021-43835,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26390,$array = ['message' => $exception->getMessage()];,True,PHP,$array,AuthenticationHandler.php,https://github.com/sulu/sulu,sulu,GitHub,2023-08-03 20:02:42+02:00,"Merge pull request from GHSA-wmwf-49vv-p3mr

* Fix AuthenticationHandler return inner exception message

* Add funcctional test case for AuthenticationHandlerTest

* Sync security bundle and sulu skeleton security config

* Remove not longer used LoginControllerTest via form_login

* Add test for success and fail login",CWE-204,Observable Response Discrepancy,The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.,https://cwe.mitre.org/data/definitions/204.html,CVE-2023-39343,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26391,"private static function retrieveClosurePattern($pure, $closureName) { $pattern = '/'; if (!$pure) { $pattern .= preg_quote(self::$registeredDelimiters[0]) . ""\s*""; } $pattern .= ""$closureName\(([a-z0-9,\.\s]+)\)""; if (!$pure) { $pattern .= ""\s*"" . preg_quote(self::$registeredDelimiters[1]); } return $pattern . ""/i""; }",True,PHP,retrieveClosurePattern,TemplateFunctions.php,https://github.com/sroehrl/neoan3-template,sroehrl,neoan,2021-10-21 19:25:24-04:00,SECURITY: allowing for direct injection (Issue #8),CWE-277,Insecure Inherited Permissions,A product defines a set of insecure permissions that are inherited by objects that are created by the program.,https://cwe.mitre.org/data/definitions/277.html,CVE-2021-41170,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26392,"private static function retrieveClosurePattern($pure, $closureName) { $pattern = '/'; if (!$pure) { $pattern .= preg_quote(self::$registeredDelimiters[0]) . ""\s*""; } $pattern .= ""$closureName\(([a-z0-9,\.\s]+)\)""; if (!$pure) { $pattern .= ""\s*"" . preg_quote(self::$registeredDelimiters[1]); } return $pattern . ""/i""; }",True,PHP,retrieveClosurePattern,TemplateFunctions.php,https://github.com/sroehrl/neoan3-template,sroehrl,neoan,2021-10-21 19:25:24-04:00,SECURITY: allowing for direct injection (Issue #8),CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2021-41170,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26393,"foreach ($flatArray as $key => $value) { $pattern = '/' . $key . '([^.]|$)/'; if (preg_match($pattern, $expression, $matches)) { switch (gettype($flatArray[$key])) { case 'boolean': $expression = str_replace($key, $flatArray[$key] ? 'true' : 'false', $expression); break; case 'NULL': $expression = str_replace($key, 'false', $expression); break; case 'string': $expression = str_replace($key, '""' . $flatArray[$key] . '""', $expression); break; case 'object': $expression = self::executeClosure($expression, $key, $flatArray[$key], $flatArray); break; default: $expression = str_replace($key, $flatArray[$key], $expression); break; } $bool = eval(""return $expression;""); } }",True,PHP,foreach,TemplateFunctions.php,https://github.com/sroehrl/neoan3-template,sroehrl,neoan,2021-10-21 19:25:24-04:00,SECURITY: allowing for direct injection (Issue #8),CWE-277,Insecure Inherited Permissions,A product defines a set of insecure permissions that are inherited by objects that are created by the program.,https://cwe.mitre.org/data/definitions/277.html,CVE-2021-41170,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26394,"foreach ($flatArray as $key => $value) { $pattern = '/' . $key . '([^.]|$)/'; if (preg_match($pattern, $expression, $matches)) { switch (gettype($flatArray[$key])) { case 'boolean': $expression = str_replace($key, $flatArray[$key] ? 'true' : 'false', $expression); break; case 'NULL': $expression = str_replace($key, 'false', $expression); break; case 'string': $expression = str_replace($key, '""' . $flatArray[$key] . '""', $expression); break; case 'object': $expression = self::executeClosure($expression, $key, $flatArray[$key], $flatArray); break; default: $expression = str_replace($key, $flatArray[$key], $expression); break; } $bool = eval(""return $expression;""); } }",True,PHP,foreach,TemplateFunctions.php,https://github.com/sroehrl/neoan3-template,sroehrl,neoan,2021-10-21 19:25:24-04:00,SECURITY: allowing for direct injection (Issue #8),CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2021-41170,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26395,"$bool = self::evaluateTypedCondition($array, $expression); if (!$bool) { $hit->parentNode->removeChild($hit); } else { $hit->removeAttribute('n-if'); } } return $doc->saveHTML(); }",True,PHP,evaluateTypedCondition,TemplateFunctions.php,https://github.com/sroehrl/neoan3-template,sroehrl,neoan,2021-10-21 19:25:24-04:00,SECURITY: allowing for direct injection (Issue #8),CWE-277,Insecure Inherited Permissions,A product defines a set of insecure permissions that are inherited by objects that are created by the program.,https://cwe.mitre.org/data/definitions/277.html,CVE-2021-41170,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26396,"$bool = self::evaluateTypedCondition($array, $expression); if (!$bool) { $hit->parentNode->removeChild($hit); } else { $hit->removeAttribute('n-if'); } } return $doc->saveHTML(); }",True,PHP,evaluateTypedCondition,TemplateFunctions.php,https://github.com/sroehrl/neoan3-template,sroehrl,neoan,2021-10-21 19:25:24-04:00,SECURITY: allowing for direct injection (Issue #8),CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2021-41170,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26402,"public static function makeSafeFilename($filename) { $filenameParts = explode('/', $filename); $filename = end($filenameParts); $filenameParts = explode('\\', $filename); $filename = end($filenameParts); for ($i = 0; $i < strlen($filename); $i++) { if (ord($filename[$i]) >= 128 || ord($filename[$i]) < 32) { $filename[$i] = '_'; } } $fileExtension = self::getFileExtension($filename); if (in_array($fileExtension, $GLOBALS['badFileExtensions'])) { $filename .= '.txt'; } return $filename; }",True,PHP,makeSafeFilename,FileUtility.php,https://github.com/opencats/OpenCATS,opencats,GitHub,2021-11-10 09:10:49+00:00,"Fixed critical upload vulnerability (#552)

Co-authored-by: Nicholas Ferreira ",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2021-41560,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26403,"public static function getUploadFileFromPost($siteID, $subDirectory, $id) { if (isset($_FILES[$id])) { if (!@file_exists($_FILES[$id]['tmp_name'])) { return false; } if (!eval(Hooks::get('FILE_UTILITY_SPACE_CHECK'))) return; $uploadPath = FileUtility::getUploadPath($siteID, $subDirectory); $newFileName = $_FILES[$id]['name']; for ($i = 0; @file_exists($uploadPath . '/' . $newFileName) && $i < 1000; $i++) { $mp = explode('.', $newFileName); $fileNameBase = implode('.', array_slice($mp, 0, count($mp)-1)); $fileNameExt = $mp[count($mp)-1]; if (preg_match('/(.*)_Copy([0-9]{1,3})$/', $fileNameBase, $matches)) { $fileNameBase = sprintf('%s_Copy%d', $matches[1], intval($matches[2]) + 1); } else { $fileNameBase .= '_Copy1'; } $newFileName = $fileNameBase . '.' . $fileNameExt; } if (@move_uploaded_file($_FILES[$id]['tmp_name'], $uploadPath . '/' . $newFileName) && @chmod($uploadPath . '/' . $newFileName, 0777)) { return $newFileName; } } return false; }",True,PHP,getUploadFileFromPost,FileUtility.php,https://github.com/opencats/OpenCATS,opencats,GitHub,2021-11-10 09:10:49+00:00,"Fixed critical upload vulnerability (#552)

Co-authored-by: Nicholas Ferreira ",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2021-41560,"function show_vendor () { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); $vendor_title = $vendor->title; $state = new geoRegion($vendor->state); $vendor->state = $state->name; unset( $vendor->title, $vendor->table, $vendor->tablename, $vendor->classname, $vendor->identifier ); assign_to_template(array( 'vendor_title' => $vendor_title, 'vendor'=>$vendor )); } }"
26405,"public function download($name){ $attachFile = storage_path('app/'.str_replace(""-"",""/"",$name)); if(!is_file($attachFile)){ abort(404); } return response()->download($attachFile); }",True,PHP,download,AttachController.php,https://github.com/sdfsky/tipask,sdfsky,songdengfeng,2021-09-17 11:10:54+08:00,文件下载漏洞修正,CWE-494,Download of Code Without Integrity Check,The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.,https://cwe.mitre.org/data/definitions/494.html,CVE-2021-41714,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26408,"public function show($image_name) { $imageFile = storage_path('app/'.str_replace(""-"",""/"",$image_name)); if(!is_file($imageFile)){ abort(404); } $image = Image::make($imageFile); if(config('tipask.upload.open_watermark') && $image_name != config('tipask.upload.watermark_image') && str_contains($image_name,'attachments')){ $watermarkImage = storage_path('app/'.str_replace(""-"",""/"",config('tipask.upload.watermark_image'))); $image->insert($watermarkImage, 'bottom-right', 15, 10); } $response = response()->make($image->encode('jpg')); $response->header('Content-Type', 'image/jpeg'); $response->header('Expires', date(DATE_RFC822,strtotime("" 7 day""))); $response->header('Cache-Control', 'private, max-age=259200, pre-check=259200'); return $response; }",True,PHP,show,ImageController.php,https://github.com/sdfsky/tipask,sdfsky,songdengfeng,2021-09-17 11:10:54+08:00,文件下载漏洞修正,CWE-494,Download of Code Without Integrity Check,The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.,https://cwe.mitre.org/data/definitions/494.html,CVE-2021-41714,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26409,"public function avatar($avatar_name) { list($user_id,$size) = explode('_',str_replace("".jpg"",'',$avatar_name)); $avatarFile = storage_path('app/'.User::getAvatarPath($user_id,$size)); if(!is_file($avatarFile)){ $avatarFile = public_path('static/images/default_avatar.jpg'); } $image = Image::make($avatarFile); $response = response()->make($image->encode('jpg')); $image->destroy(); $response->header('Content-Type', 'image/jpeg'); $response->header('Expires', date(DATE_RFC822,strtotime("" 2 day""))); $response->header('Cache-Control', 'private, max-age=86400, pre-check=86400'); return $response; }",True,PHP,avatar,ImageController.php,https://github.com/sdfsky/tipask,sdfsky,songdengfeng,2021-09-17 11:10:54+08:00,文件下载漏洞修正,CWE-494,Download of Code Without Integrity Check,The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.,https://cwe.mitre.org/data/definitions/494.html,CVE-2021-41714,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26412,"function banned() { $ip = ban_get_ip(); if($ip == 'unknown') { return; } $banned_ips = get_option('banned_ips'); if(is_array($banned_ips)) $banned_ips = array_filter($banned_ips); $banned_ips_range = get_option('banned_ips_range'); if(is_array($banned_ips_range)) $banned_ips_range = array_filter($banned_ips_range); $banned_hosts = get_option('banned_hosts'); if(is_array($banned_hosts)) $banned_hosts = array_filter($banned_hosts); $banned_referers = get_option('banned_referers'); if(is_array($banned_referers)) $banned_referers = array_filter($banned_referers); $banned_user_agents = get_option('banned_user_agents'); if(is_array($banned_user_agents)) $banned_user_agents = array_filter($banned_user_agents); $banned_exclude_ips = get_option('banned_exclude_ips'); if(is_array($banned_exclude_ips)) $banned_exclude_ips = array_filter($banned_exclude_ips); $is_excluded = false; if(!empty($banned_exclude_ips)) { foreach($banned_exclude_ips as $banned_exclude_ip) { if($ip == $banned_exclude_ip) { $is_excluded = true; break; } } } if( ! $is_excluded ) { if( ! empty( $banned_ips ) ) { process_ban( $banned_ips, $ip ); } if( ! empty( $banned_ips_range ) ) { process_ban_ip_range( $banned_ips_range ); } if( ! empty( $banned_hosts ) ) { process_ban( $banned_hosts, @gethostbyaddr( $ip ) ); } if( ! empty( $banned_referers ) && ! empty( $_SERVER['HTTP_REFERER'] ) ) { process_ban( $banned_referers, $_SERVER['HTTP_REFERER'] ); } if( ! empty( $banned_user_agents ) && ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) { process_ban( $banned_user_agents, $_SERVER['HTTP_USER_AGENT'] ); } } }",True,PHP,banned,wp-ban.php,https://github.com/lesterchan/wp-ban,lesterchan,Lester Chan,2022-12-04 19:24:07+08:00,Fixed XSS,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-4631,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26413,"function print_banned_message() { $banned_ip = ban_get_ip(); $banned_stats = get_option( 'banned_stats' ); if( isset( $banned_stats['count'] ) ) { $banned_stats['count'] += 1; } else { $banned_stats['count'] = 1; } if( isset( $banned_stats['users'][$banned_ip] ) ) { $banned_stats['users'][$banned_ip] += 1; } else { $banned_stats['users'][$banned_ip] = 1; } update_option( 'banned_stats', $banned_stats ); $banned_message = str_replace( array( '%SITE_NAME%', '%SITE_URL%', '%USER_ATTEMPTS_COUNT%', '%USER_IP%', '%USER_HOSTNAME%', '%TOTAL_ATTEMPTS_COUNT%' ), array( get_option( 'blogname' ), get_option( 'siteurl' ), number_format_i18n( $banned_stats['users'][$banned_ip] ), $banned_ip, @gethostbyaddr( $banned_ip ), number_format_i18n( $banned_stats['count'] ) ), stripslashes( get_option( 'banned_message' ) ) ); echo $banned_message; exit(); }",True,PHP,print_banned_message,wp-ban.php,https://github.com/lesterchan/wp-ban,lesterchan,Lester Chan,2022-12-04 19:24:07+08:00,Fixed XSS,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-4631,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26416,"function addHighscore($name, $score, $level) { $db = new SQLite3('pacman.db'); $date = date('Y-m-d h:i:s', time()); createDataBase($db); $ref = isset($_SERVER[ 'HTTP_REFERER']) ? $_SERVER[ 'HTTP_REFERER'] : """"; $ua = isset($_SERVER[ 'HTTP_USER_AGENT']) ? $_SERVER[ 'HTTP_USER_AGENT'] : """"; $remA = isset($_SERVER[ 'REMOTE_ADDR']) ? $_SERVER[ 'REMOTE_ADDR'] : """"; $remH = isset($_SERVER[ 'REMOTE_HOST']) ? $_SERVER[ 'REMOTE_HOST'] : """"; $ref_assert = preg_match('/http(s)?:\/\/.*' . $hostdomain . '/', $ref) > 0; $ua_assert = ($ua != """"); $cheater = 0; if (!$ref_assert || !$ua_assert) { $cheater = 1; } $maxlvlpoints_pills = 104 * 10; $maxlvlpoints_powerpills = 4 * 50; $maxlvlpoints_ghosts = 4 * 4 * 100; $maxlvlpoints = $maxlvlpoints_pills + $maxlvlpoints_powerpills + $maxlvlpoints_ghosts; if ($level < 1 || $level > 10) { $cheater = 1; } else if (($score / $level) > $maxlvlpoints) { $cheater = 1; } $name_clean = htmlspecialchars($name); $score_clean = htmlspecialchars($score); $db->exec('INSERT INTO highscore (name, score, level, date, log_referer, log_user_agent, log_remote_addr, log_remote_host, cheater) ' . 'VALUES (""' . $name . '"", ' . $score . ', ' . $level . ', ""' . $date . '"", ""' . $ref .'"", ""' . $ua . '"", ""' . $remA .'"", ""' . $remH . '"", ""' . $cheater .'"")' ); $response['status'] = ""success""; $response['level'] = $level; $response['name'] = $name; $response['score'] = $score; $response['cheater'] = $cheater; return json_encode($response); }",True,PHP,addHighscore,db-handler.php,https://github.com/platzhersh/pacman-canvas,platzhersh,Chregi Glatthard,2021-05-05 00:21:21+02:00,get rid of sql injection vulnerability,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4261,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26419,"$onlyTo = implode(',', $adminusers); } $time = date('Y-m-d H:i:s'); $sql = 'insert into ' . $xoopsDB->prefix('tad_discuss') . "" (`ReDiscussID` , `uid` , `publisher` , `DiscussTitle` , `DiscussContent` , `DiscussDate` , `BoardID` , `LastTime` , `Counter` , `FromIP` , `onlyTo`) values('{$ReDiscussID}' , '{$uid}' , '{$publisher}' , '{$DiscussTitle}' , '{$DiscussContent}' , '{$time}', '{$BoardID}' , '{$time}' , '0', '$myip' , '{$onlyTo}')""; $xoopsDB->query($sql) or Utility::web_error($sql, __FILE__, __LINE__); $DiscussID = $xoopsDB->getInsertId(); if ($xoopsUser) { $xoopsUser->incrementPost(); } $TadUpFiles->set_col('DiscussID', $DiscussID); $TadUpFiles->upload_file('upfile', 1024, 120, null, '', true); $ToDiscussID = $DiscussID; if (!empty($ReDiscussID)) { $sql = 'update ' . $xoopsDB->prefix('tad_discuss') . "" set `LastTime` = '{$time}' where `DiscussID` = '{$ReDiscussID}' or `ReDiscussID` = '{$ReDiscussID}'""; $xoopsDB->queryF($sql) or Utility::web_error($sql, __FILE__, __LINE__); $ToDiscussID = $ReDiscussID; } $extra_tags['DISCUSS_TITLE'] = $_POST['DiscussTitle']; $extra_tags['DISCUSS_CONTENT'] = strip_tags($_POST['DiscussContent']); $extra_tags['DISCUSS_URL'] = XOOPS_URL . ""/modules/tad_discuss/discuss.php?DiscussID={$ToDiscussID}&BoardID={$_POST['BoardID']}""; $notificationHandler = xoops_getHandler('notification'); $notificationHandler->triggerEvent('global', 0, 'new_discuss', $extra_tags, null, null, 0); if (!empty($_POST['BoardID'])) { $Board = get_tad_discuss_board($_POST['BoardID']); $extra_tags['BOARD_TITLE'] = $Board['BoardTitle']; $notificationHandler = xoops_getHandler('notification'); $notificationHandler->triggerEvent('board', $_POST['BoardID'], 'new_board_discuss', $extra_tags, null, null, 0); } if (!empty($ReDiscussID)) { return $ReDiscussID; } return $DiscussID; }",True,PHP,implode,function.php,https://github.com/tad0616/tad_discuss,tad0616,Chiung-Hung Lai,2021-03-23 14:01:56+08:00,"DiscussTitle過濾特殊字元

DiscussContent若允許使用HTML,則無法避免使用onclick, onload, onerror造成XSS漏洞",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-4267,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26422,"function list_tad_discuss_short($BoardID = null, $limit = null) { global $xoopsDB, $xoopsModule, $xoopsUser, $xoopsTpl; $andBoardID = (empty($BoardID)) ? '' : ""and a.BoardID='$BoardID'""; $andLimit = null !== $limit ? ""limit 0,$limit"" : ''; $sql = 'select a.*,b.* from ' . $xoopsDB->prefix('tad_discuss') . ' as a left join ' . $xoopsDB->prefix('tad_discuss_board') . "" as b on a.BoardID = b.BoardID where a.ReDiscussID='0' $andBoardID order by a.LastTime desc $andLimit""; $result = $xoopsDB->query($sql) or Utility::web_error($sql, __FILE__, __LINE__); $main_data = []; $i = 0; while (false !== ($all = $xoopsDB->fetchArray($result))) { foreach ($all as $k => $v) { $$k = $v; } $renum = get_re_num($DiscussID); $uid_name = \XoopsUser::getUnameFromId($uid, 1); $LastTime = mb_substr($LastTime, 0, 10); $isPublic = isPublic($onlyTo, $uid, $BoardID); $onlyToName = getOnlyToName($onlyTo); $DiscussTitle = $isPublic ? $DiscussTitle : sprintf(_MD_TADDISCUS_ONLYTO, $onlyToName); $DiscussTitle = str_replace('[s', """", $DiscussTitle); $main_data[$i]['LastTime'] = $LastTime; $main_data[$i]['DiscussID'] = $DiscussID; $main_data[$i]['BoardID'] = $BoardID; $main_data[$i]['DiscussTitle'] = $DiscussTitle; $main_data[$i]['uid_name'] = $uid_name; $main_data[$i]['renum'] = $renum; $i++; } return $main_data; }",True,PHP,list_tad_discuss_short,index.php,https://github.com/tad0616/tad_discuss,tad0616,Chiung-Hung Lai,2021-03-23 14:01:56+08:00,"DiscussTitle過濾特殊字元

DiscussContent若允許使用HTML,則無法避免使用onclick, onload, onerror造成XSS漏洞",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-4267,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26426,"$inText = preg_replace(""/(?\[\/])($filename)(?!\]\>)/im"", ""\\1"", $inText); } } $inText = preg_replace(""/\[\[(.*?)\]\]/"", ""\\1"", $inText); $inText = preg_replace(""/\{\{(.*?)\}\}/"", ""\""\\1\"""", $inText); $inText = preg_replace(""/message:(.*?)\s/"", ""[email]"", $inText); $html = MarkdownExtra::defaultTransform($inText); $inText = htmlentities($inText); return $html; }",True,PHP,preg_replace,index.php,https://github.com/panicsteve/w2wiki,panicsteve,Steven Frank,2021-01-10 12:55:43-08:00,Add Markdown sanitization to close XSS vulnerability; credit to Markus Schneider & Marc Clement,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-4271,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26429,"protected function emailExistsInDB($email) { $sql = 'SELECT * FROM '.$this->usersTable; $sql .= ' WHERE email = ""'.$email.'"";'; $results = $this->wiki->loadAll($sql); return $results; }",True,PHP,emailExistsInDB,User.class.php,https://github.com/yeswiki/yeswiki,yeswiki,Jérémy Dufraisse,2021-10-20 01:36:49+02:00,fix(SQL query): use in all case escape to format query,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-43091,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26433,"public function update($data) { if ($this->securityController->isWikiHibernated()) { throw new \Exception(_t('WIKI_IN_HIBERNATION')); } return $this->dbService->query('UPDATE' . $this->dbService->prefixTable('nature') . 'SET ' . '`bn_label_nature`=""' . addslashes(_convert($data['bn_label_nature'], YW_CHARSET, true)) . '"" ,' . '`bn_template`=""' . addslashes(_convert($data['bn_template'], YW_CHARSET, true)) . '"" ,' . '`bn_description`=""' . addslashes(_convert($data['bn_description'], YW_CHARSET, true)) . '"" ,' . '`bn_sem_context`=""' . addslashes(_convert($data['bn_sem_context'], YW_CHARSET, true)) . '"" ,' . '`bn_sem_type`=""' . addslashes(_convert($data['bn_sem_type'], YW_CHARSET, true)) . '"" ,' . '`bn_sem_use_template`=' . (isset($data['bn_sem_use_template']) ? '1' : '0') . ' ,' . '`bn_condition`=""' . addslashes(_convert($data['bn_condition'], YW_CHARSET, true)) . '""' . ' WHERE `bn_id_nature`=' . $data['bn_id_nature']);",True,PHP,update,FormManager.php,https://github.com/yeswiki/yeswiki,yeswiki,Jérémy Dufraisse,2021-10-20 01:36:49+02:00,fix(SQL query): use in all case escape to format query,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-43091,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26434,"public function clear($id) { if ($this->securityController->isWikiHibernated()) { throw new \Exception(_t('WIKI_IN_HIBERNATION')); } $this->dbService->query( 'DELETE FROM' . $this->dbService->prefixTable('acls') . 'WHERE page_tag IN (SELECT tag FROM ' . $this->dbService->prefixTable('pages') . 'WHERE tag IN (SELECT resource FROM ' . $this->dbService->prefixTable('triples') . 'WHERE property=""http: ); $this->dbService->query( 'DELETE FROM' . $this->dbService->prefixTable('pages') . 'WHERE tag IN (SELECT resource FROM ' . $this->dbService->prefixTable('triples') . 'WHERE property=""http: ); $this->dbService->query( 'DELETE FROM' . $this->dbService->prefixTable('triples') . 'WHERE resource NOT IN (SELECT tag FROM ' . $this->dbService->prefixTable('pages') . 'WHERE 1) AND property=""http: ); }",True,PHP,clear,FormManager.php,https://github.com/yeswiki/yeswiki,yeswiki,Jérémy Dufraisse,2021-10-20 01:36:49+02:00,fix(SQL query): use in all case escape to format query,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-43091,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26436,public function delete($id) { if ($this->securityController->isWikiHibernated()) { throw new \Exception(_t('WIKI_IN_HIBERNATION')); } if (strval(intval($id)) != strval($id)) { return null ; } $this->clear($id); return $this->dbService->query('DELETE FROM ' . $this->dbService->prefixTable('nature') . 'WHERE bn_id_nature=' . $id); },True,PHP,delete,FormManager.php,https://github.com/yeswiki/yeswiki,yeswiki,Jérémy Dufraisse,2021-10-20 01:36:49+02:00,fix(SQL query): use in all case escape to format query,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-43091,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26437,"public function create($data) { if ($this->securityController->isWikiHibernated()) { throw new \Exception(_t('WIKI_IN_HIBERNATION')); } if (!$data['bn_id_nature'] || $this->getOne($data['bn_id_nature'])) { $data['bn_id_nature'] = $this->findNewId(); } return $this->dbService->query('INSERT INTO ' . $this->dbService->prefixTable('nature') . '(`bn_id_nature` ,`bn_ce_i18n` ,`bn_label_nature` ,`bn_template` ,`bn_description` ,`bn_sem_context` ,`bn_sem_type` ,`bn_sem_use_template` ,`bn_condition`)' . ' VALUES (' . $data['bn_id_nature'] . ', ""fr-FR"", ""' . addslashes(_convert($data['bn_label_nature'], YW_CHARSET, true)) . '"",""' . addslashes(_convert($data['bn_template'], YW_CHARSET, true)) . '"", ""' . addslashes(_convert($data['bn_description'], YW_CHARSET, true)) . '"", ""' . addslashes(_convert($data['bn_sem_context'], YW_CHARSET, true)) . '"", ""' . addslashes(_convert($data['bn_sem_type'], YW_CHARSET, true)) . '"", ' . (isset($data['bn_sem_use_template']) ? '1' : '0') . ', ""' . addslashes(_convert($data['bn_condition'], YW_CHARSET, true)) . '"")');",True,PHP,create,FormManager.php,https://github.com/yeswiki/yeswiki,yeswiki,Jérémy Dufraisse,2021-10-20 01:36:49+02:00,fix(SQL query): use in all case escape to format query,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-43091,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26438,"function zip() { global $list, $options, $PHP_SELF; ?> 
    ""> 
     
     Adding files to a ZIP archive 
     
      
     
     Archive Name:  
     
      /> Do not use compression 
     
     
     
      
     
         		 
     
     Selected File"" . (count ( $_GET [""files""] ) > 1 ? ""s"" : """") . "": "";",True,PHP,zip,zip.php,https://github.com/Th3-822/rapidleech,Th3-822,Th3-822,2021-09-11 19:13:43-04:00,Fixed XSS on classes/options/zip.php,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-4312,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26442,"public function get_info($interval) { try { $conn = new PDO(""mysql:host="".$GLOBALS['$dbhost']. "";dbname="".$GLOBALS['$dbname']. """", $GLOBALS['$dbuser'], $GLOBALS['$dbpass']); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $sql = ""SELECT country_code, GROUP_CONCAT(CONCAT( release_tag,'#',num )) AS installations, country_name FROM ( SELECT country_code, release_tag, country_name, reg_date, COUNT(release_tag) AS num FROM phone_home_tb ""; if ($interval!=='1') { $sql .= "" WHERE reg_date >= DATE_SUB(CURDATE(), INTERVAL $interval DAY)""; } $sql .= "" GROUP BY release_tag, country_code ) AS t GROUP BY country_code;""; $stmt = $conn->prepare($sql); $stmt->execute(); $infos = array(); for($i=0; $row = $stmt->fetch(); $i++){ array_push($infos, array( 'installations' => $row['installations'], 'country_code' => $row['country_code'], 'country_name' => $row['country_name'] )); } $conn = null; header('Content-Type: application/json'); echo json_encode($infos); } catch(PDOException $e) { echo $e->getMessage(); } }",True,PHP,get_info,index.php,https://github.com/NethServer/nethserver-phonehome,NethServer,BlackBeanie21,2021-09-28 03:48:31-04:00,fix sql-injection,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4313,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26443,"public function get_country_coor($country_code) { try { $conn = new PDO(""mysql:host="".$GLOBALS['$dbhost']. "";dbname="".$GLOBALS['$dbname']. """", $GLOBALS['$dbuser'], $GLOBALS['$dbpass']); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $sql = ""SELECT lat, lng FROM country_name_map WHERE code = '$country_code'""; } catch(PDOException $e) { echo $e->getMessage(); } $stmt = $conn->prepare($sql); $stmt->execute(); $infos = array(); for($i=0; $row = $stmt->fetch(); $i++){ array_push($infos, array( 'lat' => $row['lat'], 'lng' => $row['lng'] )); } $conn = null; header('Content-Type: application/json'); echo json_encode($infos); }",True,PHP,get_country_coor,index.php,https://github.com/NethServer/nethserver-phonehome,NethServer,BlackBeanie21,2021-09-28 03:48:31-04:00,fix sql-injection,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4313,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26444,"static public function edit_report($id=false, $rep_type=false, $saved_report_id=false, $period=false, $recipients=false, $filename='', $description='', $local_persistent_filepath = '', $attach_description = 0, $report_time=false, $report_on=false, $report_period=false) { $local_persistent_filepath = trim($local_persistent_filepath); if($local_persistent_filepath && !is_writable(rtrim($local_persistent_filepath, '/').'/')) { return _(""File path '$local_persistent_filepath' is not writable""); } $db = Database::instance(); $id = (int)$id; $rep_type = (int)$rep_type; $saved_report_id = (int)$saved_report_id; $period = (int)$period; $report_time = trim($report_time); $report_on = trim($report_on); $report_period = trim($report_period); $recipients = trim($recipients); $filename = trim($filename); $description = trim($description); $attach_description = (int) $attach_description; $user = Auth::instance()->get_user()->get_username(); if (!$rep_type || !$saved_report_id || !$period || empty($recipients)) return _('Missing data'); $recipients = str_replace(';', ',', $recipients); $rec_arr = explode(',', $recipients); if (!empty($rec_arr)) { foreach ($rec_arr as $recipient) { if (trim($recipient)!='') { $checked_recipients[] = trim($recipient); } } $recipients = implode(', ', $checked_recipients); } if ($id) { $sql = ""UPDATE scheduled_reports SET "".self::USERFIELD.""="".$db->escape($user)."", report_type_id="".$rep_type."", report_id="".$saved_report_id."", recipients="".$db->escape($recipients)."", period_id="".$period."", filename="".$db->escape($filename)."", description="".$db->escape($description)."", local_persistent_filepath = "".$db->escape($local_persistent_filepath)."", attach_description = "".$db->escape($attach_description)."" WHERE id="".$id; } else { $sql = ""INSERT INTO scheduled_reports ("".self::USERFIELD."", report_type_id, report_id, recipients, period_id, filename, description, local_persistent_filepath, attach_description, report_time, report_on, report_period)VALUES("".$db->escape($user)."", "".$rep_type."", "".$saved_report_id."", "".$db->escape($recipients)."", "".$period."", "".$db->escape($filename)."", "".$db->escape($description)."", "".$db->escape($local_persistent_filepath)."", "".$db->escape($attach_description)."", '"".$report_time.""', '"".$report_on.""', '"".$report_period.""' )""; } try { $res = $db->query($sql); } catch (Kohana_Database_Exception $e) { return _('DATABASE ERROR')."": {$e->getMessage()}; $sql""; } if (!$id) { $id = $res->insert_id(); } return $id; }",True,PHP,edit_report,scheduled_reports.php,https://github.com/ITRS-Group/monitor-ninja,ITRS-Group,Petter Nyström,2021-09-29 15:56:31+02:00,"Prevent SQL injections

This escapes a bunch of variables used in SQL statements, which could
otherwise be used to perform SQL injection attacks.

This is part of MON-12841.

Signed-off-by: Petter Nyström ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4336,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26448,"static function update_report_field($id=false, $field=false, $value=false) { $id = (int)$id; $field = trim($field); $value = trim($value); $db = Database::instance(); $sql = ""UPDATE scheduled_reports SET "".$field.""= "".$db->escape($value)."" WHERE id="".$id; try { $res = $db->query($sql); } catch (Kohana_Database_Exception $e) { print $e->getMessage(); return false; } return true; }",True,PHP,update_report_field,scheduled_reports.php,https://github.com/ITRS-Group/monitor-ninja,ITRS-Group,Petter Nyström,2021-09-29 15:56:31+02:00,"Prevent SQL injections

This escapes a bunch of variables used in SQL statements, which could
otherwise be used to perform SQL injection attacks.

This is part of MON-12841.

Signed-off-by: Petter Nyström ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-4336,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26450,"final public function modifyLimitQuery($query, $limit, $offset = 0) { if ($offset < 0) { throw new Exception(sprintf( 'Offset must be a positive integer or zero, %d given', $offset )); } if ($offset > 0 && ! $this->supportsLimitOffset()) { throw new Exception(sprintf( 'Platform %s does not support offset values in limit queries.', $this->getName() )); } return $this->doModifyLimitQuery($query, $limit, $offset); }",True,PHP,modifyLimitQuery,AbstractPlatform.php,https://github.com/doctrine/dbal,doctrine,Sergei Morozov,2021-11-10 11:47:29-08:00,Cast LIMIT and OFFSET to int when building limit query,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2021-43608,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26453,"public function render() { $result = new Dto_FormResult('notsubmitted'); $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_perform_login, ''); $credentials = ['username' => '', 'password' => '', ]; $svcUserAuth = new ServiceS_User_Authentication($this->_daoFactory, $this->_settings); $this->_pageTitle = 'spot: login'; $formAction = $this->_loginForm['action']; if (!empty($formAction)) { $credentials = array_merge($credentials, $this->_loginForm); $tryLogin = $svcUserAuth->authenticate($credentials['username'], $credentials['password']); if (!$tryLogin) { if ($this->_settings->get('auditlevel') != SpotSecurity::spot_secaudit_none) { $spotAudit = new SpotAudit($this->_daoFactory, $this->_settings, $this->_currentSession['user'], $this->_currentSession['session']['ipaddr']); $spotAudit->audit(SpotSecurity::spotsec_perform_login, 'incorrect user or pass', false); } $result->addError(_('Login Failed')); } else { $result->setResult('success'); $this->_currentSession = $tryLogin; } } else { if ($this->_currentSession['user']['userid'] != $this->_settings->get('nonauthenticated_userid')) { $result->addError(_('You are already logged in')); } } $this->template('login', ['loginform' => $credentials, 'result' => $result, 'http_referer' => $this->_loginForm['http_referer'], 'data' => $this->_params['data'], ]); }",True,PHP,render,SpotPage_login.php,https://github.com/spotweb/spotweb,spotweb,GitHub,2021-11-13 10:29:17+01:00,"Update SpotPage_login.php

For for issue: https://github.com/spotweb/spotweb/issues/718",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2021-43725,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26455,"public function add_attribute( $tag, $handle, $src ) { if ( $handle === $this->js_comp_esm_lib ) { return ''; } if ( $handle === $this->js_comp_webpack_lib ) { return ''; } return $tag; }",True,PHP,add_attribute,class-w3w-autosuggest-public.php,https://github.com/what3words/wordpress-autosuggest-plugin,what3words,GitHub,2022-03-25 08:57:40+00:00,"[TT-6952] Security Vulnerability Patch [TT-6889] Load Scripts Async (#20)

* add async attr to script elem

* fix security vulnerability

* update readme/changelog and conditionals for exposing settings",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2021-4428,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26457,"public function enqueue_scripts() { global $wp_version; global $woocommerce; $settings = get_option( W3W_SETTINGS_NAME ); $settings['wp_version'] = $wp_version; $settings['wc_version'] = isset( $woocommerce ) ? $woocommerce->version : 'N/A'; $settings['php_version'] = phpversion(); $data = 'const W3W_AUTOSUGGEST_SETTINGS = ' . json_encode( $settings ) . ';'; wp_enqueue_script( $this->js_comp_esm_lib, $this->js_lib_cdn_url . '/what3words.esm.js', array(), $this->version, false ); wp_enqueue_script( $this->js_comp_webpack_lib, $this->js_lib_cdn_url . '/what3words.js', array(), $this->version, false ); $dependencies = array( 'jquery', $this->js_comp_esm_lib, $this->js_comp_webpack_lib ); wp_enqueue_script( $this->plugin_name, plugin_dir_url( __FILE__ ) . 'js/w3w-autosuggest-public.js', $dependencies, $this->version, true ); wp_add_inline_script( $this->plugin_name, $data, 'before' ); }",True,PHP,enqueue_scripts,class-w3w-autosuggest-public.php,https://github.com/what3words/wordpress-autosuggest-plugin,what3words,GitHub,2022-03-25 08:57:40+00:00,"[TT-6952] Security Vulnerability Patch [TT-6889] Load Scripts Async (#20)

* add async attr to script elem

* fix security vulnerability

* update readme/changelog and conditionals for exposing settings",CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2021-4428,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26460,"function execute( $par ) { $request = $this->getRequest(); $output = $this->getOutput(); $language = $this->getLanguage(); $output->setPageTitle( $this->msg( ""confirmaccounts"" )->escaped() ); $output->addModules('ext.scratchConfirmAccount.js'); $output->addModuleStyles('ext.scratchConfirmAccount.css'); $session = $request->getSession(); $this->setHeaders(); $this->checkReadOnly(); $this->showTopLinks(); $user = $this->getUser(); if (!$user->isAllowed('createaccount')) { throw new PermissionsError('createaccount'); } if ($request->wasPosted()) { return $this->handleFormSubmission($request, $output, $session); } else if (strpos($par, wfMessage('scratch-confirmaccount-blocks')->text()) === 0) { return $this->blocksPage($par, $request, $output, $session); } else if (strpos($par, wfMessage('scratch-confirmaccount-requirements-bypasses-url')->text()) === 0) { $bypassPage = new RequirementsBypassPage($this); return $bypassPage->render(); } else if ($request->getText('username')) { return $this->searchByUsername($request->getText('username'), $request, $output); } else if (isset(statuses[$par])) { return $this->listRequestsByStatus($par, $output); } else if (ctype_digit($par)) { return requestPage($par, 'admin', $this, $request->getSession()); } else if (empty($par)) { return $this->defaultPage($output); } else { $output->showErrorPage('error', 'scratch-confirmaccount-nosuchrequest'); } }",True,PHP,execute,SpecialConfirmAccounts.php,https://github.com/InternationalScratchWiki/scratch-confirmaccount-v3,InternationalScratchWiki,GitHub,2022-01-04 11:09:16-06:00,Fix CSRF when adding requirements bypass (#155),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-46252,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26461,"function handleFormSubmission(&$request, &$output, &$session) { if ($request->getText('action')) { handleRequestActionSubmission('admin', $this, $session); } else if ($request->getText('blockSubmit')) { $this->handleBlockFormSubmission($request, $output, $session); } else if ($request->getText('unblockSubmit')) { $this->handleUnblockFormSubmission($request, $output, $session); } else if ($request->getText('bypassAddUsername') || $request->getText('bypassRemoveUsername')) { $bypassPage = new RequirementsBypassPage($this); $bypassPage->handleFormSubmission(); } }",True,PHP,handleFormSubmission,SpecialConfirmAccounts.php,https://github.com/InternationalScratchWiki/scratch-confirmaccount-v3,InternationalScratchWiki,GitHub,2022-01-04 11:09:16-06:00,Fix CSRF when adding requirements bypass (#155),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-46252,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26462,"function handleFormSubmission() { $request = $request = $this->pageContext->getRequest(); $dbw = getTransactableDatabase('scratch-confirmaccount-bypasses'); foreach (self::requestVariableActionMapping as $fieldKey => $action) { if ($request->getText($fieldKey)) { $action($request->getText($fieldKey), $dbw); } } commitTransaction($dbw, 'scratch-confirmaccount-bypasses'); $this->render(); }",True,PHP,handleFormSubmission,RequirementsBypassPage.php,https://github.com/InternationalScratchWiki/scratch-confirmaccount-v3,InternationalScratchWiki,GitHub,2022-01-04 11:09:16-06:00,Fix CSRF when adding requirements bypass (#155),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-46252,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26465,function render() { $output = $this->pageContext->getOutput(); $output->enableOOUI(); $this->showAddBypassForm(); $this->showBypassesList(); },True,PHP,render,RequirementsBypassPage.php,https://github.com/InternationalScratchWiki/scratch-confirmaccount-v3,InternationalScratchWiki,GitHub,2022-01-04 11:09:16-06:00,Fix CSRF when adding requirements bypass (#155),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-46252,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26466,"function showAddBypassForm() { $output = $this->pageContext->getOutput(); $request = $this->pageContext->getRequest(); $output->addHTML( new OOUI\FormLayout([ 'action' => SpecialPage::getTitleFor('ConfirmAccounts', wfMessage('scratch-confirmaccount-requirements-bypasses-url')->text())->getFullURL(), 'method' => 'post', 'items' => [ new OOUI\ActionFieldLayout( new OOUI\TextInputWidget( [ 'name' => 'bypassAddUsername', 'required' => true, 'value' => $request->getText('username') ] ), new OOUI\ButtonInputWidget([ 'type' => 'submit', 'flags' => ['primary', 'progressive'], 'label' => wfMessage('scratch-confirmaccount-requirements-bypasses-add')->parse() ]) ) ], ]) ); }",True,PHP,showAddBypassForm,RequirementsBypassPage.php,https://github.com/InternationalScratchWiki/scratch-confirmaccount-v3,InternationalScratchWiki,GitHub,2022-01-04 11:09:16-06:00,Fix CSRF when adding requirements bypass (#155),CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2021-46252,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26468,"public function createSessionAction(Request $request) { $sessionInput = $this->inputDispatcher->parse( new Message( ['Content-Type' => $request->headers->get('Content-Type')], $request->getContent() ) ); $request->attributes->set('username', $sessionInput->login); $request->attributes->set('password', $sessionInput->password); try { $session = $request->getSession(); if ($session->isStarted() && $this->hasStoredCsrfToken()) { $this->checkCsrfToken($request); } $token = $this->authenticator->authenticate($request); $csrfToken = $this->getCsrfToken(); return new Values\UserSession( $token->getUser()->getAPIUser(), $session->getName(), $session->getId(), $csrfToken, !$token->hasAttribute('isFromSession') ); } catch (Exceptions\UserConflictException $e) { return new Values\Conflict(); } catch (AuthenticationException $e) { $this->authenticator->logout($request); throw new UnauthorizedException('Invalid login or password', $request->getPathInfo()); } catch (AccessDeniedException $e) { $this->authenticator->logout($request); throw new UnauthorizedException($e->getMessage(), $request->getPathInfo()); } }",True,PHP,createSessionAction,SessionController.php,https://github.com/ezsystems/ezpublish-kernel,ezsystems,GitHub,2021-03-09 13:43:42+01:00,"Merge pull request from GHSA-gmrf-99gw-vvwj

Co-authored-by: Bartek Wajda ",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2021-46876,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26472,"public function __construct( TokenStorageInterface $tokenStorage, AuthenticationManagerInterface $authenticationManager, $providerKey, EventDispatcherInterface $dispatcher, ConfigResolverInterface $configResolver, SessionStorageInterface $sessionStorage, LoggerInterface $logger = null ) { $this->tokenStorage = $tokenStorage; $this->authenticationManager = $authenticationManager; $this->providerKey = $providerKey; $this->dispatcher = $dispatcher; $this->configResolver = $configResolver; $this->sessionStorage = $sessionStorage; $this->logger = $logger; }",True,PHP,__construct,RestAuthenticator.php,https://github.com/ezsystems/ezpublish-kernel,ezsystems,GitHub,2021-03-09 13:43:42+01:00,"Merge pull request from GHSA-gmrf-99gw-vvwj

Co-authored-by: Bartek Wajda ",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2021-46876,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26490,"$rqv = strip_tags($rqv); } $v = implode(',', $_REQUEST[$var]); } else { $v = strip_tags($_REQUEST[$var]); } if(!empty($v) && $v !== 0) { $posted[$var] = $v; } } } return $posted; }",True,PHP,strip_tags,pts_env.php,https://github.com/phoronix-test-suite/phoronix-test-suite,phoronix-test-suite,Michael Larabel,2022-01-08 04:47:20-06:00,"phodevi: Input sanitization updates for Phoromatic Server

Also other code formatting / cleanups while reviewing the code...",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0157,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26492,"public static function evaluate_search_tree($tree, $join = 'AND', $callback) { $matches = false; foreach($tree as $i => $el) { $b = false; if($i === 'AND' || $i === 'OR') { $b = self::evaluate_search_tree($el, $i, $callback); } else if(isset($el['query'])) { $b = call_user_func($callback, $el['query']); if($el['not']) { $b = !$b; } } else if(is_array($el)) { $b = self::evaluate_search_tree($el, $join, $callback); } if($join == 'AND') { if(!$b) { return false; } $matches = true; } else if($join == 'OR') { if($b) { return true; } $matches = $matches || $b; } } return $matches; }",True,PHP,evaluate_search_tree,pts_phoroql.php,https://github.com/phoronix-test-suite/phoronix-test-suite,phoronix-test-suite,Michael Larabel,2022-01-08 04:47:20-06:00,"phodevi: Input sanitization updates for Phoromatic Server

Also other code formatting / cleanups while reviewing the code...",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0157,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26493,"public static function render_page_process($PATH) { $main = '
    Recent Account Activity
    '; $stmt = phoromatic_server::$db->prepare('SELECT * FROM phoromatic_activity_stream WHERE AccountID = :account_id ORDER BY ActivityTime DESC'); $stmt->bindValue(':account_id', $_SESSION['AccountID']); $result = $stmt->execute(); $row = $result->fetchArray(); $prev_date = null; if(empty($row)) { $main .= '
    No activity found.
    '; } else { do { if($prev_date != substr($row['ActivityTime'], 0, 10)) { if($prev_date != null) $main .= '
    '; $prev_date = substr($row['ActivityTime'], 0, 10); $new_date = strtotime($row['ActivityTime']); if(date('Y-m-d') == $prev_date) { $main .= '
    Today
    '; } else if($new_date > (time() - (60 * 60 * 24 * 6))) { $main .= '
    ' . date('l', $new_date) . '
    '; } else { $main .= '
    ' . date('j F Y', $new_date) . '
    '; } $main .= '
    '; } $id_link_format = $row['ActivityEventID']; switch($row['ActivityEvent']) { case 'settings': $event_link_format = 'settings'; break; case 'users': $event_link_format = 'a user'; break; case 'schedule': $event_link_format = 'schedule'; $stmt1 = phoromatic_server::$db->prepare('SELECT Title FROM phoromatic_schedules WHERE AccountID = :account_id AND ScheduleID = :schedule_id'); $stmt1->bindValue(':account_id', $_SESSION['AccountID']); $stmt1->bindValue(':schedule_id', $row['ActivityEventID']); $result1 = $stmt1->execute(); $row1 = $result1->fetchArray(); $id_link_format = '' . $row1['Title'] . ''; break; case 'tests_for_schedule': $event_link_format = 'a test for a schedule'; $stmt1 = phoromatic_server::$db->prepare('SELECT Title FROM phoromatic_schedules WHERE AccountID = :account_id AND ScheduleID = :schedule_id'); $stmt1->bindValue(':account_id', $_SESSION['AccountID']); $stmt1->bindValue(':schedule_id', $row['ActivityEventID']); $result1 = $stmt1->execute(); $row1 = $result1->fetchArray(); $id_link_format = '' . $row1['Title'] . ''; break; case 'groups': $event_link_format = '   ' . $row['ActivityCreator'] . '  ' . $row['ActivityEventType'] . ' ' . $event_link_format . ''; if($id_link_format != null) $main .= ': ' . $id_link_format; $main .= '
    ' . PHP_EOL; } } while($row = $result->fetchArray()); if($prev_date != null) $main .= '
    '; } echo phoromatic_webui_header_logged_in(); echo phoromatic_webui_main($main); echo phoromatic_webui_footer(); }",True,PHP,render_page_process,phoromatic_account_activity.php,https://github.com/phoronix-test-suite/phoronix-test-suite,phoronix-test-suite,Michael Larabel,2022-01-08 04:47:20-06:00,"phodevi: Input sanitization updates for Phoromatic Server

Also other code formatting / cleanups while reviewing the code...",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0157,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }"
26497,"$main .= '
  • ' . phoromatic_server::system_id_to_name($sys_id) . '
    • '; $count++; } if($count == 0) { $main .= '
  • No Logs Currently Available
    • '; } $main .= ''; } } else { $main .= '
    '; $main .= '
    '; } } }",True,PHP,system_id_to_name,phoromatic_benchmark.php,https://github.com/phoronix-test-suite/phoronix-test-suite,phoronix-test-suite,Michael Larabel,2022-01-08 04:47:20-06:00,"phodevi: Input sanitization updates for Phoromatic Server Also other code formatting / cleanups while reviewing the code...",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0157,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }" 26499,"$pfs = str_replace('.', '_', $permitted_file); if(isset($_POST[$pfs])) { $fc = str_replace(""\r\n"", PHP_EOL, $_POST[$pfs]); file_put_contents($tp_path . '/' . $permitted_file, $fc); } } header('Location: /?create_test/' . $tp->get_identifier(false) . '-' . $tp->get_test_profile_version()); } if(isset($_POST['test_profile_base'])) { $tp_identifier = 'local/' . pts_validation::string_to_sanitized_test_profile_base(str_replace('local/', '', $_POST['test_profile_base'])); $writer = new nye_XmlWriter(); $ret = pts_validation::xsd_to_var_array_generate_xml(pts_openbenchmarking::openbenchmarking_standards_path() . 'schemas/test-profile.xsd', $types, $_POST, $writer); $passed = true; if($ret !== true) { echo '

    ERROR: ' . $ret . '

    '; $passed = false; } else { $tp = new pts_test_profile($writer->getXML()); $tp_path = PTS_TEST_PROFILE_PATH . $tp_identifier . '-' . $tp->get_test_profile_version(); pts_file_io::mkdir($tp_path); $writer->saveXMLFile($tp_path . '/test-definition.xml'); } $writer = new nye_XmlWriter(); $ret = pts_validation::xsd_to_var_array_generate_xml(pts_openbenchmarking::openbenchmarking_standards_path() . 'schemas/test-profile-downloads.xsd', $types, $_POST, $writer); $writer->saveXMLFile($tp_path . '/downloads.xml'); if($passed) { pts_validation::generate_test_profile_file_templates($tp_identifier, $tp_path); header('Location: /?create_test/' . $tp_identifier . '-' . $tp->get_test_profile_version()); } } if(isset($_POST['dc_select_item'])) { $to_add = false; foreach(phoromatic_server::download_cache_items() as $file_name => $info) { if($file_name == $_POST['dc_select_item']) { $to_add = $info; break; } } if($to_add) { $identifier_item = isset($PATH[1]) ? $PATH[0] . '/' . $PATH[1] : false; if($identifier_item && pts_test_profile::is_test_profile($identifier_item)) { $tp = new pts_test_profile($identifier_item); $tdw = new nye_XmlWriter(); $ret = pts_validation::xsd_to_rebuilt_xml(pts_openbenchmarking::openbenchmarking_standards_path() . 'schemas/test-profile-downloads.xsd', $types, $tp, $tdw); $tdw->saveXMLFile(PTS_TEST_PROFILE_PATH . $tp->get_identifier(false) . '-' . $tp->get_test_profile_version() . '/downloads.xml'); } } } if(isset($PATH[1]) && strpos($PATH[1], '&delete') !== false) { $identifier_item = isset($PATH[1]) ? $PATH[0] . '/' . str_replace('&delete', '', $PATH[1]) : false; if($identifier_item && pts_test_profile::is_test_profile($identifier_item)) { $tp = new pts_test_profile($identifier_item); if($tp->get_identifier() != null) { pts_file_io::delete($tp->get_resource_dir(), null, true); header('Location: /?tests'); } } } return true; }",True,PHP,str_replace,phoromatic_create_test.php,https://github.com/phoronix-test-suite/phoronix-test-suite,phoronix-test-suite,Michael Larabel,2022-01-08 04:47:20-06:00,"phodevi: Input sanitization updates for Phoromatic Server Also other code formatting / cleanups while reviewing the code...",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0157,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }" 26500,"list($h, $m) = explode('.', $row['RunAt']); $main .= '
    '; $main .= '

    ' . $row['Title'] . '

    '; if(!empty($systems_for_schedule)) { if($row['RunAt'] > date('H.i')) { $run_in_future = true; $main .= '

    Runs In ' . pts_strings::format_time((($h * 60) + $m) - ((date('H') * 60) + date('i')), 'MINUTES') . '

    '; } else { $run_in_future = false; $main .= '

    Triggered ' . pts_strings::format_time(max(1, (date('H') * 60) + date('i') - (($h * 60) + $m)), 'MINUTES') . ' Ago

    '; } } foreach($systems_for_schedule as $system_id) { $pprid = self::result_match($row['ScheduleID'], $system_id, date('Y-m-d')); if($pprid) $main .= ''; $main .= phoromatic_server::system_id_to_name($system_id); if($pprid) $main .= ''; else if(!$run_in_future) { $sys_info = self::system_info($system_id); $last_comm_diff = time() - strtotime($sys_info['LastCommunication']); $main .= ' '; if($last_comm_diff > 3600) { $main .= 'Last Communication: ' . pts_strings::format_time($last_comm_diff, 'SECONDS', true, 60) . ' Ago'; } else { $main .= $sys_info['CurrentTask']; } $main .= ''; } $main .= '
    '; } $main .= '
    '; } $main .= ''; $main .= ''; echo '
    ' . $main . '
    '; echo phoromatic_webui_footer(); }",True,PHP,explode,phoromatic_main.php,https://github.com/phoronix-test-suite/phoronix-test-suite,phoronix-test-suite,Michael Larabel,2022-01-08 04:47:20-06:00,"phodevi: Input sanitization updates for Phoromatic Server Also other code formatting / cleanups while reviewing the code...",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0157,"public function getPurchaseOrderByJSON() { if(!empty($this->params['vendor'])) { $purchase_orders = $this->purchase_order->find('all', 'vendor_id=' . $this->params['vendor']); } else { $purchase_orders = $this->purchase_order->find('all'); } echo json_encode($purchase_orders); }" 26503,"$result = $stmt->execute(); } } if($main == null) { if(isset($_POST['result_limit'])) { if(is_numeric($_POST['result_limit']) && $_POST['result_limit'] > 9) { $result_limit = $_POST['result_limit']; } else { $result_limit = 0; } } else { $result_limit = 100; } $min_date = strtotime(phoromatic_server::account_created_on($_SESSION['AccountID'])); $default_start_date = max($min_date, strtotime('-1 year')); $min_date = date('Y-m-d', $min_date); $time_start = strtotime(isset($_POST['time_start']) && !empty($_POST['time_start']) ? $_POST['time_start'] : $min_date); if(empty($time_start)) { $time_start = strtotime($min_date); } $time_end = strtotime((isset($_POST['time_end']) && !empty($_POST['time_end']) ? $_POST['time_end'] : date('Y-m-d')) . ' 23:59:59'); if(empty($time_end)) { $time_end = strtotime(date('Y-m-d') . ' 23:59:59'); } $main .= '
    Results From To   With Tests: With Hardware: With System Software: Search For Limit Results To '; } elseif ($type == 'mail') {",True,PHP,showOutputField,extrafields.class.php,https://github.com/dolibarr/dolibarr,dolibarr,Laurent Destailleur,2022-03-01 16:38:06+01:00,Fix #hunterb03d4415-d4f9-48c8-9ae2-d3aa248027b5,NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-0819,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26564,public function getNbOfVisibleMenuEntries() { $nb = 0; foreach ($this->liste as $val) { if (!empty($val['enabled'])) { $nb++; } } return $nb; },True,PHP,getNbOfVisibleMenuEntries,menu.class.php,https://github.com/dolibarr/dolibarr,dolibarr,Laurent Destailleur,2022-03-01 16:38:06+01:00,Fix #hunterb03d4415-d4f9-48c8-9ae2-d3aa248027b5,NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-0819,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26567,"public function testDolEval() { global $conf,$user,$langs,$db; $conf=$this->savconf; $user=$this->savuser; $langs=$this->savlangs; $db=$this->savdb; $result=dol_eval('1==1', 1, 0); print ""result = "".$result.""\n""; $this->assertTrue($result); $result=dol_eval('1==2', 1, 0); print ""result = "".$result.""\n""; $this->assertFalse($result); include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; include_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php'; $result=dol_eval('(($reloadedobj = new Task($db)) && ($reloadedobj->fetchNoCompute($object->id) > 0) && ($secondloadedobj = new Project($db)) && ($secondloadedobj->fetchNoCompute($reloadedobj->fk_project) > 0)) ? $secondloadedobj->ref: ""Parent project not found""', 1, 1); print ""result = "".$result.""\n""; $this->assertEquals('Parent project not found', $result); $result=dol_eval('$a=function() { }; $a;', 1, 1); print ""result = "".$result.""\n""; $this->assertContains('Bad string syntax to evaluate', $result); $result=dol_eval('$a=exec(""ls"");', 1, 1); print ""result = "".$result.""\n""; $this->assertContains('Bad string syntax to evaluate', $result); $result=dol_eval('$a=exec (""ls"")', 1, 1); print ""result = "".$result.""\n""; $this->assertContains('Bad string syntax to evaluate', $result); $result=dol_eval('$a=""test""; $$a;', 1, 0); print ""result = "".$result.""\n""; $this->assertContains('Bad string syntax to evaluate', $result); $result=dol_eval('`ls`', 1, 0); print ""result = "".$result.""\n""; $this->assertContains('Bad string syntax to evaluate', $result); }",True,PHP,testDolEval,SecurityTest.php,https://github.com/dolibarr/dolibarr,dolibarr,Laurent Destailleur,2022-03-01 16:38:06+01:00,Fix #hunterb03d4415-d4f9-48c8-9ae2-d3aa248027b5,NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2022-0819,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26570,"private function section($nodes, $id, $filters, $start, $end, $otag, $ctag, $level) { $source = var_export(substr($this->source, $start, $end - $start), true); $callable = $this->getCallable(); if ($otag !== '{{' || $ctag !== '}}') { $delimTag = var_export(sprintf('{{= %s %s =}}', $otag, $ctag), true); $helper = sprintf('$this->lambdaHelper->withDelimiters(%s)', $delimTag); $delims = ', ' . $delimTag; } else { $helper = '$this->lambdaHelper'; $delims = ''; } $key = ucfirst(md5($delims . ""\n"" . $source)); if (!isset($this->sections[$key])) { $this->sections[$key] = sprintf($this->prepare(self::SECTION), $key, $callable, $source, $helper, $delims, $this->walk($nodes, 2)); } $method = $this->getFindMethod($id); $id = var_export($id, true); $filters = $this->getFilters($filters, $level); return sprintf($this->prepare(self::SECTION_CALL, $level), $id, $method, $id, $filters, $key); }",True,PHP,section,Compiler.php,https://github.com/bobthecow/mustache.php,bobthecow,Justin Hileman,2022-01-21 01:08:36-05:00,"Fix CVE-2022-0323 (improper neutralization of section names) - Fixes possible RCE when rendering untrusted user templates. - Remove unnecessary comments in generated source.",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-0323,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26572,"private function invertedSection($nodes, $id, $filters, $level) { $method = $this->getFindMethod($id); $id = var_export($id, true); $filters = $this->getFilters($filters, $level); return sprintf($this->prepare(self::INVERTED_SECTION, $level), $id, $method, $id, $filters, $this->walk($nodes, $level)); }",True,PHP,invertedSection,Compiler.php,https://github.com/bobthecow/mustache.php,bobthecow,Justin Hileman,2022-01-21 01:08:36-05:00,"Fix CVE-2022-0323 (improper neutralization of section names) - Fixes possible RCE when rendering untrusted user templates. - Remove unnecessary comments in generated source.",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2022-0323,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26576,"public static function upload_user_avatar() { $file = $_FILES['lp-upload-avatar']; $upload_dir = learn_press_user_profile_picture_upload_dir(); add_filter( 'upload_dir', array( __CLASS__, '_user_avatar_upload_dir' ), 10000 ); $result = wp_handle_upload( $file, array( 'test_form' => false, ) ); remove_filter( 'upload_dir', array( __CLASS__, '_user_avatar_upload_dir' ), 10000 ); if ( is_array( $result ) ) { $result['name'] = $upload_dir['subdir'] . '/' . basename( $result['file'] ); unset( $result['file'] ); } else { $result = array( 'error' => __( 'Profile picture upload failed', 'learnpress' ), ); } learn_press_send_json( $result ); }",True,PHP,upload_user_avatar,class-lp-ajax.php,https://github.com/LearnPress/learnpress,LearnPress,tungnx,2022-01-14 09:56:52+07:00,"= 4.1.4.2 = ~ Modified: function upload, crop avatar ~ Added: function remove avatar",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2022-0377,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26578,"LP_Request::register_ajax( $action, $callback ); } add_action( 'wp_ajax_learnpress_upload-user-avatar', array( __CLASS__, 'upload_user_avatar' ) ); }",True,PHP,register_ajax,class-lp-ajax.php,https://github.com/LearnPress/learnpress,LearnPress,tungnx,2022-01-14 09:56:52+07:00,"= 4.1.4.2 = ~ Modified: function upload, crop avatar ~ Added: function remove avatar",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2022-0377,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26579,"public static function save_uploaded_user_avatar() { $avatar_data = wp_parse_args( LP_Request::get( 'lp-user-avatar-crop' ), array( 'name' => '', 'width' => '', 'height' => '', 'points' => '', 'nonce' => '', ) ); $current_user_id = get_current_user_id(); if ( ! wp_verify_nonce( $avatar_data['nonce'], 'save-uploaded-profile-' . $current_user_id ) ) { die( 'ERROR VERIFY NONCE!' ); } $url = learn_press_update_user_profile_avatar(); if ( $url ) { $user = learn_press_get_current_user(); learn_press_send_json( array( 'success' => true, 'avatar' => sprintf( '', $url ), ) ); }; wp_die(); }",True,PHP,save_uploaded_user_avatar,class-lp-ajax.php,https://github.com/LearnPress/learnpress,LearnPress,tungnx,2022-01-14 09:56:52+07:00,"= 4.1.4.2 = ~ Modified: function upload, crop avatar ~ Added: function remove avatar",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2022-0377,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26580,"imagepng( $im_crop, $output ); } $new_avatar = false; if ( file_exists( $output ) ) { $old_avatar = get_user_meta( $user_id, '_lp_profile_picture', true ); if ( file_exists( $upload_dir['basedir'] . '/' . $old_avatar ) ) { @unlink( $upload_dir['basedir'] . '/' . $old_avatar ); } $new_avatar = preg_replace( '!^/!', '', $upload_dir['subdir'] ) . '/' . $newname; update_user_meta( $user_id, '_lp_profile_picture', $new_avatar ); update_user_meta( $user_id, '_lp_profile_picture_changed', 'yes' ); $new_avatar = $upload_dir['baseurl'] . '/' . $new_avatar; } @unlink( $path ); return $new_avatar; }",True,PHP,imagepng,lp-user-functions.php,https://github.com/LearnPress/learnpress,LearnPress,tungnx,2022-01-14 09:56:52+07:00,"= 4.1.4.2 = ~ Modified: function upload, crop avatar ~ Added: function remove avatar",CWE-327,Use of a Broken or Risky Cryptographic Algorithm,The product uses a broken or risky cryptographic algorithm or protocol.,https://cwe.mitre.org/data/definitions/327.html,CVE-2022-0377,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26582,"public function rules() { return [ 'sku' => ['required'], 'name' => ['required', Rule::unique('products')->ignore($this->segment(3))], 'quantity' => ['required', 'integer', 'min:0'], 'price' => ['required', 'numeric', 'min:0'], 'sale_price' => ['nullable', 'numeric'], 'weight' => ['nullable', 'numeric', 'min:0'] ]; }",True,PHP,rules,UpdateProductRequest.php,https://github.com/jsdecena/laracom,jsdecena,Roland Jeffrey Decena,2022-02-02 11:16:55+13:00,Fix vulnerability report from hunter.dev,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-0472,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26583,"public function rules() { return [ 'sku' => ['required'], 'name' => ['required', Rule::unique('products')->ignore($this->segment(3))], 'quantity' => ['required', 'integer', 'min:0'], 'price' => ['required', 'numeric', 'min:0'], 'sale_price' => ['nullable', 'numeric'], 'weight' => ['nullable', 'numeric', 'min:0'] ]; }",True,PHP,rules,UpdateProductRequest.php,https://github.com/jsdecena/laracom,jsdecena,Roland Jeffrey Decena,2022-02-02 11:16:55+13:00,Fix vulnerability report from hunter.dev,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0472,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26586,$schedules[$scheduleCode] = $this->model->createScheduleItem($scheduleCode); } return $this->schedulesCache = $schedules; },True,PHP,createScheduleItem,ScheduleEditor.php,https://github.com/tastyigniter/tastyigniter,tastyigniter,Sam Poyigi,2022-03-10 22:11:52+00:00,"Minor fixes Signed-off-by: Sam Poyigi <6567634+sampoyigi@users.noreply.github.com>",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0602,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26589,"public function onLoadRecord() { $scheduleCode = post('recordId'); $scheduleItem = $this->getSchedule($scheduleCode); $formTitle = sprintf(lang($this->formTitle), lang('admin::lang.text_'.$scheduleCode)); return $this->makePartial('recordeditor/form', [ 'formRecordId' => $scheduleCode, 'formTitle' => $formTitle, 'formWidget' => $this->makeScheduleFormWidget($scheduleItem), ]); }",True,PHP,onLoadRecord,ScheduleEditor.php,https://github.com/tastyigniter/tastyigniter,tastyigniter,Sam Poyigi,2022-03-10 22:11:52+00:00,"Minor fixes Signed-off-by: Sam Poyigi <6567634+sampoyigi@users.noreply.github.com>",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-0602,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26590,public function shouldRun(DateTime $date) { global $timedate; $runDate = clone $date; $this->handleTimeZone($runDate); $cron = Cron\CronExpression::factory($this->schedule); if (empty($this->last_run) && $cron->isDue($runDate)) { return true; } $lastRun = $this->last_run ? $timedate->fromDb($this->last_run) : $timedate->fromDb($this->date_entered); $this->handleTimeZone($lastRun); $next = $cron->getNextRunDate($lastRun); return $next <= $runDate; },True,PHP,shouldRun,AOR_Scheduled_Reports.php,https://github.com/salesagility/suitecrm,salesagility,Matt Lorimer,2022-03-01 12:39:51+00:00,SuiteCRM 7.12.5 Release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-0754,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26591,public function shouldRun(DateTime $date) { global $timedate; $runDate = clone $date; $this->handleTimeZone($runDate); $cron = Cron\CronExpression::factory($this->schedule); if (empty($this->last_run) && $cron->isDue($runDate)) { return true; } $lastRun = $this->last_run ? $timedate->fromDb($this->last_run) : $timedate->fromDb($this->date_entered); $this->handleTimeZone($lastRun); $next = $cron->getNextRunDate($lastRun); return $next <= $runDate; },True,PHP,shouldRun,AOR_Scheduled_Reports.php,https://github.com/salesagility/suitecrm,salesagility,Matt Lorimer,2022-03-01 12:39:51+00:00,SuiteCRM 7.12.5 Release,CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-0755,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26592,public function shouldRun(DateTime $date) { global $timedate; $runDate = clone $date; $this->handleTimeZone($runDate); $cron = Cron\CronExpression::factory($this->schedule); if (empty($this->last_run) && $cron->isDue($runDate)) { return true; } $lastRun = $this->last_run ? $timedate->fromDb($this->last_run) : $timedate->fromDb($this->date_entered); $this->handleTimeZone($lastRun); $next = $cron->getNextRunDate($lastRun); return $next <= $runDate; },True,PHP,shouldRun,AOR_Scheduled_Reports.php,https://github.com/salesagility/suitecrm,salesagility,Matt Lorimer,2022-03-01 12:39:51+00:00,SuiteCRM 7.12.5 Release,CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-0756,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26593,public function save($check_notify = false) { if (isset($_POST['email_recipients']) && is_array($_POST['email_recipients'])) { $this->email_recipients = base64_encode(serialize($_POST['email_recipients'])); } return parent::save($check_notify); },True,PHP,save,AOR_Scheduled_Reports.php,https://github.com/salesagility/suitecrm,salesagility,Matt Lorimer,2022-03-01 12:39:51+00:00,SuiteCRM 7.12.5 Release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-0754,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26594,public function save($check_notify = false) { if (isset($_POST['email_recipients']) && is_array($_POST['email_recipients'])) { $this->email_recipients = base64_encode(serialize($_POST['email_recipients'])); } return parent::save($check_notify); },True,PHP,save,AOR_Scheduled_Reports.php,https://github.com/salesagility/suitecrm,salesagility,Matt Lorimer,2022-03-01 12:39:51+00:00,SuiteCRM 7.12.5 Release,CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-0755,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26595,public function save($check_notify = false) { if (isset($_POST['email_recipients']) && is_array($_POST['email_recipients'])) { $this->email_recipients = base64_encode(serialize($_POST['email_recipients'])); } return parent::save($check_notify); },True,PHP,save,AOR_Scheduled_Reports.php,https://github.com/salesagility/suitecrm,salesagility,Matt Lorimer,2022-03-01 12:39:51+00:00,SuiteCRM 7.12.5 Release,CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-0756,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26605,"public static function getIconName($module) { return isset(static::$iconNames[$module]) ? static::$iconNames[$module] : strtolower(str_replace('_', '-', $module)); }",True,PHP,getIconName,IconRepository.php,https://github.com/salesagility/suitecrm,salesagility,Matt Lorimer,2022-03-01 12:39:51+00:00,SuiteCRM 7.12.5 Release,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-0754,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26606,"public static function getIconName($module) { return isset(static::$iconNames[$module]) ? static::$iconNames[$module] : strtolower(str_replace('_', '-', $module)); }",True,PHP,getIconName,IconRepository.php,https://github.com/salesagility/suitecrm,salesagility,Matt Lorimer,2022-03-01 12:39:51+00:00,SuiteCRM 7.12.5 Release,CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-0755,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26607,"public static function getIconName($module) { return isset(static::$iconNames[$module]) ? static::$iconNames[$module] : strtolower(str_replace('_', '-', $module)); }",True,PHP,getIconName,IconRepository.php,https://github.com/salesagility/suitecrm,salesagility,Matt Lorimer,2022-03-01 12:39:51+00:00,SuiteCRM 7.12.5 Release,CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-0756,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26611,"public function getAttributes(\SugarBean $bean, $fields = null) { $bean->fixUpFormatting(); $attributes = array_map(function ($value) { return is_string($value) ? (\DateTime::createFromFormat('Y-m-d H:i:s', $value) ? date(\DateTime::ATOM, strtotime($value)) : $value) : $value; }, $bean->toArray()); if ($fields !== null) { $attributes = array_intersect_key($attributes, array_flip($fields)); } unset($attributes['id']); return new AttributeResponse($attributes); }",True,PHP,getAttributes,AttributeObjectHelper.php,https://github.com/salesagility/suitecrm,salesagility,Jack Anderson,2023-01-25 15:53:11+00:00,SuiteCRM 7.12.9 Release,CWE-29,Path Traversal: '\..\filename',"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.",https://cwe.mitre.org/data/definitions/29.html,CVE-2023-1034,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26615,"function return_module_language($language, $module, $refresh = false) { global $mod_strings; global $sugar_config; global $currentModule; if (empty($module)) { $GLOBALS['log']->warn('Variable module is not in return_module_language, see more info: debug_backtrace()'); return array(); } if (!$refresh) { $cache_key = LanguageManager::getLanguageCacheKey($module, $language); $cache_entry = sugar_cache_retrieve($cache_key); if (!empty($cache_entry) && is_array($cache_entry)) { return $cache_entry; } } $temp_mod_strings = $mod_strings; $loaded_mod_strings = array(); $language_used = $language; $default_language = $sugar_config['default_language']; if (empty($language)) { $language = $default_language; } if (!file_exists(sugar_cached('modules/') . $module . '/language/' . $language . '.lang.php') && !empty($GLOBALS['beanList'][$module]) ) { $object = BeanFactory::getObjectName($module); VardefManager::refreshVardefs($module, $object); } $loaded_mod_strings = LanguageManager::loadModuleLanguage($module, $language, $refresh); if ($language != $sugar_config['default_language']) { $loaded_mod_strings = sugarLangArrayMerge( LanguageManager::loadModuleLanguage($module, $sugar_config['default_language'], $refresh), $loaded_mod_strings ); } if ($language != 'en_us' && $sugar_config['default_language'] != 'en_us') { $loaded_mod_strings = sugarLangArrayMerge( LanguageManager::loadModuleLanguage($module, 'en_us', $refresh), $loaded_mod_strings ); } if ($sugar_config['translation_string_prefix']) { foreach ($loaded_mod_strings as $entry_key => $entry_value) { $loaded_mod_strings[$entry_key] = $language_used . ' ' . $entry_value; } } $return_value = $loaded_mod_strings; if (!isset($mod_strings)) { $mod_strings = $return_value; } else { $mod_strings = $temp_mod_strings; } $cache_key = LanguageManager::getLanguageCacheKey($module, $language); sugar_cache_put($cache_key, $return_value); return $return_value; }",True,PHP,return_module_language,utils.php,https://github.com/salesagility/suitecrm,salesagility,Jack Anderson,2023-01-25 15:53:11+00:00,SuiteCRM 7.12.9 Release,CWE-29,Path Traversal: '\..\filename',"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.",https://cwe.mitre.org/data/definitions/29.html,CVE-2023-1034,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26624,"$dataArrayValuesQuotedImplode = implode(', ', array_values($data)); $insert_query .= "" VALUES ("" . $dataArrayValuesQuotedImplode . "")""; $db->query($insert_query); } } else {",True,PHP,implode,utils.php,https://github.com/salesagility/suitecrm,salesagility,Jack Anderson,2023-01-25 15:53:11+00:00,SuiteCRM 7.12.9 Release,CWE-29,Path Traversal: '\..\filename',"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.",https://cwe.mitre.org/data/definitions/29.html,CVE-2023-1034,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26626,"public function getDuplicateQuery($focus, $prefix='') { $query = 'SELECT contacts.id, contacts.first_name, contacts.last_name, contacts.title FROM contacts '; $query .= ' where contacts.deleted = 0 AND '; if (isset($_POST[$prefix.'first_name']) && strlen($_POST[$prefix.'first_name']) != 0 && isset($_POST[$prefix.'last_name']) && strlen($_POST[$prefix.'last_name']) != 0) { $query .= "" contacts.first_name LIKE '"". $_POST[$prefix.'first_name'] . ""%' AND contacts.last_name = '"". $_POST[$prefix.'last_name'] .""'""; } else { $query .= "" contacts.last_name = '"". $_POST[$prefix.'last_name'] .""'""; } if (!empty($_POST[$prefix.'record'])) { $query .= "" AND contacts.id != '"". $_POST[$prefix.'record'] .""'""; } return $query; }",True,PHP,getDuplicateQuery,ContactFormBase.php,https://github.com/salesagility/suitecrm,salesagility,Jack Anderson,2023-01-25 15:53:11+00:00,SuiteCRM 7.12.9 Release,CWE-29,Path Traversal: '\..\filename',"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.",https://cwe.mitre.org/data/definitions/29.html,CVE-2023-1034,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26630,"public function getDuplicateQuery($focus, $prefix='') { $query = ""SELECT id, first_name, last_name, account_name, title FROM leads ""; $query .= "" WHERE deleted != 1 AND (status <> 'Converted' OR status IS NULL) AND ""; if (isset($_POST[$prefix.'first_name']) && strlen($_POST[$prefix.'first_name']) != 0 && isset($_POST[$prefix.'last_name']) && strlen($_POST[$prefix.'last_name']) != 0) { $query .= "" (first_name='"". $_POST[$prefix.'first_name'] . ""' AND last_name = '"". $_POST[$prefix.'last_name'] .""')""; } else { $query .= "" last_name = '"". $_POST[$prefix.'last_name'] .""'""; } return $query; }",True,PHP,getDuplicateQuery,LeadFormBase.php,https://github.com/salesagility/suitecrm,salesagility,Jack Anderson,2023-01-25 15:53:11+00:00,SuiteCRM 7.12.9 Release,CWE-29,Path Traversal: '\..\filename',"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.",https://cwe.mitre.org/data/definitions/29.html,CVE-2023-1034,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26631,"public function handleSave($prefix, $redirect=true, $useRequired=false) { global $theme; require_once('include/formbase.php'); global $timedate; $focus = BeanFactory::newBean('Prospects'); if ($useRequired && !checkRequired($prefix, array_keys($focus->required_fields))) { return null; } $focus = populateFromPost($prefix, $focus); if (!$focus->ACLAccess('Save')) { return null; } if (!isset($GLOBALS['check_notify'])) { $GLOBALS['check_notify']=false; } if (!isset($_POST[$prefix.'email_opt_out'])) { $focus->email_opt_out = 0; } if (!isset($_POST[$prefix.'do_not_call'])) { $focus->do_not_call = 0; } if (empty($_POST['record']) && empty($_POST['dup_checked'])) { } global $current_user; $focus->save($GLOBALS['check_notify']); $return_id = $focus->id; $GLOBALS['log']->debug(""Saved record with id of "".$return_id); if (isset($_POST['popup']) && $_POST['popup'] == 'true') { $get = '&module='; if (!empty($_POST['return_module'])) { $get .= $_POST['return_module']; } else { $get .= 'Prospects'; } $get .= '&action='; if (!empty($_POST['return_action'])) { $get .= $_POST['return_action']; } else { $get .= 'Popup'; } if (!empty($_POST['return_id'])) { $get .= '&return_id='.$_POST['return_id']; } if (!empty($_POST['popup'])) { $get .= '&popup='.$_POST['popup']; } if (!empty($_POST['create'])) { $get .= '&create='.$_POST['create']; } if (!empty($_POST['to_pdf'])) { $get .= '&to_pdf='.$_POST['to_pdf']; } $get .= '&first_name=' . $focus->first_name; $get .= '&last_name=' . $focus->last_name; $get .= '&query=true'; header(""Location: index.php?$get""); return; } if ($redirect) { require_once('include/formbase.php'); handleRedirect($return_id, 'Prospects'); } else { return $focus; } }",True,PHP,handleSave,ProspectFormBase.php,https://github.com/salesagility/suitecrm,salesagility,Jack Anderson,2023-01-25 15:53:11+00:00,SuiteCRM 7.12.9 Release,CWE-29,Path Traversal: '\..\filename',"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.",https://cwe.mitre.org/data/definitions/29.html,CVE-2023-1034,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26632,"public function checkForDuplicates($prefix) { global $local_log; require_once('include/formbase.php'); $focus = BeanFactory::newBean('Prospects'); if (!checkRequired($prefix, array_keys($focus->required_fields))) { return null; } $query = ''; $baseQuery = 'select id,first_name, last_name, title, email1, email2 from prospects where deleted!=1 and ('; if (!empty($_POST[$prefix.'first_name']) && !empty($_POST[$prefix.'last_name'])) { $query = $baseQuery ."" (first_name like '"". $_POST[$prefix.'first_name'] . ""%' and last_name = '"". $_POST[$prefix.'last_name'] .""')""; } else { $query = $baseQuery ."" last_name = '"". $_POST[$prefix.'last_name'] .""'""; } if (!empty($_POST[$prefix.'email1'])) { if (empty($query)) { $query = $baseQuery. "" email1='"". $_POST[$prefix.'email1'] . ""' or email2 = '"". $_POST[$prefix.'email1'] .""'""; } else { $query .= ""or email1='"". $_POST[$prefix.'email1'] . ""' or email2 = '"". $_POST[$prefix.'email1'] .""'""; } } if (!empty($_POST[$prefix.'email2'])) { if (empty($query)) { $query = $baseQuery. "" email1='"". $_POST[$prefix.'email2'] . ""' or email2 = '"". $_POST[$prefix.'email2'] .""'""; } else { $query .= ""or email1='"". $_POST[$prefix.'email2'] . ""' or email2 = '"". $_POST[$prefix.'email2'] .""'""; } } if (!empty($query)) { $rows = array(); $db = DBManagerFactory::getInstance(); $result = $db->query($query.');'); while ($row = $db->fetchByAssoc($result)) { $rows[] = $row; } if (count($rows) > 0) { return $rows; } } return null; }",True,PHP,checkForDuplicates,ProspectFormBase.php,https://github.com/salesagility/suitecrm,salesagility,Jack Anderson,2023-01-25 15:53:11+00:00,SuiteCRM 7.12.9 Release,CWE-29,Path Traversal: '\..\filename',"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.",https://cwe.mitre.org/data/definitions/29.html,CVE-2023-1034,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26635,"public function buildTableForm($rows, $mod='') { global $action; if (!empty($mod)) { global $current_language; $mod_strings = return_module_language($current_language, $mod); } else { global $mod_strings; } global $app_strings; $cols = count($rows[0]) * 2 + 1; if ($action != 'ShowDuplicates') { $form = '
    '.$mod_strings['MSG_DUPLICATE']. '
    '; $form .= """"; } else { $form = '
    '.$mod_strings['MSG_SHOW_DUPLICATES']. '
    '; } $form .= get_form_header($mod_strings['LBL_DUPLICATE'], """", ''); $form .= "" ""; if ($action != 'ShowDuplicates') { $form .= """"; } require_once('include/formbase.php'); $form .= getPostToForm(); if (isset($rows[0])) { foreach ($rows[0] as $key=>$value) { if ($key != 'id') { $form .= """"; } } $form .= """"; } $rowColor = 'oddListRowS1'; foreach ($rows as $row) { $form .= """"; if ($action != 'ShowDuplicates') { $form .= ""\n""; } $wasSet = false; foreach ($row as $key=>$value) { if ($key != 'id') { if (!$wasSet) { $form .= ""\n""; $wasSet = true; } else { $form .= ""\n""; } } } if ($rowColor == 'evenListRowS1') { $rowColor = 'oddListRowS1'; } else { $rowColor = 'evenListRowS1'; } $form .= """"; } $form .= """"; if ($action == 'ShowDuplicates') { $form .= ""
     "". $mod_strings[$mod_strings['db_'.$key]]. ""
    [${app_strings['LBL_SELECT_BUTTON_LABEL']}]  $value$value

    ""; } else { $form .= ""
    ""; } return $form; }",True,PHP,buildTableForm,ProspectFormBase.php,https://github.com/salesagility/suitecrm,salesagility,Jack Anderson,2023-01-25 15:53:11+00:00,SuiteCRM 7.12.9 Release,CWE-29,Path Traversal: '\..\filename',"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.",https://cwe.mitre.org/data/definitions/29.html,CVE-2023-1034,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26637,"public function getWideFormBody($prefix, $mod='', $formname='', $prospect = '') { if (!ACLController::checkAccess('Prospects', 'edit', true)) { return ''; } if (empty($prospect)) { $prospect = BeanFactory::newBean('Prospects'); } global $mod_strings; $temp_strings = $mod_strings; if (!empty($mod)) { global $current_language; $mod_strings = return_module_language($current_language, $mod); } global $app_strings; global $current_user; global $app_list_strings; $primary_address_country_options = get_select_options_with_id($app_list_strings['countries_dom'], $prospect->primary_address_country); $lbl_required_symbol = $app_strings['LBL_REQUIRED_SYMBOL']; $lbl_first_name = $mod_strings['LBL_FIRST_NAME']; $lbl_last_name = $mod_strings['LBL_LAST_NAME']; $lbl_phone = $mod_strings['LBL_OFFICE_PHONE']; $lbl_address = $mod_strings['LBL_PRIMARY_ADDRESS']; $user_id = $current_user->id; $lbl_email_address = $mod_strings['LBL_EMAIL_ADDRESS']; $form = <<
    $lbl_first_name $lbl_last_name $lbl_required_symbol    
    first_name}""> last_name}"">    
    ${mod_strings['LBL_TITLE']} ${mod_strings['LBL_DEPARTMENT']}    
    title}""> department}"">    
    $lbl_address
    ${mod_strings['LBL_CITY']} ${mod_strings['LBL_STATE']} ${mod_strings['LBL_POSTAL_CODE']} ${mod_strings['LBL_COUNTRY']}
    $lbl_phone ${mod_strings['LBL_MOBILE_PHONE']} ${mod_strings['LBL_FAX_PHONE']} ${mod_strings['LBL_HOME_PHONE']}
    phone_work}""> phone_mobile}""> phone_fax}""> phone_home}"">
    $lbl_email_address ${mod_strings['LBL_OTHER_EMAIL_ADDRESS']}    
    email1}""> email2}"">    
    ${mod_strings['LBL_DESCRIPTION']}
    EOQ; $javascript = new javascript(); $javascript->setFormName($formname); $javascript->setSugarBean(BeanFactory::newBean('Prospects')); $javascript->addField('email1', 'false', $prefix); $javascript->addField('email2', 'false', $prefix); $javascript->addRequiredFields($prefix); $form .=$javascript->getScript(); $mod_strings = $temp_strings; return $form; }",True,PHP,getWideFormBody,ProspectFormBase.php,https://github.com/salesagility/suitecrm,salesagility,Jack Anderson,2023-01-25 15:53:11+00:00,SuiteCRM 7.12.9 Release,CWE-29,Path Traversal: '\..\filename',"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.",https://cwe.mitre.org/data/definitions/29.html,CVE-2023-1034,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26640,"public function save($check_notify = false) { global $current_user, $mod_strings; if (!$this->hasSaveAccess()) { throw new RuntimeException('Not authorized'); } $msg = ''; $isUpdate = !empty($this->id) && !$this->new_with_id; $admin = BeanFactory::newBean('Administration'); $smtp_error = $admin->checkSmtpError(); if ($smtp_error || $isUpdate && !is_admin($current_user)) { $tmpUser = BeanFactory::getBean('Users', $this->id); if (!$tmpUser instanceof User) { LoggerManager::getLogger()->fatal('User update error: Temp User is not retrieved at ID ' . $this->id . ', ' . gettype($tmpUser) . ' given'); } if ($smtp_error) { $msg .= 'SMTP server settings required first.'; $GLOBALS['log']->warn($msg); if (isset($mod_strings['ERR_USER_FACTOR_SMTP_REQUIRED'])) { SugarApplication::appendErrorMessage($mod_strings['ERR_USER_FACTOR_SMTP_REQUIRED']); } } else { if (($tmpUser instanceof User) && ($this->factor_auth != $tmpUser->factor_auth || $this->factor_auth_interface != $tmpUser->factor_auth_interface)) { $msg .= 'Current user is not able to change two factor authentication settings.'; $GLOBALS['log']->warn($msg); SugarApplication::appendErrorMessage($mod_strings['ERR_USER_FACTOR_CHANGE_DISABLED']); } } if ($tmpUser) { $this->factor_auth = $tmpUser->factor_auth; $this->factor_auth_interface = $tmpUser->factor_auth_interface; } } if ($this->factor_auth && $isUpdate && is_admin($current_user)) { $factorAuthFactory = new FactorAuthFactory(); $factorAuth = $factorAuthFactory->getFactorAuth($this); if (!$factorAuth->validateTokenMessage()) { $this->factor_auth = false; } } if (!isset($this->is_group)) { $this->is_group = 0; } if (!isset($this->portal_only)) { $this->portal_only = 0; } $this->user_preferences = ''; if ($this->is_admin) { $this->is_group = 0; $this->portal_only = 0; } if (!is_admin($current_user)) { $this->is_admin = 0; } $setNewUserPreferences = empty($this->id) || !empty($this->new_with_id); if (!$this->verify_data()) { SugarApplication::appendErrorMessage($this->error_string); return SugarApplication::redirect('Location: index.php?action=Error&module=Users'); } $retId = parent::save($check_notify); if (!$retId) { LoggerManager::getLogger()->fatal('save error: User is not saved, Person ID is not returned.'); } if ($retId !== $this->id) { LoggerManager::getLogger()->fatal('save error: User is not saved properly, returned Person ID does not match to User ID.'); } if ($setNewUserPreferences) { if (!$this->getPreference('calendar_publish_key')) { $this->setPreference('calendar_publish_key', create_guid()); } } $this->saveFormPreferences(); $this->savePreferencesToDB(); if ((isset($_POST['old_password']) || $this->portal_only) && (isset($_POST['new_password']) && !empty($_POST['new_password'])) && (isset($_POST['password_change']) && $_POST['password_change'] === 'true')) { if (!$this->change_password($_POST['old_password'], $_POST['new_password'])) { if (isset($_POST['page']) && $_POST['page'] === 'EditView') { SugarApplication::appendErrorMessage($this->error_string); SugarApplication::redirect(""Location: index.php?action=EditView&module=Users&record="" . $_POST['record']); } if (isset($_POST['page']) && $_POST['page'] === 'Change') { SugarApplication::appendErrorMessage($this->error_string); SugarApplication::redirect(""Location: index.php?action=ChangePassword&module=Users&record="" . $_POST['record']); } } } $this->lastSaveErrorIsEmailAddressSaveError = false; if (!$this->emailAddress->saveAtUserProfile($_REQUEST)) { LoggerManager::getLogger()->fatal('Email address save error'); $this->lastSaveErrorIsEmailAddressSaveError = true; return false; } return $this->id; }",True,PHP,save,User.php,https://github.com/salesagility/suitecrm,salesagility,Jack Anderson,2023-01-25 15:53:11+00:00,SuiteCRM 7.12.9 Release,CWE-29,Path Traversal: '\..\filename',"The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.",https://cwe.mitre.org/data/definitions/29.html,CVE-2023-1034,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26643,"function uploadFile($file_array, $destination_directory, $destination_filename = null) { if ((! isset($file_array['name'])) || (! isset($file_array['tmp_name'])) || (! isset($file_array['error']))) { throw new Exception(_('Ungültiges Array übergeben!')); } if(strpos($file_array['name'], "".php"") != false || strpos($destination_filename, "".php"") != false) { throw new \Exception(_(""Es ist nicht erlaubt PHP Dateien hochzuladen!"")); } if ($destination_filename == null) { $destination_filename = $file_array['name']; } $destination = $destination_directory.$destination_filename; if ((mb_substr($destination_directory, -1, 1) != '/') || (! isPathabsoluteAndUnix($destination_directory, false))) { throw new Exception(sprintf(_('""%s"" ist kein gültiges Verzeichnis!'), $destination_directory)); } try { createPath($destination_directory); } catch (Exception $ex) { throw new Exception(_(""Das Verzeichniss konnte nicht angelegt werden!"")); } if (! is_writable($destination_directory)) { throw new Exception(_('Sie haben keine Schreibrechte im Verzeichnis ""').$destination_directory.'""!'); } if (file_exists($destination)) { $new_file_md5 = md5_file($file_array['tmp_name']); $existing_file_md5 = md5_file($destination); if (($new_file_md5 == $existing_file_md5) && ($new_file_md5 != false)) { return $destination; } throw new Exception(_('Es existiert bereits eine Datei mit dem Dateinamen ""').$destination.'""!'); } switch ($file_array['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: throw new Exception(_('Die maximal mögliche Dateigrösse für Uploads wurde überschritten (""upload_max_filesize"" in ""php.ini"")! '). 'params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26645,public function isVisible() { if ($this->getValue('pho_id') > 0 && (int) $this->getValue('pho_org_id') !== $GLOBALS['gCurrentOrgId']) { return false; } elseif ((int) $this->getValue('pho_locked') === 1 && !$GLOBALS['gCurrentUser']->editPhotoRight()) { return false; } return true; },True,PHP,isVisible,TablePhotos.php,https://github.com/admidio/admidio,admidio,Markus Faßbender,2023-06-08 07:21:41+02:00,ecard could sent if album is logged #1432,CWE-284,Improper Access Control,The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.,https://cwe.mitre.org/data/definitions/284.html,CVE-2023-3303,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26646,"public function updateTab($id, $array) { if (!$id || $id == '') { $this->setAPIResponse('error', 'id was not set', 422); return null; } if (!$array) { $this->setAPIResponse('error', 'no data was sent', 422); return null; } $tabInfo = $this->getTabById($id); if ($tabInfo) { $array = $this->checkKeys($tabInfo, $array); } else { $this->setAPIResponse('error', 'No tab info found', 404); return false; } if (array_key_exists('name', $array)) { $array['name'] = htmlspecialchars($array['name']); if ($this->isTabNameTaken($array['name'], $id)) { $this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409); return false; } } if (array_key_exists('default', $array)) { if ($array['default']) { $this->clearTabDefault(); } } $response = [ array( 'function' => 'query', 'query' => array( 'UPDATE tabs SET', $array, 'WHERE id = ?', $id ) ), ]; $this->setAPIResponse(null, 'Tab info updated'); $this->setLoggerChannel('Tab Management'); $this->logger->debug('Edited Tab Info for [' . $tabInfo['name'] . ']'); return $this->processQueries($response); }",True,PHP,updateTab,organizr.class.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1344,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26647,"public function updateTab($id, $array) { if (!$id || $id == '') { $this->setAPIResponse('error', 'id was not set', 422); return null; } if (!$array) { $this->setAPIResponse('error', 'no data was sent', 422); return null; } $tabInfo = $this->getTabById($id); if ($tabInfo) { $array = $this->checkKeys($tabInfo, $array); } else { $this->setAPIResponse('error', 'No tab info found', 404); return false; } if (array_key_exists('name', $array)) { $array['name'] = htmlspecialchars($array['name']); if ($this->isTabNameTaken($array['name'], $id)) { $this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409); return false; } } if (array_key_exists('default', $array)) { if ($array['default']) { $this->clearTabDefault(); } } $response = [ array( 'function' => 'query', 'query' => array( 'UPDATE tabs SET', $array, 'WHERE id = ?', $id ) ), ]; $this->setAPIResponse(null, 'Tab info updated'); $this->setLoggerChannel('Tab Management'); $this->logger->debug('Edited Tab Info for [' . $tabInfo['name'] . ']'); return $this->processQueries($response); }",True,PHP,updateTab,organizr.class.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-1345,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26648,"public function updateTab($id, $array) { if (!$id || $id == '') { $this->setAPIResponse('error', 'id was not set', 422); return null; } if (!$array) { $this->setAPIResponse('error', 'no data was sent', 422); return null; } $tabInfo = $this->getTabById($id); if ($tabInfo) { $array = $this->checkKeys($tabInfo, $array); } else { $this->setAPIResponse('error', 'No tab info found', 404); return false; } if (array_key_exists('name', $array)) { $array['name'] = htmlspecialchars($array['name']); if ($this->isTabNameTaken($array['name'], $id)) { $this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409); return false; } } if (array_key_exists('default', $array)) { if ($array['default']) { $this->clearTabDefault(); } } $response = [ array( 'function' => 'query', 'query' => array( 'UPDATE tabs SET', $array, 'WHERE id = ?', $id ) ), ]; $this->setAPIResponse(null, 'Tab info updated'); $this->setLoggerChannel('Tab Management'); $this->logger->debug('Edited Tab Info for [' . $tabInfo['name'] . ']'); return $this->processQueries($response); }",True,PHP,updateTab,organizr.class.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1346,"function edit_vendor() { $vendor = new vendor(); if(isset($this->params['id'])) { $vendor = $vendor->find('first', 'id =' .$this->params['id']); assign_to_template(array( 'vendor'=>$vendor )); } }" 26649,"public function updateTab($id, $array) { if (!$id || $id == '') { $this->setAPIResponse('error', 'id was not set', 422); return null; } if (!$array) { $this->setAPIResponse('error', 'no data was sent', 422); return null; } $tabInfo = $this->getTabById($id); if ($tabInfo) { $array = $this->checkKeys($tabInfo, $array); } else { $this->setAPIResponse('error', 'No tab info found', 404); return false; } if (array_key_exists('name', $array)) { $array['name'] = htmlspecialchars($array['name']); if ($this->isTabNameTaken($array['name'], $id)) { $this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409); return false; } } if (array_key_exists('default', $array)) { if ($array['default']) { $this->clearTabDefault(); } } $response = [ array( 'function' => 'query', 'query' => array( 'UPDATE tabs SET', $array, 'WHERE id = ?', $id ) ), ]; $this->setAPIResponse(null, 'Tab info updated'); $this->setLoggerChannel('Tab Management'); $this->logger->debug('Edited Tab Info for [' . $tabInfo['name'] . ']'); return $this->processQueries($response); }",True,PHP,updateTab,organizr.class.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1347,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26670,"public function addTab($array) { if (!$array) { $this->setAPIResponse('error', 'no data was sent', 422); return null; } $array = $this->checkKeys($this->getTableColumnsFormatted('tabs'), $array); $array['group_id'] = ($array['group_id']) ?? $this->getDefaultGroupId(); $array['category_id'] = ($array['category_id']) ?? $this->getDefaultCategoryId(); $array['enabled'] = ($array['enabled']) ?? 0; $array['default'] = ($array['default']) ?? 0; $array['type'] = ($array['type']) ?? 1; $array['order'] = ($array['order']) ?? $this->getNextTabOrder() + 1; if (array_key_exists('name', $array)) { $array['name'] = htmlspecialchars($array['name']); if ($this->isTabNameTaken($array['name'])) { $this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409); return false; } } else { $this->setAPIResponse('error', 'Tab name was not supplied', 422); return false; } if (!array_key_exists('url', $array) && !array_key_exists('url_local', $array)) { $this->setAPIResponse('error', 'Tab url or url_local was not supplied', 422); return false; } if (!array_key_exists('image', $array)) { $this->setAPIResponse('error', 'Tab image was not supplied', 422); return false; } $response = [ array( 'function' => 'query', 'query' => array( 'INSERT INTO [tabs]', $array ) ), ]; $this->setAPIResponse(null, 'Tab added'); $this->setLoggerChannel('Tab Management'); $this->logger->debug('Added Tab for [' . $array['name'] . ']'); return $this->processQueries($response); }",True,PHP,addTab,organizr.class.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1344,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26671,"public function addTab($array) { if (!$array) { $this->setAPIResponse('error', 'no data was sent', 422); return null; } $array = $this->checkKeys($this->getTableColumnsFormatted('tabs'), $array); $array['group_id'] = ($array['group_id']) ?? $this->getDefaultGroupId(); $array['category_id'] = ($array['category_id']) ?? $this->getDefaultCategoryId(); $array['enabled'] = ($array['enabled']) ?? 0; $array['default'] = ($array['default']) ?? 0; $array['type'] = ($array['type']) ?? 1; $array['order'] = ($array['order']) ?? $this->getNextTabOrder() + 1; if (array_key_exists('name', $array)) { $array['name'] = htmlspecialchars($array['name']); if ($this->isTabNameTaken($array['name'])) { $this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409); return false; } } else { $this->setAPIResponse('error', 'Tab name was not supplied', 422); return false; } if (!array_key_exists('url', $array) && !array_key_exists('url_local', $array)) { $this->setAPIResponse('error', 'Tab url or url_local was not supplied', 422); return false; } if (!array_key_exists('image', $array)) { $this->setAPIResponse('error', 'Tab image was not supplied', 422); return false; } $response = [ array( 'function' => 'query', 'query' => array( 'INSERT INTO [tabs]', $array ) ), ]; $this->setAPIResponse(null, 'Tab added'); $this->setLoggerChannel('Tab Management'); $this->logger->debug('Added Tab for [' . $array['name'] . ']'); return $this->processQueries($response); }",True,PHP,addTab,organizr.class.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-1345,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26672,"public function addTab($array) { if (!$array) { $this->setAPIResponse('error', 'no data was sent', 422); return null; } $array = $this->checkKeys($this->getTableColumnsFormatted('tabs'), $array); $array['group_id'] = ($array['group_id']) ?? $this->getDefaultGroupId(); $array['category_id'] = ($array['category_id']) ?? $this->getDefaultCategoryId(); $array['enabled'] = ($array['enabled']) ?? 0; $array['default'] = ($array['default']) ?? 0; $array['type'] = ($array['type']) ?? 1; $array['order'] = ($array['order']) ?? $this->getNextTabOrder() + 1; if (array_key_exists('name', $array)) { $array['name'] = htmlspecialchars($array['name']); if ($this->isTabNameTaken($array['name'])) { $this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409); return false; } } else { $this->setAPIResponse('error', 'Tab name was not supplied', 422); return false; } if (!array_key_exists('url', $array) && !array_key_exists('url_local', $array)) { $this->setAPIResponse('error', 'Tab url or url_local was not supplied', 422); return false; } if (!array_key_exists('image', $array)) { $this->setAPIResponse('error', 'Tab image was not supplied', 422); return false; } $response = [ array( 'function' => 'query', 'query' => array( 'INSERT INTO [tabs]', $array ) ), ]; $this->setAPIResponse(null, 'Tab added'); $this->setLoggerChannel('Tab Management'); $this->logger->debug('Added Tab for [' . $array['name'] . ']'); return $this->processQueries($response); }",True,PHP,addTab,organizr.class.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1346,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26673,"public function addTab($array) { if (!$array) { $this->setAPIResponse('error', 'no data was sent', 422); return null; } $array = $this->checkKeys($this->getTableColumnsFormatted('tabs'), $array); $array['group_id'] = ($array['group_id']) ?? $this->getDefaultGroupId(); $array['category_id'] = ($array['category_id']) ?? $this->getDefaultCategoryId(); $array['enabled'] = ($array['enabled']) ?? 0; $array['default'] = ($array['default']) ?? 0; $array['type'] = ($array['type']) ?? 1; $array['order'] = ($array['order']) ?? $this->getNextTabOrder() + 1; if (array_key_exists('name', $array)) { $array['name'] = htmlspecialchars($array['name']); if ($this->isTabNameTaken($array['name'])) { $this->setAPIResponse('error', 'Tab name: ' . $array['name'] . ' is already taken', 409); return false; } } else { $this->setAPIResponse('error', 'Tab name was not supplied', 422); return false; } if (!array_key_exists('url', $array) && !array_key_exists('url_local', $array)) { $this->setAPIResponse('error', 'Tab url or url_local was not supplied', 422); return false; } if (!array_key_exists('image', $array)) { $this->setAPIResponse('error', 'Tab image was not supplied', 422); return false; } $response = [ array( 'function' => 'query', 'query' => array( 'INSERT INTO [tabs]', $array ) ), ]; $this->setAPIResponse(null, 'Tab added'); $this->setLoggerChannel('Tab Management'); $this->logger->debug('Added Tab for [' . $array['name'] . ']'); return $this->processQueries($response); }",True,PHP,addTab,organizr.class.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1347,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26698,"public function uploadImage() { $filesCheck = array_filter($_FILES); if (!empty($filesCheck) && $this->approvedFileExtension($_FILES['file']['name'], 'image') && strpos($_FILES['file']['type'], 'image/') !== false) { ini_set('upload_max_filesize', '10M'); ini_set('post_max_size', '10M'); $tempFile = $_FILES['file']['tmp_name']; $targetPath = $this->root . DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'userTabs' . DIRECTORY_SEPARATOR; $this->makeDir($targetPath); $targetFile = $targetPath . $_FILES['file']['name']; $this->setAPIResponse(null, pathinfo($_FILES['file']['name'], PATHINFO_BASENAME) . ' has been uploaded', null); return move_uploaded_file($tempFile, $targetFile); } }",True,PHP,uploadImage,organizr.class.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1344,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26699,"public function uploadImage() { $filesCheck = array_filter($_FILES); if (!empty($filesCheck) && $this->approvedFileExtension($_FILES['file']['name'], 'image') && strpos($_FILES['file']['type'], 'image/') !== false) { ini_set('upload_max_filesize', '10M'); ini_set('post_max_size', '10M'); $tempFile = $_FILES['file']['tmp_name']; $targetPath = $this->root . DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'userTabs' . DIRECTORY_SEPARATOR; $this->makeDir($targetPath); $targetFile = $targetPath . $_FILES['file']['name']; $this->setAPIResponse(null, pathinfo($_FILES['file']['name'], PATHINFO_BASENAME) . ' has been uploaded', null); return move_uploaded_file($tempFile, $targetFile); } }",True,PHP,uploadImage,organizr.class.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-1345,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26700,"public function uploadImage() { $filesCheck = array_filter($_FILES); if (!empty($filesCheck) && $this->approvedFileExtension($_FILES['file']['name'], 'image') && strpos($_FILES['file']['type'], 'image/') !== false) { ini_set('upload_max_filesize', '10M'); ini_set('post_max_size', '10M'); $tempFile = $_FILES['file']['tmp_name']; $targetPath = $this->root . DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'userTabs' . DIRECTORY_SEPARATOR; $this->makeDir($targetPath); $targetFile = $targetPath . $_FILES['file']['name']; $this->setAPIResponse(null, pathinfo($_FILES['file']['name'], PATHINFO_BASENAME) . ' has been uploaded', null); return move_uploaded_file($tempFile, $targetFile); } }",True,PHP,uploadImage,organizr.class.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1346,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26701,"public function uploadImage() { $filesCheck = array_filter($_FILES); if (!empty($filesCheck) && $this->approvedFileExtension($_FILES['file']['name'], 'image') && strpos($_FILES['file']['type'], 'image/') !== false) { ini_set('upload_max_filesize', '10M'); ini_set('post_max_size', '10M'); $tempFile = $_FILES['file']['tmp_name']; $targetPath = $this->root . DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'userTabs' . DIRECTORY_SEPARATOR; $this->makeDir($targetPath); $targetFile = $targetPath . $_FILES['file']['name']; $this->setAPIResponse(null, pathinfo($_FILES['file']['name'], PATHINFO_BASENAME) . ' has been uploaded', null); return move_uploaded_file($tempFile, $targetFile); } }",True,PHP,uploadImage,organizr.class.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1347,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26710,"public function setLoggerChannel($channel = 'Organizr', $username = null) { if ($this->hasDB()) { $setLogger = false; if ($username) { $username = htmlspecialchars($username); } if ($this->logger) { if ($channel) { if (strtolower($this->logger->getChannel()) !== strtolower($channel)) { $setLogger = true; } } if ($username) { if (strtolower($this->logger->getTraceId()) !== strtolower($channel)) { $setLogger = true; } } } else { $setLogger = true; } if ($setLogger) { $channel = $channel ?: 'Organizr'; return $this->setupLogger($channel, $username); } else { return $this->logger; } } }",True,PHP,setLoggerChannel,log-functions.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1344,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26711,"public function setLoggerChannel($channel = 'Organizr', $username = null) { if ($this->hasDB()) { $setLogger = false; if ($username) { $username = htmlspecialchars($username); } if ($this->logger) { if ($channel) { if (strtolower($this->logger->getChannel()) !== strtolower($channel)) { $setLogger = true; } } if ($username) { if (strtolower($this->logger->getTraceId()) !== strtolower($channel)) { $setLogger = true; } } } else { $setLogger = true; } if ($setLogger) { $channel = $channel ?: 'Organizr'; return $this->setupLogger($channel, $username); } else { return $this->logger; } } }",True,PHP,setLoggerChannel,log-functions.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-1345,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26712,"public function setLoggerChannel($channel = 'Organizr', $username = null) { if ($this->hasDB()) { $setLogger = false; if ($username) { $username = htmlspecialchars($username); } if ($this->logger) { if ($channel) { if (strtolower($this->logger->getChannel()) !== strtolower($channel)) { $setLogger = true; } } if ($username) { if (strtolower($this->logger->getTraceId()) !== strtolower($channel)) { $setLogger = true; } } } else { $setLogger = true; } if ($setLogger) { $channel = $channel ?: 'Organizr'; return $this->setupLogger($channel, $username); } else { return $this->logger; } } }",True,PHP,setLoggerChannel,log-functions.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1346,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26713,"public function setLoggerChannel($channel = 'Organizr', $username = null) { if ($this->hasDB()) { $setLogger = false; if ($username) { $username = htmlspecialchars($username); } if ($this->logger) { if ($channel) { if (strtolower($this->logger->getChannel()) !== strtolower($channel)) { $setLogger = true; } } if ($username) { if (strtolower($this->logger->getTraceId()) !== strtolower($channel)) { $setLogger = true; } } } else { $setLogger = true; } if ($setLogger) { $channel = $channel ?: 'Organizr'; return $this->setupLogger($channel, $username); } else { return $this->logger; } } }",True,PHP,setLoggerChannel,log-functions.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1347,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26718,"public function approvedFileExtension($filename, $type = 'image') { $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); if ($type == 'image') { switch ($ext) { case 'gif': case 'png': case 'jpeg': case 'jpg': case 'svg': return true; default: return false; } } elseif ($type == 'cert') { switch ($ext) { case 'pem': return true; default: return false; } } }",True,PHP,approvedFileExtension,organizr-functions.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1344,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26719,"public function approvedFileExtension($filename, $type = 'image') { $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); if ($type == 'image') { switch ($ext) { case 'gif': case 'png': case 'jpeg': case 'jpg': case 'svg': return true; default: return false; } } elseif ($type == 'cert') { switch ($ext) { case 'pem': return true; default: return false; } } }",True,PHP,approvedFileExtension,organizr-functions.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2022-1345,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26720,"public function approvedFileExtension($filename, $type = 'image') { $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); if ($type == 'image') { switch ($ext) { case 'gif': case 'png': case 'jpeg': case 'jpg': case 'svg': return true; default: return false; } } elseif ($type == 'cert') { switch ($ext) { case 'pem': return true; default: return false; } } }",True,PHP,approvedFileExtension,organizr-functions.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1346,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26721,"public function approvedFileExtension($filename, $type = 'image') { $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); if ($type == 'image') { switch ($ext) { case 'gif': case 'png': case 'jpeg': case 'jpg': case 'svg': return true; default: return false; } } elseif ($type == 'cert') { switch ($ext) { case 'pem': return true; default: return false; } } }",True,PHP,approvedFileExtension,organizr-functions.php,https://github.com/causefx/organizr,causefx,CauseFX,2022-04-11 09:52:22-07:00,"added sanitizeUserString and sanitizeEmail functions added sanitize to uploaded image names added sanitize to tabs, categories, users and bookmarks removed svg files from approved image lists",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1347,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26761,"public function get_items( $request ) { $sked = get_template_sked( $request['post_id'] ); return new WP_REST_Response( $sked, 200 ); }",True,PHP,get_items,rsvpmaker-api-endpoints.php,https://github.com/davidfcarr/rsvpmaker,davidfcarr,davidfcarr,2022-04-25 09:11:49-04:00,"fixes for sql injection, card testing",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-1453,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26763,"rsvpmaker_tx_email($post, $mail); } $send_confirmation = get_post_meta($post->ID,'_rsvp_rsvpmaker_send_confirmation_email',true); $confirm_on_payment = get_post_meta($post->ID,'_rsvp_confirmation_after_payment',true); if(($send_confirmation ||!is_numeric($send_confirmation)) && empty($confirm_on_payment) ) { $confirmation_subject = $templates['confirmation']['subject']; foreach($rsvpdata as $field => $value) $confirmation_subject = str_replace('['.$field.']',$value,$confirmation_subject); $confirmation_body = $templates['confirmation']['body']; foreach($rsvpdata as $field => $value) $confirmation_body = str_replace('['.$field.']',$value,$confirmation_body); $confirmation_body = do_blocks(do_shortcode($confirmation_body)); $mail[""html""] = wpautop($confirmation_body); if(isset($post->ID)) $mail[""ical""] = rsvpmaker_to_ical_email ($post->ID, $rsvp_to, $rsvp[""email""]); $mail[""to""] = $rsvp[""email""]; $mail[""from""] = $rsvp_to_array[0]; $mail[""fromname""] = get_bloginfo('name'); $mail[""subject""] = $confirmation_subject; rsvpmaker_tx_email($post, $mail); } }",True,PHP,rsvpmaker_tx_email,rsvpmaker-email.php,https://github.com/davidfcarr/rsvpmaker,davidfcarr,davidfcarr,2022-04-25 09:11:49-04:00,"fixes for sql injection, card testing",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-1453,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26766,"printf('

    %s
    %s %s

    ',$row->post_title,$row->meta_key,$row->meta_value); } }",True,PHP,printf,rsvpmaker-group-email.php,https://github.com/davidfcarr/rsvpmaker,davidfcarr,davidfcarr,2022-04-25 09:11:49-04:00,"fixes for sql injection, card testing",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-1453,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26767,"function rsvpmaker_relay_menu_pages() { $parent_slug = 'edit.php?post_type=rsvpemail'; add_submenu_page( $parent_slug, __( 'Group Email', 'rsvpmaker' ), __( 'Group Email', 'rsvpmaker' ), 'manage_options', 'rsvpmaker_relay_manual_test', 'rsvpmaker_relay_manual_test' ); add_submenu_page( $parent_slug, __( 'Group Email Log', 'rsvpmaker' ), __( 'Group Email Log', 'rsvpmaker' ), 'manage_options', 'rsvpmaker_relay_log', 'rsvpmaker_relay_log' ); }",True,PHP,rsvpmaker_relay_menu_pages,rsvpmaker-group-email.php,https://github.com/davidfcarr/rsvpmaker,davidfcarr,davidfcarr,2022-04-25 09:11:49-04:00,"fixes for sql injection, card testing",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-1453,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26770,"$output = sprintf( '
    %s (%s):
    %s

    %s
    ', $url, __( 'Amount', 'rsvpmaker' ), esc_attr( strtoupper( $vars['currency'] ) ), esc_attr( $vars['amount'] ), __('Note','rsvpmaker'), esc_attr( $idempotency_key ), __( 'Pay with Card' ), rsvpmaker_nonce('return') );",True,PHP,esc_attr,rsvpmaker-stripe.php,https://github.com/davidfcarr/rsvpmaker,davidfcarr,davidfcarr,2022-04-25 09:11:49-04:00,"fixes for sql injection, card testing",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-1453,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26773,"function rsvpmaker_stripecharge( $atts ) { if ( is_admin() || wp_is_json_request() ) { return; } global $current_user; $vars['description'] = ( ! empty( $atts['description'] ) ) ? $atts['description'] : __( 'charge from', 'rsvpmaker' ) . ' ' . get_bloginfo( 'name' ); $vars['paymentType'] = $paymentType = ( empty( $atts['paymentType'] ) ) ? 'once' : $atts['paymentType']; $vars['paypal'] = (empty($atts['paypal'])) ? 0 : $atts['paypal']; $show = ( ! empty( $atts['showdescription'] ) && ( $atts['showdescription'] == 'yes' ) ) ? true : false; if ( $paymentType == 'schedule' ) { $months = array( 'january', 'february', 'march', 'april', 'may', 'june', 'july', 'august', 'september', 'october', 'november', 'december' ); $index = date( 'n' ) - 1; if ( isset( $_GET['next'] ) ) { if ( $index == 11 ) { $index = 0; } else { $index++; } } $month = $months[ $index ]; $vars['amount'] = $atts[ $month ]; $vars['description'] = $vars['description'] . ': ' . ucfirst( $month ); if ( ! empty( $current_user->user_email ) ) { $vars['email'] = $current_user->user_email; } return rsvpmaker_stripe_form( $vars, $show ); } $vars['amount'] = ( ! empty( $atts['amount'] ) ) ? $atts['amount'] : ''; if ( $paymentType != 'once' ) { $vars['description'] .= ' ' . $paymentType; } return rsvpmaker_stripe_form( $vars, $show ); }",True,PHP,rsvpmaker_stripecharge,rsvpmaker-stripe.php,https://github.com/davidfcarr/rsvpmaker,davidfcarr,davidfcarr,2022-04-25 09:11:49-04:00,"fixes for sql injection, card testing",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-1453,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26776,function get_rsvpversion() { return '9.2.5'; },True,PHP,get_rsvpversion,rsvpmaker.php,https://github.com/davidfcarr/rsvpmaker,davidfcarr,davidfcarr,2022-04-25 09:11:49-04:00,"fixes for sql injection, card testing",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-1453,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26781,"protected function loadSelectedViewName() { $code = $this->request->get('code', ''); if (false === \strpos($code, '-')) { $this->selectedViewName = $code; return; } $parts = \explode('-', $code); $this->selectedViewName = empty($parts) ? $code : $parts[0]; }",True,PHP,loadSelectedViewName,EditPageOption.php,https://github.com/neorazorx/facturascripts,neorazorx,Carlos Garcia Gomez,2022-04-21 16:18:14+02:00,Solucionado bug XSS al colocar javascript como título en un page_option.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1457,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26782,"public function getUserList() { $result = []; $users = CodeModel::all(User::tableName(), 'nick', 'nick', false); foreach ($users as $codeModel) { if ($codeModel->code != 'admin') { $result[$codeModel->code] = $codeModel->description; } } return $result; }",True,PHP,getUserList,EditPageOption.php,https://github.com/neorazorx/facturascripts,neorazorx,Carlos Garcia Gomez,2022-04-21 16:18:14+02:00,Solucionado bug XSS al colocar javascript como título en un page_option.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1457,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26783,public function getPageData() { $data = parent::getPageData(); $data['menu'] = 'admin'; $data['showonmenu'] = false; $data['title'] = 'options'; $data['icon'] = 'fas fa-wrench'; return $data; },True,PHP,getPageData,EditPageOption.php,https://github.com/neorazorx/facturascripts,neorazorx,Carlos Garcia Gomez,2022-04-21 16:18:14+02:00,Solucionado bug XSS al colocar javascript como título en un page_option.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1457,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26785,"private function setColumnOption(&$column, string $name, string $key, bool $isWidget, bool $allowEmpty) { $newValue = $this->request->request->get($name . '-' . $key); if ($isWidget) { if (!empty($newValue) || $allowEmpty) { $column['children'][0][$key] = $newValue; } return; } if (!empty($newValue) || $allowEmpty) { $column[$key] = $newValue; } }",True,PHP,setColumnOption,EditPageOption.php,https://github.com/neorazorx/facturascripts,neorazorx,Carlos Garcia Gomez,2022-04-21 16:18:14+02:00,Solucionado bug XSS al colocar javascript como título en un page_option.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1457,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26788,"private function userAuth() { $user = new User(); $nick = $this->request->request->get('fsNick', ''); if ($nick === '') { return $this->cookieAuth($user); } if ($user->loadFromCode($nick) && $user->enabled) { if ($user->verifyPassword($this->request->request->get('fsPassword'))) { $user->pipe('login'); $this->updateCookies($user, true); ToolBox::ipFilter()->clear(); ToolBox::i18nLog()->debug('login-ok', ['%nick%' => $user->nick]); ToolBox::log()::setContext('nick', $user->nick); return $user; } $this->ipWarning(); ToolBox::i18nLog()->warning('login-password-fail'); return false; } $this->ipWarning(); ToolBox::i18nLog()->warning('login-user-not-found', ['%nick%' => $nick]); return false; }",True,PHP,userAuth,AppController.php,https://github.com/neorazorx/facturascripts,neorazorx,Carlos Garcia Gomez,2022-04-28 11:29:31+02:00,"Sanitized username when showing user not found message. ------ Saneado nombre de usuario al mostrar el mensaje de usuario no encontrado.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-2066,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26789,"foreach ($allowedFolders as $folder) { if ('/' . $folder === substr($uri, 0, 1 + strlen($folder))) { header('Content-Type: ' . $this->getMime($filePath)); readfile($filePath); return true; } }",True,PHP,foreach,AppRouter.php,https://github.com/neorazorx/facturascripts,neorazorx,Carlos Garcia Gomez,2022-04-28 11:55:32+02:00,"Force to download SVG files to prevent security problems. ------ Forzamos a descargar los archivos SVG para evitar problemas de seguridad.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-2065,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26793,"public function privateCore(&$response, $user, $permissions) { parent::privateCore($response, $user, $permissions); $this->model = new PageOption(); $this->loadSelectedViewName(); $this->backPage = $this->request->get('url') ?: $this->selectedViewName; $this->selectedUser = $this->user->admin ? $this->request->get('nick') : $this->user->nick; $this->loadPageOptions(); $action = $this->request->get('action', ''); switch ($action) { case 'delete': $this->deleteAction(); break; case 'save': $this->saveAction(); break; } }",True,PHP,privateCore,EditPageOption.php,https://github.com/neorazorx/facturascripts,neorazorx,Carlos Garcia Gomez,2022-05-10 00:12:41+02:00,"We check the url parameter of the link to ensure that it is a valid controller. ------ Comprobamos el parámetro url del enlace para asegurar que sea un controlador válido.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1682,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26796,"public function getErrorMessage() { $vs_error_message = $this->opo_error_messages->get($this->opn_error_number); if ($vs_error_message) { return $vs_error_message; } else { return ""Unknown error: "".$this->opn_error_number; } }",True,PHP,getErrorMessage,ApplicationError.php,https://github.com/collectiveaccess/providence,collectiveaccess,CollectiveAccess,2022-04-30 10:25:48-04:00,Print potential XSS in error message handler,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1825,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26797,"public function setError ($pn_error_number, $ps_error_description='', $ps_error_context='', $ps_error_source='') { $this->opn_error_number = $pn_error_number; $this->ops_error_description = $ps_error_description; $this->ops_error_context = $ps_error_context; $this->ops_error_source = $ps_error_source; if (($this->opb_halt_on_error) || ($this->opb_report_on_error)) { $this->halt(); } return 1; }",True,PHP,setError,ApplicationError.php,https://github.com/collectiveaccess/providence,collectiveaccess,CollectiveAccess,2022-04-30 10:25:48-04:00,Print potential XSS in error message handler,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1825,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26801,"foreach ($all_users as &$u) { if ($u['username'] == $username && $this->verifyPassword($password, $u['password'])) { $user = $this->mapToUserObject($u); $this->store($user); $this->session->set(self::SESSION_HASH, $u['password']); return true; } }",True,PHP,foreach,JsonFile.php,https://github.com/filegator/filegator,filegator,Milos Stojanovic,2022-05-24 13:08:43+02:00,regenerate session on user update,CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-1849,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26803,"function RegistrationSaveContactNameFields( $config, $values ) { if ( empty( $values['FIRST_NAME'] ) || empty( $values['LAST_NAME'] ) ) { return 0; } $person_id = DBSeqNextID( 'people_person_id_seq' ); $sql = ""INSERT INTO PEOPLE ""; $fields = 'PERSON_ID,LAST_NAME,FIRST_NAME,MIDDLE_NAME,'; $values_sql = ""'"" . $person_id . ""','"" . $values['LAST_NAME'] . ""','"" . $values['FIRST_NAME'] . ""','"" . $values['MIDDLE_NAME'] . ""',""; if ( $config && ! empty( $values['fields'] ) ) { foreach ( (array) $values['fields'] as $column => $value ) { if ( is_array( $value ) ) { $value = implode( '||', $value ) ? '||' . implode( '||', $value ) : ''; } if ( ! empty( $value ) || $value == '0' ) { $fields .= $column . ','; $values_sql .= ""'"" . $value . ""',""; } } } $sql .= '(' . mb_substr( $fields, 0, -1 ) . ') values(' . mb_substr( $values_sql, 0, -1 ) . ')'; DBQuery( $sql ); return $person_id; }",True,PHP,RegistrationSaveContactNameFields,RegistrationSave.fnc.php,https://github.com/francoisjacquet/rosariosis,francoisjacquet,François Jacquet,2022-04-25 14:02:16+02:00,Fix SQL injection escape DB identifier,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-2067,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26805,"elseif ( $columns['TITLE'] ) { $id_new = DBSeqNextID( 'school_marking_periods_marking_period_id_seq' ); $sql = ""INSERT INTO SCHOOL_MARKING_PERIODS ""; $fields = ""MARKING_PERIOD_ID,MP,SYEAR,SCHOOL_ID,""; $values = ""'"" . $id_new . ""','"" . $_REQUEST['mp_term'] . ""','"" . UserSyear() . ""','"" . UserSchool() . ""',""; switch ( $_REQUEST['mp_term'] ) { case 'SEM': $fields .= ""PARENT_ID,""; $values .= ""'"" . $_REQUEST['year_id'] . ""',""; break; case 'QTR': $fields .= ""PARENT_ID,""; $values .= ""'"" . $_REQUEST['semester_id'] . ""',""; break; case 'PRO': $fields .= ""PARENT_ID,""; $values .= ""'"" . $_REQUEST['quarter_id'] . ""',""; break; } $go = false; foreach ( (array) $columns as $column => $value ) { if ( $column === 'START_DATE' || $column === 'END_DATE' || $column === 'POST_START_DATE' || $column === 'POST_END_DATE' ) { if ( ! VerifyDate( $value ) && $value !== '' || ( ( $column === 'START_DATE' || $column === 'END_DATE' ) && $value === '' ) ) { $error[] = _( 'Not all of the dates were entered correctly.' ); break 2; } if ( ( $column === 'END_DATE' && date_create( $value ) <= date_create( $columns['START_DATE'] ) ) || ( $column === 'POST_START_DATE' && $columns['POST_END_DATE'] !== '' && date_create( $value ) > date_create( $columns['POST_END_DATE'] ) ) ) { $error[] = _( 'Start date must be anterior to end date.' ); break 2; } } if ( ! empty( $value ) || $value === '0' ) { $fields .= $column . ','; $values .= ""'"" . $value . ""',""; $go = true; } } $sql .= '(' . mb_substr( $fields, 0, -1 ) . ') values(' . mb_substr( $values, 0, -1 ) . ')'; }",True,PHP,elseif,MarkingPeriods.php,https://github.com/francoisjacquet/rosariosis,francoisjacquet,François Jacquet,2022-04-25 14:02:16+02:00,Fix SQL injection escape DB identifier,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-2067,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26807,"function URLEscape( $string ) { $string = preg_replace_callback( ""/(& function( $match ) { if ( mb_substr( $match[1], -1 ) !== ';' ) { $match[1] .= ';'; } return $match[1]; }, $string ); $string = html_entity_decode( (string) $string ); $remove = [ 'javascript:', ]; foreach ( $remove as $remove_string ) { while ( strpos( $string, $remove_string ) !== false ) { $string = str_ireplace( $remove, '', $string ); } } $entities = [ '%21', '%2A', '%27', '%28', '%29', '%3B', '%3A', '%40', '%26', '%3D', '%2B', '%24', '%2C', '%2F', '%3F', '%25', '%23', '%5B', '%5D', ]; $replacements = [ '!', '*', ""'"", '(', ')', ';', ':', '@', '&', '=', '+', '$', ',', '/', '?', '%', '#', '[', ']', ]; return str_replace( $entities, $replacements, rawurlencode( $string ) ); }",True,PHP,URLEscape,PreparePHP_SELF.fnc.php,https://github.com/francoisjacquet/rosariosis,francoisjacquet,François Jacquet,2022-06-04 13:44:21+02:00,Fix stored XSS security issue: remove inline JS from URL in PreparePHP_SELF.fnc.php,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-1997,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26810,"function URLEscape( $string ) { $string = preg_replace_callback( ""/(& function( $match ) { if ( mb_substr( $match[1], -1 ) !== ';' ) { $match[1] .= ';'; } return $match[1]; }, $string ); $string = html_entity_decode( (string) $string ); $remove = [ 'javascript:', ]; foreach ( $remove as $remove_string ) { while ( stripos( $string, $remove_string ) !== false ) { $string = str_ireplace( $remove, '', $string ); } } $entities = [ '%21', '%2A', '%27', '%28', '%29', '%3B', '%3A', '%40', '%26', '%3D', '%2B', '%24', '%2C', '%2F', '%3F', '%25', '%23', '%5B', '%5D', ]; $replacements = [ '!', '*', ""'"", '(', ')', ';', ':', '@', '&', '=', '+', '$', ',', '/', '?', '%', '#', '[', ']', ]; return str_replace( $entities, $replacements, rawurlencode( $string ) ); }",True,PHP,URLEscape,PreparePHP_SELF.fnc.php,https://github.com/francoisjacquet/rosariosis,francoisjacquet,François Jacquet,2022-06-08 22:08:35+02:00,Fix stored XSS security issue: decode HTML entities from URL,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-2036,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26813,"function UploadAssignmentTeacherFile( $assignment_id, $teacher_id, $file_input_id ) { global $error; $assignment = GetAssignment( $assignment_id ); if ( ! $assignment ) { return ''; } $microseconds = new \DateTime(); $microseconds = $microseconds->format( 'u' ); $file_name_no_ext = no_accents( $assignment['COURSE_TITLE'] . '_' . $assignment_id . '.' . $microseconds ); if ( ! empty( $assignment['FILE'] ) && file_exists( $assignment['FILE'] ) ) { unlink( $assignment['FILE'] ); } $assignments_path = GetAssignmentsFilesPath( User( 'STAFF_ID' ) ); $file = FileUpload( $file_input_id, $assignments_path, FileExtensionWhiteList(), 0, $error, '', $file_name_no_ext ); return $file; }",True,PHP,UploadAssignmentTeacherFile,StudentAssignments.fnc.php,https://github.com/francoisjacquet/rosariosis,francoisjacquet,François Jacquet,2023-02-19 13:18:12+01:00,PHP<7 Fix add microseconds to filename to make it harder to predict,CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2023-0994,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26815,"function _saveSalariesFile( $id ) { global $error, $FileUploadsPath; $input = $id === 'new' ? 'FILE_ATTACHED' : 'FILE_ATTACHED_' . $id; if ( ! isset( $_FILES[ $input ] ) ) { return ''; } $file_name_no_ext = no_accents( mb_substr( $_FILES[ $input ]['name'], 0, mb_strrpos( $_FILES[ $input ]['name'], '.' ) ) ); $file_name_no_ext .= '_' . date( 'Y-m-d_His' ); $file_attached = FileUpload( $input, $FileUploadsPath . UserSyear() . '/staff_' . UserStaffID() . '/', FileExtensionWhiteList(), 0, $error, '', $file_name_no_ext ); return DBEscapeString( $file_attached ); }",True,PHP,_saveSalariesFile,functions.inc.php,https://github.com/francoisjacquet/rosariosis,francoisjacquet,François Jacquet,2023-04-11 18:45:04+02:00,Add microseconds to filename format to make it harder to predict,CWE-922,Insecure Storage of Sensitive Information,The product stores sensitive information without properly limiting read or write access by unauthorized actors.,https://cwe.mitre.org/data/definitions/922.html,CVE-2023-2665,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26817,"elseif ( $columns['TITLE'] ) { $_REQUEST['values']['new']['PUBLISHED_PROFILES'] = ''; foreach ( [ 'admin', 'teacher', 'parent' ] as $profile_id ) { if ( isset( $_REQUEST['profiles']['new'][$profile_id] ) && $_REQUEST['profiles']['new'][$profile_id] ) { $_REQUEST['values']['new']['PUBLISHED_PROFILES'] .= $profile_id . ','; } } foreach ( (array) $profiles_RET as $profile ) { $profile_id = $profile['ID']; if ( isset( $_REQUEST['profiles']['new'][$profile_id] ) && $_REQUEST['profiles']['new'][$profile_id] ) { $_REQUEST['values']['new']['PUBLISHED_PROFILES'] .= $profile_id . ','; } } $columns['PUBLISHED_PROFILES'] = $_REQUEST['values']['new']['PUBLISHED_PROFILES'] ? ',' . $_REQUEST['values']['new']['PUBLISHED_PROFILES'] : ''; $sql = ""INSERT INTO portal_notes ""; $fields = 'SCHOOL_ID,SYEAR,PUBLISHED_DATE,PUBLISHED_USER,'; $values = ""'"" . UserSchool() . ""','"" . UserSyear() . ""',CURRENT_TIMESTAMP,'"" . User( 'STAFF_ID' ) . ""',""; $columns['FILE_ATTACHED'] = ''; if ( isset( $_FILES['FILE_ATTACHED_FILE'] ) ) { $columns['FILE_ATTACHED'] = FileUpload( 'FILE_ATTACHED_FILE', $PortalNotesFilesPath, FileExtensionWhiteList(), 0, $error ); $columns['FILE_ATTACHED'] = DBEscapeString( $columns['FILE_ATTACHED'] ); } elseif ( filter_var( $columns['FILE_ATTACHED_EMBED'], FILTER_VALIDATE_URL ) !== false ) { $columns['FILE_ATTACHED'] = $columns['FILE_ATTACHED_EMBED']; } unset( $columns['FILE_ATTACHED_EMBED'] ); $go = 0; foreach ( (array) $columns as $column => $value ) { if ( ! empty( $value ) || $value == '0' ) { $fields .= DBEscapeIdentifier( $column ) . ','; $values .= ""'"" . $value . ""',""; $go = true; } } $sql .= '(' . mb_substr( $fields, 0, -1 ) . ') values(' . mb_substr( $values, 0, -1 ) . ')'; if ( $go && empty( $error ) ) { DBQuery( $sql ); $portal_note_id = DBLastInsertID(); do_action( 'School_Setup/PortalNotes.php|create_portal_note' ); } }",True,PHP,elseif,PortalNotes.php,https://github.com/francoisjacquet/rosariosis,francoisjacquet,François Jacquet,2023-04-11 18:45:04+02:00,Add microseconds to filename format to make it harder to predict,CWE-922,Insecure Storage of Sensitive Information,The product stores sensitive information without properly limiting read or write access by unauthorized actors.,https://cwe.mitre.org/data/definitions/922.html,CVE-2023-2665,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26818,"function _saveFeesFile( $id ) { global $error, $FileUploadsPath; $input = $id === 'new' ? 'FILE_ATTACHED' : 'FILE_ATTACHED_' . $id; if ( ! isset( $_FILES[ $input ] ) ) { return ''; } $file_name_no_ext = no_accents( mb_substr( $_FILES[ $input ]['name'], 0, mb_strrpos( $_FILES[ $input ]['name'], '.' ) ) ); $file_name_no_ext .= '_' . date( 'Y-m-d_His' ); $file_attached = FileUpload( $input, $FileUploadsPath . UserSyear() . '/student_' . UserStudentID() . '/', FileExtensionWhiteList(), 0, $error, '', $file_name_no_ext ); return DBEscapeString( $file_attached ); }",True,PHP,_saveFeesFile,functions.inc.php,https://github.com/francoisjacquet/rosariosis,francoisjacquet,François Jacquet,2023-04-11 18:45:04+02:00,Add microseconds to filename format to make it harder to predict,CWE-922,Insecure Storage of Sensitive Information,The product stores sensitive information without properly limiting read or write access by unauthorized actors.,https://cwe.mitre.org/data/definitions/922.html,CVE-2023-2665,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26821,"public function onInfoAction( $context, &$pageInfo ) { $shortdesc = HookUtils::getShortDescription( $context->getTitle() ); if ( !$shortdesc ) { return; } $pageInfo['header-basic'][] = [ $context->msg( 'shortdescription-info-label' ), $shortdesc ]; }",True,PHP,onInfoAction,ActionsHooks.php,https://github.com/StarCitizenTools/mediawiki-extensions-ShortDescription,StarCitizenTools,alistair3149,2022-01-21 00:38:57-08:00,fix: unsanitized shortdesc property,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-21710,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26822,"public function store(CreateAppointmentCalendarRequest $request) { $client_id = null; $user = User::where('external_id', $request->user)->first(); if ($request->client_external_id) { $client_id = Client::where('external_id', $request->client_external_id)->first()->id; if (!$client_id) { return response(__(""Client not found""), 422); } } $request_type = null; $request_id = null; if ($request->source_type && $request->source_external_id) { $request_type = $request->source_type; $entry = $request_type::whereExternalId($request->source_external_id); $request_id = $entry->id; } if (!$user) { return response(__(""User not found""), 422); } $startTime = str_replace([""am"", ""pm"", ' '], """", $request->start_time) . ':00'; $endTime = str_replace([""am"", ""pm"", ' '], """", $request->end_time) . ':00'; $appointment = Appointment::create([ 'external_id' => Uuid::uuid4()->toString(), 'source_type' => $request_type, 'source_id' => $request_id, 'client_id' => $client_id, 'title' => $request->title, 'start_at' => Carbon::parse($request->start_date . "" "" . $startTime), 'end_at' => Carbon::parse($request->end_date . "" "" . $endTime), 'user_id' => $user->id, 'color' => $request->color ]); $appointment->user_external_id = $user->external_id; $appointment->start_at = $appointment->start_at; return response($appointment); }",True,PHP,store,AppointmentsController.php,https://github.com/Bottelet/DaybydayCRM,Bottelet,Casper Bottelet,2021-06-25 21:31:54+02:00,"password change requires 6 on update, and only allowed users can see calendar",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-22107,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26823,"public function store(CreateAppointmentCalendarRequest $request) { $client_id = null; $user = User::where('external_id', $request->user)->first(); if ($request->client_external_id) { $client_id = Client::where('external_id', $request->client_external_id)->first()->id; if (!$client_id) { return response(__(""Client not found""), 422); } } $request_type = null; $request_id = null; if ($request->source_type && $request->source_external_id) { $request_type = $request->source_type; $entry = $request_type::whereExternalId($request->source_external_id); $request_id = $entry->id; } if (!$user) { return response(__(""User not found""), 422); } $startTime = str_replace([""am"", ""pm"", ' '], """", $request->start_time) . ':00'; $endTime = str_replace([""am"", ""pm"", ' '], """", $request->end_time) . ':00'; $appointment = Appointment::create([ 'external_id' => Uuid::uuid4()->toString(), 'source_type' => $request_type, 'source_id' => $request_id, 'client_id' => $client_id, 'title' => $request->title, 'start_at' => Carbon::parse($request->start_date . "" "" . $startTime), 'end_at' => Carbon::parse($request->end_date . "" "" . $endTime), 'user_id' => $user->id, 'color' => $request->color ]); $appointment->user_external_id = $user->external_id; $appointment->start_at = $appointment->start_at; return response($appointment); }",True,PHP,store,AppointmentsController.php,https://github.com/Bottelet/DaybydayCRM,Bottelet,Casper Bottelet,2021-06-25 21:31:54+02:00,"password change requires 6 on update, and only allowed users can see calendar",CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2022-22110,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26828,"public function destroy(Appointment $appointment) { if (!auth()->user()->can(""appointment-create"")) { return response(""Access denied"", 403); } $deleted = $appointment->delete(); if ($deleted) { return response(""Success""); } return response(""Error"", 503); }",True,PHP,destroy,AppointmentsController.php,https://github.com/Bottelet/DaybydayCRM,Bottelet,Casper Bottelet,2021-06-25 21:31:54+02:00,"password change requires 6 on update, and only allowed users can see calendar",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-22107,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26829,"public function destroy(Appointment $appointment) { if (!auth()->user()->can(""appointment-create"")) { return response(""Access denied"", 403); } $deleted = $appointment->delete(); if ($deleted) { return response(""Success""); } return response(""Error"", 503); }",True,PHP,destroy,AppointmentsController.php,https://github.com/Bottelet/DaybydayCRM,Bottelet,Casper Bottelet,2021-06-25 21:31:54+02:00,"password change requires 6 on update, and only allowed users can see calendar",CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2022-22110,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26832,"public function rules() { return [ 'name' => 'required', 'email' => 'required|email', 'address' => '', 'primary_number' => 'numeric', 'secondary_number' => 'numeric', 'password' => 'required|min:5|confirmed', 'password_confirmation' => 'required|min:5', 'image_path' => '', 'roles' => 'required', 'departments' => 'required' ]; }",True,PHP,rules,StoreUserRequest.php,https://github.com/Bottelet/DaybydayCRM,Bottelet,Casper Bottelet,2021-06-25 21:31:54+02:00,"password change requires 6 on update, and only allowed users can see calendar",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-22107,"public function saveconfig() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); $conf = serialize($calc->parseConfig($this->params)); $calc->update(array('config'=>$conf)); expHistory::back(); }" 26833,"public function rules() { return [ 'name' => 'required', 'email' => 'required|email', 'address' => '', 'primary_number' => 'numeric', 'secondary_number' => 'numeric', 'password' => 'required|min:5|confirmed', 'password_confirmation' => 'required|min:5', 'image_path' => '', 'roles' => 'required', 'departments' => 'required' ]; }",True,PHP,rules,StoreUserRequest.php,https://github.com/Bottelet/DaybydayCRM,Bottelet,Casper Bottelet,2021-06-25 21:31:54+02:00,"password change requires 6 on update, and only allowed users can see calendar",CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2022-22110,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26834,"public function rules() { return [ 'name' => 'required', 'email' => 'required|email', 'address' => '', 'primary_number' => 'numeric', 'secondary_number' => 'numeric', 'password' => 'sometimes', 'password_confirmation' => 'sometimes', 'image_path' => '', 'departments' => 'required' ]; }",True,PHP,rules,UpdateUserRequest.php,https://github.com/Bottelet/DaybydayCRM,Bottelet,Casper Bottelet,2021-06-25 21:31:54+02:00,"password change requires 6 on update, and only allowed users can see calendar",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-22107,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26835,"public function rules() { return [ 'name' => 'required', 'email' => 'required|email', 'address' => '', 'primary_number' => 'numeric', 'secondary_number' => 'numeric', 'password' => 'sometimes', 'password_confirmation' => 'sometimes', 'image_path' => '', 'departments' => 'required' ]; }",True,PHP,rules,UpdateUserRequest.php,https://github.com/Bottelet/DaybydayCRM,Bottelet,Casper Bottelet,2021-06-25 21:31:54+02:00,"password change requires 6 on update, and only allowed users can see calendar",CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2022-22110,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26842,"public function anyData() { $tasks = Task::with(['user', 'status', 'client'])->select( collect(['external_id', 'title', 'created_at', 'deadline', 'user_assigned_id', 'status_id', 'client_id']) ->map(function ($field) { return (new Task())->qualifyColumn($field); }) ->all() ); return Datatables::of($tasks) ->addColumn('titlelink', '    {{$title}}') ->editColumn('client', function ($projects) { return $projects->client->company_name; }) ->editColumn('created_at', function ($tasks) { return $tasks->created_at ? with(new Carbon($tasks->created_at)) ->format(carbonDate()) : ''; }) ->editColumn('deadline', function ($tasks) { return $tasks->created_at ? with(new Carbon($tasks->deadline)) ->format(carbonDate()) : ''; }) ->editColumn('user_assigned_id', function ($tasks) { return $tasks->user->name; }) ->editColumn('status_id', function ($tasks) { return 'status->color . '""> ' . $tasks->status->title . ''; }) ->addColumn('view', function ($tasks) { return 'external_id) . '"" class=""btn btn-link"">' . __('View') .'' . 'external_id) . '"" data-title=""'. $tasks->title . '"" data-target=""#deletion"" class=""btn btn-link"">' . __('Delete') .'' ; }) ->rawColumns(['titlelink','view', 'status_id']) ->make(true); }",True,PHP,anyData,TasksController.php,https://github.com/Bottelet/DaybydayCRM,Bottelet,Casper Bottelet,2021-06-25 21:53:06+02:00,fix xss for tasks index,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-22109,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26845,"function logMessage($type, $msg, $logFile, $currPage) { $date = date('M d G:i:s'); $msgString = $date . "" "" . $type . "" "" . $msg . "" "" . $currPage; $fp = fopen($logFile, ""a""); if ($fp) { fwrite($fp, $msgString . ""\n""); fclose($fp); } else { echo ""error: could not open the file for writing: $logFile
    ""; echo ""Check file permissions. The file should be writable by the webserver's user/group
    ""; } }",True,PHP,logMessage,logging.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26846,"function errorHandler($err) { echo(""
    Database error
    Error Message: "" . $err->getMessage() . ""
    Debug info: "" . $err->getDebugInfo() . ""
    ""); }",True,PHP,errorHandler,errorHandling.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26849,"function user_disconnect($options,$user,$nasaddr,$nasport=""3779"",$nassecret,$command=""disconnect"",$additional="""") { $user = escapeshellarg($user); $args = escapeshellarg(""$nasaddr:$nasport"")."" "".escapeshellarg($command)."" "". escapeshellarg($nassecret); $query = ""User-Name=$user""; if (!empty($additional)) { $query .= ','.$additional; } $radclient = ""radclient""; $radclient_options = ""-c "".escapeshellarg($options['count']). "" -n "".escapeshellarg($options['requests']). "" -r "".escapeshellarg($options['retries']). "" -t "".escapeshellarg($options['timeout']). "" "".$options['debug']; if ($options['dictionary']) $radclient_options .= "" -d "".escapeshellarg($options['dictionary']); $cmd = ""echo \"""".escapeshellcmd($query).""\"" | $radclient $radclient_options $args 2>&1""; $print_cmd = ""Executed:
    $cmd

    Results:
    ""; $res = shell_exec($cmd); if ($res == """") { echo ""Error: Command did not return any results
    ""; echo ""Please check that you have the radclient binary program installed and that it is found in your \$PATH variable
    You may also consult the file library/exten-maint-radclient.php for other problems
    ""; } $output_html = nl2br($res); return $print_cmd . $output_html; }",True,PHP,user_disconnect,exten-maint-radclient.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26851,"function user_auth($options,$user,$pass,$radiusaddr,$radiusport,$secret,$command=""auth"",$additional="""") { $user = escapeshellarg($user); $pass = escapeshellarg($pass); $args = escapeshellarg(""$radiusaddr:$radiusport"")."" "".escapeshellarg($command). "" "".escapeshellarg($secret); $query = ""User-Name=$user,User-Password=$pass""; $radclient = ""radclient""; $radclient_options = ""-c "".escapeshellarg($options['count']). "" -n "".escapeshellarg($options['requests']). "" -r "".escapeshellarg($options['retries']). "" -t "".escapeshellarg($options['timeout']). "" "".$options['debug']; if ($options['dictionary']) $radclient_options .= "" -d "".escapeshellarg($options['dictionary']); $cmd = ""echo "".escapeshellcmd($query)."" | $radclient $radclient_options $args 2>&1""; $print_cmd = ""Executed:
    $cmd

    Results:
    ""; $res = shell_exec($cmd); if ($res == """") { echo ""Error: Command did not return any results
    ""; echo ""Please check that you have the radclient binary program installed and that it is found in your \$PATH variable
    You may also consult the file library/exten-maint-radclient.php for other problems
    ""; } $output_html = nl2br($res); return $print_cmd . $output_html; }",True,PHP,user_auth,exten-maint-radclient.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26852,"function check_service($sname) { if ($sname != '') { system(""pgrep "".escapeshellarg($sname)."" >/dev/null 2>&1"", $ret_service); if ($ret_service == 0) { return ""Enabled""; } else { return ""Disabled""; } } else { return ""no service name""; } }",True,PHP,check_service,exten-radius_server_info.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26855,"function get_interface_list() { $devices = array(); $file_name = ""/proc/net/dev""; if ($fopen_file = fopen($file_name, 'r')) { while ($buffer = fgets($fopen_file, 4096)) { if (preg_match(""/eth[0-9][0-9]*/i"", trim($buffer), $match)) { $devices[] = $match[0]; } } $devices = array_unique($devices); sort($devices); fclose ($fopen_file); } return $devices; }",True,PHP,get_interface_list,exten-server_info.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26857,"function convert_ToMB($value) { return round($value / 1024) . "" MB\n""; }",True,PHP,convert_ToMB,exten-server_info.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26860,"function get_memory() { $file_name = ""/proc/meminfo""; $mem_array = array(); $buffer = file($file_name); while (list($key, $value) = each($buffer)) { if (strpos($value, ':') !== false) { $match_line = explode(':', $value); $match_value = explode(' ', trim($match_line[1])); if (is_numeric($match_value[0])) { $mem_array[trim($match_line[0])] = trim($match_value[0]); } } } return $mem_array; }",True,PHP,get_memory,exten-server_info.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26862,"function get_datetime() { if ($today = date(""F j, Y, g:i a"")) { $result = $today; } else { $result = ""(none)""; } return $result; }",True,PHP,get_datetime,exten-server_info.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26864,"function get_system_load() { $file_name = ""/proc/loadavg""; $result = """"; $output = """"; if ($fopen_file = fopen($file_name, 'r')) { $result = trim(fgets($fopen_file, 256)); fclose($fopen_file); } else { $result = ""(none)""; } $loadavg = explode("" "", $result); $output .= $loadavg[0] . "" "" . $loadavg[1] . "" "" . $loadavg[2] . ""
    ""; $file_name = ""top -b -n1 | grep \""Tasks:\"" -A1""; $result = """"; if ($popen_file = popen($file_name, 'r')) { $result = trim(fread($popen_file, 2048)); pclose($popen_file); } else { $result = ""(none)""; } $result = str_replace(""\n"", ""
    "", $result); $output .= $result; return $output; }",True,PHP,get_system_load,exten-server_info.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26866,"function uptime() { $file_name = ""/proc/uptime""; $fopen_file = fopen($file_name, 'r'); $buffer = explode(' ', fgets($fopen_file, 4096)); fclose($fopen_file); $sys_ticks = trim($buffer[0]); $min = $sys_ticks / 60; $hours = $min / 60; $days = floor($hours / 24); $hours = floor($hours - ($days * 24)); $min = floor($min - ($days * 60 * 24) - ($hours * 60)); $result = """"; if ($days != 0) { if ($days > 1) $result = ""$days "" . "" days ""; else $result = ""$days "" . "" day ""; } if ($hours != 0) { if ($hours > 1) $result .= ""$hours "" . "" hours ""; else $result .= ""$hours "" . "" hour ""; } if ($min > 1 || $min == 0) $result .= ""$min "" . "" minutes ""; elseif ($min == 1) $result .= ""$min "" . "" minute ""; return $result; }",True,PHP,uptime,exten-server_info.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26868,"$match = explode("" "", $match[0]); return $match[1]; } else { return ""(none)""; } }",True,PHP,explode,exten-server_info.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26870,"function get_hostname() { $file_name = ""/proc/sys/kernel/hostname""; if ($fopen_file = fopen($file_name, 'r')) { $result = trim(fgets($fopen_file, 4096)); fclose($fopen_file); } else { $result = ""(none)""; } return $result; }",True,PHP,get_hostname,exten-server_info.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-10-12 13:20:49+03:00,"fix: introduced security fixes (#263) - dologin.php - validating user input and introduced CSRF token check - logging.php - preventing direct access to this file, which means redirecting to index.php when directly hitting this include file, (repeated for other exten. / include / etc. files), and optimized logging features - actionMessages.php and errorHandling.php same as logging.php - library/exten-* files - preventing direct access to these files, generalized the approach of looking for known file locations, improved user input validation (params such as limit, etc.), improved output (escaping logfile output, etc.) - in library/exten-server_info.php - i also have added new commands for retrieving network information and system distro/version - opendb.php - general code optimization (TODO prevent direct access to this file) - sessions.php - introduced new session handling (TODO prevent direct access to this file) - login.php - removed the default username hardcoded in the form, added the csrf_token - rep-* - user input validation, code optimization",CWE-862,Missing Authorization,The product does not perform an authorization check when an actor attempts to access a resource or perform an action.,https://cwe.mitre.org/data/definitions/862.html,CVE-2022-4366,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26871,"function getBatchDetails($batch_name = NULL) { require(dirname(__FILE__).""/../../library/opendb.php""); require_once(dirname(__FILE__).""/../../lang/main.php""); global $configValues; if ($batch_name == NULL || empty($batch_name)) exit; $tableTags = ""width='580px' ""; $tableTrTags = ""bgcolor='#ECE5B6'""; $customerInfo = array(); $sql = ""SELECT "". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".id,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".batch_name,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".batch_description,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".batch_status,"". ""COUNT(DISTINCT("".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".id)) as total_users,"". ""COUNT(DISTINCT("".$configValues['CONFIG_DB_TBL_RADACCT']."".username)) as active_users,"". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".planname,"". $configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']."".plancost,"". $configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']."".plancurrency,"". $configValues['CONFIG_DB_TBL_DALOHOTSPOTS']."".name as HotspotName,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".creationdate,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".creationby,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".updatedate,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".updateby "". "" FROM "".$configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']. "" LEFT JOIN "".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']. "" ON "". ""("".$configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".id = "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".batch_id) "". "" LEFT JOIN "".$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']. "" ON "". ""("".$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']."".planname = "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".planname) "". "" LEFT JOIN "".$configValues['CONFIG_DB_TBL_DALOHOTSPOTS']. "" ON "". ""("".$configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".hotspot_id = "". $configValues['CONFIG_DB_TBL_DALOHOTSPOTS']."".id) "". "" LEFT JOIN "".$configValues['CONFIG_DB_TBL_RADACCT']. "" ON "". ""("".$configValues['CONFIG_DB_TBL_RADACCT']."".username = "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".username) "". "" WHERE "".$configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".batch_name = '"".$dbSocket->escapeSimple($batch_name).""' "". "" GROUP by "".$configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".batch_name ""; $res = $dbSocket->query($sql); $batch_details = """"; $batch_details .= """"; $active_users_per = 0; $total_users = 0; $active_users = 0; $batch_cost = 0; $hotspot_name = """"; $batch_id = """"; $planname = """"; while($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { $batch_id = $row['id']; $hotspot_name = $row['HotspotName']; $batch_status = $row['batch_status']; $plancost = $row['plancost']; $total_users = $row['total_users']; $active_users = $row['active_users']; $batch_cost = ($active_users * $plancost); $plan_currency = $row['plancurrency']; $planname = $row['planname']; $batch_details .= "" ""; } $batch_details .= ""
    "".t('all','BatchName')."" "".t('all','HotSpot')."" "".t('all','BatchStatus')."" "".t('all','TotalUsers')."" "".t('all','ActiveUsers')."" "".t('all','PlanName')."" "".t('all','PlanCost')."" "".t('all','BatchCost')."" "".t('all','CreationDate')."" "".t('all','CreationBy').""
    "".$row['batch_name']."" "".$hotspot_name."" "".$batch_status."" "".$total_users."" "".$active_users."" "". $row['planname']."" "".$plancost."" "".$batch_cost."" "". $row['creationdate']."" "". $row['creationby'].""
    ""; $customerInfo['batch_details'] = $batch_details; $sql = ""SELECT planId, planName, planRecurringPeriod, planCost, planSetupCost, planTax, planCurrency FROM "". $configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']. "" WHERE planName = '"".$planname.""'""; $res = $dbSocket->query($sql); $row = $res->fetchRow(DB_FETCHMODE_ASSOC); $service_plan_info = """"; $service_plan_info = """"; foreach($row as $rowName => $rowValue) { $service_plan_info .= """"; } $service_plan_info .= ""
    $rowName $rowValue
    ""; $customerInfo['service_plan_info'] = $service_plan_info; $sql = ""SELECT id, name, owner, address, companyphone, companyemail, companywebsite FROM "".$configValues['CONFIG_DB_TBL_DALOHOTSPOTS']. "" WHERE name='"".$hotspot_name.""'""; $res = $dbSocket->query($sql); $row = $res->fetchRow(DB_FETCHMODE_ASSOC); $customerInfo['business_name'] = $row['name']; $customerInfo['business_owner_name'] = $row['owner']; $customerInfo['business_address'] = $row['address']; $customerInfo['business_phone'] = $row['companyphone']; $customerInfo['business_email'] = $row['companyemail']; $customerInfo['business_web'] = $row['companywebsite']; $batch_active_users = """"; $sql = ""SELECT "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".id,"". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".username,"". $configValues['CONFIG_DB_TBL_RADACCT']."".acctstarttime,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".batch_name "". "" FROM "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."","". $configValues['CONFIG_DB_TBL_RADACCT']."","". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']. "" WHERE "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".batch_id = "". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".id"". "" AND "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".batch_id = '$batch_id' "". "" AND "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".username = "". $configValues['CONFIG_DB_TBL_RADACCT']."".username"". "" GROUP by "".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".username "". "" ORDER BY id ,"".$configValues['CONFIG_DB_TBL_RADACCT']."".radacctid ASC ""; $res = $dbSocket->query($sql); $batch_active_users = """"; $active_users_per = 0; $total_users = 0; $active_users = 0; $batch_cost = 0; while($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { $username = $row['username']; $acctstarttime = $row['acctstarttime']; $batch_name = $row['batch_name']; $batch_active_users .= "" ""; } $batch_active_users .= ""
    "".t('all','BatchName')."" "".t('all','Username')."" "".t('all','StartTime').""
    "".$batch_name."" "".$username."" "".$acctstarttime.""
    ""; $customerInfo['batch_active_users'] = $batch_active_users; require(dirname(__FILE__).""/../../library/closedb.php""); return $customerInfo; }",True,PHP,getBatchDetails,notificationsBatchDetails.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26872,"function getBatchDetails($batch_name = NULL) { require(dirname(__FILE__).""/../../library/opendb.php""); require_once(dirname(__FILE__).""/../../lang/main.php""); global $configValues; if ($batch_name == NULL || empty($batch_name)) exit; $tableTags = ""width='580px' ""; $tableTrTags = ""bgcolor='#ECE5B6'""; $customerInfo = array(); $sql = ""SELECT "". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".id,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".batch_name,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".batch_description,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".batch_status,"". ""COUNT(DISTINCT("".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".id)) as total_users,"". ""COUNT(DISTINCT("".$configValues['CONFIG_DB_TBL_RADACCT']."".username)) as active_users,"". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".planname,"". $configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']."".plancost,"". $configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']."".plancurrency,"". $configValues['CONFIG_DB_TBL_DALOHOTSPOTS']."".name as HotspotName,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".creationdate,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".creationby,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".updatedate,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".updateby "". "" FROM "".$configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']. "" LEFT JOIN "".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']. "" ON "". ""("".$configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".id = "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".batch_id) "". "" LEFT JOIN "".$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']. "" ON "". ""("".$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']."".planname = "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".planname) "". "" LEFT JOIN "".$configValues['CONFIG_DB_TBL_DALOHOTSPOTS']. "" ON "". ""("".$configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".hotspot_id = "". $configValues['CONFIG_DB_TBL_DALOHOTSPOTS']."".id) "". "" LEFT JOIN "".$configValues['CONFIG_DB_TBL_RADACCT']. "" ON "". ""("".$configValues['CONFIG_DB_TBL_RADACCT']."".username = "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".username) "". "" WHERE "".$configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".batch_name = '"".$dbSocket->escapeSimple($batch_name).""' "". "" GROUP by "".$configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".batch_name ""; $res = $dbSocket->query($sql); $batch_details = """"; $batch_details .= """"; $active_users_per = 0; $total_users = 0; $active_users = 0; $batch_cost = 0; $hotspot_name = """"; $batch_id = """"; $planname = """"; while($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { $batch_id = $row['id']; $hotspot_name = $row['HotspotName']; $batch_status = $row['batch_status']; $plancost = $row['plancost']; $total_users = $row['total_users']; $active_users = $row['active_users']; $batch_cost = ($active_users * $plancost); $plan_currency = $row['plancurrency']; $planname = $row['planname']; $batch_details .= "" ""; } $batch_details .= ""
    "".t('all','BatchName')."" "".t('all','HotSpot')."" "".t('all','BatchStatus')."" "".t('all','TotalUsers')."" "".t('all','ActiveUsers')."" "".t('all','PlanName')."" "".t('all','PlanCost')."" "".t('all','BatchCost')."" "".t('all','CreationDate')."" "".t('all','CreationBy').""
    "".$row['batch_name']."" "".$hotspot_name."" "".$batch_status."" "".$total_users."" "".$active_users."" "". $row['planname']."" "".$plancost."" "".$batch_cost."" "". $row['creationdate']."" "". $row['creationby'].""
    ""; $customerInfo['batch_details'] = $batch_details; $sql = ""SELECT planId, planName, planRecurringPeriod, planCost, planSetupCost, planTax, planCurrency FROM "". $configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']. "" WHERE planName = '"".$planname.""'""; $res = $dbSocket->query($sql); $row = $res->fetchRow(DB_FETCHMODE_ASSOC); $service_plan_info = """"; $service_plan_info = """"; foreach($row as $rowName => $rowValue) { $service_plan_info .= """"; } $service_plan_info .= ""
    $rowName $rowValue
    ""; $customerInfo['service_plan_info'] = $service_plan_info; $sql = ""SELECT id, name, owner, address, companyphone, companyemail, companywebsite FROM "".$configValues['CONFIG_DB_TBL_DALOHOTSPOTS']. "" WHERE name='"".$hotspot_name.""'""; $res = $dbSocket->query($sql); $row = $res->fetchRow(DB_FETCHMODE_ASSOC); $customerInfo['business_name'] = $row['name']; $customerInfo['business_owner_name'] = $row['owner']; $customerInfo['business_address'] = $row['address']; $customerInfo['business_phone'] = $row['companyphone']; $customerInfo['business_email'] = $row['companyemail']; $customerInfo['business_web'] = $row['companywebsite']; $batch_active_users = """"; $sql = ""SELECT "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".id,"". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".username,"". $configValues['CONFIG_DB_TBL_RADACCT']."".acctstarttime,"". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".batch_name "". "" FROM "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."","". $configValues['CONFIG_DB_TBL_RADACCT']."","". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']. "" WHERE "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".batch_id = "". $configValues['CONFIG_DB_TBL_DALOBATCHHISTORY']."".id"". "" AND "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".batch_id = '$batch_id' "". "" AND "". $configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".username = "". $configValues['CONFIG_DB_TBL_RADACCT']."".username"". "" GROUP by "".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."".username "". "" ORDER BY id ,"".$configValues['CONFIG_DB_TBL_RADACCT']."".radacctid ASC ""; $res = $dbSocket->query($sql); $batch_active_users = """"; $active_users_per = 0; $total_users = 0; $active_users = 0; $batch_cost = 0; while($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { $username = $row['username']; $acctstarttime = $row['acctstarttime']; $batch_name = $row['batch_name']; $batch_active_users .= "" ""; } $batch_active_users .= ""
    "".t('all','BatchName')."" "".t('all','Username')."" "".t('all','StartTime').""
    "".$batch_name."" "".$username."" "".$acctstarttime.""
    ""; $customerInfo['batch_active_users'] = $batch_active_users; require(dirname(__FILE__).""/../../library/closedb.php""); return $customerInfo; }",True,PHP,getBatchDetails,notificationsBatchDetails.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26877,"function getCustomerInfo_customer_info($row, &$customerInfo) { global $configValues; require(dirname(__FILE__).""/../../lang/main.php""); $tableTags = ""width='580px' ""; $tableTrTags = ""bgcolor='#ECE5B6'""; if (!empty($row['email1'])) $invoice_email = $row['email1']; else if (!empty($row['email2'])) $invoice_email = $row['email2']; else if (!empty($row['email3'])) $invoice_email = $row['email3']; else $invoice_email = """"; if (!empty($row['mobilephone'])) $invoice_phone = $row['mobilephone']; else if (!empty($row['workphone'])) $invoice_phone = $row['mobilephone']; else if (!empty($row['homephone'])) $invoice_phone = $row['homephone']; else $invoice_phone = ""Unavailable""; $invoice_address = """"; if (!empty($row['address'])) $invoice_address = $row['address']; if (!empty($row['city'])) $invoice_address .= "", "".$row['city']; if (!empty($row['state'])) $invoice_address .= ""
    "".$row['state']; if (!empty($row['zip'])) $invoice_address .= "" "".$row['zip']; if (empty($invoice_address)) $invoice_address = ""Unavailable""; $customerInfo['business_name'] = $row['firstname']. "" "" .$row['lastname']; $customerInfo['business_address'] = $invoice_address; $customerInfo['business_phone'] = $invoice_phone; $customerInfo['business_email'] = $invoice_email; }",True,PHP,getCustomerInfo_customer_info,notificationsUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26878,"function getCustomerInfo_customer_info($row, &$customerInfo) { global $configValues; require(dirname(__FILE__).""/../../lang/main.php""); $tableTags = ""width='580px' ""; $tableTrTags = ""bgcolor='#ECE5B6'""; if (!empty($row['email1'])) $invoice_email = $row['email1']; else if (!empty($row['email2'])) $invoice_email = $row['email2']; else if (!empty($row['email3'])) $invoice_email = $row['email3']; else $invoice_email = """"; if (!empty($row['mobilephone'])) $invoice_phone = $row['mobilephone']; else if (!empty($row['workphone'])) $invoice_phone = $row['mobilephone']; else if (!empty($row['homephone'])) $invoice_phone = $row['homephone']; else $invoice_phone = ""Unavailable""; $invoice_address = """"; if (!empty($row['address'])) $invoice_address = $row['address']; if (!empty($row['city'])) $invoice_address .= "", "".$row['city']; if (!empty($row['state'])) $invoice_address .= ""
    "".$row['state']; if (!empty($row['zip'])) $invoice_address .= "" "".$row['zip']; if (empty($invoice_address)) $invoice_address = ""Unavailable""; $customerInfo['business_name'] = $row['firstname']. "" "" .$row['lastname']; $customerInfo['business_address'] = $invoice_address; $customerInfo['business_phone'] = $invoice_phone; $customerInfo['business_email'] = $invoice_email; }",True,PHP,getCustomerInfo_customer_info,notificationsUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26883,"function getCustomerInfo($row) { $customerInfo = array(); getCustomerInfo_customer_info($row, $customerInfo); getCustomerInfo_service_plan($row, $customerInfo); return $customerInfo; }",True,PHP,getCustomerInfo,notificationsUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26884,"function getCustomerInfo($row) { $customerInfo = array(); getCustomerInfo_customer_info($row, $customerInfo); getCustomerInfo_service_plan($row, $customerInfo); return $customerInfo; }",True,PHP,getCustomerInfo,notificationsUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26885,"function getCustomerInfo_service_plan($row, &$customerInfo) { global $configValues; require(dirname(__FILE__).""/../../lang/main.php""); $tableTags = ""width='580px' ""; $tableTrTags = ""bgcolor='#ECE5B6'""; $service_plan_info = """"; $service_plan_info = """"; $service_plan_info .= """". """". """". """". """". """". """". """". """"; $service_plan_info .= ""
    "".t('all','Username')."" "".$row['username'].""
    "".t('all','PlanName')."" "".$row['planname'].""
    "".t('all','PlanRecurring')."" "".$row['planRecurring'].""
    "".t('all','PlanRecurringPeriod')."" "".$row['planRecurringPeriod'].""
    "".t('all','PlanCost')."" "".$row['planCost'].""
    "".t('all','NextBill')."" "".$row['nextbill'].""
    "".t('all','BillDue')."" "".$row['billdue'].""
    ""; $customerInfo['service_plan_info'] = $service_plan_info; }",True,PHP,getCustomerInfo_service_plan,notificationsUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26886,"function getCustomerInfo_service_plan($row, &$customerInfo) { global $configValues; require(dirname(__FILE__).""/../../lang/main.php""); $tableTags = ""width='580px' ""; $tableTrTags = ""bgcolor='#ECE5B6'""; $service_plan_info = """"; $service_plan_info = """"; $service_plan_info .= """". """". """". """". """". """". """". """". """"; $service_plan_info .= ""
    "".t('all','Username')."" "".$row['username'].""
    "".t('all','PlanName')."" "".$row['planname'].""
    "".t('all','PlanRecurring')."" "".$row['planRecurring'].""
    "".t('all','PlanRecurringPeriod')."" "".$row['planRecurringPeriod'].""
    "".t('all','PlanCost')."" "".$row['planCost'].""
    "".t('all','NextBill')."" "".$row['nextbill'].""
    "".t('all','BillDue')."" "".$row['billdue'].""
    ""; $customerInfo['service_plan_info'] = $service_plan_info; }",True,PHP,getCustomerInfo_service_plan,notificationsUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26889,"function getInvoiceDetails($invoice_id = NULL) { require(dirname(__FILE__).""/../../library/opendb.php""); require_once(dirname(__FILE__).""/../../lang/main.php""); global $configValues; if ($invoice_id == NULL || empty($invoice_id)) exit; $tableTags = ""width='580px' ""; $tableTrTags = ""bgcolor='#ECE5B6'""; $sql = ""SELECT a.id, a.date, a.status_id, a.type_id, a.user_id, a.notes, b.contactperson, b.username, b.company, "". "" b.city, b.state, b.country, b.zip, b.address, b.email, b.emailinvoice, b.phone, f.value as type, "". "" c.value AS status, COALESCE(e2.totalpayed, 0) as totalpayed, COALESCE(d2.totalbilled, 0) as totalbilled "". "" FROM "".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICE']."" AS a"". "" INNER JOIN "".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."" AS b ON (a.user_id = b.id) "". "" INNER JOIN "".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICESTATUS']."" AS c ON (a.status_id = c.id) "". "" INNER JOIN "".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICETYPE']."" AS f ON (a.type_id = f.id) "". "" LEFT JOIN (SELECT SUM(d.amount + d.tax_amount) "". "" as totalbilled, invoice_id, amount, tax_amount, notes, plan_id FROM "".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICEITEMS']."" AS d "". "" GROUP BY d.invoice_id) AS d2 ON (d2.invoice_id = a.id) "". "" LEFT JOIN "".$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']."" AS bp2 ON (bp2.id = d2.plan_id) "". "" LEFT JOIN (SELECT SUM(e.amount) as totalpayed, invoice_id FROM "". $configValues['CONFIG_DB_TBL_DALOPAYMENTS']."" AS e GROUP BY e.invoice_id) AS e2 ON (e2.invoice_id = a.id) "". "" WHERE a.id = '"".$dbSocket->escapeSimple($invoice_id).""'"". "" GROUP BY a.id ""; $res = $dbSocket->query($sql); $invoiceDetails = $res->fetchRow(DB_FETCHMODE_ASSOC); if (empty($invoiceDetails['email'])) $customer_email = $invoiceDetails['emailinvoice']; else $customer_email = $invoiceDetails['email']; $customerInfo['customer_name'] = $invoiceDetails['contactperson']; $customerInfo['customer_address'] = $invoiceDetails['address']. "" "" . $invoiceDetails['city']. "" "" . $invoiceDetails['state']; $customerInfo['customer_email'] = $customer_email; $customerInfo['customer_phone'] = $invoiceDetails['phone']; $balance = (float) ($invoiceDetails['totalpayed'] - $invoiceDetails['totalbilled']); $invoice_details = """"; $invoice_details .= """". """".t('all','ClientName')."": "".$invoiceDetails['contactperson'].""
    "". """".t('all','Invoice')."": "".$invoice_id.""
    "". """".t('all','Date')."": "".$invoiceDetails['date'].""
    "". """".t('all','TotalBilled')."": "".$invoiceDetails['totalbilled'].""
    "". """".t('all','TotalPayed')."": "".$invoiceDetails['totalpayed'].""
    "". """".t('all','Balance')."": "".$balance.""
    "". """".t('all','Status')."": "".$invoiceDetails['status'].""
    "". """".t('ContactInfo','Notes')."": "".$invoiceDetails['notes'].""


    ""; $customerInfo['invoice_details'] = $invoice_details; $customerInfo['customerId'] = $invoiceDetails['user_id']; $customerInfo['customerName'] = (isset($invoiceDetails['company']) ? $invoiceDetails['company'] : $invoiceDetails['contactperson']); $customerInfo['customerAddress'] = $invoiceDetails['address']; $customerInfo['customerAddress2'] = $invoiceDetails['zip'] . ' '. $invoiceDetails['city'] . ' ' . $invoiceDetails['state'] . ' ' . $invoiceDetails['country']; $customerInfo['customerEmail'] = $invoiceDetails['email']; $customerInfo['customerPhone'] = $invoiceDetails['phone']; $customerInfo['customerContact'] = $invoiceDetails['contactperson']; $customerInfo['invoiceNumber'] = $invoice_id; $customerInfo['invoiceDate'] = date('Y-m-d', strtotime($invoiceDetails['date'])); $customerInfo['invoiceStatus'] = strtoupper($invoiceDetails['status']); $customerInfo['invoiceTotalBilled'] = $invoiceDetails['totalbilled']; $customerInfo['invoicePaid'] = $invoiceDetails['totalpayed']; $customerInfo['invoiceDue'] = $balance; $customerInfo['invoiceNotes'] = $invoiceDetails['notes']; $invoice_items = """"; $invoice_items .= "" ""; $sql = 'SELECT a.id, a.plan_id, a.amount, a.tax_amount, a.notes, b.planName '. ' FROM '.$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICEITEMS'].' a '. ' LEFT JOIN '.$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS'].' b ON a.plan_id = b.id '. ' WHERE a.invoice_id = '.$invoice_id.' ORDER BY a.id ASC'; $res = $dbSocket->query($sql); $logDebugSQL .= $sql . ""\n""; $invoiceItems = array(); $invoiceItemsNumber = 1; $invoiceItemsTotalAmount = 0; $invoiceItemsTotalTax = 0; while($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { $invoice_items .= """". """". """". """". """". """". """"; $invoiceItem = array(); $invoiceItem['invoiceItemNumber'] = sprintf('%02d', $invoiceItemsNumber); $invoiceItem['invoiceItemPlan'] = $row['planName']; $invoiceItem['invoiceItemNotes'] = $row['notes']; $invoiceItem['invoiceItemAmount'] = $row['amount']; $invoiceItem['invoiceItemTaxAmount'] = $row['tax_amount']; $invoiceItem['invoiceItemTotalAmount'] = $row['amount'] + $row['tax_amount']; $invoiceItems[] = $invoiceItem; $invoiceItemsTotalAmount += $row['amount']; $invoiceItemsTotalTax += $row['tax_amount']; ++$invoiceItemsNumber; } $invoice_items .= ""
    Plan Item Amount Item Tax Notes
    "".$row['planName']."""".$row['amount']."""".$row['tax_amount']."""".$row['notes'].""
    ""; $customerInfo['invoice_items'] = $invoice_items; $customerInfo['invoiceItems'] = $invoiceItems; $customerInfo['invoiceTotalAmount'] = $invoiceItemsTotalAmount; $customerInfo['invoiceTotalTax'] = $invoiceItemsTotalTax; require(dirname(__FILE__).""/../../library/closedb.php""); return $customerInfo; }",True,PHP,getInvoiceDetails,notificationsUserInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 26890,"function getInvoiceDetails($invoice_id = NULL) { require(dirname(__FILE__).""/../../library/opendb.php""); require_once(dirname(__FILE__).""/../../lang/main.php""); global $configValues; if ($invoice_id == NULL || empty($invoice_id)) exit; $tableTags = ""width='580px' ""; $tableTrTags = ""bgcolor='#ECE5B6'""; $sql = ""SELECT a.id, a.date, a.status_id, a.type_id, a.user_id, a.notes, b.contactperson, b.username, b.company, "". "" b.city, b.state, b.country, b.zip, b.address, b.email, b.emailinvoice, b.phone, f.value as type, "". "" c.value AS status, COALESCE(e2.totalpayed, 0) as totalpayed, COALESCE(d2.totalbilled, 0) as totalbilled "". "" FROM "".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICE']."" AS a"". "" INNER JOIN "".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."" AS b ON (a.user_id = b.id) "". "" INNER JOIN "".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICESTATUS']."" AS c ON (a.status_id = c.id) "". "" INNER JOIN "".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICETYPE']."" AS f ON (a.type_id = f.id) "". "" LEFT JOIN (SELECT SUM(d.amount + d.tax_amount) "". "" as totalbilled, invoice_id, amount, tax_amount, notes, plan_id FROM "".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICEITEMS']."" AS d "". "" GROUP BY d.invoice_id) AS d2 ON (d2.invoice_id = a.id) "". "" LEFT JOIN "".$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']."" AS bp2 ON (bp2.id = d2.plan_id) "". "" LEFT JOIN (SELECT SUM(e.amount) as totalpayed, invoice_id FROM "". $configValues['CONFIG_DB_TBL_DALOPAYMENTS']."" AS e GROUP BY e.invoice_id) AS e2 ON (e2.invoice_id = a.id) "". "" WHERE a.id = '"".$dbSocket->escapeSimple($invoice_id).""'"". "" GROUP BY a.id ""; $res = $dbSocket->query($sql); $invoiceDetails = $res->fetchRow(DB_FETCHMODE_ASSOC); if (empty($invoiceDetails['email'])) $customer_email = $invoiceDetails['emailinvoice']; else $customer_email = $invoiceDetails['email']; $customerInfo['customer_name'] = $invoiceDetails['contactperson']; $customerInfo['customer_address'] = $invoiceDetails['address']. "" "" . $invoiceDetails['city']. "" "" . $invoiceDetails['state']; $customerInfo['customer_email'] = $customer_email; $customerInfo['customer_phone'] = $invoiceDetails['phone']; $balance = (float) ($invoiceDetails['totalpayed'] - $invoiceDetails['totalbilled']); $invoice_details = """"; $invoice_details .= """". """".t('all','ClientName')."": "".$invoiceDetails['contactperson'].""
    "". """".t('all','Invoice')."": "".$invoice_id.""
    "". """".t('all','Date')."": "".$invoiceDetails['date'].""
    "". """".t('all','TotalBilled')."": "".$invoiceDetails['totalbilled'].""
    "". """".t('all','TotalPayed')."": "".$invoiceDetails['totalpayed'].""
    "". """".t('all','Balance')."": "".$balance.""
    "". """".t('all','Status')."": "".$invoiceDetails['status'].""
    "". """".t('ContactInfo','Notes')."": "".$invoiceDetails['notes'].""


    ""; $customerInfo['invoice_details'] = $invoice_details; $customerInfo['customerId'] = $invoiceDetails['user_id']; $customerInfo['customerName'] = (isset($invoiceDetails['company']) ? $invoiceDetails['company'] : $invoiceDetails['contactperson']); $customerInfo['customerAddress'] = $invoiceDetails['address']; $customerInfo['customerAddress2'] = $invoiceDetails['zip'] . ' '. $invoiceDetails['city'] . ' ' . $invoiceDetails['state'] . ' ' . $invoiceDetails['country']; $customerInfo['customerEmail'] = $invoiceDetails['email']; $customerInfo['customerPhone'] = $invoiceDetails['phone']; $customerInfo['customerContact'] = $invoiceDetails['contactperson']; $customerInfo['invoiceNumber'] = $invoice_id; $customerInfo['invoiceDate'] = date('Y-m-d', strtotime($invoiceDetails['date'])); $customerInfo['invoiceStatus'] = strtoupper($invoiceDetails['status']); $customerInfo['invoiceTotalBilled'] = $invoiceDetails['totalbilled']; $customerInfo['invoicePaid'] = $invoiceDetails['totalpayed']; $customerInfo['invoiceDue'] = $balance; $customerInfo['invoiceNotes'] = $invoiceDetails['notes']; $invoice_items = """"; $invoice_items .= "" ""; $sql = 'SELECT a.id, a.plan_id, a.amount, a.tax_amount, a.notes, b.planName '. ' FROM '.$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICEITEMS'].' a '. ' LEFT JOIN '.$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS'].' b ON a.plan_id = b.id '. ' WHERE a.invoice_id = '.$invoice_id.' ORDER BY a.id ASC'; $res = $dbSocket->query($sql); $logDebugSQL .= $sql . ""\n""; $invoiceItems = array(); $invoiceItemsNumber = 1; $invoiceItemsTotalAmount = 0; $invoiceItemsTotalTax = 0; while($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { $invoice_items .= """". """". """". """". """". """". """"; $invoiceItem = array(); $invoiceItem['invoiceItemNumber'] = sprintf('%02d', $invoiceItemsNumber); $invoiceItem['invoiceItemPlan'] = $row['planName']; $invoiceItem['invoiceItemNotes'] = $row['notes']; $invoiceItem['invoiceItemAmount'] = $row['amount']; $invoiceItem['invoiceItemTaxAmount'] = $row['tax_amount']; $invoiceItem['invoiceItemTotalAmount'] = $row['amount'] + $row['tax_amount']; $invoiceItems[] = $invoiceItem; $invoiceItemsTotalAmount += $row['amount']; $invoiceItemsTotalTax += $row['tax_amount']; ++$invoiceItemsNumber; } $invoice_items .= ""
    Plan Item Amount Item Tax Notes
    "".$row['planName']."""".$row['amount']."""".$row['tax_amount']."""".$row['notes'].""
    ""; $customerInfo['invoice_items'] = $invoice_items; $customerInfo['invoiceItems'] = $invoiceItems; $customerInfo['invoiceTotalAmount'] = $invoiceItemsTotalAmount; $customerInfo['invoiceTotalTax'] = $invoiceItemsTotalTax; require(dirname(__FILE__).""/../../library/closedb.php""); return $customerInfo; }",True,PHP,getInvoiceDetails,notificationsUserInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27261,"function prepareNotificationTemplate($customerInfo) { global $base; $notification_template = ""$base/templates/batch_details.html""; $notification_html_template = file_get_contents($notification_template); $date = date(""Y-m-d""); $business_name = $customerInfo['business_name']; $business_owner_name = $customerInfo['business_owner_name']; $business_address = $customerInfo['business_address']; $business_phone = $customerInfo['business_phone']; $business_email = $customerInfo['business_email']; $business_web = $customerInfo['business_web']; $batch_details = $customerInfo['batch_details']; $batch_active_users = $customerInfo['batch_active_users']; $service_plan_info = $customerInfo['service_plan_info']; $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# return $notification_html_template; }",True,PHP,prepareNotificationTemplate,processNotificationBatchDetails.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27262,"function prepareNotificationTemplate($customerInfo) { global $base; $notification_template = ""$base/templates/batch_details.html""; $notification_html_template = file_get_contents($notification_template); $date = date(""Y-m-d""); $business_name = $customerInfo['business_name']; $business_owner_name = $customerInfo['business_owner_name']; $business_address = $customerInfo['business_address']; $business_phone = $customerInfo['business_phone']; $business_email = $customerInfo['business_email']; $business_web = $customerInfo['business_web']; $batch_details = $customerInfo['batch_details']; $batch_active_users = $customerInfo['batch_active_users']; $service_plan_info = $customerInfo['service_plan_info']; $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# return $notification_html_template; }",True,PHP,prepareNotificationTemplate,processNotificationBatchDetails.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27267,function createBatchDetailsNotification($customerInfo) { global $base; $html = prepareNotificationTemplate($customerInfo); $pdfDocument = createPDF($html); return $pdfDocument; },True,PHP,createBatchDetailsNotification,processNotificationBatchDetails.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27268,function createBatchDetailsNotification($customerInfo) { global $base; $html = prepareNotificationTemplate($customerInfo); $pdfDocument = createPDF($html); return $pdfDocument; },True,PHP,createBatchDetailsNotification,processNotificationBatchDetails.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27269,"function emailNotification($pdfDocument, $customerInfo, $smtpInfo, $from) { global $base; if (empty($customerInfo['business_email'])) return; $headers = array( ""From"" => $from, ""Subject"" => ""Business Pre-Paid Batch Information"", ""Reply-To""=> $from ); $mime = new Mail_mime(); $mime->setTXTBody(""Notification letter of service""); $mime->addAttachment($pdfDocument, ""application/pdf"", ""notification.pdf"", false, 'base64'); $body = $mime->get(); $headers = $mime->headers($headers); $mail =& Mail::factory(""smtp"", $smtpInfo); $mail->send($customerInfo['business_email'], $headers, $body); }",True,PHP,emailNotification,processNotificationBatchDetails.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27270,"function emailNotification($pdfDocument, $customerInfo, $smtpInfo, $from) { global $base; if (empty($customerInfo['business_email'])) return; $headers = array( ""From"" => $from, ""Subject"" => ""Business Pre-Paid Batch Information"", ""Reply-To""=> $from ); $mime = new Mail_mime(); $mime->setTXTBody(""Notification letter of service""); $mime->addAttachment($pdfDocument, ""application/pdf"", ""notification.pdf"", false, 'base64'); $body = $mime->get(); $headers = $mime->headers($headers); $mail =& Mail::factory(""smtp"", $smtpInfo); $mail->send($customerInfo['business_email'], $headers, $body); }",True,PHP,emailNotification,processNotificationBatchDetails.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27273,"function createPDF($html) { global $base; $dompdf = new DOMPDF(); $dompdf->set_base_path(""$base/templates/""); $dompdf->load_html($html); $dompdf->render(); $notification_pdf = $dompdf->output(); return $notification_pdf; }",True,PHP,createPDF,processNotificationBatchDetails.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27274,"function createPDF($html) { global $base; $dompdf = new DOMPDF(); $dompdf->set_base_path(""$base/templates/""); $dompdf->load_html($html); $dompdf->render(); $notification_pdf = $dompdf->output(); return $notification_pdf; }",True,PHP,createPDF,processNotificationBatchDetails.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27275,"function createPDF($html) { global $base; $dompdf = new DOMPDF(); $dompdf->set_base_path(""$base/templates/""); $dompdf->load_html($html); $dompdf->render(); $notification_pdf = $dompdf->output(); return $notification_pdf; }",True,PHP,createPDF,processNotificationUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27276,"function createPDF($html) { global $base; $dompdf = new DOMPDF(); $dompdf->set_base_path(""$base/templates/""); $dompdf->load_html($html); $dompdf->render(); $notification_pdf = $dompdf->output(); return $notification_pdf; }",True,PHP,createPDF,processNotificationUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27279,"function createUserDetailsInvoiceNotification($customerInfo) { global $base; $html = prepareNotificationTemplate($customerInfo); $pdfDocument = createPDF($html); file_put_contents(""$base/out4.pdf"", $pdfDocument); return $pdfDocument; }",True,PHP,createUserDetailsInvoiceNotification,processNotificationUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27280,"function createUserDetailsInvoiceNotification($customerInfo) { global $base; $html = prepareNotificationTemplate($customerInfo); $pdfDocument = createPDF($html); file_put_contents(""$base/out4.pdf"", $pdfDocument); return $pdfDocument; }",True,PHP,createUserDetailsInvoiceNotification,processNotificationUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27281,"function emailNotification($pdfDocument, $customerInfo, $smtpInfo, $from) { global $base; if (empty($customerInfo['business_email'])) return; $headers = array( ""From"" => $from, ""Subject"" => ""User Invoice Notification"", ""Reply-To""=> $from ); $mime = new Mail_mime(); $mime->setTXTBody(""Notification letter of service""); $mime->addAttachment($pdfDocument, ""application/pdf"", ""invoice.pdf"", false, 'base64'); $body = $mime->get(); $headers = $mime->headers($headers); $mail =& Mail::factory(""smtp"", $smtpInfo); $mail->send($customerInfo['business_email'], $headers, $body); }",True,PHP,emailNotification,processNotificationUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27282,"function emailNotification($pdfDocument, $customerInfo, $smtpInfo, $from) { global $base; if (empty($customerInfo['business_email'])) return; $headers = array( ""From"" => $from, ""Subject"" => ""User Invoice Notification"", ""Reply-To""=> $from ); $mime = new Mail_mime(); $mime->setTXTBody(""Notification letter of service""); $mime->addAttachment($pdfDocument, ""application/pdf"", ""invoice.pdf"", false, 'base64'); $body = $mime->get(); $headers = $mime->headers($headers); $mail =& Mail::factory(""smtp"", $smtpInfo); $mail->send($customerInfo['business_email'], $headers, $body); }",True,PHP,emailNotification,processNotificationUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27285,"function prepareNotificationTemplate($customerInfo) { global $base; $notification_template = ""$base/templates/user_invoice_details.html""; $notification_html_template = file_get_contents($notification_template); $date = date(""Y-m-d""); $business_name = $customerInfo['business_name']; $business_address = $customerInfo['business_address']; $business_phone = $customerInfo['business_phone']; $business_email = $customerInfo['business_email']; $service_plan_info = $customerInfo['service_plan_info']; $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# return $notification_html_template; }",True,PHP,prepareNotificationTemplate,processNotificationUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27286,"function prepareNotificationTemplate($customerInfo) { global $base; $notification_template = ""$base/templates/user_invoice_details.html""; $notification_html_template = file_get_contents($notification_template); $date = date(""Y-m-d""); $business_name = $customerInfo['business_name']; $business_address = $customerInfo['business_address']; $business_phone = $customerInfo['business_phone']; $business_email = $customerInfo['business_email']; $service_plan_info = $customerInfo['service_plan_info']; $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# return $notification_html_template; }",True,PHP,prepareNotificationTemplate,processNotificationUserDetailsInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27289,"function createNotification($customerInfo, $asHTML = false) { global $base; $html = prepareNotificationTemplate($customerInfo); if($asHTML) { $document = $html; } else { $document = createPDF($html); } return $document; }",True,PHP,createNotification,processNotificationUserInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27290,"function createNotification($customerInfo, $asHTML = false) { global $base; $html = prepareNotificationTemplate($customerInfo); if($asHTML) { $document = $html; } else { $document = createPDF($html); } return $document; }",True,PHP,createNotification,processNotificationUserInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27293,"$invoiceItemTemplate = str_replace(""[InvoiceItemTotalAmount]"", $invoiceItem['invoiceItemTotalAmount'], $invoiceItemTemplate); $invoiceItems .= $invoiceItemTemplate; } $notification_html_template = str_replace(""[InvoiceItems]"", $invoiceItems, $notification_html_template); } $notification_html_template = str_replace(""[InvoiceTotalAmount]"", $customerInfo['invoiceTotalAmount'], $notification_html_template); $notification_html_template = str_replace(""[InvoiceTotalTax]"", $customerInfo['invoiceTotalTax'], $notification_html_template); return $notification_html_template; }",True,PHP,str_replace,processNotificationUserInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27294,"$invoiceItemTemplate = str_replace(""[InvoiceItemTotalAmount]"", $invoiceItem['invoiceItemTotalAmount'], $invoiceItemTemplate); $invoiceItems .= $invoiceItemTemplate; } $notification_html_template = str_replace(""[InvoiceItems]"", $invoiceItems, $notification_html_template); } $notification_html_template = str_replace(""[InvoiceTotalAmount]"", $customerInfo['invoiceTotalAmount'], $notification_html_template); $notification_html_template = str_replace(""[InvoiceTotalTax]"", $customerInfo['invoiceTotalTax'], $notification_html_template); return $notification_html_template; }",True,PHP,str_replace,processNotificationUserInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27297,"function emailNotification($pdfDocument, $customerInfo, $smtpInfo, $from) { global $base; if (empty($customerInfo['customer_email'])) return; $headers = array ( ""From"" => $from, ""Subject"" => ""Invoice Information"", ""Reply-To"" => $from ); $mime = new Mail_mime(); $mime->setTXTBody(""Notification letter of service""); $mime->addAttachment($pdfDocument, ""application/pdf"", ""notification.pdf"", false, 'base64'); $body = $mime->get(); $headers = $mime->headers($headers); $mail =& Mail::factory(""smtp"", $smtpInfo); $mail->send($customerInfo['customer_email'], $headers, $body); }",True,PHP,emailNotification,processNotificationUserInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27298,"function emailNotification($pdfDocument, $customerInfo, $smtpInfo, $from) { global $base; if (empty($customerInfo['customer_email'])) return; $headers = array ( ""From"" => $from, ""Subject"" => ""Invoice Information"", ""Reply-To"" => $from ); $mime = new Mail_mime(); $mime->setTXTBody(""Notification letter of service""); $mime->addAttachment($pdfDocument, ""application/pdf"", ""notification.pdf"", false, 'base64'); $body = $mime->get(); $headers = $mime->headers($headers); $mail =& Mail::factory(""smtp"", $smtpInfo); $mail->send($customerInfo['customer_email'], $headers, $body); }",True,PHP,emailNotification,processNotificationUserInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"public function editspeed() { global $db; if (empty($this->params['id'])) return false; $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id='.$this->params['id']); $calc = new $calcname($this->params['id']); assign_to_template(array( 'calculator'=>$calc )); }" 27301,"function createPDF($html) { global $base; $dompdf = new DOMPDF(); $dompdf->set_base_path(""$base/templates/""); $dompdf->load_html($html); $dompdf->render(); $notification_pdf = $dompdf->output(); return $notification_pdf; }",True,PHP,createPDF,processNotificationUserInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"function manage() { expHistory::set('viewable', $this->params); }" 27302,"function createPDF($html) { global $base; $dompdf = new DOMPDF(); $dompdf->set_base_path(""$base/templates/""); $dompdf->load_html($html); $dompdf->render(); $notification_pdf = $dompdf->output(); return $notification_pdf; }",True,PHP,createPDF,processNotificationUserInvoice.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"function manage() { expHistory::set('viewable', $this->params); }" 27303,"function prepareNotificationTemplate($customerInfo) { global $base; $notification_template = ""$base/templates/welcome.html""; $notification_html_template = file_get_contents($notification_template); $date = date(""Y-m-d""); $customer_name = $customerInfo['customer_name']; $customer_address = $customerInfo['customer_address']; $customer_phone = $customerInfo['customer_phone']; $customer_email = $customerInfo['customer_email']; $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# return $notification_html_template; }",True,PHP,prepareNotificationTemplate,processNotificationWelcome.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"function manage() { expHistory::set('viewable', $this->params); }" 27304,"function prepareNotificationTemplate($customerInfo) { global $base; $notification_template = ""$base/templates/welcome.html""; $notification_html_template = file_get_contents($notification_template); $date = date(""Y-m-d""); $customer_name = $customerInfo['customer_name']; $customer_address = $customerInfo['customer_address']; $customer_phone = $customerInfo['customer_phone']; $customer_email = $customerInfo['customer_email']; $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# $notification_html_template = str_replace(""# return $notification_html_template; }",True,PHP,prepareNotificationTemplate,processNotificationWelcome.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"function manage() { expHistory::set('viewable', $this->params); }" 27309,"function createPDF($html) { global $base; $dompdf = new DOMPDF(); $dompdf->set_base_path(""$base/templates/""); $dompdf->load_html($html); $dompdf->render(); $notification_pdf = $dompdf->output(); return $notification_pdf; }",True,PHP,createPDF,processNotificationWelcome.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"function manage() { expHistory::set('viewable', $this->params); }" 27310,"function createPDF($html) { global $base; $dompdf = new DOMPDF(); $dompdf->set_base_path(""$base/templates/""); $dompdf->load_html($html); $dompdf->render(); $notification_pdf = $dompdf->output(); return $notification_pdf; }",True,PHP,createPDF,processNotificationWelcome.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"function manage() { expHistory::set('viewable', $this->params); }" 27311,"function sendWelcomeNotification($customerInfo, $smtpInfo, $from) { global $base; if (empty($customerInfo['customer_email'])) return; $headers = array( ""From"" => $from, ""Subject"" => ""Welcome new customer!"", ""Reply-To""=> $from ); $html = prepareNotificationTemplate($customerInfo); $pdfDocument = createPDF($html); $mime = new Mail_mime(); $mime->setTXTBody(""Notification letter of service""); $mime->addAttachment($pdfDocument, ""application/pdf"", ""notification.pdf"", false, 'base64'); $body = $mime->get(); $headers = $mime->headers($headers); $mail =& Mail::factory(""smtp"", $smtpInfo); $mail->send($customerInfo['customer_email'], $headers, $body); }",True,PHP,sendWelcomeNotification,processNotificationWelcome.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-23475,"function manage() { expHistory::set('viewable', $this->params); }" 27312,"function sendWelcomeNotification($customerInfo, $smtpInfo, $from) { global $base; if (empty($customerInfo['customer_email'])) return; $headers = array( ""From"" => $from, ""Subject"" => ""Welcome new customer!"", ""Reply-To""=> $from ); $html = prepareNotificationTemplate($customerInfo); $pdfDocument = createPDF($html); $mime = new Mail_mime(); $mime->setTXTBody(""Notification letter of service""); $mime->addAttachment($pdfDocument, ""application/pdf"", ""notification.pdf"", false, 'base64'); $body = $mime->get(); $headers = $mime->headers($headers); $mail =& Mail::factory(""smtp"", $smtpInfo); $mail->send($customerInfo['customer_email'], $headers, $body); }",True,PHP,sendWelcomeNotification,processNotificationWelcome.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-11-28 16:12:03+01:00,"Improvements to PDF ticket printing and security issues fix/mitigation (#297) * Improved notification and ticket printing features * minor template fixes * fixed redirection on checklogin * addressed some security issues",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-23475,"function manage() { expHistory::set('viewable', $this->params); }" 27313,"function userBillingRatesSummary($username, $startdate, $enddate, $ratename, $drawTable) { include_once('include/management/pages_common.php'); include 'library/opendb.php'; $username = $dbSocket->escapeSimple($username); $startdate = $dbSocket->escapeSimple($startdate); $enddate = $dbSocket->escapeSimple($enddate); $ratename = $dbSocket->escapeSimple($ratename); $sql = ""SELECT rateType FROM "".$configValues['CONFIG_DB_TBL_DALOBILLINGRATES']."" WHERE "".$configValues['CONFIG_DB_TBL_DALOBILLINGRATES']."".rateName = '$ratename'""; $res = $dbSocket->query($sql); if ($res->numRows() == 0) return; $row = $res->fetchRow(); list($ratetypenum, $ratetypetime) = explode(""/"",$row[0]); switch ($ratetypetime) { case ""second"": $multiplicate = 1; break; case ""minute"": $multiplicate = 60; break; case ""hour"": $multiplicate = 3600; break; case ""day"": $multiplicate = 86400; break; case ""week"": $multiplicate = 604800; break; case ""month"": $multiplicate = 187488000; break; default: $multiplicate = 0; break; } $rateDivisor = ($ratetypenum * $multiplicate); $sql = ""SELECT distinct("".$configValues['CONFIG_DB_TBL_RADACCT']."".username), "".$configValues['CONFIG_DB_TBL_RADACCT']."".NASIPAddress, "". $configValues['CONFIG_DB_TBL_RADACCT']."".AcctStartTime, SUM("".$configValues['CONFIG_DB_TBL_RADACCT']."".AcctSessionTime) AS AcctSessionTime, "". $configValues['CONFIG_DB_TBL_DALOBILLINGRATES']."".rateCost, SUM("".$configValues['CONFIG_DB_TBL_RADACCT']."".AcctInputOctets) AS AcctInputOctets, "". "" SUM("".$configValues['CONFIG_DB_TBL_RADACCT']."".AcctOutputOctets) AS AcctOutputOctets "". "" FROM "".$configValues['CONFIG_DB_TBL_RADACCT']."", "".$configValues['CONFIG_DB_TBL_DALOBILLINGRATES']."" WHERE (AcctStartTime >= '$startdate') and (AcctStartTime <= '$enddate') and (UserName = '$username') and ("".$configValues['CONFIG_DB_TBL_DALOBILLINGRATES']."".rateName = '$ratename') GROUP BY UserName""; $res = $dbSocket->query($sql); $row = $res->fetchRow(DB_FETCHMODE_ASSOC); $rateCost = $row['rateCost']; $userUpload = toxbyte($row['AcctInputOctets']); $userDownload = toxbyte($row['AcctOutputOctets']); $userOnlineTime = time2str($row['AcctSessionTime']); $sessionTime = $row['AcctSessionTime']; $sumBilled = (($sessionTime/$rateDivisor)*$rateCost); include 'library/closedb.php'; if ($drawTable == 1) { echo """"; echo ""
    Billing Summary
    ""; echo "" ""; } }",True,PHP,userBillingRatesSummary,userBilling.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-12-16 14:45:00+01:00,"Improved attribute dictionaries management feature (#316) Improved layout and other minor features",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2022-4630,"function manage() { expHistory::set('viewable', $this->params); }" 27315,"function userBillingPayPalSummary($startdate, $enddate, $payer_email, $payment_address_status, $payer_status, $payment_status, $vendor_type, $drawTable) { include_once('include/management/pages_common.php'); include 'library/opendb.php'; $startdate = $dbSocket->escapeSimple($startdate); $enddate = $dbSocket->escapeSimple($enddate); $payer_email = $dbSocket->escapeSimple($payer_email); $payment_address_status = $dbSocket->escapeSimple($payment_address_status); $payer_status = $dbSocket->escapeSimple($payer_status); $payment_status = $dbSocket->escapeSimple($payment_status); $sql = ""SELECT "".$configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT']."".Username AS Username, business_email, "". $configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']."".planName, "".$configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT']."".planId, SUM(payment_total) AS total, SUM(payment_fee) "". "" AS fee, SUM(payment_tax) AS tax, payment_currency, SUM(AcctSessionTime) AS AcctSessionTime, SUM(AcctInputOctets) AS AcctInputOctets, "". "" SUM(AcctOutputOctets) AS AcctOutputOctets "". "" FROM "".$configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT']. "" LEFT JOIN "".$configValues['CONFIG_DB_TBL_RADACCT']."" ON "". $configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT']."".Username="".$configValues['CONFIG_DB_TBL_RADACCT']."".Username "". "" LEFT JOIN "".$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']."" ON "". $configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT']."".planId="".$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS']."".id "". "" WHERE "". "" (business_email LIKE '$payer_email') AND "". "" (payment_address_status LIKE '$payment_address_status') AND "". "" (payer_status LIKE '$payer_status') AND "". "" (payment_status LIKE '$payment_status') AND "". "" (vendor_type LIKE '$vendor_type') AND "". "" (payment_date>'$startdate' AND payment_date<'$enddate')"". "" GROUP BY Username""; $res = $dbSocket->query($sql); if ($res->numRows() == 0) return; $row = $res->fetchRow(DB_FETCHMODE_ASSOC); $planTotalCost = $row['total']; $planTotalTax = $row['tax']; $planTotalFee = $row['fee']; $userUpload = toxbyte($row['AcctInputOctets']); $userDownload = toxbyte($row['AcctOutputOctets']); $userOnlineTime = time2str($row['AcctSessionTime']); $sessionTime = $row['AcctSessionTime']; $planCurrency = $row['payment_currency']; $planName = $row['planName']; $planId = $row['planId']; $payer_email = $row['business_email']; $username = $row['Username']; $grossGain = ($planTotalCost-($planTotalTax+$planTotalFee)); include 'library/closedb.php'; if ($drawTable == 1) { echo """"; echo ""
    Billing Summary
    ""; echo "" ""; } }",True,PHP,userBillingPayPalSummary,userBilling.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-12-16 14:45:00+01:00,"Improved attribute dictionaries management feature (#316) Improved layout and other minor features",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2022-4630,"function manage() { expHistory::set('viewable', $this->params); }" 27316,"function userInvoicesStatus($user_id, $drawTable) { include_once('include/management/pages_common.php'); include 'library/opendb.php'; $user_id = $dbSocket->escapeSimple($user_id); $sql = ""SELECT COUNT(distinct(a.id)) AS TotalInvoices, a.id, a.date, a.status_id, a.type_id, b.contactperson, b.username, "". "" c.value AS status, COALESCE(SUM(e2.totalpayed), 0) as totalpayed, COALESCE(SUM(d2.totalbilled), 0) as totalbilled, "". "" SUM(a.status_id = 1) as openInvoices "". "" FROM "".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICE']."" AS a"". "" INNER JOIN "".$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO']."" AS b ON (a.user_id = b.id) "". "" INNER JOIN "".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICESTATUS']."" AS c ON (a.status_id = c.id) "". "" LEFT JOIN (SELECT SUM(d.amount + d.tax_amount) "". "" as totalbilled, invoice_id FROM "".$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICEITEMS']."" AS d "". "" GROUP BY d.invoice_id) AS d2 ON (d2.invoice_id = a.id) "". "" LEFT JOIN (SELECT SUM(e.amount) as totalpayed, invoice_id FROM "". $configValues['CONFIG_DB_TBL_DALOPAYMENTS']."" AS e GROUP BY e.invoice_id) AS e2 ON (e2.invoice_id = a.id) "". "" WHERE (a.user_id = $user_id)"". "" GROUP BY b.id ""; $res = $dbSocket->query($sql); $row = $res->fetchRow(DB_FETCHMODE_ASSOC); $totalInvoices = $row['TotalInvoices']; $totalBilled = $row['totalbilled']; $totalPayed = $row['totalpayed']; $openInvoices = $row['openInvoices']; include 'library/closedb.php'; if ($drawTable == 1) { echo '
    User Invoices





    '; }",True,PHP,userInvoicesStatus,userBilling.php,https://github.com/lirantal/daloradius,lirantal,GitHub,2022-12-16 14:45:00+01:00,"Improved attribute dictionaries management feature (#316) Improved layout and other minor features",CWE-732,Incorrect Permission Assignment for Critical Resource,The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.,https://cwe.mitre.org/data/definitions/732.html,CVE-2022-4630,"function manage() { expHistory::set('viewable', $this->params); }" 27323,"private static function thumb($source_path, $thumb_path){ ini_set('memory_limit', '128M'); $source_details = getimagesize($source_path); $source_w = $source_details[0]; $source_h = $source_details[1]; if($source_w > $source_h){ $new_w = self::THUMB_W; $new_h = intval($source_h * $new_w / $source_w); } else { $new_h = self::THUMB_H; $new_w = intval($source_w * $new_h / $source_h); } switch($source_details[2]){ case IMAGETYPE_GIF: $imgt = ""imagegif""; $imgcreatefrom = ""imagecreatefromgif""; break; case IMAGETYPE_JPEG: $imgt = ""imagejpeg""; $imgcreatefrom = ""imagecreatefromjpeg""; break; case IMAGETYPE_PNG: $imgt = ""imagepng""; $imgcreatefrom = ""imagecreatefrompng""; break; case IMAGETYPE_WEBP: $imgt = ""imagewebp""; $imgcreatefrom = ""imagecreatefromwebp""; break; case IMAGETYPE_WBMP: $imgt = ""imagewbmp""; $imgcreatefrom = ""imagecreatefromwbmp""; break; case IMAGETYPE_BMP: $imgt = ""imagebmp""; $imgcreatefrom = ""imagecreatefrombmp""; break; default: return false; } $old_image = $imgcreatefrom($source_path); $new_image = imagecreatetruecolor($new_w, $new_h); imagecopyresampled($new_image, $old_image, 0, 0, 0, 0, $new_w, $new_h, $source_w, $source_h); $new_image = self::fix_orientation($source_path, $new_image); $old_image = self::fix_orientation($source_path, $old_image); $imgt($new_image, $thumb_path); $imgt($old_image, $source_path); return true; }",True,PHP,thumb,image.class.php,https://github.com/m1k1o/blog,m1k1o,Miroslav Šedivý,2022-01-06 17:23:43+01:00,check image create errors.,CWE-252,Unchecked Return Value,"The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.",https://cwe.mitre.org/data/definitions/252.html,CVE-2022-23626,"function manage() { expHistory::set('viewable', $this->params); }" 27324,public function testInfoWithoutUrl() { $this->assertRequestIsRedirect('info'); },True,PHP,testInfoWithoutUrl,FrontControllerTest.php,https://github.com/Rudloff/alltube,Rudloff,Pierre Rudloff,2022-02-27 11:00:33+01:00,"Prevent SSRF requests By validating the provided URL before passing it to youtube-dl",CWE-601,URL Redirection to Untrusted Site ('Open Redirect'),"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.",https://cwe.mitre.org/data/definitions/601.html,CVE-2022-24739,"function manage() { expHistory::set('viewable', $this->params); }" 27325,public function testInfoWithoutUrl() { $this->assertRequestIsRedirect('info'); },True,PHP,testInfoWithoutUrl,FrontControllerTest.php,https://github.com/Rudloff/alltube,Rudloff,Pierre Rudloff,2022-02-27 11:00:33+01:00,"Prevent SSRF requests By validating the provided URL before passing it to youtube-dl",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2022-24739,"function manage() { expHistory::set('viewable', $this->params); }" 27330,"public function __construct(string $appName, IRequest $request, ITimeFactory $timeFactory, IInitialState $initialState, BookingService $bookingService, AppointmentConfigService $appointmentConfigService, URLGenerator $urlGenerator, LoggerInterface $logger) { parent::__construct($appName, $request); $this->bookingService = $bookingService; $this->timeFactory = $timeFactory; $this->appointmentConfigService = $appointmentConfigService; $this->initialState = $initialState; $this->urlGenerator = $urlGenerator; $this->logger = $logger; }",True,PHP,__construct,BookingController.php,https://github.com/nextcloud/calendar,nextcloud,backportbot[bot],2022-03-16 08:49:59+00:00,"Add email validation and testing for booking Signed-off-by: Anna Larch ",CWE-74,Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'),"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/74.html,CVE-2022-24838,"function manage() { expHistory::set('viewable', $this->params); }" 27332,"function updateBasicSettings(PDFStructure &$structure) { if (isset($_POST['headline'])) { $structure->setTitle(str_replace('<', '', str_replace('>', '', $_POST['headline']))); } if (isset($_POST['logoFile'])) { $structure->setLogo($_POST['logoFile']); } if (isset($_POST['foldingmarks'])) { $structure->setFoldingMarks($_POST['foldingmarks']); } }",True,PHP,updateBasicSettings,pdfpage.php,https://github.com/LDAPAccountManager/lam,LDAPAccountManager,Roland Gruber,2022-04-11 20:40:13+02:00,#170 fixed security issues in profile editor and PDF editor,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-24851,"function manage() { expHistory::set('viewable', $this->params); }" 27335,"$this->{$callback[0]}->{$callback[1]}($objPage, $objLayout, $this); } } $headBag = $this->responseContext->get(HtmlHeadBag::class); $this->Template->mainTitle = $objPage->rootPageTitle; $this->Template->pageTitle = htmlspecialchars($headBag->getTitle()); $this->Template->mainTitle = str_replace('[-]', '', $this->Template->mainTitle); $this->Template->pageTitle = str_replace('[-]', '', $this->Template->pageTitle); $this->Template->robots = $headBag->getMetaRobots(); if ($objPage->enableCanonical) { $this->Template->canonical = $headBag->getCanonicalUriForRequest($request); } if (!$objLayout->titleTag) { $objLayout->titleTag = '{{page::pageTitle}} - {{page::rootPageTitle}}'; } $this->Template->title = strip_tags(System::getContainer()->get('contao.insert_tag.parser')->replaceInline($objLayout->titleTag)); $this->Template->description = htmlspecialchars($headBag->getMetaDescription()); $this->Template->onload = trim($objLayout->onload); $this->Template->class = trim($objLayout->cssClass . ' ' . $objPage->cssClass); $this->createFooterScripts($objLayout, $objPage); $this->createHeaderScripts($objPage, $objLayout); }",True,PHP,{,PageRegular.php,https://github.com/contao/contao,contao,GitHub,2022-05-05 08:32:15+02:00,Merge pull request from GHSA-m8x6-6r63-qvj2,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-24899,"function manage() { expHistory::set('viewable', $this->params); }" 27338,"protected function isMounted($strFolder) { if (!$strFolder) { return false; } if (empty($this->arrFilemounts)) { return true; } $path = $strFolder; while (\is_array($this->arrFilemounts) && substr_count($path, '/') > 0) { if (\in_array($path, $this->arrFilemounts)) { return true; } $path = \dirname($path); } return false; }",True,PHP,isMounted,DC_Folder.php,https://github.com/contao/contao,contao,GitHub,2023-04-25 11:14:31+02:00,Merge pull request from GHSA-fp7q-xhhw-6rj3,CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2023-29200,"function manage() { expHistory::set('viewable', $this->params); }" 27339,"public function __set($strKey, $varValue) { switch ($strKey) { case 'maxlength': if ($varValue > 0) { $this->arrAttributes['maxlength'] = $varValue; } break; case 'mandatory': if ($varValue) { $this->arrAttributes['required'] = 'required'; } else { unset($this->arrAttributes['required']); } parent::__set($strKey, $varValue); break; case 'placeholder': $this->arrAttributes['placeholder'] = $varValue; break; case 'options': $this->arrUnits = StringUtil::deserialize($varValue); break; default: parent::__set($strKey, $varValue); break; } }",True,PHP,__set,InputUnit.php,https://github.com/contao/contao,contao,GitHub,2023-07-25 09:44:16+02:00,Merge pull request from GHSA-4gpr-p634-922x,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36806,"function manage() { expHistory::set('viewable', $this->params); }" 27340,protected function validator($varInput) { foreach ($varInput as $k=>$v) { if ($k != 'unit') { $varInput[$k] = parent::validator($v); } } return $varInput; },True,PHP,validator,InputUnit.php,https://github.com/contao/contao,contao,GitHub,2023-07-25 09:44:16+02:00,Merge pull request from GHSA-4gpr-p634-922x,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36806,"function manage() { expHistory::set('viewable', $this->params); }" 27343,protected function validator($varInput) { foreach ($varInput as $k=>$v) { if ($k != 'unit') { $varInput[$k] = parent::validator($v); } } return $varInput; },True,PHP,validator,TimePeriod.php,https://github.com/contao/contao,contao,GitHub,2023-07-25 09:44:16+02:00,Merge pull request from GHSA-4gpr-p634-922x,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36806,"function manage() { expHistory::set('viewable', $this->params); }" 27346,"public function __set($strKey, $varValue) { switch ($strKey) { case 'maxlength': if ($varValue > 0) { $this->arrAttributes['maxlength'] = $varValue; } break; case 'mandatory': if ($varValue) { $this->arrAttributes['required'] = 'required'; } else { unset($this->arrAttributes['required']); } parent::__set($strKey, $varValue); break; case 'options': $this->arrUnits = StringUtil::deserialize($varValue); break; default: parent::__set($strKey, $varValue); break; } }",True,PHP,__set,TimePeriod.php,https://github.com/contao/contao,contao,GitHub,2023-07-25 09:44:16+02:00,Merge pull request from GHSA-4gpr-p634-922x,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36806,"function manage() { expHistory::set('viewable', $this->params); }" 27347,protected function validator($varInput) { foreach ($varInput as $k=>$v) { if ($k != 'unit') { $varInput[$k] = parent::validator($v); } } return $varInput; },True,PHP,validator,TrblField.php,https://github.com/contao/contao,contao,GitHub,2023-07-25 09:44:16+02:00,Merge pull request from GHSA-4gpr-p634-922x,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36806,"function manage() { expHistory::set('viewable', $this->params); }" 27349,"public function __set($strKey, $varValue) { switch ($strKey) { case 'maxlength': if ($varValue > 0) { $this->arrAttributes['maxlength'] = $varValue; } break; case 'options': $this->arrUnits = StringUtil::deserialize($varValue); break; default: parent::__set($strKey, $varValue); break; } }",True,PHP,__set,TrblField.php,https://github.com/contao/contao,contao,GitHub,2023-07-25 09:44:16+02:00,Merge pull request from GHSA-4gpr-p634-922x,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36806,"function manage() { expHistory::set('viewable', $this->params); }" 27352,protected function validator($varInput) { foreach ($varInput as $k=>$v) { if ($k != 'unit') { $varInput[$k] = parent::validator($v); } } return $varInput; },True,PHP,validator,InputUnit.php,https://github.com/contao/contao,contao,GitHub,2023-07-25 09:44:16+02:00,Merge pull request from GHSA-4gpr-p634-922x,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36806,"function manage() { expHistory::set('viewable', $this->params); }" 27354,"public function __set($strKey, $varValue) { switch ($strKey) { case 'maxlength': if ($varValue > 0) { $this->arrAttributes['maxlength'] = $varValue; } break; case 'mandatory': if ($varValue) { $this->arrAttributes['required'] = 'required'; } else { unset($this->arrAttributes['required']); } parent::__set($strKey, $varValue); break; case 'placeholder': $this->arrAttributes['placeholder'] = $varValue; break; case 'options': $this->arrUnits = StringUtil::deserialize($varValue); break; default: parent::__set($strKey, $varValue); break; } }",True,PHP,__set,InputUnit.php,https://github.com/contao/contao,contao,GitHub,2023-07-25 09:44:16+02:00,Merge pull request from GHSA-4gpr-p634-922x,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36806,"function manage() { expHistory::set('viewable', $this->params); }" 27357,protected function validator($varInput) { foreach ($varInput as $k=>$v) { if ($k != 'unit') { $varInput[$k] = parent::validator($v); } } return $varInput; },True,PHP,validator,TimePeriod.php,https://github.com/contao/contao,contao,GitHub,2023-07-25 09:44:16+02:00,Merge pull request from GHSA-4gpr-p634-922x,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36806,"function manage() { expHistory::set('viewable', $this->params); }" 27358,"public function __set($strKey, $varValue) { switch ($strKey) { case 'maxlength': if ($varValue > 0) { $this->arrAttributes['maxlength'] = $varValue; } break; case 'mandatory': if ($varValue) { $this->arrAttributes['required'] = 'required'; } else { unset($this->arrAttributes['required']); } parent::__set($strKey, $varValue); break; case 'options': $this->arrUnits = StringUtil::deserialize($varValue); break; default: parent::__set($strKey, $varValue); break; } }",True,PHP,__set,TimePeriod.php,https://github.com/contao/contao,contao,GitHub,2023-07-25 09:44:16+02:00,Merge pull request from GHSA-4gpr-p634-922x,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36806,"function manage() { expHistory::set('viewable', $this->params); }" 27361,"public function __set($strKey, $varValue) { switch ($strKey) { case 'maxlength': if ($varValue > 0) { $this->arrAttributes['maxlength'] = $varValue; } break; case 'options': $this->arrUnits = StringUtil::deserialize($varValue); break; default: parent::__set($strKey, $varValue); break; } }",True,PHP,__set,TrblField.php,https://github.com/contao/contao,contao,GitHub,2023-07-25 09:44:16+02:00,Merge pull request from GHSA-4gpr-p634-922x,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36806,"function manage() { expHistory::set('viewable', $this->params); }" 27362,protected function validator($varInput) { foreach ($varInput as $k=>$v) { if ($k != 'unit') { $varInput[$k] = parent::validator($v); } } return $varInput; },True,PHP,validator,TrblField.php,https://github.com/contao/contao,contao,GitHub,2023-07-25 09:44:16+02:00,Merge pull request from GHSA-4gpr-p634-922x,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36806,"function manage() { expHistory::set('viewable', $this->params); }" 27363,"public function handleObjectDeletion($confirm_msg = false, $op='del', $userSide=false) { global $impresscms; $objectid = (isset($_REQUEST[$this->handler->keyName])) ? (int) $_REQUEST[$this->handler->keyName] : 0; $icmsObj = $this->handler->get($objectid); if ($icmsObj->isNew()) { redirect_header(""javascript:history.go(-1)"", 3, _CO_ICMS_NOT_SELECTED); exit(); } $confirm = ( isset($_POST['confirm']) ) ? $_POST['confirm'] : 0; if ($confirm) { if (!$this->handler->delete($icmsObj)) { redirect_header($_POST['redirect_page'], 3, _CO_ICMS_DELETE_ERROR . $icmsObj->getHtmlErrors()); exit; } redirect_header($_POST['redirect_page'], 3, _CO_ICMS_DELETE_SUCCESS); exit(); } else { icms_cp_header(); if (!$confirm_msg) { $confirm_msg = _CO_ICMS_DELETE_CONFIRM; } $hiddens = array( 'op' => $op, $this->handler->keyName => $icmsObj->getVar($this->handler->keyName), 'confirm' => 1, 'redirect_page' => $impresscms->urls['previouspage'] ); if ($this->handler->_moduleName == 'system') { $hiddens['fct'] = isset($_GET['fct']) ? $_GET['fct'] : false; } icms_core_Message::confirm($hiddens, xoops_getenv('SCRIPT_NAME'), sprintf($confirm_msg , $icmsObj->getVar($this->handler->identifierName)), _CO_ICMS_DELETE); icms_cp_footer(); } exit(); }",True,PHP,handleObjectDeletion,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27364,"public function getPrintAndMailLink($icmsObj) { global $icmsConfig, $impresscms; $ret = ''; return $ret; }",True,PHP,getPrintAndMailLink,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27370,"public function &doStoreFromDefaultForm(&$icmsObj, $objectid, $created_success_msg, $modified_success_msg, $redirect_page=false, $debug=false) { global $impresscms; $this->postDataToObject($icmsObj); if ($icmsObj->isNew()) { $redirect_msg = $created_success_msg; } else { $redirect_msg = $modified_success_msg; } $uploaderResult = true; if (isset($_POST['icms_upload_image']) || isset($_POST['icms_upload_file'])) { $uploaderObj = new icms_file_MediaUploadHandler($icmsObj->getImageDir(true), $this->handler->_allowedMimeTypes, $this->handler->_maxFileSize, $this->handler->_maxWidth, $this->handler->_maxHeight); foreach ( $_FILES as $name=>$file_array) { if (isset ($file_array['name']) && $file_array['name'] != """" && in_array(str_replace('upload_', '', $name), array_keys($icmsObj->vars))) { if ($uploaderObj->fetchMedia($name)) { $uploaderObj->setTargetFileName(time() . ""_"" . $uploaderObj->getMediaName()); if ($uploaderObj->upload()) { $uploaderResult = $uploaderResult && true; $related_field = str_replace('upload_', '', $name); $uploadedArray[] = $related_field; if ($icmsObj->vars[$related_field]['data_type'] == XOBJ_DTYPE_FILE) { $object_fileurl = $icmsObj->getUploadDir(); $fileObj = $icmsObj->getFileObj($related_field); $fileObj->setVar('url', $object_fileurl . $uploaderObj->getSavedFileName()); $fileObj->setVar('mid', $_POST['mid_' . $related_field]); $fileObj->setVar('caption', $_POST['caption_' . $related_field]); $fileObj->setVar('description', $_POST['desc_' . $related_field]); $icmsObj->storeFileObj($fileObj); $icmsObj->setVar($related_field, $fileObj->getVar('fileid')); } else { $eventResult = $this->handler->executeEvent('beforeFileUnlink', $icmsObj); if (!$eventResult) { $icmsObj->setErrors(""An error occured during the beforeFileUnlink event""); $uploaderResult = $uploaderResult && false; } $old_file = $icmsObj->getUploadDir(true) . $icmsObj->getVar($related_field); if (is_file($old_file) ) unlink($old_file); $icmsObj->setVar($related_field, $uploaderObj->getSavedFileName()); $eventResult = $this->handler->executeEvent('afterFileUnlink', $icmsObj); if (!$eventResult) { $icmsObj->setErrors(""An error occured during the afterFileUnlink event""); $uploaderResult = $uploaderResult && false; } } } else { $icmsObj->setErrors($uploaderObj->getErrors(false)); $uploaderResult = $uploaderResult && false; } } else { $icmsObj->setErrors($uploaderObj->getErrors(false)); $uploaderResult = $uploaderResult && false; } } } } if ($uploaderResult) { if ($debug) { $storeResult = $this->handler->insertD($icmsObj); } else { $storeResult = $this->handler->insert($icmsObj); } } else { $storeResult = false; } if ($storeResult) { if ($this->handler->getPermissions()) { $icmspermissions_handler = new icms_ipf_permission_Handler($this->handler); $icmspermissions_handler->storeAllPermissionsForId($icmsObj->id()); } } if ($redirect_page === null) { return $icmsObj; } else { if (!$storeResult) { redirect_header($impresscms->urls['previouspage'], 3, _CO_ICMS_SAVE_ERROR . $icmsObj->getHtmlErrors()); } else { $redirect_page = $redirect_page ? $redirect_page : icms_get_page_before_form(); redirect_header($redirect_page, 2, $redirect_msg); } } }",True,PHP,doStoreFromDefaultForm,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27371,"$value = (int)$_POST[$key]; } else { $value = strtotime($_POST[$key]); } $icmsObj->setVar($key, $value); break; case XOBJ_DTYPE_URL: if (isset($_POST[$key])) { $icmsObj->setVar($key, filter_var($_POST[$key], FILTER_SANITIZE_URL)); } break; case XOBJ_DTYPE_ARRAY: if (is_array($_POST[$key])) { $icmsObj->setVar($key, serialize($_POST[$key])); } break; default: $icmsObj->setVar($key, $_POST[$key]); break; } } }",True,PHP,=,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27372,"public function getDeleteItemLink($icmsObj, $onlyUrl=false, $withimage=true, $userSide=false) { if ($this->handler->_moduleName != 'system') { $admin_side = $userSide ? '' : 'admin/'; $ret = $this->handler->_moduleUrl . $admin_side . $this->handler->_page . ""?op=del&"" . $this->handler->keyName . ""="" . $icmsObj->getVar($this->handler->keyName); } else { $admin_side = ''; $ret = $this->handler->_moduleUrl . $admin_side . 'admin.php?fct=' . $this->handler->_itemname . ""&op=del&"" . $this->handler->keyName . ""="" . $icmsObj->getVar($this->handler->keyName); } if ($onlyUrl) { return $ret; } elseif ($withimage) { return "" "" . _CO_ICMS_DELETE . """"; } return """" . $icmsObj->getVar($this->handler->identifierName) . """"; }",True,PHP,getDeleteItemLink,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27373,"public function getViewItemLink($icmsObj, $onlyUrl=false, $withimage=true, $userSide=false) { if ($this->handler->_moduleName != 'system') { $admin_side = $userSide ? '' : 'admin/'; $ret = $this->handler->_moduleUrl . $admin_side . $this->handler->_page . ""?"" . $this->handler->keyName . ""="" . $icmsObj->getVar($this->handler->keyName); } else { $admin_side = ''; $ret = $this->handler->_moduleUrl . $admin_side . 'admin.php?fct=' . $this->handler->_itemname . ""&op=view&"" . $this->handler->keyName . ""="" . $icmsObj->getVar($this->handler->keyName); } if ($onlyUrl) { return $ret; } elseif ($withimage) { return "" "" . _PREVIEW . """"; } return """" . $icmsObj->getVar($this->handler->identifierName) . """"; }",True,PHP,getViewItemLink,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27376,"public function getEditItemLink($icmsObj, $onlyUrl=false, $withimage=true, $userSide=false) { if ($this->handler->_moduleName != 'system') { $admin_side = $userSide ? '' : 'admin/'; $ret = $this->handler->_moduleUrl . $admin_side . $this->handler->_page . ""?op=mod&"" . $this->handler->keyName . ""="" . $icmsObj->getVar($this->handler->keyName); } else { $admin_side = ''; $ret = $this->handler->_moduleUrl . $admin_side . 'admin.php?fct=' . $this->handler->_itemname . ""&op=mod&"" . $this->handler->keyName . ""="" . $icmsObj->getVar($this->handler->keyName); } if ($onlyUrl) { return $ret; } elseif ($withimage) { return "" "" . _CO_ICMS_MODIFY . """"; } return """" . $icmsObj->getVar($this->handler->identifierName) . """"; }",True,PHP,getEditItemLink,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27381,"public function &storeicms_ipf_Object($debug=false, $xparam = false) { $ret =& $this->storeFromDefaultForm('', '', null, $debug, $xparam); return $ret; }",True,PHP,storeicms_ipf_Object,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27385,public function &storeicms_ipf_ObjectD() { return $this->storeicms_ipf_Object(true); },True,PHP,storeicms_ipf_ObjectD,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27386,public function __construct($handler) { $this->handler=$handler; },True,PHP,__construct,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27387,public function getModuleItemString() { $ret = $this->handler->_moduleName . '_' . $this->handler->_itemname; return $ret; },True,PHP,getModuleItemString,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27388,"public function &storeFromDefaultForm($created_success_msg, $modified_success_msg, $redirect_page=false, $debug=false, $x_param = false) { $objectid = ( isset($_POST[$this->handler->keyName]) ) ? (int) $_POST[$this->handler->keyName] : 0; if ($debug) { if ($x_param) { $icmsObj = $this->handler->getD($objectid, true, $x_param); } else { $icmsObj = $this->handler->getD($objectid); } } else { if ($x_param) { $icmsObj = $this->handler->get($objectid, true, false, false, $x_param); } else { $icmsObj = $this->handler->get($objectid); } } if (is_subclass_of($this->handler, 'icmspersistablemlobjecthandler')) { if ($icmsObj->isNew()) { $icmsObj->stripMultilanguageFields(); $newObject =& $this->doStoreFromDefaultForm($icmsObj, $objectid, $created_success_msg, $modified_success_msg, $redirect_page, $debug); unset($icmsObj); $icmsObj = $this->handler->get($objectid); $icmsObj->stripNonMultilanguageFields(); $icmsObj->setVar($this->handler->keyName, $newObject->getVar($this->handler->keyName)); $this->handler->changeTableNameForML(); $ret =& $this->doStoreFromDefaultForm($icmsObj, $objectid, $created_success_msg, $modified_success_msg, $redirect_page, $debug); return $ret; } } else { return $this->doStoreFromDefaultForm($icmsObj, $objectid, $created_success_msg, $modified_success_msg, $redirect_page, $debug); } }",True,PHP,storeFromDefaultForm,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27389,"public function getAdminViewItemLink($icmsObj, $onlyUrl=false, $withimage=false) { $ret = $this->handler->_moduleUrl . ""admin/"" . $this->handler->_page . ""?op=view&"" . $this->handler->keyName . ""="" . $icmsObj->getVar($this->handler->keyName); if ($onlyUrl) { return $ret; } elseif ($withimage) { return "" "" . _CO_ICMS_ADMIN_VIEW . """"; } return """" . $icmsObj->getVar($this->handler->identifierName) . """"; }",True,PHP,getAdminViewItemLink,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27391,"public function handleObjectDeletionFromUserSide($confirm_msg = false, $op='del') { global $icmsTpl, $impresscms; $objectid = ( isset($_REQUEST[$this->handler->keyName]) ) ? (int) ($_REQUEST[$this->handler->keyName]) : 0; $icmsObj = $this->handler->get($objectid); if ($icmsObj->isNew()) { redirect_header(""javascript:history.go(-1)"", 3, _CO_ICMS_NOT_SELECTED); exit(); } $confirm = ( isset($_POST['confirm']) ) ? $_POST['confirm'] : 0; if ($confirm) { if (!$this->handler->delete($icmsObj)) { redirect_header($_POST['redirect_page'], 3, _CO_ICMS_DELETE_ERROR . $icmsObj->getHtmlErrors()); exit; } redirect_header($_POST['redirect_page'], 3, _CO_ICMS_DELETE_SUCCESS); exit(); } else { if (!$confirm_msg) { $confirm_msg = _CO_ICMS_DELETE_CONFIRM; } ob_start(); icms_core_Message::confirm(array( 'op' => $op, $this->handler->keyName => $icmsObj->getVar($this->handler->keyName), 'confirm' => 1, 'redirect_page' => $impresscms->urls['previouspage']), xoops_getenv('SCRIPT_NAME'), sprintf($confirm_msg , $icmsObj->getVar($this->handler->identifierName)), _CO_ICMS_DELETE ); $icmspersistable_delete_confirm = ob_get_clean(); $icmsTpl->assign('icmspersistable_delete_confirm', $icmspersistable_delete_confirm); } }",True,PHP,handleObjectDeletionFromUserSide,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27392,"public function getEditLanguageLink($icmsObj, $onlyUrl=false, $withimage=true) { $ret = $this->handler->_moduleUrl . ""admin/"" . $this->handler->_page . ""?op=mod&"" . $this->handler->keyName . ""="" . $icmsObj->getVar($this->handler->keyName) . ""&language="" . $icmsObj->getVar('language'); if ($onlyUrl) { return $ret; } elseif ($withimage) { return "" "" . _CO_ICMS_LANGUAGE_MODIFY . """"; } return """" . $icmsObj->getVar($this->handler->identifierName) . """"; }",True,PHP,getEditLanguageLink,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27394,"public function getItemLink(&$icmsObj, $onlyUrl=false) { $seoMode = false; $seoModuleName = $this->handler->_moduleName; $seoIncludeId = true; $ret = $this->handler->_moduleUrl . $this->handler->_page . ""?"" . $this->handler->keyName . ""="" . $icmsObj->getVar($this->handler->keyName); if (!$onlyUrl) { $ret = """" . $icmsObj->getVar($this->handler->identifierName) . """"; } return $ret; }",True,PHP,getItemLink,Controller.php,https://github.com/ImpressCMS/impresscms,ImpressCMS,GitHub,2020-12-05 00:48:24+01:00,"Prevents using submitted filenames with ../ for controller (#812) * Prevents using submitted filenames with ../ for controller * Using preg replace for better parent paths replaces Co-authored-by: Raimondas Rimkevičius (aka MekDrop) ",CWE-22,Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'),"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",https://cwe.mitre.org/data/definitions/22.html,CVE-2022-24977,"function manage() { expHistory::set('viewable', $this->params); }" 27399,"public function delete($id) { $this->CRUD->delete($id); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) { return $responsePayload; } $this->set('metaGroup', 'Trust Circles'); }",True,PHP,delete,SharingGroupsController.php,https://github.com/cerebrate-project/cerebrate,cerebrate-project,iglocska,2022-02-04 00:16:24+01:00,"fix: [security] Sharing group ACL fixes - added indirect object reference protection - added correct ACL functionalities to delete, addOrg, removeOrg - as reported by Dawid Czarnecki from Zigrin Security",CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-25318,"function manage() { expHistory::set('viewable', $this->params); }" 27402,public function beforeFilter(EventInterface $event) { parent::beforeFilter($event); $this->Authentication->allowUnauthenticated(['index']); },True,PHP,beforeFilter,IndividualsController.php,https://github.com/cerebrate-project/cerebrate,cerebrate-project,iglocska,2022-02-04 00:36:31+01:00,"fix: [security] open endpoints should only be open when enabled - as reported by Dawid Czarnecki from Zigrin Security",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2022-25319,"function manage() { expHistory::set('viewable', $this->params); }" 27404,public function beforeFilter(EventInterface $event) { parent::beforeFilter($event); $this->Authentication->allowUnauthenticated(['index']); },True,PHP,beforeFilter,OrganisationsController.php,https://github.com/cerebrate-project/cerebrate,cerebrate-project,iglocska,2022-02-04 00:36:31+01:00,"fix: [security] open endpoints should only be open when enabled - as reported by Dawid Czarnecki from Zigrin Security",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2022-25319,"function manage() { expHistory::set('viewable', $this->params); }" 27405,"public function index() { $conditions = []; $currentUser = $this->ACL->getUser(); if (empty($currentUser['role']['perm_admin'])) { $conditions['user_id'] = $currentUser->id; } $this->CRUD->index([ 'conditions' => $conditions, 'contain' => $this->containFields, 'filters' => $this->filterFields, 'quickFilters' => $this->quickFilterFields, ]); $responsePayload = $this->CRUD->getResponsePayload(); if (!empty($responsePayload)) { return $responsePayload; } if (!empty($this->request->getQuery('Users_id'))) { $settingsForUser = $this->UserSettings->Users->find()->where([ 'id' => $this->request->getQuery('Users_id') ])->first(); $this->set('settingsForUser', $settingsForUser); } }",True,PHP,index,UserSettingsController.php,https://github.com/cerebrate-project/cerebrate,cerebrate-project,iglocska,2022-02-04 00:45:42+01:00,"fix: [security] user settings allow enumeration of usernames - as reported by Dawid Czarnecki from Zigrin Security",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2022-25320,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27408,"$input = (function ($settingName, $setting, $appView) { $settingId = str_replace('.', '_', $settingName); return $this->Bootstrap->switch([ 'label' => h($setting['description']), 'checked' => !empty($setting['value']), 'id' => $settingId, 'class' => [ (!empty($setting['error']) ? 'is-invalid' : ''), (!empty($setting['error']) ? $appView->get('variantFromSeverity')[$setting['severity']] : ''), ], 'attrs' => [ 'data-setting-name' => $settingName ] ]); })($settingName, $setting, $this);",True,PHP,=,field.php,https://github.com/cerebrate-project/cerebrate,cerebrate-project,Sami Mokaddem,2022-02-07 11:43:09+01:00,"fix: [settings:settingField] Enforce sanitization of input fields - As reported by Dawid Czarnecki from Zigrin Security",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-25321,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27414,"$this->run('rm', $item, '-r'); } return $this; }",True,PHP,run,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27415,"public function setRemoteUrl($name, $url, array $params = NULL) { $this->run('remote', 'set-url', $params, $name, $url); return $this; }",True,PHP,setRemoteUrl,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27416,"public function renameTag($oldName, $newName) { $this->run('tag', $newName, $oldName); $this->removeTag($oldName); return $this; }",True,PHP,renameTag,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27417,"public function removeRemote($name) { $this->run('remote', 'remove', $name); return $this; }",True,PHP,removeRemote,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27418,"public function renameRemote($oldName, $newName) { $this->run('remote', 'rename', $oldName, $newName); return $this; }",True,PHP,renameRemote,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27419,"public function push($remote = NULL, array $params = NULL) { $this->run('push', $remote, $params); return $this; }",True,PHP,push,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27420,"public function checkout($name) { $this->run('checkout', $name); return $this; }",True,PHP,checkout,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27423,"public function merge($branch, $options = NULL) { $this->run('merge', $options, $branch); return $this; }",True,PHP,merge,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27424,"public function fetch($remote = NULL, array $params = NULL) { $this->run('fetch', $remote, $params); return $this; }",True,PHP,fetch,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27430,"public function addRemote($name, $url, array $params = NULL) { $this->run('remote', 'add', $params, $name, $url); return $this; }",True,PHP,addRemote,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27431,"public function createTag($name, $options = NULL) { $this->run('tag', $options, $name); return $this; }",True,PHP,createTag,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27433,"public function pull($remote = NULL, array $params = NULL) { $this->run('pull', $remote, $params); return $this; }",True,PHP,pull,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27434,"$this->run('mv', $from, $to); } return $this; }",True,PHP,run,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27439,"$path = Helpers::isAbsolute($item) ? $item : ($this->getRepositoryPath() . DIRECTORY_SEPARATOR . $item); if (!file_exists($path)) { throw new GitException(""The path at '$item' does not represent a valid file.""); } $this->run('add', $item); }",True,PHP,$item,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27441,"public function createBranch($name, $checkout = FALSE) { $this->run('branch', $name); if ($checkout) { $this->checkout($name); } return $this; }",True,PHP,createBranch,GitRepository.php,https://github.com/czproject/git-php,czproject,Jan Pecha,2022-04-21 18:50:57+02:00,Uses --end-of-options after command options (for security reasons),CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-25866,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27442,"'data' => str_replace(array_keys($tags), array_values($tags), $content), 'status' => array(), 'type' => 'text/html; charset=UTF-8' ) ); }",True,PHP,array_values,Ooo.php,https://github.com/horde/Mime_Viewer,horde,Jan Schneider,2022-03-02 21:55:50+01:00,[jan] Fix XSS vulnerability in Open Document mime viewer with different code path (Reported by: Mahdi Pasche ).,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-26874,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27444,"foreach ([$this->classes, $this->interfaces, $this->traits, $this->enums] as $definitions) { if (array_key_exists($fqdn, $definitions)) { $definition = $definitions[$fqdn]; if (is_iterable($definition['context']->annotations)) { foreach (array_reverse($definition['context']->annotations) as $annotation) { if ($annotation->isRoot(OA\Schema::class) && !$annotation->_context->is('generated')) { return $annotation; } } } } }",True,PHP,foreach,Analysis.php,https://github.com/cockpit-hq/cockpit,cockpit-hq,Artur Heinze,2023-02-22 02:10:02+01:00,Update vendor libs,CWE-1103,Use of Platform-Dependent Third Party Components,"The product relies on third-party components that do not provide equivalent functionality across all desirable platforms.",https://cwe.mitre.org/data/definitions/1103.html,CVE-2023-1160,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27448,"$object = new \stdClass(); foreach ($this->{$property} as $key => $item) { if (is_numeric($key) === false && is_array($item)) { $object->{$key} = $item; } else { $key = $item->{$keyField}; if (!Generator::isDefault($key) && empty($object->{$key})) { if ($item instanceof \JsonSerializable) { $object->{$key} = $item->jsonSerialize(); } else { $object->{$key} = $item; } unset($object->{$key}->{$keyField}); } } } $data->{$property} = $object; } if (isset($data->ref)) { $ref = ['$ref' => $data->ref]; if ($this->_context->version == OpenApi::VERSION_3_1_0) { $defaultValues = get_class_vars(get_class($this)); foreach (['summary', 'description'] as $prop) { if (property_exists($this, $prop)) { if ($this->{$prop} !== $defaultValues[$prop]) { $ref[$prop] = $data->{$prop}; } } } } $data = (object) $ref; } if ($this->_context->version == OpenApi::VERSION_3_1_0) { if (isset($data->nullable)) { if (true === $data->nullable) { $data->type = (array) $data->type; $data->type[] = 'null'; } unset($data->nullable); } } return $data; }",True,PHP,stdClass,AbstractAnnotation.php,https://github.com/cockpit-hq/cockpit,cockpit-hq,Artur Heinze,2023-02-22 02:10:02+01:00,Update vendor libs,CWE-1103,Use of Platform-Dependent Third Party Components,"The product relies on third-party components that do not provide equivalent functionality across all desirable platforms.",https://cwe.mitre.org/data/definitions/1103.html,CVE-2023-1160,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27452,"static function activate($uid, $karmalevel = 'pear.dev') { require_once 'Damblan/Karma.php'; global $dbh, $auth_user; $karma = new Damblan_Karma($dbh); $user = user::info($uid, null, 0); if (!isset($user['registered'])) { return false; } @$arr = unserialize($user['userinfo']); include_once 'pear-database-note.php'; note::removeAll($uid); $data = array(); $data['registered'] = 1; $data['active'] = 1; if (is_array($arr)) { $data['userinfo'] = $arr[1]; } $data['created'] = gmdate('Y-m-d H:i'); $data['createdby'] = $auth_user->handle; $data['handle'] = $user['handle']; user::update($data, true); $karma->grant($user['handle'], $karmalevel); if ($karma->has($user['handle'], 'pear.dev')) { include_once 'pear-rest.php'; $pear_rest = new pearweb_Channel_REST_Generator(PEAR_REST_PATH, $dbh); $pear_rest->saveMaintainerREST($user['handle']); $pear_rest->saveAllMaintainersREST(); } include_once 'pear-database-note.php'; note::add($uid, ""Account opened""); $msg = ""Your PEAR account request has been opened.\n"". ""To log in, go to http: ""the top-right menu.\n""; $xhdr = 'From: ' . $auth_user->handle . '@php.net'; if (!DEVBOX) { mail($user['email'], ""Your PEAR Account Request"", $msg, $xhdr, '-f ' . PEAR_BOUNCE_EMAIL); } return true; }",True,PHP,activate,pear-database-user.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2022-27157,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27453,"static function activate($uid, $karmalevel = 'pear.dev') { require_once 'Damblan/Karma.php'; global $dbh, $auth_user; $karma = new Damblan_Karma($dbh); $user = user::info($uid, null, 0); if (!isset($user['registered'])) { return false; } @$arr = unserialize($user['userinfo']); include_once 'pear-database-note.php'; note::removeAll($uid); $data = array(); $data['registered'] = 1; $data['active'] = 1; if (is_array($arr)) { $data['userinfo'] = $arr[1]; } $data['created'] = gmdate('Y-m-d H:i'); $data['createdby'] = $auth_user->handle; $data['handle'] = $user['handle']; user::update($data, true); $karma->grant($user['handle'], $karmalevel); if ($karma->has($user['handle'], 'pear.dev')) { include_once 'pear-rest.php'; $pear_rest = new pearweb_Channel_REST_Generator(PEAR_REST_PATH, $dbh); $pear_rest->saveMaintainerREST($user['handle']); $pear_rest->saveAllMaintainersREST(); } include_once 'pear-database-note.php'; note::add($uid, ""Account opened""); $msg = ""Your PEAR account request has been opened.\n"". ""To log in, go to http: ""the top-right menu.\n""; $xhdr = 'From: ' . $auth_user->handle . '@php.net'; if (!DEVBOX) { mail($user['email'], ""Your PEAR Account Request"", $msg, $xhdr, '-f ' . PEAR_BOUNCE_EMAIL); } return true; }",True,PHP,activate,pear-database-user.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-27158,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27456,"function &getAll(&$dbh, $proposalId) { $sql = ""SELECT *, UNIX_TIMESTAMP(timestamp) AS timestamp FROM package_proposal_votes WHERE pkg_prop_id = "". $dbh->quoteSmart($proposalId) ."" ORDER BY timestamp ASC""; $res = $dbh->query($sql); if (DB::isError($res)) { return $res; } $votes = array(); while ($set = $res->fetchRow(DB_FETCHMODE_ASSOC)) { $set['reviews'] = unserialize($set['reviews']); $votes[$set['user_handle']] = new ppVote($set); } return $votes; }",True,PHP,getAll,pepr-ppvote.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2022-27157,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27457,"function &getAll(&$dbh, $proposalId) { $sql = ""SELECT *, UNIX_TIMESTAMP(timestamp) AS timestamp FROM package_proposal_votes WHERE pkg_prop_id = "". $dbh->quoteSmart($proposalId) ."" ORDER BY timestamp ASC""; $res = $dbh->query($sql); if (DB::isError($res)) { return $res; } $votes = array(); while ($set = $res->fetchRow(DB_FETCHMODE_ASSOC)) { $set['reviews'] = unserialize($set['reviews']); $votes[$set['user_handle']] = new ppVote($set); } return $votes; }",True,PHP,getAll,pepr-ppvote.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-27158,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27460,"function get(&$dbh, $proposalId, $handle) { $sql = ""SELECT *, UNIX_TIMESTAMP(timestamp) AS timestamp FROM package_proposal_votes WHERE pkg_prop_id = "". $dbh->quoteSmart($proposalId) ."" AND user_handle= "". $dbh->quoteSmart($handle); $res = $dbh->query($sql); if (DB::isError($res)) { return $res; } if (!$res->numRows()) { return null; } $set = $res->fetchRow(DB_FETCHMODE_ASSOC); $set['reviews'] = unserialize($set['reviews']); $vote = new ppVote($set); return $vote; }",True,PHP,get,pepr-ppvote.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2022-27157,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27461,"function get(&$dbh, $proposalId, $handle) { $sql = ""SELECT *, UNIX_TIMESTAMP(timestamp) AS timestamp FROM package_proposal_votes WHERE pkg_prop_id = "". $dbh->quoteSmart($proposalId) ."" AND user_handle= "". $dbh->quoteSmart($handle); $res = $dbh->query($sql); if (DB::isError($res)) { return $res; } if (!$res->numRows()) { return null; } $set = $res->fetchRow(DB_FETCHMODE_ASSOC); $set['reviews'] = unserialize($set['reviews']); $vote = new ppVote($set); return $vote; }",True,PHP,get,pepr-ppvote.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-27158,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27464,"function initializeDatabase($answers) { $this->dsn = array( 'phptype' => $answers['driver'], 'username' => $answers['user'], 'password' => $answers['password'], 'hostspec' => $answers['host'], 'database' => $answers['database']); $a = MDB2_Schema::factory($this->dsn, array('idxname_format' => '%s', 'seqname_format' => 'id', 'quote_identifier' => true)); $updir = '@www-dir@/pear.php.net/sql/.pearweb-upgrade'; if (!file_exists($updir)) { if (!mkdir($updir)) { $this->_ui->outputData('error - make sure we can create directories'); return false; } } PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $c = $a->parseDatabaseDefinitionFile( realpath('@www-dir@/pear.php.net/sql/pearweb_mdb2schema.xml')); PEAR::staticPopErrorHandling(); if (PEAR::isError($c)) { $extra = ''; if (MDB2_Schema::isError($c) || MDB2::isError($c)) { $extra = ""\n"" . $c->getUserInfo(); } $this->_ui->outputData('ERROR: ' . $c->getMessage() . $extra); return false; } $c['name'] = $answers['database']; $c['create'] = 1; $c['overwrite'] = 0; $dir = opendir('@www-dir@/pear.php.net/sql/.pearweb-upgrade'); $oldversion = false; while (false !== ($entry = readdir($dir))) { if ($entry[0] === '.') { continue; } if (strpos($entry, $answers['database']) === 0) { $entry = substr($entry, strlen($answers['database']) + 1); $entry = substr($entry, 0, strlen($entry) - 4); if (!$oldversion) { $oldversion = $entry; continue; } if (version_compare($entry, $oldversion, '>')) { $oldversion = $entry; } } } $serfile = $updir . $answers['database'] . '-@version@.ser'; if (!file_exists($serfile)) { $fp = fopen($serfile, 'w'); fwrite($fp, serialize($c)); fclose($fp); } if ($oldversion == '@version@') { $oldversion = false; } if ($oldversion) { $curdef = unserialize(file_get_contents($updir . $answers['database'] . '-' . $oldversion . '.ser')); if (!is_array($curdef)) { $this->_ui->outputData('invalid data returned from previous version'); } PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $c = $a->compareDefinitions($c, $curdef); if (PEAR::isError($c)) { $this->_ui->outputData($err->getMessage()); $this->_ui->outputData($err->getUserInfo()); $this->_ui->outputData('Unable to automatically update database'); return false; } $err = $a->updateDatabase($curdef, $c); PEAR::staticPopErrorHandling(); } else { PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $err = $a->createDatabase($c); PEAR::staticPopErrorHandling(); } if (PEAR::isError($err)) { $this->_ui->outputData($err->getUserInfo()); $this->_ui->outputData($err->getMessage()); return false; } return true; }",True,PHP,initializeDatabase,pearweb.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2022-27157,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27465,"function initializeDatabase($answers) { $this->dsn = array( 'phptype' => $answers['driver'], 'username' => $answers['user'], 'password' => $answers['password'], 'hostspec' => $answers['host'], 'database' => $answers['database']); $a = MDB2_Schema::factory($this->dsn, array('idxname_format' => '%s', 'seqname_format' => 'id', 'quote_identifier' => true)); $updir = '@www-dir@/pear.php.net/sql/.pearweb-upgrade'; if (!file_exists($updir)) { if (!mkdir($updir)) { $this->_ui->outputData('error - make sure we can create directories'); return false; } } PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $c = $a->parseDatabaseDefinitionFile( realpath('@www-dir@/pear.php.net/sql/pearweb_mdb2schema.xml')); PEAR::staticPopErrorHandling(); if (PEAR::isError($c)) { $extra = ''; if (MDB2_Schema::isError($c) || MDB2::isError($c)) { $extra = ""\n"" . $c->getUserInfo(); } $this->_ui->outputData('ERROR: ' . $c->getMessage() . $extra); return false; } $c['name'] = $answers['database']; $c['create'] = 1; $c['overwrite'] = 0; $dir = opendir('@www-dir@/pear.php.net/sql/.pearweb-upgrade'); $oldversion = false; while (false !== ($entry = readdir($dir))) { if ($entry[0] === '.') { continue; } if (strpos($entry, $answers['database']) === 0) { $entry = substr($entry, strlen($answers['database']) + 1); $entry = substr($entry, 0, strlen($entry) - 4); if (!$oldversion) { $oldversion = $entry; continue; } if (version_compare($entry, $oldversion, '>')) { $oldversion = $entry; } } } $serfile = $updir . $answers['database'] . '-@version@.ser'; if (!file_exists($serfile)) { $fp = fopen($serfile, 'w'); fwrite($fp, serialize($c)); fclose($fp); } if ($oldversion == '@version@') { $oldversion = false; } if ($oldversion) { $curdef = unserialize(file_get_contents($updir . $answers['database'] . '-' . $oldversion . '.ser')); if (!is_array($curdef)) { $this->_ui->outputData('invalid data returned from previous version'); } PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $c = $a->compareDefinitions($c, $curdef); if (PEAR::isError($c)) { $this->_ui->outputData($err->getMessage()); $this->_ui->outputData($err->getUserInfo()); $this->_ui->outputData('Unable to automatically update database'); return false; } $err = $a->updateDatabase($curdef, $c); PEAR::staticPopErrorHandling(); } else { PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $err = $a->createDatabase($c); PEAR::staticPopErrorHandling(); } if (PEAR::isError($err)) { $this->_ui->outputData($err->getUserInfo()); $this->_ui->outputData($err->getMessage()); return false; } return true; }",True,PHP,initializeDatabase,pearweb.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-27158,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27466,"function initializeDatabase($answers) { $this->dsn = array( 'phptype' => $answers['driver'], 'username' => $answers['user'], 'password' => $answers['password'], 'hostspec' => $answers['host'], 'database' => $answers['database']); $a = MDB2_Schema::factory($this->dsn, array('idxname_format' => '%s', 'seqname_format' => 'id', 'quote_identifier' => true)); if (!file_exists('@www-dir@' . DIRECTORY_SEPARATOR . 'sql' . DIRECTORY_SEPARATOR . '.pearweb-upgrade')) { if (!mkdir('@www-dir@' . DIRECTORY_SEPARATOR . 'sql' . DIRECTORY_SEPARATOR . '.pearweb-upgrade')) { $this->_ui->outputData('error - make sure we can create directories'); return false; } } PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $c = $a->parseDatabaseDefinitionFile( realpath('@www-dir@/sql/pearweb_election.xml')); PEAR::staticPopErrorHandling(); if (PEAR::isError($c)) { $extra = ''; if (MDB2_Schema::isError($c) || MDB2::isError($c)) { $extra = ""\n"" . $c->getUserInfo(); } $this->_ui->outputData('ERROR: ' . $c->getMessage() . $extra); return false; } $c['name'] = $answers['database']; $c['create'] = 1; $c['overwrite'] = 0; $dir = opendir('@www-dir@/sql/.pearweb-upgrade'); $oldversion = false; while (false !== ($entry = readdir($dir))) { if ($entry[0] === '.') { continue; } if (strpos($entry, $answers['database']) === 0) { $entry = substr($entry, strlen($answers['database']) + 1); $entry = substr($entry, 0, strlen($entry) - 4); if (!$oldversion) { $oldversion = $entry; continue; } if (version_compare($entry, $oldversion, '>')) { $oldversion = $entry; } } } if (!file_exists('@www-dir@/sql/.pearweb-upgrade/' . $answers['database'] . '-@version@.ser')) { $fp = fopen('@www-dir@/sql/.pearweb-upgrade/' . $answers['database'] . '-@version@.ser', 'w'); fwrite($fp, serialize($c)); fclose($fp); } if ($oldversion == '@version@') { $oldversion = false; } if ($oldversion) { $curdef = unserialize(file_get_contents('@www-dir@/sql/.pearweb-upgrade/' . $answers['database'] . '-' . $oldversion . '.ser')); if (!is_array($curdef)) { $this->_ui->outputData('invalid data returned from previous version'); } PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $c = $a->compareDefinitions($c, $curdef); if (PEAR::isError($c)) { $this->_ui->outputData($err->getMessage()); $this->_ui->outputData($err->getUserInfo()); $this->_ui->outputData('Unable to automatically update database'); return false; } $err = $a->updateDatabase($curdef, $c); PEAR::staticPopErrorHandling(); } else { PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $err = $a->createDatabase($c); PEAR::staticPopErrorHandling(); } if (PEAR::isError($err)) { $this->_ui->outputData($err->getUserInfo()); $this->_ui->outputData($err->getMessage()); return false; } return true; }",True,PHP,initializeDatabase,pearweb_election.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2022-27157,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27467,"function initializeDatabase($answers) { $this->dsn = array( 'phptype' => $answers['driver'], 'username' => $answers['user'], 'password' => $answers['password'], 'hostspec' => $answers['host'], 'database' => $answers['database']); $a = MDB2_Schema::factory($this->dsn, array('idxname_format' => '%s', 'seqname_format' => 'id', 'quote_identifier' => true)); if (!file_exists('@www-dir@' . DIRECTORY_SEPARATOR . 'sql' . DIRECTORY_SEPARATOR . '.pearweb-upgrade')) { if (!mkdir('@www-dir@' . DIRECTORY_SEPARATOR . 'sql' . DIRECTORY_SEPARATOR . '.pearweb-upgrade')) { $this->_ui->outputData('error - make sure we can create directories'); return false; } } PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $c = $a->parseDatabaseDefinitionFile( realpath('@www-dir@/sql/pearweb_election.xml')); PEAR::staticPopErrorHandling(); if (PEAR::isError($c)) { $extra = ''; if (MDB2_Schema::isError($c) || MDB2::isError($c)) { $extra = ""\n"" . $c->getUserInfo(); } $this->_ui->outputData('ERROR: ' . $c->getMessage() . $extra); return false; } $c['name'] = $answers['database']; $c['create'] = 1; $c['overwrite'] = 0; $dir = opendir('@www-dir@/sql/.pearweb-upgrade'); $oldversion = false; while (false !== ($entry = readdir($dir))) { if ($entry[0] === '.') { continue; } if (strpos($entry, $answers['database']) === 0) { $entry = substr($entry, strlen($answers['database']) + 1); $entry = substr($entry, 0, strlen($entry) - 4); if (!$oldversion) { $oldversion = $entry; continue; } if (version_compare($entry, $oldversion, '>')) { $oldversion = $entry; } } } if (!file_exists('@www-dir@/sql/.pearweb-upgrade/' . $answers['database'] . '-@version@.ser')) { $fp = fopen('@www-dir@/sql/.pearweb-upgrade/' . $answers['database'] . '-@version@.ser', 'w'); fwrite($fp, serialize($c)); fclose($fp); } if ($oldversion == '@version@') { $oldversion = false; } if ($oldversion) { $curdef = unserialize(file_get_contents('@www-dir@/sql/.pearweb-upgrade/' . $answers['database'] . '-' . $oldversion . '.ser')); if (!is_array($curdef)) { $this->_ui->outputData('invalid data returned from previous version'); } PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $c = $a->compareDefinitions($c, $curdef); if (PEAR::isError($c)) { $this->_ui->outputData($err->getMessage()); $this->_ui->outputData($err->getUserInfo()); $this->_ui->outputData('Unable to automatically update database'); return false; } $err = $a->updateDatabase($curdef, $c); PEAR::staticPopErrorHandling(); } else { PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $err = $a->createDatabase($c); PEAR::staticPopErrorHandling(); } if (PEAR::isError($err)) { $this->_ui->outputData($err->getUserInfo()); $this->_ui->outputData($err->getMessage()); return false; } return true; }",True,PHP,initializeDatabase,pearweb_election.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-27158,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27470,"function initializeDatabase($answers) { $this->dsn = array( 'phptype' => $answers['driver'], 'username' => $answers['user'], 'password' => $answers['password'], 'hostspec' => $answers['host'], 'database' => $answers['database']); $a = MDB2_Schema::factory($this->dsn, array('idxname_format' => '%s', 'seqname_format' => 'id', 'quote_identifier' => true)); if (!file_exists('@www-dir@' . DIRECTORY_SEPARATOR . 'sql' . DIRECTORY_SEPARATOR . '.pearweb-upgrade')) { if (!mkdir('@www-dir@' . DIRECTORY_SEPARATOR . 'sql' . DIRECTORY_SEPARATOR . '.pearweb-upgrade')) { $this->_ui->outputData('error - make sure we can create directories'); return false; } } PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $c = $a->parseDatabaseDefinitionFile( realpath('@www-dir@/sql/pearweb_mdb2schema.xml')); PEAR::staticPopErrorHandling(); if (PEAR::isError($c)) { $extra = ''; if (MDB2_Schema::isError($c) || MDB2::isError($c)) { $extra = ""\n"" . $c->getUserInfo(); } $this->_ui->outputData('ERROR: ' . $c->getMessage() . $extra); return false; } $c['name'] = $answers['database']; $c['create'] = 1; $c['overwrite'] = 0; $dir = opendir('@www-dir@/sql/.pearweb-upgrade'); $oldversion = false; while (false !== ($entry = readdir($dir))) { if ($entry[0] === '.') { continue; } if (strpos($entry, $answers['database']) === 0) { $entry = substr($entry, strlen($answers['database']) + 1); $entry = substr($entry, 0, strlen($entry) - 4); if (!$oldversion) { $oldversion = $entry; continue; } if (version_compare($entry, $oldversion, '>')) { $oldversion = $entry; } } } if (!file_exists('@www-dir@/sql/.pearweb-upgrade/' . $answers['database'] . '-@version@.ser')) { $fp = fopen('@www-dir@/sql/.pearweb-upgrade/' . $answers['database'] . '-@version@.ser', 'w'); fwrite($fp, serialize($c)); fclose($fp); } if ($oldversion == '@version@') { $oldversion = false; } if ($oldversion) { $curdef = unserialize(file_get_contents('@www-dir@/sql/.pearweb-upgrade/' . $answers['database'] . '-' . $oldversion . '.ser')); if (!is_array($curdef)) { $this->_ui->outputData('invalid data returned from previous version'); } PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $c = $a->compareDefinitions($c, $curdef); if (PEAR::isError($c)) { $this->_ui->outputData($err->getMessage()); $this->_ui->outputData($err->getUserInfo()); $this->_ui->outputData('Unable to automatically update database'); return false; } $err = $a->updateDatabase($curdef, $c); PEAR::staticPopErrorHandling(); } else { PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $err = $a->createDatabase($c); PEAR::staticPopErrorHandling(); } if (PEAR::isError($err)) { $this->_ui->outputData($err->getUserInfo()); $this->_ui->outputData($err->getMessage()); return false; } return true; }",True,PHP,initializeDatabase,pearweb_pepr.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2022-27157,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27471,"function initializeDatabase($answers) { $this->dsn = array( 'phptype' => $answers['driver'], 'username' => $answers['user'], 'password' => $answers['password'], 'hostspec' => $answers['host'], 'database' => $answers['database']); $a = MDB2_Schema::factory($this->dsn, array('idxname_format' => '%s', 'seqname_format' => 'id', 'quote_identifier' => true)); if (!file_exists('@www-dir@' . DIRECTORY_SEPARATOR . 'sql' . DIRECTORY_SEPARATOR . '.pearweb-upgrade')) { if (!mkdir('@www-dir@' . DIRECTORY_SEPARATOR . 'sql' . DIRECTORY_SEPARATOR . '.pearweb-upgrade')) { $this->_ui->outputData('error - make sure we can create directories'); return false; } } PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $c = $a->parseDatabaseDefinitionFile( realpath('@www-dir@/sql/pearweb_mdb2schema.xml')); PEAR::staticPopErrorHandling(); if (PEAR::isError($c)) { $extra = ''; if (MDB2_Schema::isError($c) || MDB2::isError($c)) { $extra = ""\n"" . $c->getUserInfo(); } $this->_ui->outputData('ERROR: ' . $c->getMessage() . $extra); return false; } $c['name'] = $answers['database']; $c['create'] = 1; $c['overwrite'] = 0; $dir = opendir('@www-dir@/sql/.pearweb-upgrade'); $oldversion = false; while (false !== ($entry = readdir($dir))) { if ($entry[0] === '.') { continue; } if (strpos($entry, $answers['database']) === 0) { $entry = substr($entry, strlen($answers['database']) + 1); $entry = substr($entry, 0, strlen($entry) - 4); if (!$oldversion) { $oldversion = $entry; continue; } if (version_compare($entry, $oldversion, '>')) { $oldversion = $entry; } } } if (!file_exists('@www-dir@/sql/.pearweb-upgrade/' . $answers['database'] . '-@version@.ser')) { $fp = fopen('@www-dir@/sql/.pearweb-upgrade/' . $answers['database'] . '-@version@.ser', 'w'); fwrite($fp, serialize($c)); fclose($fp); } if ($oldversion == '@version@') { $oldversion = false; } if ($oldversion) { $curdef = unserialize(file_get_contents('@www-dir@/sql/.pearweb-upgrade/' . $answers['database'] . '-' . $oldversion . '.ser')); if (!is_array($curdef)) { $this->_ui->outputData('invalid data returned from previous version'); } PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $c = $a->compareDefinitions($c, $curdef); if (PEAR::isError($c)) { $this->_ui->outputData($err->getMessage()); $this->_ui->outputData($err->getUserInfo()); $this->_ui->outputData('Unable to automatically update database'); return false; } $err = $a->updateDatabase($curdef, $c); PEAR::staticPopErrorHandling(); } else { PEAR::staticPushErrorHandling(PEAR_ERROR_RETURN); $err = $a->createDatabase($c); PEAR::staticPopErrorHandling(); } if (PEAR::isError($err)) { $this->_ui->outputData($err->getUserInfo()); $this->_ui->outputData($err->getMessage()); return false; } return true; }",True,PHP,initializeDatabase,pearweb_pepr.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-27158,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27476,"protected function moveVotes() { $sql = ""SELECT * FROM package_proposal_votes WHERE pkg_prop_id = {$this->proposal}""; $res = $this->mdb2->query($sql); if (MDB2::isError($res)) { throw new RuntimeException(""DB error occurred: {$res->getDebugInfo()}""); } if ($res->numRows() == 0) { return; } $insert = ""INSERT INTO package_proposal_comments (""; $insert .= ""user_handle, pkg_prop_id, timestamp, comment""; $insert .= "") VALUES(%s, {$this->proposal}, %d, %s)""; $delete = ""DELETE FROM package_proposal_votes WHERE""; $delete .= "" pkg_prop_id = {$this->proposal}""; $delete .= "" AND user_handle = %s""; while ($row = $res->fetchRow(MDB2_FETCHMODE_OBJECT)) { $comment = ""Original vote: {$row->value}\n""; $comment .= ""Conditional vote: "" . ($row->is_conditional != 0)?'yes':'no' . ""\n""; $comment .= ""Comment on vote: "" . $row->comment . ""\n\n""; $comment .= ""Reviewed: "" . implode("", "", unserialize($row->reviews)); $sql = sprintf( $insert, $this->mdb2->quote($row->user_handle), $row->timestamp, $this->mdb2->quote($comment) ); $this->queryChange($sql); $sql = sprintf( $delete, $this->mdb2->quote($row->user_handle) ); $this->queryChange($sql); }",True,PHP,moveVotes,rollback.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2022-27157,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27477,"protected function moveVotes() { $sql = ""SELECT * FROM package_proposal_votes WHERE pkg_prop_id = {$this->proposal}""; $res = $this->mdb2->query($sql); if (MDB2::isError($res)) { throw new RuntimeException(""DB error occurred: {$res->getDebugInfo()}""); } if ($res->numRows() == 0) { return; } $insert = ""INSERT INTO package_proposal_comments (""; $insert .= ""user_handle, pkg_prop_id, timestamp, comment""; $insert .= "") VALUES(%s, {$this->proposal}, %d, %s)""; $delete = ""DELETE FROM package_proposal_votes WHERE""; $delete .= "" pkg_prop_id = {$this->proposal}""; $delete .= "" AND user_handle = %s""; while ($row = $res->fetchRow(MDB2_FETCHMODE_OBJECT)) { $comment = ""Original vote: {$row->value}\n""; $comment .= ""Conditional vote: "" . ($row->is_conditional != 0)?'yes':'no' . ""\n""; $comment .= ""Comment on vote: "" . $row->comment . ""\n\n""; $comment .= ""Reviewed: "" . implode("", "", unserialize($row->reviews)); $sql = sprintf( $insert, $this->mdb2->quote($row->user_handle), $row->timestamp, $this->mdb2->quote($comment) ); $this->queryChange($sql); $sql = sprintf( $delete, $this->mdb2->quote($row->user_handle) ); $this->queryChange($sql); }",True,PHP,moveVotes,rollback.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-27158,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27480,"protected function moveVotes() { $sql = ""SELECT * FROM package_proposal_votes WHERE pkg_prop_id = {$this->proposal}""; $res = $this->mdb2->query($sql); if (MDB2::isError($res)) { throw new RuntimeException(""DB error occurred: {$res->getDebugInfo()}""); } if ($res->numRows() == 0) { return; } $insert = ""INSERT INTO package_proposal_comments (""; $insert .= ""user_handle, pkg_prop_id, timestamp, comment""; $insert .= "") VALUES(%s, {$this->proposal}, %d, %s)""; $delete = ""DELETE FROM package_proposal_votes WHERE""; $delete .= "" pkg_prop_id = {$this->proposal}""; $delete .= "" AND user_handle = %s""; while ($row = $res->fetchRow(MDB2_FETCHMODE_OBJECT)) { $comment = ""Original vote: {$row->value}\n""; $comment .= ""Conditional vote: "" . (($row->is_conditional != 0)?'yes':'no') . ""\n""; $comment .= ""Comment on vote: "" . $row->comment . ""\n""; $comment .= ""Reviewed: "" . implode("", "", unserialize($row->reviews)); $sql = sprintf( $insert, $this->mdb2->quote($row->user_handle), $row->timestamp, $this->mdb2->quote($comment) ); $this->queryChange($sql); $sql = sprintf( $delete, $this->mdb2->quote($row->user_handle) ); $this->queryChange($sql); }",True,PHP,moveVotes,rollbackProposal.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2022-27157,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27481,"protected function moveVotes() { $sql = ""SELECT * FROM package_proposal_votes WHERE pkg_prop_id = {$this->proposal}""; $res = $this->mdb2->query($sql); if (MDB2::isError($res)) { throw new RuntimeException(""DB error occurred: {$res->getDebugInfo()}""); } if ($res->numRows() == 0) { return; } $insert = ""INSERT INTO package_proposal_comments (""; $insert .= ""user_handle, pkg_prop_id, timestamp, comment""; $insert .= "") VALUES(%s, {$this->proposal}, %d, %s)""; $delete = ""DELETE FROM package_proposal_votes WHERE""; $delete .= "" pkg_prop_id = {$this->proposal}""; $delete .= "" AND user_handle = %s""; while ($row = $res->fetchRow(MDB2_FETCHMODE_OBJECT)) { $comment = ""Original vote: {$row->value}\n""; $comment .= ""Conditional vote: "" . (($row->is_conditional != 0)?'yes':'no') . ""\n""; $comment .= ""Comment on vote: "" . $row->comment . ""\n""; $comment .= ""Reviewed: "" . implode("", "", unserialize($row->reviews)); $sql = sprintf( $insert, $this->mdb2->quote($row->user_handle), $row->timestamp, $this->mdb2->quote($comment) ); $this->queryChange($sql); $sql = sprintf( $delete, $this->mdb2->quote($row->user_handle) ); $this->queryChange($sql); }",True,PHP,moveVotes,rollbackProposal.php,https://github.com/pear/pearweb,pear,Chuck Burgess,2022-03-13 09:07:46-05:00,Be cautious about what can be unserialized,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2022-27158,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27484,"foreach ($this->_to_convert as $error) { $message = $this->getMessage($error['field'], $error['rule'], $error['fallback']); if ($this->_message === null || ($message != $this->_message && !in_array($message, $this->_errors))) { $this->_errors[] = $message; continue; } if ($message == $this->_message && !in_array($this->_message, $this->_errors)) { $this->_errors[] = $this->_message; } }",True,PHP,foreach,Validate.php,https://github.com/namelessmc/nameless,namelessmc,GitHub,2022-08-07 13:32:07-06:00,Add ability to rate limit via Validate class (#2998),CWE-304,Missing Critical Step in Authentication,"The product implements an authentication technique, but it skips a step that weakens the technique.",https://cwe.mitre.org/data/definitions/304.html,CVE-2022-2821,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27485,"public function __construct(string $user = null, string $field = 'id') { $this->_db = DB::getInstance(); $this->_sessionName = Config::get('session.session_name'); $this->_cookieName = Config::get('remember.cookie_name'); $this->_admSessionName = Config::get('session.admin_name'); if ($user === null) { if (Session::exists($this->_sessionName)) { $user = Session::get($this->_sessionName); if ($this->find($user, $field)) { $this->_isLoggedIn = true; } } if (Session::exists($this->_admSessionName)) { $user = Session::get($this->_admSessionName); if ($user == $this->data()->id && $this->find($user, $field)) { $this->_isAdmLoggedIn = true; } } } else { $this->find($user, $field); } }",True,PHP,__construct,User.php,https://github.com/namelessmc/nameless,namelessmc,GitHub,2022-08-12 22:29:09-06:00,"Rework user sessions system (#3000) Co-authored-by: samerton ",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2022-2820,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27487,"function can_process() { $Auth_Result = hook_authenticate($_SESSION['wa_current_user']->username, $_POST['cur_password']); if (!isset($Auth_Result)) $Auth_Result = get_user_auth($_SESSION['wa_current_user']->username, md5($_POST['cur_password'])); if (!$Auth_Result) { display_error( _('Invalid password entered.')); set_focus('cur_password'); return false; } if (strlen($_POST['password']) < 4) { display_error( _('The password entered must be at least 4 characters long.')); set_focus('password'); return false; } if (strstr($_POST['password'], $_SESSION['wa_current_user']->username) != false) { display_error( _('The password cannot contain the user login.')); set_focus('password'); return false; } if ($_POST['password'] != $_POST['passwordConfirm']) { display_error( _('The passwords entered are not the same.')); set_focus('password'); return false; } return true; }",True,PHP,can_process,change_current_user_password.php,https://github.com/notrinos/notrinoserp,notrinos,notrinos,2022-08-21 09:07:55+07:00,changed password hash method from md5 to bcrypt.,CWE-359,Exposure of Private Personal Information to an Unauthorized Actor,"The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.",https://cwe.mitre.org/data/definitions/359.html,CVE-2022-2921,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27489,"function handle_submit($selected_id) { global $db_connections, $def_coy, $tb_pref_counter, $db, $comp_subdirs, $path_to_root, $Mode; $error = false; if ($selected_id==-1) $selected_id = count($db_connections); $new = !isset($db_connections[$selected_id]); if (check_value('def')) $def_coy = $selected_id; $db_connections[$selected_id]['name'] = $_POST['name']; if ($new) { $db_connections[$selected_id]['host'] = $_POST['host']; $db_connections[$selected_id]['port'] = $_POST['port']; $db_connections[$selected_id]['dbuser'] = $_POST['dbuser']; $db_connections[$selected_id]['dbpassword'] = html_entity_decode($_POST['dbpassword'], ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding); $db_connections[$selected_id]['dbname'] = $_POST['dbname']; $db_connections[$selected_id]['collation'] = $_POST['collation']; if (is_numeric($_POST['tbpref'])) $db_connections[$selected_id]['tbpref'] = $_POST['tbpref'] == 1 ? $tb_pref_counter.'_' : ''; else if ($_POST['tbpref'] != '') $db_connections[$selected_id]['tbpref'] = $_POST['tbpref']; else $db_connections[$selected_id]['tbpref'] = ''; $conn = $db_connections[$selected_id]; if (($db = db_create_db($conn)) === false) { display_error(_('Error creating Database: ') . $conn['dbname'] . _(', Please create it manually')); $error = true; } else { if (strncmp(db_get_version(), '5.6', 3) >= 0) db_query(""SET sql_mode = ''""); if (!db_import($path_to_root.'/sql/'.get_post('coa'), $conn, $selected_id)) { display_error(_('Cannot create new company due to bugs in sql file.')); $error = true; } else { if (!isset($_POST['admpassword']) || $_POST['admpassword'] == '') $_POST['admpassword'] = 'password'; update_admin_password($conn, md5($_POST['admpassword'])); } } if ($error) { remove_connection($selected_id); return false; } } $error = write_config_db($new); if ($error == -1) display_error(_('Cannot open the configuration file - ').$path_to_root.'/config_db.php'); else if ($error == -2) display_error(_('Cannot write to the configuration file - ').$path_to_root.'/config_db.php'); else if ($error == -3) display_error(_('The configuration file ').$path_to_root.'/config_db.php'._(' is not writable. Change its permissions so it is, then re-run the operation.')); if ($error != 0) return false; if ($new) { create_comp_dirs(company_path($selected_id), $comp_subdirs); $exts = get_company_extensions(); write_extensions($exts, $selected_id); } display_notification($new ? _('New company has been created.') : _('Company has been updated.')); $Mode = 'RESET'; return true; }",True,PHP,handle_submit,create_coy.php,https://github.com/notrinos/notrinoserp,notrinos,notrinos,2022-08-21 09:07:55+07:00,changed password hash method from md5 to bcrypt.,CWE-359,Exposure of Private Personal Information to an Unauthorized Actor,"The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.",https://cwe.mitre.org/data/definitions/359.html,CVE-2022-2921,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27492,"function can_process($new) { if (strlen($_POST['user_id']) < 4) { display_error( _('The user login entered must be at least 4 characters long.')); set_focus('user_id'); return false; } if (!$new && ($_POST['password'] != '')) { if (strlen($_POST['password']) < 4) { display_error( _('The password entered must be at least 4 characters long.')); set_focus('password'); return false; } if (strstr($_POST['password'], $_POST['user_id']) != false) { display_error( _('The password cannot contain the user login.')); set_focus('password'); return false; } } return true; }",True,PHP,can_process,users.php,https://github.com/notrinos/notrinoserp,notrinos,notrinos,2022-08-22 14:46:05+07:00,added password validation for adding new user.,CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2022-2927,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27494,"public function testCookiePathWithEmptySetCookiePath($uriPath, $cookiePath) { $response = (new Response(200)) ->withAddedHeader( 'Set-Cookie', ""foo=bar; expires={$this->futureExpirationDate()}; domain=www.example.com; path=;"" ) ->withAddedHeader( 'Set-Cookie', ""bar=foo; expires={$this->futureExpirationDate()}; domain=www.example.com; path=foobar;"" ) ; $request = (new Request('GET', $uriPath))->withHeader('Host', 'www.example.com'); $this->jar->extractCookies($request, $response); self::assertSame($cookiePath, $this->jar->toArray()[0]['Path']); self::assertSame($cookiePath, $this->jar->toArray()[1]['Path']); }",True,PHP,testCookiePathWithEmptySetCookiePath,CookieJarTest.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-05-25 14:24:33+01:00,"[7.x] Fix cross-domain cookie leakage (#3018) Co-authored-by: Tim Düsterhus <209270+TimWolla@users.noreply.github.com>",CWE-565,Reliance on Cookies without Validation and Integrity Checking,"The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.",https://cwe.mitre.org/data/definitions/565.html,CVE-2022-29248,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27495,"public function getCookiePathsDataProvider() { return [ ['', '/'], ['/', '/'], ['/foo', '/'], ['/foo/bar', '/foo'], ['/foo/bar/', '/foo/bar'], ['foo', '/'], ['foo/bar', '/'], ['foo/bar/', '/'], ]; }",True,PHP,getCookiePathsDataProvider,CookieJarTest.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-05-25 14:24:33+01:00,"[7.x] Fix cross-domain cookie leakage (#3018) Co-authored-by: Tim Düsterhus <209270+TimWolla@users.noreply.github.com>",CWE-565,Reliance on Cookies without Validation and Integrity Checking,"The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.",https://cwe.mitre.org/data/definitions/565.html,CVE-2022-29248,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27498,"public function testRemoveAuthorizationHeaderOnRedirect() { $mock = new MockHandler([ new Response(302, ['Location' => 'http: static function (RequestInterface $request) { self::assertFalse($request->hasHeader('Authorization')); return new Response(200); } ]); $handler = HandlerStack::create($mock); $client = new Client(['handler' => $handler]); $client->get('http: }",True,PHP,testRemoveAuthorizationHeaderOnRedirect,RedirectMiddlewareTest.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-06-09 22:39:15+01:00,Release 7.4.4 (#3023),CWE-212,Improper Removal of Sensitive Information Before Storage or Transfer,"The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.",https://cwe.mitre.org/data/definitions/212.html,CVE-2022-31042,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27499,"public function testRemoveAuthorizationHeaderOnRedirect() { $mock = new MockHandler([ new Response(302, ['Location' => 'http: static function (RequestInterface $request) { self::assertFalse($request->hasHeader('Authorization')); return new Response(200); } ]); $handler = HandlerStack::create($mock); $client = new Client(['handler' => $handler]); $client->get('http: }",True,PHP,testRemoveAuthorizationHeaderOnRedirect,RedirectMiddlewareTest.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-06-09 22:39:15+01:00,Release 7.4.4 (#3023),CWE-212,Improper Removal of Sensitive Information Before Storage or Transfer,"The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.",https://cwe.mitre.org/data/definitions/212.html,CVE-2022-31043,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27504,"public function checkRedirect(RequestInterface $request, array $options, ResponseInterface $response) { if (\strpos((string) $response->getStatusCode(), '3') !== 0 || !$response->hasHeader('Location') ) { return $response; } $this->guardMax($request, $response, $options); $nextRequest = $this->modifyRequest($request, $options, $response); if ($request->getUri()->getHost() !== $nextRequest->getUri()->getHost() && defined('\CURLOPT_HTTPAUTH') ) { unset( $options['curl'][\CURLOPT_HTTPAUTH], $options['curl'][\CURLOPT_USERPWD] ); } if (isset($options['allow_redirects']['on_redirect'])) { ($options['allow_redirects']['on_redirect'])( $request, $response, $nextRequest->getUri() ); } $promise = $this($nextRequest, $options); if (!empty($options['allow_redirects']['track_redirects'])) { return $this->withTracking( $promise, (string) $nextRequest->getUri(), $response->getStatusCode() ); } return $promise; }",True,PHP,checkRedirect,RedirectMiddleware.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-06-20 23:16:13+01:00,Release 7.4.5 (#3043),CWE-212,Improper Removal of Sensitive Information Before Storage or Transfer,"The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.",https://cwe.mitre.org/data/definitions/212.html,CVE-2022-31090,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27505,"public function checkRedirect(RequestInterface $request, array $options, ResponseInterface $response) { if (\strpos((string) $response->getStatusCode(), '3') !== 0 || !$response->hasHeader('Location') ) { return $response; } $this->guardMax($request, $response, $options); $nextRequest = $this->modifyRequest($request, $options, $response); if ($request->getUri()->getHost() !== $nextRequest->getUri()->getHost() && defined('\CURLOPT_HTTPAUTH') ) { unset( $options['curl'][\CURLOPT_HTTPAUTH], $options['curl'][\CURLOPT_USERPWD] ); } if (isset($options['allow_redirects']['on_redirect'])) { ($options['allow_redirects']['on_redirect'])( $request, $response, $nextRequest->getUri() ); } $promise = $this($nextRequest, $options); if (!empty($options['allow_redirects']['track_redirects'])) { return $this->withTracking( $promise, (string) $nextRequest->getUri(), $response->getStatusCode() ); } return $promise; }",True,PHP,checkRedirect,RedirectMiddleware.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-06-20 23:16:13+01:00,Release 7.4.5 (#3043),CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2022-31091,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27510,public function crossOriginRedirectProvider() { return [ ['http: ['https: ['http: ['https: ['http: ['https: ['http: ['https: ]; },True,PHP,crossOriginRedirectProvider,RedirectMiddlewareTest.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-06-20 23:16:13+01:00,Release 7.4.5 (#3043),CWE-212,Improper Removal of Sensitive Information Before Storage or Transfer,"The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.",https://cwe.mitre.org/data/definitions/212.html,CVE-2022-31090,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27511,public function crossOriginRedirectProvider() { return [ ['http: ['https: ['http: ['https: ['http: ['https: ['http: ['https: ]; },True,PHP,crossOriginRedirectProvider,RedirectMiddlewareTest.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-06-20 23:16:13+01:00,Release 7.4.5 (#3043),CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2022-31091,"static function description() { return gt(""This module is for managing categories in your store.""); }" 27514,"public function testNotRemoveAuthorizationHeaderOnRedirect() { $mock = new MockHandler([ new Response(302, ['Location' => 'http: static function (RequestInterface $request) { self::assertTrue($request->hasHeader('Authorization')); return new Response(200); } ]); $handler = HandlerStack::create($mock); $client = new Client(['handler' => $handler]); $client->get('http: }",True,PHP,testNotRemoveAuthorizationHeaderOnRedirect,RedirectMiddlewareTest.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-06-20 23:16:13+01:00,Release 7.4.5 (#3043),CWE-212,Improper Removal of Sensitive Information Before Storage or Transfer,"The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.",https://cwe.mitre.org/data/definitions/212.html,CVE-2022-31090,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27515,"public function testNotRemoveAuthorizationHeaderOnRedirect() { $mock = new MockHandler([ new Response(302, ['Location' => 'http: static function (RequestInterface $request) { self::assertTrue($request->hasHeader('Authorization')); return new Response(200); } ]); $handler = HandlerStack::create($mock); $client = new Client(['handler' => $handler]); $client->get('http: }",True,PHP,testNotRemoveAuthorizationHeaderOnRedirect,RedirectMiddlewareTest.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-06-20 23:16:13+01:00,Release 7.4.5 (#3043),CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2022-31091,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27520,"public function testRemoveCurlAuthorizationOptionsOnRedirect($auth) { if (!defined('\CURLOPT_HTTPAUTH')) { self::markTestSkipped('ext-curl is required for this test'); } $mock = new MockHandler([ new Response(302, ['Location' => 'http: static function (RequestInterface $request, $options) { self::assertFalse( isset($options['curl'][\CURLOPT_HTTPAUTH]), 'curl options still contain CURLOPT_HTTPAUTH entry' ); self::assertFalse( isset($options['curl'][\CURLOPT_USERPWD]), 'curl options still contain CURLOPT_USERPWD entry' ); return new Response(200); } ]); $handler = HandlerStack::create($mock); $client = new Client(['handler' => $handler]); $client->get('http: }",True,PHP,testRemoveCurlAuthorizationOptionsOnRedirect,RedirectMiddlewareTest.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-06-20 23:16:13+01:00,Release 7.4.5 (#3043),CWE-212,Improper Removal of Sensitive Information Before Storage or Transfer,"The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.",https://cwe.mitre.org/data/definitions/212.html,CVE-2022-31090,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27521,"public function testRemoveCurlAuthorizationOptionsOnRedirect($auth) { if (!defined('\CURLOPT_HTTPAUTH')) { self::markTestSkipped('ext-curl is required for this test'); } $mock = new MockHandler([ new Response(302, ['Location' => 'http: static function (RequestInterface $request, $options) { self::assertFalse( isset($options['curl'][\CURLOPT_HTTPAUTH]), 'curl options still contain CURLOPT_HTTPAUTH entry' ); self::assertFalse( isset($options['curl'][\CURLOPT_USERPWD]), 'curl options still contain CURLOPT_USERPWD entry' ); return new Response(200); } ]); $handler = HandlerStack::create($mock); $client = new Client(['handler' => $handler]); $client->get('http: }",True,PHP,testRemoveCurlAuthorizationOptionsOnRedirect,RedirectMiddlewareTest.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-06-20 23:16:13+01:00,Release 7.4.5 (#3043),CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2022-31091,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27526,"self::assertSame($shouldBePresent, $request->hasHeader('Authorization')); self::assertSame($shouldBePresent, $request->hasHeader('Cookie')); return new Response(200); } ]);",True,PHP,assertSame,RedirectMiddlewareTest.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-06-20 23:16:13+01:00,Release 7.4.5 (#3043),CWE-212,Improper Removal of Sensitive Information Before Storage or Transfer,"The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.",https://cwe.mitre.org/data/definitions/212.html,CVE-2022-31090,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27527,"self::assertSame($shouldBePresent, $request->hasHeader('Authorization')); self::assertSame($shouldBePresent, $request->hasHeader('Cookie')); return new Response(200); } ]);",True,PHP,assertSame,RedirectMiddlewareTest.php,https://github.com/guzzle/guzzle,guzzle,GitHub,2022-06-20 23:16:13+01:00,Release 7.4.5 (#3043),CWE-200,Exposure of Sensitive Information to an Unauthorized Actor,The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.,https://cwe.mitre.org/data/definitions/200.html,CVE-2022-31091,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27531,"protected function markCompleted($endStatus, ServiceResponse $serviceResponse, $gatewayMessage) { parent::markCompleted($endStatus, $serviceResponse, $gatewayMessage); $this->createMessage(Message\CreateCardResponse::class, $gatewayMessage); ErrorHandling::safeExtend($this->payment, 'onCardCreated', $serviceResponse); }",True,PHP,markCompleted,CreateCardService.php,https://github.com/silverstripe/silverstripe-omnipay,silverstripe,Loz Calver,2022-05-25 12:08:49+01:00,[CVE-2022-29254] Add extra validation on payment completion,CWE-436,Interpretation Conflict,"Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.",https://cwe.mitre.org/data/definitions/436.html,CVE-2022-29254,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27534,"protected function markCompleted($endStatus, ServiceResponse $serviceResponse, $gatewayMessage) { parent::markCompleted($endStatus, $serviceResponse, $gatewayMessage); $this->createMessage(Message\PurchasedResponse::class, $gatewayMessage); ErrorHandling::safeExtend($this->payment, 'onCaptured', $serviceResponse); }",True,PHP,markCompleted,PurchaseService.php,https://github.com/silverstripe/silverstripe-omnipay,silverstripe,Loz Calver,2022-05-25 12:08:49+01:00,[CVE-2022-29254] Add extra validation on payment completion,CWE-436,Interpretation Conflict,"Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.",https://cwe.mitre.org/data/definitions/436.html,CVE-2022-29254,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27535,"$payment->write(); $i++; } $this->payment->Status = 'Created'; $this->payment->setAmount($total); if ($total > 0) { $endStatus = 'Captured'; } } parent::markCompleted($endStatus, $serviceResponse, $gatewayMessage); if ($endStatus === 'Captured') { $this->createMessage(Message\PartiallyRefundedResponse::class, $gatewayMessage); } else { $this->createMessage(Message\RefundedResponse::class, $gatewayMessage); } ErrorHandling::safeExtend($this->payment, 'onRefunded', $serviceResponse); }",True,PHP,write,RefundService.php,https://github.com/silverstripe/silverstripe-omnipay,silverstripe,Loz Calver,2022-05-25 12:08:49+01:00,[CVE-2022-29254] Add extra validation on payment completion,CWE-436,Interpretation Conflict,"Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.",https://cwe.mitre.org/data/definitions/436.html,CVE-2022-29254,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27538,"protected function markCompleted($endStatus, ServiceResponse $serviceResponse, $gatewayMessage) { parent::markCompleted($endStatus, $serviceResponse, $gatewayMessage); $this->createMessage(Message\VoidedResponse::class, $gatewayMessage); ErrorHandling::safeExtend($this->payment, 'onVoid', $serviceResponse); }",True,PHP,markCompleted,VoidService.php,https://github.com/silverstripe/silverstripe-omnipay,silverstripe,Loz Calver,2022-05-25 12:08:49+01:00,[CVE-2022-29254] Add extra validation on payment completion,CWE-436,Interpretation Conflict,"Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.",https://cwe.mitre.org/data/definitions/436.html,CVE-2022-29254,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27540,"'desc' => html( 'td', '%input%' ) ), $data );",True,PHP,html,admin.php,https://github.com/lesterchan/wp-useronline,lesterchan,Lester Chan,2022-08-14 14:17:45+08:00,Fixed XSS. Props Juampa Rodriguez,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-2941,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27545,"private function getUpdateCheck() { UI::initTwig(); try { $json_result = \Froxlor\Api\Commands\Froxlor::getLocal($this->userinfo)->checkUpdate(); $result = json_decode($json_result, true)['data']; $result['full_version'] = Froxlor::getFullVersion(); $result['dbversion'] = Froxlor::DBVERSION; $uc_data = Update::getUpdateCheckData(); $result['last_update_check'] = $uc_data['ts']; $result['channel'] = Settings::Get('system.update_channel'); $result_rendered = UI::twig()->render($this->theme . '/misc/version_top.html.twig', $result); return $this->jsonResponse($result_rendered); } catch (Exception $e) { if ($e->getCode() != 403) { Response::dynamicError($e->getMessage()); } } }",True,PHP,getUpdateCheck,Ajax.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2022-12-30 21:43:27+01:00,"adjust Request-class methods to be more flexible Signed-off-by: Michael Kaufmann ",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-4864,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27547,private function resetTablelisting() { Listing::deleteColumnListingForUser([Request::get('listing') => []]); return $this->jsonResponse([]); },True,PHP,resetTablelisting,Ajax.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2022-12-30 21:43:27+01:00,"adjust Request-class methods to be more flexible Signed-off-by: Michael Kaufmann ",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-4864,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27548,"private function getConfigDetails() { if (isset($this->userinfo['adminsession']) && $this->userinfo['adminsession'] == 1 && $this->userinfo['change_serversettings'] == 1) { $distribution = isset($_POST['distro']) ? $_POST['distro'] : """"; $section = isset($_POST['section']) ? $_POST['section'] : """"; $daemon = isset($_POST['daemon']) ? $_POST['daemon'] : """"; $config_dir = FileDir::makeCorrectDir(Froxlor::getInstallDir() . '/lib/configfiles/'); if (!file_exists($config_dir . ""/"" . $distribution . "".xml"")) { return $this->errorResponse(""Unknown distribution. The configuration could not be found.""); } $configfiles = new ConfigParser($config_dir . ""/"" . $distribution . "".xml""); $services = $configfiles->getServices(); if (!isset($services[$section])) { return $this->errorResponse(""Unknown category for selected distribution""); } $daemons = $services[$section]->getDaemons(); if (!isset($daemons[$daemon])) { return $this->errorResponse(""Unknown service for selected category""); } $confarr = $daemons[$daemon]->getConfig(); UI::initTwig(); $content = ConfigDisplay::fromConfigArr($confarr, $configfiles->distributionEditor, $this->theme); return $this->jsonResponse([ 'title' => $configfiles->getCompleteDistroName() . ' » ' . $services[$section]->title . ' » ' . $daemons[$daemon]->title, 'content' => $content ]); } return $this->errorResponse('Not allowed', 403); }",True,PHP,getConfigDetails,Ajax.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2022-12-30 21:43:27+01:00,"adjust Request-class methods to be more flexible Signed-off-by: Michael Kaufmann ",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-4864,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27549,public function __construct() { $this->action = $_GET['action'] ?? $_POST['action'] ?? null; $this->theme = $_GET['theme'] ?? 'Froxlor'; UI::sendHeaders(); UI::sendSslHeaders(); },True,PHP,__construct,Ajax.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2022-12-30 21:43:27+01:00,"adjust Request-class methods to be more flexible Signed-off-by: Michael Kaufmann ",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-4864,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27550,"private function getNewsfeed() { UI::initTwig(); $feed = ""https: if (isset($_GET['role']) && $_GET['role'] == ""customer"") { $custom_feed = Settings::Get(""customer.news_feed_url""); if (!empty(trim($custom_feed))) { $feed = $custom_feed; } } if (!function_exists(""simplexml_load_file"")) { return $this->errorResponse([ ""Newsfeed not available due to missing php-simplexml extension"", ""Please install the php-simplexml extension in order to view our newsfeed."" ]); } if (!function_exists('curl_version')) { return $this->errorResponse([ ""Newsfeed not available due to missing php-curl extension"", ""Please install the php-curl extension in order to view our newsfeed."" ]); } $output = HttpClient::urlGet($feed); $news = simplexml_load_string(trim($output)); if ($news === false) { $err = []; foreach(libxml_get_errors() as $error) { $err[] = $error->message; } return $this->errorResponse( $err ); } if ($news) { $items = null; for ($i = 0; $i < 3; $i++) { $item = $news->channel->item[$i]; $title = (string)$item->title; $link = (string)$item->link; $date = date(""d.m.Y"", strtotime($item->pubDate)); $content = preg_replace(""/[\r\n]+/"", "" "", strip_tags($item->description)); $content = substr($content, 0, 150) . ""...""; $items .= UI::twig()->render($this->theme . '/user/newsfeeditem.html.twig', [ 'link' => $link, 'title' => $title, 'date' => $date, 'content' => $content ]); } return $this->jsonResponse($items); } else { return $this->errorResponse('No Newsfeeds available at the moment.'); } }",True,PHP,getNewsfeed,Ajax.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2022-12-30 21:43:27+01:00,"adjust Request-class methods to be more flexible Signed-off-by: Michael Kaufmann ",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-4864,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27552,"private function updateTablelisting() { $columns = []; foreach ((Request::get('columns') ?? []) as $value) { $columns[] = $value; } if (!empty($columns)) { Listing::storeColumnListingForUser([Request::get('listing') => $columns]); return $this->jsonResponse($columns); } return $this->errorResponse('At least one column must be selected', 406); }",True,PHP,updateTablelisting,Ajax.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2022-12-30 21:43:27+01:00,"adjust Request-class methods to be more flexible Signed-off-by: Michael Kaufmann ",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-4864,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27553,"private function searchGlobal() { $searchtext = Request::get('searchtext'); $result = []; $result_settings = []; if (isset($this->userinfo['adminsession']) && $this->userinfo['adminsession'] == 1 && $this->userinfo['change_serversettings'] == 1) { $result_settings = GlobalSearch::searchSettings($searchtext, $this->userinfo); } $result_entities = GlobalSearch::searchGlobal($searchtext, $this->userinfo); $result = array_merge($result_settings, $result_entities); return $this->jsonResponse($result); }",True,PHP,searchGlobal,Ajax.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2022-12-30 21:43:27+01:00,"adjust Request-class methods to be more flexible Signed-off-by: Michael Kaufmann ",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-4864,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27558,"private function loadLanguageString() { $langid = isset($_POST['langid']) ? $_POST['langid'] : """"; if (preg_match('/^([a-zA-Z\.]+)$/', $langid)) { return $this->jsonResponse(lng($langid)); } return $this->errorResponse('Invalid identifier: ' . $langid, 406); }",True,PHP,loadLanguageString,Ajax.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2022-12-30 21:43:27+01:00,"adjust Request-class methods to be more flexible Signed-off-by: Michael Kaufmann ",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-4864,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27560,"foreach ($fields as $name => $field) { $attributes[$name] = $this->validateAttribute(Request::get($name), $field); if (isset($field['next_to'])) { $attributes = array_merge($attributes, $this->validateRequest($field['next_to'])); } }",True,PHP,foreach,Install.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2022-12-30 21:43:27+01:00,"adjust Request-class methods to be more flexible Signed-off-by: Michael Kaufmann ",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-4864,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27562,"public static function get($key, string $default = null) { self::cleanAll(); return $_GET[$key] ?? $_POST[$key] ?? $default; }",True,PHP,get,Request.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2022-12-30 21:43:27+01:00,"adjust Request-class methods to be more flexible Signed-off-by: Michael Kaufmann ",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-4864,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27566,"function old(string $identifier, string $default = null, string $session = null) { if ($session && isset($_SESSION[$session])) { return $_SESSION[$session][$identifier] ?? $default; } return Request::get($identifier, $default); }",True,PHP,old,functions.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2022-12-30 21:43:27+01:00,"adjust Request-class methods to be more flexible Signed-off-by: Michael Kaufmann ",CWE-88,Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.",https://cwe.mitre.org/data/definitions/88.html,CVE-2022-4864,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27568,"protected function __construct($userinfo = []) { $this->initMonolog(); self::$userinfo = $userinfo; self::$logtypes = []; if ((Settings::Get('logger.logtypes') == null || Settings::Get('logger.logtypes') == '') && (Settings::Get('logger.enabled') !== null && Settings::Get('logger.enabled'))) { self::$logtypes[0] = 'syslog'; self::$logtypes[1] = 'mysql'; } else { if (Settings::Get('logger.logtypes') !== null && Settings::Get('logger.logtypes') != '') { self::$logtypes = explode(',', Settings::Get('logger.logtypes')); } else { self::$logtypes = null; } } if (self::$is_initialized == false) { foreach (self::$logtypes as $logger) { switch ($logger) { case 'syslog': self::$ml->pushHandler(new SyslogHandler('froxlor', LOG_USER, Logger::DEBUG)); break; case 'file': $logger_logfile = Settings::Get('logger.logfile'); @touch($logger_logfile); if (empty($logger_logfile) || !is_writable($logger_logfile)) { Settings::Set('logger.logfile', '/tmp/froxlor.log'); } self::$ml->pushHandler(new StreamHandler($logger_logfile, Logger::DEBUG)); break; case 'mysql': self::$ml->pushHandler(new MysqlHandler(Logger::DEBUG)); break; } } self::$is_initialized = true; } }",True,PHP,__construct,FroxlorLogger.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-01-14 13:09:42+01:00,"set file-log (if enabled) to be in froxlor/logs/ folder; fix ssl param directive for dovecot in Ubuntu Bionic; set version to 2.0.8 Signed-off-by: Michael Kaufmann ",CWE-77,Improper Neutralization of Special Elements used in a Command ('Command Injection'),"The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/77.html,CVE-2023-0315,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27569,"public function update() { $id = $this->getParam('id', true, 0); $un_optional = $id > 0; $username = $this->getParam('username', $un_optional, ''); $result = $this->apiCall('DirProtections.get', [ 'id' => $id, 'username' => $username ]); $id = $result['id']; $password = $this->getParam('directory_password', true, ''); $authname = $this->getParam('directory_authname', true, $result['authname']); $customer = $this->getCustomerData(); $authname = Validate::validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', [], true); Validate::validate($password, 'password', '', '', [], true); $upd_query = """"; $upd_params = [ ""id"" => $result['id'], ""cid"" => $customer['customerid'] ]; if (!empty($password)) { if ($password == $result['username']) { Response::standardError('passwordshouldnotbeusername', '', true); } $password_enc = Crypt::makeCryptPassword($password, true); $upd_query .= ""`password`= :password_enc""; $upd_params['password_enc'] = $password_enc; } if ($authname != $result['authname']) { if (!empty($upd_query)) { $upd_query .= "", ""; } $upd_query .= ""`authname` = :authname""; $upd_params['authname'] = $authname; } if (!empty($upd_query)) { $upd_stmt = Database::prepare("" UPDATE `"" . TABLE_PANEL_HTPASSWDS . ""` SET "" . $upd_query . "" WHERE `id` = :id AND `customerid`= :cid ""); Database::pexecute($upd_stmt, $upd_params, true, true); Cronjob::inserttask(TaskId::REBUILD_VHOST); } $this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, ""[API] updated directory-protection '"" . $result['username'] . "" ("" . $result['path'] . "")'""); $result = $this->apiCall('DirProtections.get', [ 'id' => $result['id'] ]); return $this->response($result); }",True,PHP,update,DirProtections.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-01-28 11:40:07+01:00,"enforce password requirements set in settings for directory-protection Signed-off-by: Michael Kaufmann ",CWE-521,Weak Password Requirements,"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.",https://cwe.mitre.org/data/definitions/521.html,CVE-2023-0564,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27572,"private function correctErrorDocument($errdoc = null, $throw_exception = false) { if ($errdoc !== null && $errdoc != '') { if ((strtoupper(substr($errdoc, 0, 5)) != 'HTTP:' && strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:') || !Validate::validateUrl($errdoc)) { if (substr($errdoc, 0, 1) != '""') { $errdoc = FileDir::makeCorrectFile($errdoc); if (!substr($errdoc, 0, 1) == '/') { $errdoc = '/' . $errdoc; } } else { if (Settings::Get('system.webserver') == 'lighttpd') { Response::standardError('stringerrordocumentnotvalidforlighty', '', $throw_exception); } elseif (substr($errdoc, -1) != '""') { $errdoc .= '""'; } } } else { if (Settings::Get('system.webserver') == 'lighttpd') { Response::standardError('urlerrordocumentnotvalidforlighty', '', $throw_exception); } } } return $errdoc; }",True,PHP,correctErrorDocument,DirOptions.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-01-28 20:00:24+01:00,"fix possible privilege escalation from customer to root when specifying custom error documents in directory-options Signed-off-by: Michael Kaufmann ",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2023-0671,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27576,"public static function export() { $settings_definitions = []; foreach (PhpHelper::loadConfigArrayDir('./actions/admin/settings/')['groups'] as $group) { foreach ($group['fields'] as $field) { $settings_definitions[$field['settinggroup']][$field['varname']] = $field; } } $result_stmt = Database::query("" SELECT * FROM `"" . TABLE_PANEL_SETTINGS . ""` ORDER BY `settingid` ASC ""); $_data = []; while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { $index = $row['settinggroup'] . ""."" . $row['varname']; if (!in_array($index, self::$no_export)) { $_data[$index] = $row['value']; } if (array_key_exists($row['settinggroup'], $settings_definitions) && array_key_exists($row['varname'], $settings_definitions[$row['settinggroup']])) { if ($settings_definitions[$row['settinggroup']][$row['varname']]['type'] === ""image"") { if ($row['value'] === """") { continue; } $_data[$index . '.image_data'] = base64_encode(file_get_contents(explode('?', $row['value'], 2)[0])); } } } $_data['_sha'] = sha1(var_export($_data, true)); $_export = json_encode($_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); if (!$_export) { throw new Exception(""Error exporting settings: "" . json_last_error_msg()); } return $_export; }",True,PHP,export,SImExporter.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-02-07 13:02:11+01:00,"run Form::processForm() when importing settings so the same validations apply if the import file has malicious content Signed-off-by: Michael Kaufmann ",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2023-0877,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27577,"Settings::Set($index, $value); } Settings::Flush(); return true; } throw new Exception(""Invalid JSON data: "" . json_last_error_msg()); }",True,PHP,Set,SImExporter.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-02-07 13:02:11+01:00,"run Form::processForm() when importing settings so the same validations apply if the import file has malicious content Signed-off-by: Michael Kaufmann ",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2023-0877,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27581,private function resetTablelisting() { Listing::deleteColumnListingForUser([Request::any('listing') => []]); return $this->jsonResponse([]); },True,PHP,resetTablelisting,Ajax.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-02-14 11:36:11+01:00,"check for existing fields when setting/updating tablelisting-columns Signed-off-by: Michael Kaufmann ",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2023-1033,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27583,"private function updateTablelisting() { $columns = []; foreach ((Request::any('columns') ?? []) as $value) { $columns[] = $value; } if (!empty($columns)) { Listing::storeColumnListingForUser([Request::any('listing') => $columns]); return $this->jsonResponse($columns); } return $this->errorResponse('At least one column must be selected', 406); }",True,PHP,updateTablelisting,Ajax.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-02-14 11:36:11+01:00,"check for existing fields when setting/updating tablelisting-columns Signed-off-by: Michael Kaufmann ",CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2023-1033,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27586,"$img_filename = Froxlor::getInstallDir() . '/' . str_replace('../', '', explode('?', $_data[$index_split[0] . '.' . $index_split[1]], 2)[0]); file_put_contents($img_filename, $img_data); if (function_exists('finfo_open')) { $finfo = finfo_open(FILEINFO_MIME_TYPE); $mimetype = finfo_file($finfo, $img_filename); finfo_close($finfo); } else { $mimetype = mime_content_type($img_filename); } if (empty($mimetype)) { $mimetype = 'application/octet-stream'; } if (!in_array($mimetype, ['image/jpeg', 'image/jpg', 'image/png', 'image/gif'])) { @unlink($img_filename); throw new Exception(""Uploaded file is not a valid image""); } $spl = explode('.', $img_filename); $file_extension = strtolower(array_pop($spl)); unset($spl); if (!in_array($file_extension, [ 'jpeg', 'jpg', 'png', 'gif' ])) { @unlink($img_filename); throw new Exception(""Invalid file-extension, use one of: jpeg, jpg, png, gif""); } Settings::Set($index, $value); } } return true; } else { throw new Exception(""Importing settings failed""); } }",True,PHP,getInstallDir.'/'.str_replace,SImExporter.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-03-08 09:33:30+01:00,"better validation for uploaded/imported image files Signed-off-by: Michael Kaufmann ",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-2034,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27587,"public static function storeSettingImage($fieldname, $fielddata) { if (isset($fielddata['settinggroup'], $fielddata['varname']) && is_array($fielddata) && $fielddata['settinggroup'] !== '' && $fielddata['varname'] !== '') { $save_to = null; $path = Froxlor::getInstallDir() . '/img/'; $path = FileDir::makeCorrectDir($path); if (isset($_FILES[$fieldname]) && $_FILES[$fieldname]['tmp_name']) { if (!is_dir($path) && !mkdir($path, 0775)) { throw new Exception(""img directory does not exist and cannot be created""); } if (!is_writable($path)) { if (!chmod($path, 0775)) { throw new Exception(""Cannot write to img directory""); } } if (function_exists('finfo_open')) { $finfo = finfo_open(FILEINFO_MIME_TYPE); $mimetype = finfo_file($finfo, $_FILES[$fieldname]['tmp_name']); finfo_close($finfo); } else { $mimetype = mime_content_type($_FILES[$fieldname]['tmp_name']); } if (empty($mimetype)) { $mimetype = 'application/octet-stream'; } if (!in_array($mimetype, ['image/jpeg', 'image/jpg', 'image/png', 'image/gif'])) { throw new \Exception(""Uploaded file is not a valid image""); } $spl = explode('.', $_FILES[$fieldname]['name']); $file_extension = strtolower(array_pop($spl)); unset($spl); if (!in_array($file_extension, [ 'jpeg', 'jpg', 'png', 'gif' ])) { throw new Exception(""Invalid file-extension, use one of: jpeg, jpg, png, gif""); } if (!move_uploaded_file($_FILES[$fieldname]['tmp_name'], $path . $fielddata['image_name'] . '.' . $file_extension)) { throw new Exception(""Unable to save image to img folder""); } $save_to = 'img/' . $fielddata['image_name'] . '.' . $file_extension . '?v=' . time(); } if ($fielddata['value'] !== """" && array_key_exists($fieldname . '_delete', $_POST) && $_POST[$fieldname . '_delete']) { @unlink(Froxlor::getInstallDir() . '/' . explode('?', $fielddata['value'], 2)[0]); $save_to = ''; } if ($save_to === null) { return [ $fielddata['settinggroup'] . '.' . $fielddata['varname'] => $fielddata['value'] ]; } if (Settings::Set($fielddata['settinggroup'] . '.' . $fielddata['varname'], $save_to) === false) { return false; } return [ $fielddata['settinggroup'] . '.' . $fielddata['varname'] => $save_to ]; } return false; }",True,PHP,storeSettingImage,Store.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-03-08 09:33:30+01:00,"better validation for uploaded/imported image files Signed-off-by: Michael Kaufmann ",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-2034,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27593,"$str .= self::tabPrefix($depth, ""'{$key}' => $value,\n""); } else { $str .= self::tabPrefix($depth, ""'{$key}' => '{$value}',\n""); } } else { $str .= self::parseArrayToString($value, $key, ($depth + 1)); } }",True,PHP,tabPrefix,PhpHelper.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-05-02 10:19:53+02:00,"introduce http-request rate-limit; smaller fixes Signed-off-by: Michael Kaufmann ",CWE-770,Allocation of Resources Without Limits or Throttling,"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.",https://cwe.mitre.org/data/definitions/770.html,CVE-2023-2666,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27594,public function __construct($params = null) { if (!is_null($params)) { $params = $this->trimArray($params); } $this->cmd_params = $params; },True,PHP,__construct,ApiParameter.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-07-16 16:44:46+02:00,"validate non-empy admin-name in Admins.update() Signed-off-by: Michael Kaufmann ",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2023-4304,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27595,"protected function getUlParam($param = null, $ul_field = null, $optional = false, $default = 0) { $param_value = (int)$this->getParam($param, $optional, $default); $ul_field_value = $this->getBoolParam($ul_field, true, 0); if ($ul_field_value != '0') { $param_value = -1; } return $param_value; }",True,PHP,getUlParam,ApiParameter.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-07-16 16:44:46+02:00,"validate non-empy admin-name in Admins.update() Signed-off-by: Michael Kaufmann ",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2023-4304,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27597,"private function getModFunctionString($level = 1, $max_level = 5, $trace = null) { $_class = get_called_class(); if (empty($trace)) { $trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); } $class = $trace[$level]['class']; $func = $trace[$level]['function']; if ($class != $_class && $level <= $max_level) { return $this->getModFunctionString(++$level, $max_level, $trace); } return str_replace(""Froxlor\\Api\\Commands\\"", """", $class) . ':' . $func; }",True,PHP,getModFunctionString,ApiParameter.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-07-16 16:44:46+02:00,"validate non-empy admin-name in Admins.update() Signed-off-by: Michael Kaufmann ",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2023-4304,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27599,"protected function getBoolParam($param = null, $optional = false, $default = false) { $_default = '0'; if ($default) { $_default = '1'; } $param_value = $this->getParam($param, $optional, $_default); if ($param_value && intval($param_value) != 0) { return '1'; } return '0'; }",True,PHP,getBoolParam,ApiParameter.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-07-16 16:44:46+02:00,"validate non-empy admin-name in Admins.update() Signed-off-by: Michael Kaufmann ",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2023-4304,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27600,"protected function getParam($param = null, $optional = false, $default = '') { if (!isset($this->cmd_params[$param])) { if ($optional === false) { $inmod = $this->getModFunctionString(); throw new Exception('Requested parameter ""' . $param . '"" could not be found for ""' . $inmod . '""', 404); } return $default; } if ($this->cmd_params[$param] === """") { if ($optional === false) { $inmod = $this->getModFunctionString(); throw new Exception('Requested parameter ""' . $param . '"" is empty where it should not be for ""' . $inmod . '""', 406); } return ''; } return $this->cmd_params[$param]; }",True,PHP,getParam,ApiParameter.php,https://github.com/froxlor/froxlor,froxlor,Michael Kaufmann,2023-07-16 16:44:46+02:00,"validate non-empy admin-name in Admins.update() Signed-off-by: Michael Kaufmann ",NVD-CWE-noinfo,Insufficient Information,There is insufficient information about the issue to classify it; details are unkown or unspecified.,https://nvd.nist.gov/vuln/categories,CVE-2023-4304,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27605,"$pfTaskJob->update($input); $tasks_id = $data['plugin_glpiinventory_tasks_id']; } } else { $this->getFromDB($packages_id); $input = [ 'name' => '[deploy on demand] ' . $this->fields['name'], 'entities_id' => $computer->fields['entities_id'], 'reprepare_if_successful' => 0, 'is_deploy_on_demand' => 1, 'is_active' => 1, ]; $tasks_id = $pfTask->add($input); $input = [ 'plugin_glpiinventory_tasks_id' => $tasks_id, 'entities_id' => $computer->fields['entities_id'], 'name' => 'deploy', 'method' => 'deployinstall', 'targets' => '[{""PluginGlpiinventoryDeployPackage"":""' . $packages_id . '""}]', 'actors' => exportArrayToDB([['Computer' => $computers_id]]), 'enduser' => exportArrayToDB([$users_id => [$computers_id]]), ]; $pfTaskJob->add($input); } $pfTask->prepareTaskjobs(['deployinstall'], $tasks_id); }",True,PHP,update,deploypackage.class.php,https://github.com/glpi-project/glpi-inventory-plugin,glpi-project,GitHub,2022-06-20 09:06:12+02:00,Merge pull request from GHSA-q6m7-h6rj-5wmw,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31082,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27607,"public function saveUpdate() { $locale = fusion_get_locale(); $settings = fusion_get_settings(); $this->_method = ""validate_update""; $is_core_page = (post(""user_name"") || post(""user_password"") || post('user_password1') || post('user_password2') || post(""user_admin_password"") || post(""user_email"")); if ($is_core_page) { $this->setUserName(); $this->setPassword(); if (!defined('ADMIN_PANEL')) { $this->setAdminPassword(); } $this->setUserEmail(); $this->setUserAvatar(); } if ($this->validation == 1) { $this->setValidationError(); } $quantum = new QuantumFields(); $quantum->setCategoryDb(DB_USER_FIELD_CATS); $quantum->setFieldDb(DB_USER_FIELDS); $quantum->setPluginFolder(INCLUDES.""user_fields/""); $quantum->setPluginLocaleFolder(LOCALE.LOCALESET.""user_fields/""); $quantum->loadFields(); $quantum->loadFieldCats(); $quantum->setCallbackData($this->userData); $_input = $quantum->returnFieldsInput(DB_USERS, 'user_id'); if (!empty($_input)) { foreach ($_input as $input) { $this->data += $input; } } $this->data = $this->getData(); $a_check = ($this->userData[""user_password""] != sanitizer(""user_hash"", """", ""user_hash"")); $b_check = ($this->userData['user_id'] != fusion_get_userdata('user_id')); if (iADMIN && checkrights(""M"")) { $a_check = FALSE; $b_check = FALSE; } if ($a_check or $b_check) { fusion_stop(); } if (fusion_safe()) { if ($is_core_page) { if ($this->_userName !== $this->userData['user_name']) { save_user_log($this->userData['user_id'], ""user_name"", $this->_userName, $this->userData['user_name']); } if ($this->_userEmail !== $this->userData['user_email']) { save_user_log($this->userData['user_id'], ""user_email"", $this->_userEmail, $this->userData['user_email']); } } $quantum->logUserAction(DB_USERS, ""user_id""); dbquery_insert(DB_USERS, $this->data, 'update', ['keep_session' => TRUE]); $this->_completeMessage = $locale['u163']; if ($this->isAdminPanel && $this->_isValidCurrentPassword && $this->_newUserPassword && $this->_newUserPassword2) { include INCLUDES.""sendmail_include.php""; addnotice(""success"", str_replace(""USER_NAME"", $this->userData['user_name'], $locale['global_458'])); $input = [ ""mailname"" => $this->userData['user_name'], ""email"" => $this->userData['user_email'], ""subject"" => str_replace(""[SITENAME]"", $settings['sitename'], $locale['global_456']), ""message"" => str_replace( [ ""[SITENAME]"", ""[SITEUSERNAME]"", ""USER_NAME"", ""[PASSWORD]"" ], [ $settings['sitename'], $settings['siteusername'], $this->userData['user_name'], $this->_newUserPassword, ], $locale['global_457'] ) ]; if (!sendemail($input['mailname'], $input['email'], $settings['siteusername'], $settings['siteemail'], $input['subject'], $input['message']) ) { addnotice('warning', str_replace(""USER_NAME"", $this->userData['user_name'], $locale['global_459'])); } redirect(FUSION_REQUEST); return FALSE; } addnotice('success', $locale['u169']); return TRUE; } return FALSE; }",True,PHP,saveUpdate,UserFieldsInput.php,https://github.com/phpfusion/phpfusion,phpfusion,deviance,2022-08-19 15:16:46+08:00,"Security fixes Signed-off-by: deviance ",CWE-287,Improper Authentication,"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.",https://cwe.mitre.org/data/definitions/287.html,CVE-2022-3152,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27609,static function getOrder($order) { if($_REQUEST['order'] && $orderWays[strtoupper($_REQUEST['order'])]) { $order=$orderWays[strtoupper($_REQUEST['order'])]; } $order=$order?$order:'DESC'; return $order; },True,PHP,getOrder,class.audit.php,https://github.com/osTicket/osTicket-plugins,osTicket,JediKev,2022-04-21 18:52:18+00:00,"security: Audit Log Injection This mitigates a vulnerability discovered by the AppSec Research Team at Checkmarx where it's possible to perform injection via Audit Log plugin. This is due to passing the `order` URL param directly to the select query. This refactors the `getOrder()` method to only return predefined sort orders to prevent using user-input.",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-31890,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27611,"public function createComment($id, $source = ""leaves/leaves""){ $this->auth->checkIfOperationIsAllowed('view_leaves'); $data = getUserContext($this); $oldComment = $this->leaves_model->getCommentsLeave($id); $newComment = new stdClass; $newComment->type = ""comment""; $newComment->author = $this->session->userdata('id'); $newComment->value = $this->input->post('comment'); $newComment->date = date(""Y-n-j""); if ($oldComment != NULL){ array_push($oldComment->comments, $newComment); }else { $oldComment = new stdClass; $oldComment->comments = array($newComment); } $json = json_encode($oldComment); $this->leaves_model->addComments($id, $json); if(isset($_GET['source'])){ $source = $_GET['source']; } redirect(""/$source/$id""); }",True,PHP,createComment,Leaves.php,https://github.com/bbalet/jorani,bbalet,Benjamin BALET,2022-06-06 15:02:42+02:00,BF:Persistent XSS fix #369,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-34133,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27613,"public function active($id, $active) { $this->auth->checkIfOperationIsAllowed('list_users'); $this->users_model->setActive($id, $active); $this->session->set_flashdata('msg', lang('users_edit_flash_msg_success')); redirect('users'); }",True,PHP,active,Users.php,https://github.com/bbalet/jorani,bbalet,Benjamin BALET,2022-06-06 17:29:03+02:00,BF:security on users mgt with CSRF token fix #369,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-34134,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27614,"public function disable($id) { $this->active($id, FALSE); }",True,PHP,disable,Users.php,https://github.com/bbalet/jorani,bbalet,Benjamin BALET,2022-06-06 17:29:03+02:00,BF:security on users mgt with CSRF token fix #369,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-34134,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27615,"public function delete($id) { $this->auth->checkIfOperationIsAllowed('delete_user'); $data['users_item'] = $this->users_model->getUsers($id); if (empty($data['users_item'])) { redirect('notfound'); } else { $this->users_model->deleteUser($id); } log_message('error', 'User $this->session->set_flashdata('msg', lang('users_delete_flash_msg_success')); redirect('users'); }",True,PHP,delete,Users.php,https://github.com/bbalet/jorani,bbalet,Benjamin BALET,2022-06-06 17:29:03+02:00,BF:security on users mgt with CSRF token fix #369,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-34134,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27616,"public function enable($id) { $this->active($id, TRUE); }",True,PHP,enable,Users.php,https://github.com/bbalet/jorani,bbalet,Benjamin BALET,2022-06-06 17:29:03+02:00,BF:security on users mgt with CSRF token fix #369,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2022-34134,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27617,"public function validate() { header(""Content-Type: application/json""); $id = $this->input->post('id', TRUE); $type = $this->input->post('type', TRUE); $date = $this->input->post('startdate', TRUE); $d = DateTime::createFromFormat('Y-m-d', $date); $startdate = ($d && $d->format('Y-m-d') === $date)?$date:'1970-01-01'; $date = $this->input->post('enddate', TRUE); $d = DateTime::createFromFormat('Y-m-d', $date); $enddate = ($d && $d->format('Y-m-d') === $date)?$date:'1970-01-01'; $startdatetype = $this->input->post('startdatetype', TRUE); $enddatetype = $this->input->post('enddatetype', TRUE); $leave_id = $this->input->post('leave_id', TRUE); $leaveValidator = new stdClass; $deductDayOff = FALSE; if (isset($id) && isset($type)) { $typeObject = $this->types_model->getTypeByName($type); $deductDayOff = $typeObject['deduct_days_off']; if (isset($startdate) && $startdate !== """") { $leaveValidator->credit = $this->leaves_model->getLeavesTypeBalanceForEmployee($id, $type, $startdate); } else { $leaveValidator->credit = $this->leaves_model->getLeavesTypeBalanceForEmployee($id, $type); } } if (isset($id) && isset($startdate) && isset($enddate)) { if (isset($leave_id)) { $leaveValidator->overlap = $this->leaves_model->detectOverlappingLeaves($id, $startdate, $enddate, $startdatetype, $enddatetype, $leave_id); } else { $leaveValidator->overlap = $this->leaves_model->detectOverlappingLeaves($id, $startdate, $enddate, $startdatetype, $enddatetype); } } $this->load->model('contracts_model'); $startentdate = NULL; $endentdate = NULL; $hasContract = $this->contracts_model->getBoundaries($id, $startentdate, $endentdate); $leaveValidator->PeriodStartDate = $startentdate; $leaveValidator->PeriodEndDate = $endentdate; $leaveValidator->hasContract = $hasContract; if (isset($id) && ($startdate!='') && ($enddate!='') && $hasContract===TRUE) { $this->load->model('dayoffs_model'); $leaveValidator->listDaysOff = $this->dayoffs_model->listOfDaysOffBetweenDates($id, $startdate, $enddate); $result = $this->leaves_model->actualLengthAndDaysOff($id, $startdate, $enddate, $startdatetype, $enddatetype, $leaveValidator->listDaysOff, $deductDayOff); $leaveValidator->overlapDayOff = $result['overlapping']; $leaveValidator->lengthDaysOff = $result['daysoff']; $leaveValidator->length = $result['length']; } if (isset($id) && isset($startdate) && isset($enddate) && $hasContract===FALSE) { $leaveValidator->length = $this->leaves_model->length($id, $startdate, $enddate, $startdatetype, $enddatetype); } $leaveValidator->RequestStartDate = $startdate; $leaveValidator->RequestEndDate = $enddate; echo json_encode($leaveValidator); }",True,PHP,validate,Leaves.php,https://github.com/bbalet/jorani,bbalet,Benjamin BALET,2022-06-06 17:49:54+02:00,BF:Prevent SQL injection fix #369,CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2022-34132,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27620,"public function do_field( $field ) { switch ( $field['type'] ) { case 'checkbox': echo 'get_option( $field['id'] ), false ) . ' />'; break; case 'text': echo 'get_option( $field['id'] ) . '"" class=""rp4wp-input-text"" />'; break; case 'textarea': echo ''; break; case 'button_link': echo '' . $field['default'] . ''; break; } if ( isset( $field['description'] ) && '' != $field['description'] ) { echo ''; } if ( has_filter( 'rp4wp_' . $field['id'] ) ) { echo 'This option is overwritten by a filter.'; } echo PHP_EOL; }",True,PHP,do_field,class-settings.php,https://github.com/barrykooij/related-posts-for-wp,barrykooij,Barry Kooij,2022-10-13 14:33:29+02:00,"Escape output in setting fields, fixes XSS CWE-79. Props @und3sc0n0c1d0",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-3506,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27622,"->first(function (User $user) { return $user->getPreference('blocksPd', false); }) !== null;",True,PHP,first,Screener.php,https://github.com/FriendsOfFlarum/byobu,FriendsOfFlarum,GitHub,2022-07-31 21:27:43+01:00,fix: prevent starting a PD with users blocking them (#175),CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2022-35921,"static function displayname() { return gt(""e-Commerce Category Manager""); }" 27625,"static function (?NodeInterface $node, string $name) use ($nodes, $names) { return $node === null && !in_array($name, $names, true) || $node !== null && !in_array($node, $nodes, true); },",True,PHP,use,Behavior.php,https://github.com/TYPO3/html-sanitizer,TYPO3,GitHub,2023-07-25 09:14:55+02:00,"Merge pull request from GHSA-59jf-3q9v-rh6g * [SECURITY] Properly encode noscript child nodes The `
    '; } } } } else if (substr($this->row[$db_name], 0, 4) == 'row[$db_name]; } else { $main_text .= $this->get_split_text(strip_tags($this->row[$db_name]), 100); } $main_text .= ''; $main_text .= ''; }",True,PHP,get_split_text,view.php,https://github.com/andrzuk/MyCMS,andrzuk,Andrzej,2022-06-01 09:32:13+02:00,Vulnerability fix: add strip_tags to details view in visitors module.,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2022-4892,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27944,"function calculateProductHavingQuantity(int $productId) { global $table_prefeix; return easySelect( ""products"", ""product_id, ( IF(purchase_item_quantity IS NULL, 0, SUM(purchase_item_quantity) + if(returns_products_quantity is null, 0, returns_products_quantity) ) - IF(sale_item_quantity IS NULL, 0, SUM(sale_item_quantity))) AS having_item_quantity"", array ( ""left join (select purchase_item_product_id, sum(purchase_item_quantity) as purchase_item_quantity from {$table_prefeix}product_purchase_items where is_trash = 0 group by purchase_item_product_id) as {$table_prefeix}product_purchase_items on purchase_item_product_id = product_id"", ""left join (select sale_item_product_id, sum(sale_item_quantity) as sale_item_quantity from {$table_prefeix}sale_items where is_trash = 0 group by sale_item_product_id) as {$table_prefeix}sale_items on sale_item_product_id = product_id"", ""left join (select product_return_items_product_id, sum(product_return_items_products_quantity) as returns_products_quantity from {$table_prefeix}product_return_items where is_trash = 0 group by product_return_items_product_id) as returns_product on product_id = product_return_items_product_id"" ), array ( ""product_id "" => $productId ) )['data'][0][""having_item_quantity""]; }",True,PHP,calculateProductHavingQuantity,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27945,"function add_login_info(int $user_id) { global $table_prefeix; global $conn; $user_ip = safe_input(get_ipaddr()); $user_aggent = safe_input($_SERVER['HTTP_USER_AGENT']); $conn->query(""INSERT INTO {$table_prefeix}users_login_history (login_users_id, login_ip, login_user_aggent) VALUES ('{$user_id}', '{$user_ip}', '{$user_aggent}')""); }",True,PHP,add_login_info,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27947,"function save_query($query) { global $table_prefeix; global $conn; $query = json_encode($query); $conn->query(""INSERT INTO {$table_prefeix}latest_queries (query_value) VALUES ($query)""); }",True,PHP,save_query,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27948,"$whereClause .= ""{$whereField} = '"".safe_input($whereValue).""'""; } $sqlQuery = ""UPDATE {$table_prefeix}{$table} SET is_trash=1 WHERE {$whereClause}""; if($conn->query($sqlQuery) === TRUE) { return true; } else { create_log($conn->error, debug_backtrace()); $conn->get_all_error[] = $conn->error; return $conn->error; } }",True,PHP,"""{$whereField} = '"".safe_input",functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27949,"function easyUpload( array $file, string $location=""db"", string $newFileName="""", string $type=""image"" ) { if(!isset($file[""size""]) or $file[""size""] < 1 ) { return ""There is no file found to be uploaded.""; } global $_SETTINGS; $mimeType = strtolower($file[""type""]); $extension = explode(""."", $file[""name""]); $extension = end($extension); $maxUploadSize = $_SETTINGS[""MAX_UPLOAD_SIZE""] * 1024 * 1024; if ($maxUploadSize < $file[""size""]) { return ""The file is exceeded the max upload size ({$_SETTINGS[""MAX_UPLOAD_SIZE""]} MB)""; } $validFileForUpload = []; switch($type) { case ""image"": $validFileForUpload = $_SETTINGS[""VALID_IMAGE_TYPE_FOR_UPLOAD""]; break; case ""document"": $validFileForUpload = $_SETTINGS[""VALID_DOCUMENT_TYPE_FOR_UPLOAD""]; break; case ""video"": $validFileForUpload = $_SETTINGS[""VALID_VIDEO_TYPE_FOR_UPLOAD""]; break; case ""audio"": $validFileForUpload = $_SETTINGS[""VALID_AUDIO_TYPE_FOR_UPLOAD""]; break; case ""program"": $validFileForUpload = $_SETTINGS[""VALID_PROGRAM_TYPE_FOR_UPLOAD""]; break; case 'all': $validFileForUpload = array_merge($_SETTINGS[""VALID_IMAGE_TYPE_FOR_UPLOAD""], $_SETTINGS[""VALID_DOCUMENT_TYPE_FOR_UPLOAD""]); break; } if( isset( $validFileForUpload[$extension] ) AND in_array( $mimeType, $validFileForUpload[$extension] ) ) { if($location == ""db"") { return array ( ""success"" => true, ""imageType"" => $file[""type""], ""blobString"" => file_get_contents($file[""tmp_name""]) ); } else { $uploadDir = DIR_UPLOAD . $location; if(!is_dir($uploadDir) && !mkdir($uploadDir, 0777, true)) { return ""Error creating directory""; } $file_name = rand().$file[""name""]; if(!empty($newFileName)) { $file_name = $newFileName . ""."" . $extension; } if(move_uploaded_file($file[""tmp_name""], $uploadDir .""/"" . $file_name )) { return array ( ""success"" => true, ""fileName"" => $file_name ); } else { return ""Can not upload the file""; } } } else { return ""Invalid {$type} type.""; } }",True,PHP,easyUpload,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27950,"function near_unit_qty($product_id, $qty, $unit) { global $table_prefeix; $getData = easySelectA(array( ""table"" => ""products as whereProduct"", ""fields"" => ""joinProduct.product_unit as product_unit, equal_unit_qnt, base_qnt"", ""join"" => array( ""left join {$table_prefeix}products as joinProduct on joinProduct.product_name = whereProduct.product_name"", ""left join {$table_prefeix}product_units on unit_name = joinProduct.product_unit"" ), ""where"" => array( ""joinProduct.is_trash = 0 and joinProduct.product_unit is not null and whereProduct.product_id"" => $product_id ), ""orderby"" => array( ""base_qnt"" => ""DESC"" ) )); if($getData !== false) { $totalBaseQty = $qty; $remainQty = 0; $finalUnitName = """"; $finalQtyBasedOnUnit = 0; foreach($getData[""data""] as $pKey => $pVal ) { if( $pVal[""product_unit""] === $unit) { $totalBaseQty *= $pVal[""base_qnt""]; break; } } foreach($getData[""data""] as $pKey => $pVal ) { if( $pVal[""base_qnt""] <= $totalBaseQty) { $finalUnitName = $pVal[""product_unit""]; $remainQty = ($totalBaseQty % $pVal[""base_qnt""]); $finalQtyBasedOnUnit = ($totalBaseQty - $remainQty) / $pVal[""base_qnt""]; break; } } return $finalQtyBasedOnUnit . "" "" . $finalUnitName . ( $remainQty > 0 ? "", "" . near_unit_qty($product_id, $remainQty, $unit) : """"); } else {",True,PHP,near_unit_qty,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27952,"function updateAccountBalance(int $accounts_id) { global $table_prefeix; $gad = easySelectD("" select accounts_id, accounts_opening_balance, if(loan_amount_sum is null, 0, loan_amount_sum) as loan_amount_sum, if(capital_amounts_sum is null, 0, capital_amounts_sum) as capital_amounts_sum, if(incomes_amount_sum is null, 0, incomes_amount_sum) as incomes_amount_sum, if(payment_amount_sum is null, 0, payment_amount_sum) as payment_amount_sum, if(transfer_send_amount_sum is null, 0, transfer_send_amount_sum) as transfer_send_amount_sum, if(transfer_received_amount_sum is null, 0, transfer_received_amount_sum) as transfer_received_amount_sum, if(received_payments_amount_sum is null, 0, received_payments_amount_sum) as received_payments_amount_sum, if(advance_payment_amount_sum is null, 0, advance_payment_amount_sum) as advance_payment_amount_sum, if(payment_incoming_return_amount_sum is null, 0, payment_incoming_return_amount_sum) as payment_incoming_return_amount_sum, if(payment_outgoing_return_amount_sum is null, 0, payment_outgoing_return_amount_sum) as payment_outgoing_return_amount_sum, if(journal_incoming_payment is null, 0, journal_incoming_payment) as journal_incoming_payment_sum, if(journal_outgoing_payment is null, 0, journal_outgoing_payment) as journal_outgoing_payment_sum from {$table_prefeix}accounts left join ( select loan_paying_from, sum(loan_amount) as loan_amount_sum from {$table_prefeix}loan where is_trash = 0 group by loan_paying_from ) as {$table_prefeix}loan on loan_paying_from = accounts_id left join ( select capital_accounts, sum(capital_amounts) as capital_amounts_sum from {$table_prefeix}capital where is_trash = 0 group by capital_accounts ) as capital on capital_accounts = accounts_id left join ( select incomes_accounts_id, sum(incomes_amount) as incomes_amount_sum from {$table_prefeix}incomes where is_trash = 0 group by incomes_accounts_id ) as incomes on incomes_accounts_id = accounts_id left join ( select payment_from, sum(payment_amount) as payment_amount_sum from {$table_prefeix}payments where is_trash = 0 and payment_status != 'Cancel' and ( payment_type != 'Advance Adjustment' or payment_type is null ) group by payment_from ) as payments on payment_from = accounts_id left join ( select transfer_money_from, sum(transfer_money_amount) as transfer_send_amount_sum from {$table_prefeix}transfer_money where is_trash = 0 group by transfer_money_from ) as transfer_money_send on transfer_money_from = accounts_id left join ( select transfer_money_to, sum(transfer_money_amount) as transfer_received_amount_sum from {$table_prefeix}transfer_money where is_trash = 0 group by transfer_money_to ) as transfer_money_received on transfer_money_to = accounts_id left join ( select received_payments_accounts, sum(received_payments_amount) as received_payments_amount_sum from {$table_prefeix}received_payments where is_trash = 0 and received_payments_type != 'Discounts' group by received_payments_accounts ) as {$table_prefeix}received_payments on received_payments_accounts = accounts_id left join ( select sum(advance_payment_amount) as advance_payment_amount_sum, advance_payment_pay_from from {$table_prefeix}advance_payments where is_trash = 0 group by advance_payment_pay_from ) as get_advance_payments on advance_payment_pay_from = accounts_id left join ( select payments_return_accounts, sum( case when payments_return_type = 'Incoming' then payments_return_amount end ) as payment_incoming_return_amount_sum, sum( case when payments_return_type = 'Outgoing' then payments_return_amount end ) as payment_outgoing_return_amount_sum from {$table_prefeix}payments_return where is_trash = 0 group by payments_return_accounts ) as get_return_payments on payments_return_accounts = accounts_id left join ( select journal_records_accounts, sum( case when journal_records_payments_type = 'Incoming' then journal_records_payment_amount end) as journal_incoming_payment, sum( case when journal_records_payments_type = 'Outgoing' then journal_records_payment_amount end) as journal_outgoing_payment from {$table_prefeix}journal_records where is_trash = 0 group by journal_records_accounts ) as journal_incoming_records on journal_incoming_records.journal_records_accounts = accounts_id where accounts_id = {$accounts_id}"" )[""data""][0]; $accounts_balance = ( $gad[""accounts_opening_balance""] + $gad[""capital_amounts_sum""] + $gad[""incomes_amount_sum""] + $gad[""transfer_received_amount_sum""] + $gad[""received_payments_amount_sum""] + $gad[""payment_incoming_return_amount_sum""] + $gad[""journal_incoming_payment_sum""] ) - ( $gad[""loan_amount_sum""] + $gad[""payment_amount_sum""] + $gad[""transfer_send_amount_sum""] + $gad[""advance_payment_amount_sum""] + $gad[""journal_outgoing_payment_sum""] + $gad[""payment_outgoing_return_amount_sum""] ); easyUpdate( ""accounts"", array ( ""accounts_balance"" => $accounts_balance ), array ( ""accounts_id"" => $accounts_id ) ); }",True,PHP,updateAccountBalance,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27953,"function easySelectD($query) { global $table_prefeix; global $conn; $dataFromDB = []; $getResult = $conn->query($query); if($getResult === false) { create_log($conn->error, debug_backtrace()); $conn->get_all_error[] = $conn->error; return $conn->error; } if($getResult->num_rows > 0) { return array( ""count"" => $getResult->num_rows, ""data"" => $getResult->fetch_all(true) ); } else { return false; } }",True,PHP,easySelectD,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27954,"function save_deleted_date($table, $data) { global $table_prefeix; global $conn; $data = serialize($data); $conn->query(""INSERT INTO {$table_prefeix}deleted_data (deleted_from, deleted_data, deleted_by) VALUES ('{$table}', '{$data}', '{$_SESSION['uid']}')""); }",True,PHP,save_deleted_date,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27955,"function pageSlug() { $URI = explode(root_domain(), rtrim($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], ""/"")); $URI = explode(""?"", $URI[1]); return trim($URI[0], '/'); }",True,PHP,pageSlug,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27956,"function is_login() { global $table_prefeix; if( isset($_COOKIE[""keepAlive""]) !== true and isset($_SESSION[""LAST_ACTIVITY""]) and (time() - $_SESSION[""LAST_ACTIVITY""]) > AUTO_LOGOUT_TIME ) { session_unset(); return false; } $sesionUserId = isset($_SESSION[""uid""]) ? $_SESSION[""uid""] : """"; $sessionPassAccessKey = isset($_SESSION[""sak""]) ? $_SESSION[""sak""] : """"; defined('selectUser') ?: define('selectUser', easySelectA(array( ""table"" => ""users as user"", ""fields"" => ""user_email, user_emp_id, user_pass_aaccesskey"", ""where"" => array( ""user.is_trash = 0 and user_id"" => $sesionUserId, "" and user_pass_aaccesskey"" => $sessionPassAccessKey ) ))); $sha1 = """"; if( selectUser !== false and isset($_SESSION[""keepAliveOnNetworkChanges""]) and $_SESSION[""keepAliveOnNetworkChanges""] === 1 ) { $sha1 = sha1(selectUser[""data""][0][""user_email""].$_SERVER[""HTTP_USER_AGENT""]); } else if(selectUser !== false) { $sha1 = sha1(selectUser[""data""][0][""user_email""].$_SERVER[""HTTP_USER_AGENT""].$_SERVER[""REMOTE_ADDR""]); } if(isset($_SESSION[""uid""]) and isset($_SESSION[""sak""]) and $sha1 === $_SESSION[""sak""] and isset($_COOKIE[""eid""]) and selectUser[""count""] === 1 AND selectUser[""data""][0][""user_emp_id""] === $_COOKIE[""eid""]) { return true; } else { if( isset($_SESSION) ) { session_unset(); } return false; } }",True,PHP,is_login,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27961,"function getCustomerPaymentInfo_back(int $customer_id) { global $table_prefeix; easySelectD( ""select customer_id, if(customer_opening_balance is null, 0, customer_opening_balance) as customer_opening_balance, if(sales_grand_total is null, 0, sales_grand_total) as sales_grand_total, if(returns_grand_total is null, 0, returns_grand_total) as returns_grand_total, if(received_payments_amount is null, 0, received_payments_amount) as total_received_payments, if(received_payments_bonus is null, 0, received_payments_bonus) as total_given_bonus from {$table_prefeix}customers left join ( select sales_customer_id, sum(sales_grand_total) as sales_grand_total from {$table_prefeix}sales where is_trash = 0 group by sales_customer_id ) as sales on customer_id = sales_customer_id left join ( select product_returns_customer_id, sum(product_returns_grand_total) as returns_grand_total from {$table_prefeix}product_returns where is_trash = 0 group by product_returns_customer_id ) as product_returns on customer_id = product_returns_customer_id left join ( select received_payments_from, sum(received_payments_amount) as received_payments_amount, sum(received_payments_bonus) as received_payments_bonus from {$table_prefeix}received_payments where is_trash = 0 group by received_payments_from ) as {$table_prefeix}received_payments on customer_id = received_payments_from where customer_id = {$customer_id}"" ); }",True,PHP,getCustomerPaymentInfo_back,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 27971,"function getEmployeePayableAmount(int $emp_id, string $salary_type) { global $table_prefeix; $emp_opening_balance_name = ""emp_opening_"". strtolower($salary_type); $empPayableAmount = easySelectD("" select emp_id, ( ( if(salary_amount_sum is null, 0, salary_amount_sum) - if(payment_items_amount_sum is null, 0, payment_items_amount_sum) ) + ({$emp_opening_balance_name}) ) as emp_payable_amount from {$table_prefeix}employees left join ( select salary_emp_id, salary_type, sum(salary_amount) as salary_amount_sum from {$table_prefeix}salaries where is_trash = 0 and salary_type='{$salary_type}' group by salary_emp_id ) as {$table_prefeix}salaries on salary_emp_id = emp_id left join ( select payment_items_employee, sum(payment_items_amount) as payment_items_amount_sum from {$table_prefeix}payment_items where is_trash = 0 and payment_items_type='{$salary_type}' group by payment_items_employee ) as get_payments_items on payment_items_employee = emp_id where emp_id = {$emp_id} "")[""data""][0][""emp_payable_amount""]; if($salary_type === ""salary"") { $paidLoan = easySelectD("" select sum(loan_installment_paying_amount) as loan_paid_amount from {$table_prefeix}loan_installment where is_trash = 0 and loan_installment_provider = '{$emp_id}' group by loan_installment_provider ""); $empPayableAmount -= $paidLoan ? $paidLoan[""data""][0][""loan_paid_amount""] : 0; } return $empPayableAmount; }",True,PHP,getEmployeePayableAmount,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-02-23 11:14:03+06:00,Security Fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-0995,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 30107,"function easyUpload( array $file, string $location=""db"", string $newFileName="""", string $type=""image"" ) { if(!isset($file[""size""]) or $file[""size""] < 1 ) { return ""There is no file found to be uploaded.""; } global $_SETTINGS; $type = strtolower($type); $extensionName = strtolower(explode(""/"", $file[""type""])[1]); $maxUploadSize = $_SETTINGS[""MAX_UPLOAD_SIZE""] * 1024 * 1024; if ($maxUploadSize < $file[""size""]) { return ""The file is exceeded the max upload size ({$_SETTINGS[""MAX_UPLOAD_SIZE""]} MB)""; } $validExtensionForUpload = []; switch($type) { case ""image"": $validExtensionForUpload = $_SETTINGS[""VALID_IMAGE_TYPE_FOR_UPLOAD""]; break; case ""document"": $validExtensionForUpload = $_SETTINGS[""VALID_DOCUMENT_TYPE_FOR_UPLOAD""]; break; case ""video"": $validExtensionForUpload = $_SETTINGS[""VALID_VIDEO_TYPE_FOR_UPLOAD""]; break; case ""audio"": $validExtensionForUpload = $_SETTINGS[""VALID_AUDIO_TYPE_FOR_UPLOAD""]; break; case ""program"": $validExtensionForUpload = $_SETTINGS[""VALID_PROGRAM_TYPE_FOR_UPLOAD""]; break; case 'all': $validExtensionForUpload = array_merge($_SETTINGS[""VALID_IMAGE_TYPE_FOR_UPLOAD""], $_SETTINGS[""VALID_DOCUMENT_TYPE_FOR_UPLOAD""]); break; } if(!in_array($extensionName, $validExtensionForUpload)) { $validExtensionNameList = join("", "", $validExtensionForUpload); return ""Invalid {$type} type. Only {$validExtensionNameList} {$type} type are allowed to upload""; } if($location == ""db"") { return array ( ""success"" => true, ""imageType"" => $file[""type""], ""blobString"" => file_get_contents($file[""tmp_name""]) ); } else { $uploadDir = DIR_UPLOAD . $location; if(!is_dir($uploadDir) && !mkdir($uploadDir, 0777, true)) { return ""Error creating directory""; } $file_name = rand().$file[""name""]; if(!empty($newFileName)) { $file_extension = explode(""."", $file_name); $file_extension = end($file_extension); $file_name = $newFileName . ""."" . $file_extension; } if(move_uploaded_file($file[""tmp_name""], $uploadDir .""/"" . $file_name )) { return array ( ""success"" => true, ""fileName"" => $file_name ); } else { return ""Can not upload the file""; } } }",True,PHP,easyUpload,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-01-22 15:02:01+06:00,Update Security,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-0455,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 30108,"$whereClause .= ""{$whereField} = '"".safe_input($whereValue).""'""; } $sqlQuery = ""UPDATE {$table_prefix}{$table} SET is_trash=1 WHERE {$whereClause}""; if($conn->query($sqlQuery) === TRUE) { return true; } else { create_log($conn->error, debug_backtrace()); $conn->get_all_error[] = $conn->error; return $conn->error; } }",True,PHP,"""{$whereField} = '"".safe_input",functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-829,Inclusion of Functionality from Untrusted Control Sphere,"The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.",https://cwe.mitre.org/data/definitions/829.html,CVE-2023-2551,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 30109,"$whereClause .= ""{$whereField} = '"".safe_input($whereValue).""'""; } $sqlQuery = ""UPDATE {$table_prefix}{$table} SET is_trash=1 WHERE {$whereClause}""; if($conn->query($sqlQuery) === TRUE) { return true; } else { create_log($conn->error, debug_backtrace()); $conn->get_all_error[] = $conn->error; return $conn->error; } }",True,PHP,"""{$whereField} = '"".safe_input",functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2023-2552,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 30114,"function save_query($query) { global $table_prefix; global $conn; $query = json_encode($query); $conn->query(""INSERT INTO {$table_prefix}latest_queries (query_value) VALUES ($query)""); }",True,PHP,save_query,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-829,Inclusion of Functionality from Untrusted Control Sphere,"The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.",https://cwe.mitre.org/data/definitions/829.html,CVE-2023-2551,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 30115,"function save_query($query) { global $table_prefix; global $conn; $query = json_encode($query); $conn->query(""INSERT INTO {$table_prefix}latest_queries (query_value) VALUES ($query)""); }",True,PHP,save_query,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2023-2552,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 30124,"function easySelectD($query) { global $table_prefix; global $conn; $dataFromDB = []; $getResult = $conn->query($query); if($getResult === false) { create_log($conn->error, debug_backtrace()); $conn->get_all_error[] = $conn->error; return $conn->error; } if($getResult->num_rows > 0) { return array( ""count"" => $getResult->num_rows, ""data"" => $getResult->fetch_all(true) ); } else { return false; } }",True,PHP,easySelectD,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-829,Inclusion of Functionality from Untrusted Control Sphere,"The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.",https://cwe.mitre.org/data/definitions/829.html,CVE-2023-2551,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 30125,"function easySelectD($query) { global $table_prefix; global $conn; $dataFromDB = []; $getResult = $conn->query($query); if($getResult === false) { create_log($conn->error, debug_backtrace()); $conn->get_all_error[] = $conn->error; return $conn->error; } if($getResult->num_rows > 0) { return array( ""count"" => $getResult->num_rows, ""data"" => $getResult->fetch_all(true) ); } else { return false; } }",True,PHP,easySelectD,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2023-2552,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 30126,"function runQuery($query){ global $conn; $runQuery = $conn->query($query); if($runQuery === false) { create_log($conn->error, debug_backtrace()); $conn->get_all_error[] = $conn->error; return $conn->error; } else { return true; } }",True,PHP,runQuery,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-829,Inclusion of Functionality from Untrusted Control Sphere,"The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.",https://cwe.mitre.org/data/definitions/829.html,CVE-2023-2551,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 30127,"function runQuery($query){ global $conn; $runQuery = $conn->query($query); if($runQuery === false) { create_log($conn->error, debug_backtrace()); $conn->get_all_error[] = $conn->error; return $conn->error; } else { return true; } }",True,PHP,runQuery,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2023-2552,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 30128,"function add_login_info(int $user_id) { global $table_prefix; global $conn; $user_ip = safe_input(get_ipaddr()); $user_aggent = safe_input($_SERVER['HTTP_USER_AGENT']); $conn->query(""INSERT INTO {$table_prefix}users_login_history (login_users_id, login_ip, login_user_aggent) VALUES ('{$user_id}', '{$user_ip}', '{$user_aggent}')""); }",True,PHP,add_login_info,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-829,Inclusion of Functionality from Untrusted Control Sphere,"The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.",https://cwe.mitre.org/data/definitions/829.html,CVE-2023-2551,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 30129,"function add_login_info(int $user_id) { global $table_prefix; global $conn; $user_ip = safe_input(get_ipaddr()); $user_aggent = safe_input($_SERVER['HTTP_USER_AGENT']); $conn->query(""INSERT INTO {$table_prefix}users_login_history (login_users_id, login_ip, login_user_aggent) VALUES ('{$user_id}', '{$user_ip}', '{$user_aggent}')""); }",True,PHP,add_login_info,functions.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2023-2552,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36332,"$rowData .= substr(trim($fieldData), 0, -1); $rowData .= ""),\n""; }",True,PHP,substr,ajax.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-829,Inclusion of Functionality from Untrusted Control Sphere,"The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.",https://cwe.mitre.org/data/definitions/829.html,CVE-2023-2551,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36333,"$rowData .= substr(trim($fieldData), 0, -1); $rowData .= ""),\n""; }",True,PHP,substr,ajax.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2023-2552,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36334,"foreach($row as $field) { if(is_null($field)) { $fieldData .= "" NULL,""; } elseif( is_numeric($field) ) { $fieldData .= "" "".$field."",""; } else { $fieldData .= "" '"". $conn->real_escape_string($field) .""',""; } }",True,PHP,foreach,ajax.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-829,Inclusion of Functionality from Untrusted Control Sphere,"The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.",https://cwe.mitre.org/data/definitions/829.html,CVE-2023-2551,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36335,"foreach($row as $field) { if(is_null($field)) { $fieldData .= "" NULL,""; } elseif( is_numeric($field) ) { $fieldData .= "" "".$field."",""; } else { $fieldData .= "" '"". $conn->real_escape_string($field) .""',""; } }",True,PHP,foreach,ajax.php,https://github.com/unilogies/bumsys,unilogies,Khurshid Alam,2023-04-25 20:25:52+06:00,Bug Fixing,CWE-352,Cross-Site Request Forgery (CSRF),"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",https://cwe.mitre.org/data/definitions/352.html,CVE-2023-2552,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36374,"foreach ($result as $row) { $field = $row['Field']; $type = $row['Type']; $length = preg_replace('/[^0-9]/', '', $type); $type = explode('(', $type)[0]; if (array_key_exists($field, $dataFields) === true && in_array($type, ['int', 'tinyint', 'smallint', 'bigint', 'float', 'double', 'varchar']) === true && is_array($dataFields[$field]) === false) { if (strlen((string) $dataFields[$field]) > $length) { return [ 'state' => false, 'message' => 'Field '.strtoupper($field).' exceeds maximum length of '.$length, ]; } } }",True,PHP,foreach,main.functions.php,https://github.com/nilsteampassnet/teampass,nilsteampassnet,nilsteampassnet,2023-05-24 08:59:22+02:00,"3.0.9 Fix vulnerability in form folder creation",CWE-94,Improper Control of Generation of Code ('Code Injection'),"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.",https://cwe.mitre.org/data/definitions/94.html,CVE-2023-2859,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36375,"function mainQuery(array $SETTINGS) { header('Content-type: text/html; charset=utf-8'); header('Cache-Control: no-cache, must-revalidate'); error_reporting(E_ERROR); include_once $SETTINGS['cpassman_dir'] . '/includes/language/' . $_SESSION['user']['user_language'] . '.php'; include_once $SETTINGS['cpassman_dir'] . '/includes/config/settings.php'; include_once $SETTINGS['cpassman_dir'] . '/sources/main.functions.php'; include_once $SETTINGS['cpassman_dir'] . '/sources/SplClassLoader.php'; include_once $SETTINGS['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php'; DB::$host = DB_HOST; DB::$user = DB_USER; DB::$password = defined('DB_PASSWD_CLEAR') === false ? defuseReturnDecrypted(DB_PASSWD, $SETTINGS) : DB_PASSWD_CLEAR; DB::$dbName = DB_NAME; DB::$port = DB_PORT; DB::$encoding = DB_ENCODING; DB::$ssl = DB_SSL; DB::$connect_options = DB_CONNECT_OPTIONS; include_once $SETTINGS['cpassman_dir'] . '/includes/language/' . $_SESSION['user']['user_language'] . '.php'; $post_key = filter_input(INPUT_POST, 'key', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $post_type_category = filter_input(INPUT_POST, 'type_category', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES); if (isValueSetNullEmpty($post_key) === true) { echo prepareExchangedData( $SETTINGS['cpassman_dir'], array( 'error' => true, 'message' => langHdl('key_is_not_correct'), ), 'encode' ); return false; } $dataReceived = empty($post_data) === false ? prepareExchangedData( $SETTINGS['cpassman_dir'], $post_data, 'decode' ) : ''; switch ($post_type_category) { case 'action_password': echo passwordHandler($post_type, $dataReceived, $SETTINGS); break; case 'action_user': echo userHandler($post_type, $dataReceived, $SETTINGS); break; case 'action_mail': echo mailHandler($post_type, $dataReceived, $SETTINGS); break; case 'action_key': echo keyHandler($post_type, $dataReceived, $SETTINGS); break; case 'action_system': echo systemHandler($post_type, $dataReceived, $SETTINGS); break; } }",True,PHP,mainQuery,main.queries.php,https://github.com/nilsteampassnet/teampass,nilsteampassnet,nilsteampassnet,2023-06-03 08:13:13+02:00,"3.0.9 Fix xss in user form WIP - session ending handling",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-3083,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36381,"function populateUsersTable($pre) { global $db_link; $users = mysqli_query( $db_link, ""select u.id as uid, ls.date as datetime from `"" . $pre . ""users` as u inner join `"" . $pre . ""log_system` as ls on ls.field_1 = u.id WHERE ls.type = 'user_mngt' AND ls.label = 'at_user_added'"" ); while ($user = mysqli_fetch_assoc($users)) { if (empty((string) $user['datetime']) === false && is_null($user['datetime']) === false) { mysqli_query( $db_link, ""UPDATE `"" . $pre . ""users` SET created_at = '"".$user['datetime'].""' WHERE id = "".$user['uid'] ); } } $users = mysqli_query( $db_link, ""select u.id as uid, (select date from "" . $pre . ""log_system where type = 'user_mngt' and field_1=uid order by date DESC limit 1) as datetime from `"" . $pre . ""users` as u;"" ); while ($user = mysqli_fetch_assoc($users)) { if (empty((string) $user['datetime']) === false && is_null($user['datetime']) === false) { mysqli_query( $db_link, ""UPDATE `"" . $pre . ""users` SET updated_at = '"".$user['datetime'].""' WHERE id = "".$user['uid'] ); } } }",True,PHP,populateUsersTable,upgrade_run_3.0.php,https://github.com/nilsteampassnet/teampass,nilsteampassnet,nilsteampassnet,2023-07-06 21:16:02+02:00,"3.0.10 Including new time related fields Improving XSS protection",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-3531,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36384,"public function __construct( private readonly EntityManagerInterface $em, private readonly Adapters $adapters ) { }",True,PHP,__construct,RelaysController.php,https://github.com/azuracast/azuracast,azuracast,Buster Neece,2023-04-28 01:47:44-05:00,Tighten allowed IPs to avoid brute-force workarounds.,CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2023-2531,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36386,public function __construct( private readonly StationRequestRepository $requestRepo ) { },True,PHP,__construct,SubmitAction.php,https://github.com/azuracast/azuracast,azuracast,Buster Neece,2023-04-28 01:47:44-05:00,Tighten allowed IPs to avoid brute-force workarounds.,CWE-307,Improper Restriction of Excessive Authentication Attempts,"The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.",https://cwe.mitre.org/data/definitions/307.html,CVE-2023-2531,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36390,"function debugInfo() { if (function_exists('getallheaders')) { $ALL_HEADERS = getallheaders(); } else { $ALL_HEADERS = array(); foreach ($_SERVER as $name => $value) { if (substr($name, 0, 5) === 'HTTP_') { $ALL_HEADERS[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; } } } global $ORIGINAL_INPUT; return print_r( array( 'date' => date('c'), 'headers' => $ALL_HEADERS, '_SERVER' => $_SERVER, '_GET' => $_GET, '_POST' => $_POST, '_COOKIE' => $_COOKIE, 'INPUT' => $ORIGINAL_INPUT ), true); }",True,PHP,debugInfo,fever.php,https://github.com/FreshRSS/FreshRSS,FreshRSS,GitHub,2023-01-11 23:27:14+01:00,"API avoid logging passwords (#5001) * API avoid logging passwords * Strip passwords and tokens from API logs * Only log failed requests information when in debug mode * Remove debug SHA * Clean also Apache logs * Better comments * Redact also token parameters * shfmt * Simplify whitespace * redacted",CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2023-22481,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36391,"function notImplemented() { Minz_Log::warning('notImplemented() ' . debugInfo(), API_LOG); header('HTTP/1.1 501 Not Implemented'); header('Content-Type: text/plain; charset=UTF-8'); die('Not Implemented!'); }",True,PHP,notImplemented,greader.php,https://github.com/FreshRSS/FreshRSS,FreshRSS,GitHub,2023-01-11 23:27:14+01:00,"API avoid logging passwords (#5001) * API avoid logging passwords * Strip passwords and tokens from API logs * Only log failed requests information when in debug mode * Remove debug SHA * Clean also Apache logs * Better comments * Redact also token parameters * shfmt * Simplify whitespace * redacted",CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2023-22481,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36393,"function authorizationToUser() { $headerAuth = headerVariable('Authorization', 'GoogleLogin_auth'); if ($headerAuth != '') { $headerAuthX = explode('/', $headerAuth, 2); if (count($headerAuthX) === 2) { $user = $headerAuthX[0]; if (FreshRSS_user_Controller::checkUsername($user)) { FreshRSS_Context::initUser($user); if (FreshRSS_Context::$user_conf == null) { Minz_Log::warning('Invalid API user ' . $user . ': configuration cannot be found.'); unauthorized(); } if (!FreshRSS_Context::$user_conf->enabled) { Minz_Log::warning('Invalid API user ' . $user . ': configuration cannot be found.'); unauthorized(); } if ($headerAuthX[1] === sha1(FreshRSS_Context::$system_conf->salt . $user . FreshRSS_Context::$user_conf->apiPasswordHash)) { return $user; } else { Minz_Log::warning('Invalid API authorisation for user ' . $user . ': ' . $headerAuthX[1], API_LOG); Minz_Log::warning('Invalid API authorisation for user ' . $user . ': ' . $headerAuthX[1]); unauthorized(); } } else { badRequest(); } } } return ''; }",True,PHP,authorizationToUser,greader.php,https://github.com/FreshRSS/FreshRSS,FreshRSS,GitHub,2023-01-11 23:27:14+01:00,"API avoid logging passwords (#5001) * API avoid logging passwords * Strip passwords and tokens from API logs * Only log failed requests information when in debug mode * Remove debug SHA * Clean also Apache logs * Better comments * Redact also token parameters * shfmt * Simplify whitespace * redacted",CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2023-22481,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36394,"function serviceUnavailable() { Minz_Log::warning('serviceUnavailable() ' . debugInfo(), API_LOG); header('HTTP/1.1 503 Service Unavailable'); header('Content-Type: text/plain; charset=UTF-8'); die('Service Unavailable!'); }",True,PHP,serviceUnavailable,greader.php,https://github.com/FreshRSS/FreshRSS,FreshRSS,GitHub,2023-01-11 23:27:14+01:00,"API avoid logging passwords (#5001) * API avoid logging passwords * Strip passwords and tokens from API logs * Only log failed requests information when in debug mode * Remove debug SHA * Clean also Apache logs * Better comments * Redact also token parameters * shfmt * Simplify whitespace * redacted",CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2023-22481,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36395,"function checkCompatibility() { Minz_Log::warning('checkCompatibility() ' . debugInfo(), API_LOG); header('Content-Type: text/plain; charset=UTF-8'); if (PHP_INT_SIZE < 8 && !function_exists('gmp_init')) { die('FAIL 64-bit or GMP extension! Wrong PHP configuration.'); } $headerAuth = headerVariable('Authorization', 'GoogleLogin_auth'); if ($headerAuth == '') { die('FAIL get HTTP Authorization header! Wrong Web server configuration.'); } echo 'PASS'; exit(); }",True,PHP,checkCompatibility,greader.php,https://github.com/FreshRSS/FreshRSS,FreshRSS,GitHub,2023-01-11 23:27:14+01:00,"API avoid logging passwords (#5001) * API avoid logging passwords * Strip passwords and tokens from API logs * Only log failed requests information when in debug mode * Remove debug SHA * Clean also Apache logs * Better comments * Redact also token parameters * shfmt * Simplify whitespace * redacted",CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2023-22481,function categoryBreadcrumb() { $ancestors = $this->category->pathToNode(); assign_to_template(array( 'ancestors' => $ancestors )); } 36397,"function unauthorized() { Minz_Log::warning('unauthorized() ' . debugInfo(), API_LOG); header('HTTP/1.1 401 Unauthorized'); header('Content-Type: text/plain; charset=UTF-8'); header('Google-Bad-Token: true'); die('Unauthorized!'); }",True,PHP,unauthorized,greader.php,https://github.com/FreshRSS/FreshRSS,FreshRSS,GitHub,2023-01-11 23:27:14+01:00,"API avoid logging passwords (#5001) * API avoid logging passwords * Strip passwords and tokens from API logs * Only log failed requests information when in debug mode * Remove debug SHA * Clean also Apache logs * Better comments * Redact also token parameters * shfmt * Simplify whitespace * redacted",CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2023-22481,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36401,"function debugInfo() { if (function_exists('getallheaders')) { $ALL_HEADERS = getallheaders(); } else { $ALL_HEADERS = array(); foreach ($_SERVER as $name => $value) { if (substr($name, 0, 5) === 'HTTP_') { $ALL_HEADERS[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; } } } global $ORIGINAL_INPUT; return print_r( array( 'date' => date('c'), 'headers' => $ALL_HEADERS, '_SERVER' => $_SERVER, '_GET' => $_GET, '_POST' => $_POST, '_COOKIE' => $_COOKIE, 'INPUT' => $ORIGINAL_INPUT ), true); }",True,PHP,debugInfo,greader.php,https://github.com/FreshRSS/FreshRSS,FreshRSS,GitHub,2023-01-11 23:27:14+01:00,"API avoid logging passwords (#5001) * API avoid logging passwords * Strip passwords and tokens from API logs * Only log failed requests information when in debug mode * Remove debug SHA * Clean also Apache logs * Better comments * Redact also token parameters * shfmt * Simplify whitespace * redacted",CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2023-22481,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36402,"function badRequest() { Minz_Log::warning('badRequest() ' . debugInfo(), API_LOG); header('HTTP/1.1 400 Bad Request'); header('Content-Type: text/plain; charset=UTF-8'); die('Bad Request!'); }",True,PHP,badRequest,greader.php,https://github.com/FreshRSS/FreshRSS,FreshRSS,GitHub,2023-01-11 23:27:14+01:00,"API avoid logging passwords (#5001) * API avoid logging passwords * Strip passwords and tokens from API logs * Only log failed requests information when in debug mode * Remove debug SHA * Clean also Apache logs * Better comments * Redact also token parameters * shfmt * Simplify whitespace * redacted",CWE-532,Insertion of Sensitive Information into Log File,Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.,https://cwe.mitre.org/data/definitions/532.html,CVE-2023-22481,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36405,"public function normalize($object, $format = null, array $context = []) { $resourceClass = $this->getObjectClass($object); if ($this->getOutputClass($resourceClass, $context)) { return parent::normalize($object, $format, $context); } if (!isset($context['cache_key'])) { $context['cache_key'] = $this->getCacheKey($format, $context); } if ($this->resourceClassResolver->isResourceClass($resourceClass)) { $resourceClass = $this->resourceClassResolver->getResourceClass($object, $context['resource_class'] ?? null); } $context = $this->initContext($resourceClass, $context); $iri = $this->iriConverter instanceof LegacyIriConverterInterface ? $this->iriConverter->getIriFromItem($object) : $this->iriConverter->getIriFromResource($object, UrlGeneratorInterface::ABS_PATH, $context['operation'] ?? null, $context); $context['iri'] = $iri; $context['api_normalize'] = true; $data = parent::normalize($object, $format, $context); if (!\is_array($data)) { return $data; } $metadata = [ '_links' => [ 'self' => [ 'href' => $iri, ], ], ]; $components = $this->getComponents($object, $format, $context); $metadata = $this->populateRelation($metadata, $object, $format, $context, $components, 'links'); $metadata = $this->populateRelation($metadata, $object, $format, $context, $components, 'embedded'); return $metadata + $data; }",True,PHP,normalize,ItemNormalizer.php,https://github.com/api-platform/core,api-platform,GitHub,2023-02-27 15:37:39+01:00,Merge pull request from GHSA-vr2x-7687-h6qv,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2023-25575,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36408,"public function normalize($object, $format = null, array $context = []) { $resourceClass = $this->getObjectClass($object); if ($this->getOutputClass($resourceClass, $context)) { return parent::normalize($object, $format, $context); } if (!isset($context['cache_key'])) { $context['cache_key'] = $this->getCacheKey($format, $context); } if ($isResourceClass = $this->resourceClassResolver->isResourceClass($resourceClass)) { $resourceClass = $this->resourceClassResolver->getResourceClass($object, $context['resource_class'] ?? null); } $context = $this->initContext($resourceClass, $context); $iri = $this->iriConverter instanceof LegacyIriConverterInterface ? $this->iriConverter->getIriFromItem($object) : $this->iriConverter->getIriFromResource($object, UrlGeneratorInterface::ABS_PATH, $context['operation'] ?? null, $context); $context['iri'] = $iri; $context['api_normalize'] = true; $data = parent::normalize($object, $format, $context); if (!\is_array($data)) { return $data; } $allRelationshipsData = $this->getComponents($object, $format, $context)['relationships']; $populatedRelationContext = $context; $relationshipsData = $this->getPopulatedRelations($object, $format, $populatedRelationContext, $allRelationshipsData); $context['api_included_resources'] = [$context['iri']]; $includedResourcesData = $this->getRelatedResources($object, $format, $context, $allRelationshipsData); $resourceData = [ 'id' => $context['iri'], 'type' => $this->getResourceShortName($resourceClass), ]; if ($data) { $resourceData['attributes'] = $data; } if ($relationshipsData) { $resourceData['relationships'] = $relationshipsData; } $document = ['data' => $resourceData]; if ($includedResourcesData) { $document['included'] = $includedResourcesData; } return $document; }",True,PHP,normalize,ItemNormalizer.php,https://github.com/api-platform/core,api-platform,GitHub,2023-02-27 15:37:39+01:00,Merge pull request from GHSA-vr2x-7687-h6qv,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2023-25575,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36409,unset($context[$key]); } unset($context[self::EXCLUDE_FROM_CACHE_KEY]); unset($context['cache_key']); try { return md5($format.serialize($context)); } catch (\Exception $exception) { return false; } },True,PHP,unset,CacheKeyTrait.php,https://github.com/api-platform/core,api-platform,GitHub,2023-02-27 15:37:39+01:00,Merge pull request from GHSA-vr2x-7687-h6qv,CWE-863,Incorrect Authorization,"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",https://cwe.mitre.org/data/definitions/863.html,CVE-2023-25575,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36413,"public function inheritableSegments(Request $request, SegmentManagerInterface $segmentManager) { $id = $request->get('id') ?? ''; $type = $request->get('type') ?? ''; $db = \Pimcore\Db::get(); $parentIdStatement = sprintf('SELECT `%s` FROM `%s` WHERE `%s` = :value', $type === 'object' ? 'o_parentId' : 'parentId', $type.'s', $type === 'object' ? 'o_id' : 'id'); $parentId = $db->fetchOne($parentIdStatement, [ 'value' => $id ]); $segments = $segmentManager->getSegmentsForElementId($parentId, $type); $data = array_map([$this, 'dehydrateSegment'], array_filter($segments)); return $this->adminJson(['data' => array_values($data)]); }",True,PHP,inheritableSegments,SegmentAssignmentController.php,https://github.com/pimcore/customer-data-framework,pimcore,GitHub,2023-05-16 17:49:32+02:00,"[Bug]: Fix Inheritable Segment query (#460) * refactor query * Apply php-cs-fixer changes * fix changes were based on another vers * Update SegmentAssignmentController.php * task: also return empty when $`id` is not set --------- Co-authored-by: kingjia90 ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-2756,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36433,"$dataitemtypes = json_decode($data['itemtypes']); if (in_array($itemtype, $dataitemtypes) != false) { $id = $data['id']; } } if (isset($_SESSION['glpiactiveprofile']['id'])) { $profile = new PluginFieldsProfile(); if (isset($id)) { $found = $profile->find(['profiles_id' => $_SESSION['glpiactiveprofile']['id'], 'plugin_fields_containers_id' => $id ]); $first_found = array_shift($found); if ($first_found === null || $first_found['right'] == null || $first_found['right'] == 0) { return false; } } } return $id; }",True,PHP,json_decode,container.class.php,https://github.com/pluginsGLPI/fields,pluginsGLPI,GitHub,2023-04-05 08:54:17+02:00,Merge pull request from GHSA-52vv-hm4x-8584,CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2023-28855,foreach ($events as $event) { $extevents[$date][] = $event; } 36434,"public static function preItem(CommonDBTM $item) { if (isset($_REQUEST['c_id'])) { $c_id = $_REQUEST['c_id']; } else { $type = 'dom'; if (isset($_REQUEST['_plugin_fields_type'])) { $type = $_REQUEST['_plugin_fields_type']; } $subtype = ''; if ($type == 'domtab') { $subtype = $_REQUEST['_plugin_fields_subtype']; } if (false === ($c_id = self::findContainer(get_Class($item), $type, $subtype))) { if (false === ($c_id = self::findContainer(get_Class($item)))) { return false; } } } $loc_c = new PluginFieldsContainer(); $loc_c->getFromDB($c_id); $entities = [$loc_c->fields['entities_id']]; if ($loc_c->fields['is_recursive']) { $entities = getSonsOf(getTableForItemType('Entity'), $loc_c->fields['entities_id']); } if (!isset($item->fields) || count($item->fields) == 0) { $item->fields = $item->input; } if ($item->isEntityAssign() && !in_array($item->getEntityID(), $entities)) { return false; } if (false !== ($data = self::populateData($c_id, $item))) { if (self::validateValues($data, $item::getType(), isset($_REQUEST['massiveaction'])) === false) { return $item->input = []; } return $item->plugin_fields_data = $data; } return; }",True,PHP,preItem,container.class.php,https://github.com/pluginsGLPI/fields,pluginsGLPI,GitHub,2023-04-05 08:54:17+02:00,Merge pull request from GHSA-52vv-hm4x-8584,CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2023-28855,foreach ($events as $event) { $extevents[$date][] = $event; } 36436,"public static function showForTab($params) { Html::requireJs('tinymce'); $item = $params['item']; $functions = array_column(debug_backtrace(), 'function'); $subtype = isset($_SESSION['glpi_tabs'][strtolower($item::getType())]) ? $_SESSION['glpi_tabs'][strtolower($item::getType())] : """"; $type = substr($subtype, -strlen('$main')) === '$main' || in_array('showForm', $functions) || in_array('showPrimaryForm', $functions) || in_array('showFormHelpdesk', $functions) ? 'dom' : 'domtab'; if ($subtype == -1) { $type = 'dom'; } if ($type != 'domtab') { $subtype = """"; } if (isset($_REQUEST['c_id'])) { $c_id = $_REQUEST['c_id']; } else if (!$c_id = PluginFieldsContainer::findContainer(get_Class($item), $type, $subtype)) { return false; } $loc_c = new PluginFieldsContainer(); $loc_c->getFromDB($c_id); $entities = [$loc_c->fields['entities_id']]; if ($loc_c->fields['is_recursive']) { $entities = getSonsOf(getTableForItemType('Entity'), $loc_c->fields['entities_id']); } if ($item->isEntityAssign()) { $current_entity = $item->getEntityID(); if (!in_array($current_entity, $entities)) { return false; } } if (!isset($_SERVER['REQUEST_URI'])) { return false; } $current_url = $_SERVER['REQUEST_URI']; if ( strpos($current_url, "".form.php"") === false && strpos($current_url, "".injector.php"") === false && strpos($current_url, "".public.php"") === false ) { return false; } $itemtypes = PluginFieldsContainer::getUsedItemtypes($type, true); if (!in_array(strtolower($item::getType()), array_map('strtolower', $itemtypes))) { return false; } $html_id = 'plugin_fields_container_' . mt_rand(); echo ""
    ""; $display_condition = new PluginFieldsContainerDisplayCondition(); if ($display_condition->computeDisplayContainer($item, $c_id)) { self::showDomContainer( $c_id, $item, $type, $subtype ); } echo ""
    ""; $ajax_url = Plugin::getWebDir('fields') . '/ajax/container.php'; $items_id = !$item->isNewItem() ? $item->getID() : 0; echo Html::scriptBlock(<< 0) { return; } refreshContainer(); } ); var refresh_timeout = null; form.find('textarea').each( function () { const editor = tinymce.get(this.id); if (editor !== null) { editor.on( 'change', function(evt) { if ($(evt.target.targetElm).closest('#{$html_id}').length > 0) { return; } if (refresh_timeout !== null) { window.clearTimeout(refresh_timeout); } refresh_timeout = window.setTimeout(refreshContainer, 1000); } ); } } ); } ); JAVASCRIPT ); }",True,PHP,showForTab,field.class.php,https://github.com/pluginsGLPI/fields,pluginsGLPI,GitHub,2023-04-05 08:54:17+02:00,Merge pull request from GHSA-52vv-hm4x-8584,CWE-269,Improper Privilege Management,"The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.",https://cwe.mitre.org/data/definitions/269.html,CVE-2023-28855,foreach ($events as $event) { $extevents[$date][] = $event; } 36438,"function plugin_order_displayConfigItem($type, $ID, $data, $num) { global $CFG_GLPI; $searchopt = &Search::getOptions($type); $table = $searchopt[$ID][""table""]; $field = $searchopt[$ID][""field""]; switch ($table.'.'.$field) { case ""glpi_plugin_order_orders.is_late"": $message = """"; if ($data['raw'][""ITEM_"".$num]) { $config = PluginOrderConfig::getConfig(); if ($config->getShouldBeDevileredColor() != '') { $message .= "" style=\""background-color:"".$config->getShouldBeDevileredColor()."";\"" ""; } } return $message; } }",True,PHP,plugin_order_displayConfigItem,hook.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($events as $event) { $extevents[$date][] = $event; } 36440,"public static function showItems(PluginOrderBill $bill) { global $DB; echo ""
    ""; echo """"; $bills_id = $bill->getID(); $table = PluginOrderOrder_Item::getTable(); $query = ""SELECT * FROM `$table`""; $query .= "" WHERE `plugin_order_bills_id` = '$bills_id'""; $query .= getEntitiesRestrictRequest("" AND"", $table, ""entities_id"", $bill->getEntityID(), true); $query .= ""GROUP BY `itemtype`""; $result = $DB->query($query); $number = $DB->numrows($result); if (!$number) { echo """"; } else { echo """"; echo """"; echo """"; echo """"; echo """"; echo """"; $old_itemtype = ''; $num = 0; while ($data = $DB->fetchArray($result)) { if (!class_exists($data['itemtype'])) { continue; } $item = new $data['itemtype'](); if ($data['itemtype']::canView()) { echo """"; $ID = """"; if ($_SESSION[""glpiis_ids_visible""] || empty($data[""name""])) { $ID = "" ("".$data[""id""]."")""; } $name = NOT_AVAILABLE; if ($item->getFromDB($data[""id""])) { $name = $item->getLink(); } echo """"; echo """"; if ($data['itemtype'] == 'PluginOrderReferenceFree') { $reference = new PluginOrderReferenceFree(); $reference->getFromDB($data[""plugin_order_references_id""]); } else { $reference = new PluginOrderReference(); $reference->getFromDB($data[""plugin_order_references_id""]); } echo """"; echo """"; echo """"; } } } echo ""
    ""; Html::printPagerForm(); echo """"; echo _n(""Item"", ""Items"", 2); echo ""
    ""; echo _n(""Item"", ""Items"", 2); echo ""
    "".__(""Type"")."""".__(""Entity"")."""".__(""Reference"")."""".__(""Status"").""
    "".$item->getTypeName().""""; echo Dropdown::getDropdownName('glpi_entities', $item->getEntityID()).""""; if (PluginOrderReference::canView()) { echo $reference->getLink(); } else { echo $reference->getName(true); } echo """"; Dropdown::getDropdownName(""glpi_plugin_order_deliverystates"", $data[""plugin_order_deliverystates_id""]); echo ""
    ""; }",True,PHP,showItems,bill.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($events as $event) { $extevents[$date][] = $event; } 36441,public static function getMenuContent() { global $CFG_GLPI; $menu = parent::getMenuContent(); $menu['page'] = PluginOrderMenu::getSearchURL(false); $menu['links']['add'] = null; $menu['links']['search'] = null; $menu['links']['config'] = self::getFormURL(false); return $menu; },True,PHP,getMenuContent,config.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($events as $event) { $extevents[$date][] = $event; } 36442,"public function deleteLinkWithItem($detailID, $itemtype, $plugin_order_orders_id) { global $DB; if ($itemtype == 'SoftWareLicense') { $detail = new PluginOrderOrder_Item(); $detail->getFromDB($detailID); $license = $detail->fields[""items_id""]; $this->removeInfoComRelatedToOrder($itemtype, $license); $result = $PluginOrderOrder_Item->queryRef($detail->fields[""plugin_order_orders_id""], $detail->fields[""plugin_order_references_id""], $detail->fields[""price_taxfree""], $detail->fields[""discount""], PluginOrderOrder::ORDER_DEVICE_DELIVRED); if ($nb = $DB->numrows($result)) { for ($i = 0; $i < $nb; $i++) { $ID = $DB->result($result, $i, 'id'); $detail->update([ ""id"" => $ID, ""items_id"" => 0, ]); $lic = new SoftwareLicense(); $lic->getFromDB($license); $values[""id""] = $lic->fields[""id""]; $values[""number""] = $lic->fields[""number""] - 1; $lic->update($values); } $order = new PluginOrderOrder(); $order->getFromDB($detail->fields[""plugin_order_orders_id""]); $new_value = __(""Item unlink form order"", ""order"").' : '.$order->fields[""name""]; $order->addHistory($itemtype, '', $new_value, $license); $item = new $itemtype(); $item->getFromDB($license); $new_value = __(""Item unlink form order"", ""order"").' : '.$item->getField(""name""); $order->addHistory('PluginOrderOrder', '', $new_value, $order->fields[""id""]); } } else { $order = new PluginOrderOrder(); $order->getFromDB($plugin_order_orders_id); $detail = new PluginOrderOrder_Item(); $detail->getFromDB($detailID); $items_id = $detail->fields[""items_id""]; $this->removeInfoComRelatedToOrder($itemtype, $items_id); if ($items_id != 0) { $input = $detail->fields; $input[""items_id""] = 0; $detail->update($input); } else { Session::addMessageAfterRedirect(__(""One or several selected rows haven't linked items"", ""order""), true, ERROR); } $new_value = __(""Item unlink form order"", ""order"").' : '.$order->fields[""name""]; $order->addHistory($itemtype, '', $new_value, $items_id); $item = new $itemtype(); $item->getFromDB($items_id); $new_value = __(""Item unlink form order"", ""order"").' : '.$item->getField(""name""); $order->addHistory('PluginOrderOrder', '', $new_value, $order->fields[""id""]); } }",True,PHP,deleteLinkWithItem,link.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($events as $event) { $extevents[$date][] = $event; } 36443,"public function getLinkedItemDetails($itemtype, $items_id) { $comments = """"; switch ($itemtype) { case 'ConsumableItem' : $ci = new Consumable(); if ($ci->getFromDB($items_id)) { $ct = new ConsumableItem(); $ct->getFromDB($ci->fields['consumableitems_id']); $comments .= """".__(""Entity"")."": ""; $comments .= Dropdown::getDropdownName(""glpi_entities"", $ct->fields[""entities_id""]); $comments .= '
    '.__(""Consumable"").' : $comments .= '
    '.__(""Consumable type"").' : '; $comments .= $ct->fields['name']; $comments .= '
    '.__(""Manufacturer"").' : '; $comments .= Dropdown::getDropdownName('glpi_manufacturers', $ct->fields['manufacturers_id']); $comments .= '
    '.__(""State"").' : '; $comments .= (!$ci->fields['users_id'] ? __(""In stock"") : __(""Used"")); if ($ci->fields['users_id']) { $comments .= '
    '.__(""User"").' : '; $comments .= Dropdown::getDropdownName('glpi_users', $ci->fields['users_id']); } } break; case 'CartridgeItem' : $ci = new Cartridge(); if ($ci->getFromDB($items_id)) { $ct = new CartridgeItem(); $ct->getFromDB($ci->fields['cartridgeitems_id']); $comments .= """".__(""Entity"")."": ""; $comments .= Dropdown::getDropdownName(""glpi_entities"", $ct->fields[""entities_id""]); $comments .= '
    '.__(""Cartridge"").' : $comments .= '
    '._n(""New"", ""New"", 2).' : '; $comments .= $ct->fields['name']; $comments .= '
    '.__(""Manufacturer"").' : '; $comments .= Dropdown::getDropdownName('glpi_manufacturers', $ct->fields['manufacturers_id']); } break; default : $item = new $itemtype(); $item->getFromDB($items_id); if ($item->getField(""name"")) { $comments .= """".__(""Name"")."": ""; $comments .= $item->getField(""name""); } if ($item->getField(""entities_id"")) { $comments .= """".__(""Entity"")."": ""; $comments .= Dropdown::getDropdownName(""glpi_entities"", $item->getField(""entities_id"")); } if ($item->getField(""serial"") != '') { $comments .= ""
    "".__(""Serial number"")."": ""; $comments .= $item->getField(""serial""); } if ($item->getField(""otherserial"") != '') { $comments .= ""
    "".__(""Inventory number"")."": ""; $comments .= $item->getField(""otherserial""); } if ($item->getField(""locations_id"")) { $comments .= ""
    "".__(""Location"")."": ""; $comments .= Dropdown::getDropdownName('glpi_locations', $item->getField(""locations_id"")); } if ($item->getField(""users_id"")) { $comments .= ""
    "".__(""User"")."": ""; $comments .= Dropdown::getDropdownName('glpi_users', $item->getField(""users_id"")); } break; } return ($comments); }",True,PHP,getLinkedItemDetails,link.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36444,"$reference->getFromDB($detail->getField('plugin_order_references_id')); if (!$detail->fields[""items_id""]) { $itemtype = $detail->getField('itemtype'); echo """".$reference->getField('name').""""; $templateID = $reference->checkIfTemplateExistsInEntity($val, $detail->getField('itemtype'), $order->fields[""entities_id""]); if ($templateID) { $item = new $itemtype(); $item->getFromDB($templateID); $name = $item->fields[""name""] ?? """"; $serial = $item->fields[""serial""] ?? """"; $otherserial = $item->fields[""otherserial""] ?? """"; $states_id = $item->fields[""states_id""] ?? """"; $locations_id = $item->fields[""locations_id""] ?? """"; $groups_id = $item->fields[""groups_id""] ?? """"; $immo_number = $item->fields[""immo_number""] ?? """"; } else { $name = false; $serial = false; $otherserial = false; $states_id = false; $locations_id = false; $groups_id = false; $immo_number = false; } if (!$name) { echo """"; } else { echo """".Dropdown::EMPTY_VALUE.""""; echo Html::hidden(""id[$i][name]"", ['value' => '']); } echo """"; if ($otherserial) { echo """".Dropdown::EMPTY_VALUE.""""; echo Html::hidden(""id[$i][otherserial]"", ['value' => '']); } else { echo """"; } if ($config->canAddImmobilizationNumber()) { if ($immo_number) { echo """".Dropdown::EMPTY_VALUE.""""; echo Html::hidden(""id[$i][immo_number]"", ['value' => '']); } else { echo """"; } } echo """"; if ($templateID) { echo $reference->getTemplateName($itemtype, $templateID); } echo """"; if (Session::isMultiEntitiesMode() && count($_SESSION['glpiactiveentities']) > 1) { $order_web_dir = Plugin::getWebDir('order'); echo """"; $rand = Entity::Dropdown([ 'name' => ""id[$i][entities_id]"", 'value' => $order->fields[""entities_id""], 'entity' => $order->fields[""is_recursive""] ? getSonsOf('glpi_entities', $order->fields[""entities_id""]) : $order->fields[""entities_id""]] ); Ajax::updateItemOnSelectEvent(""dropdown_id[$i][entities_id]$rand"", ""show_location_by_entity_id_$i"", ""$order_web_dir/ajax/linkactions.php"", ['entities' => '__VALUE__', 'action' => 'show_location_by_entity', 'id' => $i ]); Ajax::updateItemOnSelectEvent(""dropdown_id[$i][entities_id]$rand"", ""show_group_by_entity_id_$i"", ""$order_web_dir/ajax/linkactions.php"", ['entities' => '__VALUE__', 'action' => 'show_group_by_entity', 'id' => $i ]); Ajax::updateItemOnSelectEvent(""dropdown_id[$i][entities_id]$rand"", ""show_state_by_entity_id_$i"", ""$order_web_dir/ajax/linkactions.php"", ['entities' => '__VALUE__', 'action' => 'show_state_by_entity', 'id' => $i ]); $entity = $order->fields[""entities_id""]; echo """"; } else { $entity = $_SESSION[""glpiactive_entity""]; echo """"; } echo """"; echo """"; Location::dropdown(['name' => ""id[$i][locations_id]"", 'entity' => $entity, 'value' => $locations_id, ]); echo """"; echo """"; echo """"; echo """"; Group::dropdown(['name' => ""id[$i][groups_id]"", 'entity' => $entity, 'value' => $groups_id, ]); echo """"; echo """"; echo """"; echo """"; $condition = self::getCondition($itemtype); State::dropdown(['name' => ""id[$i][states_id]"", 'entity' => $entity, 'condition' => $condition, 'value' => $states_id, ]); echo """"; echo """"; echo """"; echo Html::hidden(""id[$i][id]"", ['value' => $key]); $found = true; } $i++; }",True,PHP,getFromDB,link.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36445,"function getSpecificMassiveActions($checkitem = null) { $isadmin = static::canUpdate(); $actions = parent::getSpecificMassiveActions($checkitem); $sep = __CLASS__.MassiveAction::CLASS_ACTION_SEPARATOR; $actions[$sep.'generation'] = __(""Generate item"", ""order""); $actions[$sep.'createLink'] = __(""Link to an existing item"", ""order""); $actions[$sep.'deleteLink'] = __(""Delete item link"", ""order""); return $actions; }",True,PHP,getSpecificMassiveActions,link.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36449,"$typefield = getForeignKeyFieldForTable(getTableForItemType($add_item[""itemtype""].""Type"")); if (!array_key_exists($typefield, $input) || $input[$typefield] == 0) { $input[$typefield] = $reference->fields[""types_id""]; } $modelfield = getForeignKeyFieldForTable(getTableForItemType($add_item[""itemtype""].""Model"")); if (!array_key_exists($modelfield, $input) || $input[$modelfield] == 0) { $input[$modelfield] = $reference->fields[""models_id""]; } $input = Toolbox::addslashes_deep($input); $newID = $item->add($input); $newIDs[$values[""id""]] = $newID; if (isset($params['generate_ticket'])) { $tkt = new TicketTemplate(); if ($tkt->getFromDB($params['generate_ticket']['tickettemplates_id'])) { $input = []; $input = Ticket::getDefaultValues($entity); $ttp = new TicketTemplatePredefinedField(); $predefined = $ttp->getPredefinedFields($params['generate_ticket']['tickettemplates_id'], true); if (count($predefined)) { foreach ($predefined as $predeffield => $predefvalue) { $input[$predeffield] = $predefvalue; } } $input['entities_id'] = $entity; $input['_users_id_requester'] = empty($order->fields['users_id']) ? Session::getLoginUserID() : $order->fields['users_id']; $input['items_id'] = $newID; $input['itemtype'] = $add_item[""itemtype""]; $ticket = new Ticket(); $ticketID = $ticket->add($input); } } $result = $this->createLinkWithItem($values[""id""], $newID, $add_item[""itemtype""], $params[""plugin_order_orders_id""], $entity, $templateID, false, false); $new_value = __(""Item generated by using order"", ""order"").' : '.$order->fields[""name""]; $order->addHistory($add_item[""itemtype""], '', $new_value, $newID); $new_value = __(""Item generated by using order"", ""order"").' : '; $new_value .= $item->getTypeName()."" -> "".$item->getField(""name""); $order->addHistory('PluginOrderOrder', '', $new_value, $params[""plugin_order_orders_id""]); self::copyDocuments($add_item['itemtype'], $newID, $params[""plugin_order_orders_id""], $entity); Session::addMessageAfterRedirect(__(""Item successfully selected"", ""order""), true); }",True,PHP,getForeignKeyFieldForTable,link.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36450,"public function checkIfDetailExists($orders_id, $only_delivered = false) { if ($orders_id) { $detail = new PluginOrderOrder_Item(); $where = ['plugin_order_orders_id' => $orders_id]; if ($only_delivered) { $where['states_id'] = ['>', 0]; } return (countElementsInTable(""glpi_plugin_order_orders_items"", $where)); } else { return false; } }",True,PHP,checkIfDetailExists,order.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36451,"public function dropdownSuppliers($myname, $value = 0, $entity_restrict = '') { global $DB, $CFG_GLPI; $rand = mt_rand(); $entities = getEntitiesRestrictRequest(""AND"", ""glpi_suppliers"", '', $entity_restrict, true); $query = ""SELECT `glpi_suppliers`.* FROM `glpi_suppliers` LEFT JOIN `glpi_contacts_suppliers` ON (`glpi_contacts_suppliers`.`suppliers_id` = `glpi_suppliers`.`id`) WHERE `glpi_suppliers`.`is_deleted` = '0' $entities GROUP BY `glpi_suppliers`.`id` ORDER BY `entities_id`, `name`""; $result = $DB->query($query); echo """"; echo """"; if ($DB->numrows($result)) { $prev = -1; while ($data = $DB->fetchArray($result)) { if ($data[""entities_id""] != $prev) { if ($prev >= 0) { echo """"; } $prev = $data[""entities_id""]; echo """"; } $output = formatUserName($data[""id""], """", $data[""name""], $data[""firstname""]); if ($_SESSION[""glpiis_ids_visible""] || empty($output)) { $output .= "" ("".$data[""id""]."")""; } echo """"; } if ($prev >= 0) { echo """"; } }",True,PHP,dropdownContacts,order.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36456,"static function showMassiveActionsSubForm(MassiveAction $ma) { global $UNINSTALL_TYPES; switch ($ma->getAction()) { case 'transfert': Entity::dropdown(); echo "" "". Html::submit(_x('button', 'Post'), ['name' => 'massiveaction']); return true; } return """"; }",True,PHP,showMassiveActionsSubForm,order.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36457,"static function processMassiveActionsForOneItemtype(MassiveAction $ma, CommonDBTM $item, array $ids) { global $CFG_GLPI; switch ($ma->getAction()) { case ""transfert"": $input = $ma->getInput(); $entities_id = $input['entities_id']; foreach ($ids as $id) { if ($item->getFromDB($id)) { $item->update([ ""id"" => $id, ""entities_id"" => $entities_id, ""update"" => __('Update'), ]); $ma->itemDone($item->getType(), $id, MassiveAction::ACTION_OK); } } return; break; } return; }",True,PHP,processMassiveActionsForOneItemtype,order.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36458,"public function updatePrice_taxfree($post) { global $DB; $this->getFromDB($post['item_id']); $input = $this->fields; $discount = $input['discount']; $plugin_order_ordertaxes_id = $input['plugin_order_ordertaxes_id']; $input[""price_taxfree""] = $post['price_taxfree']; $input[""price_discounted""] = $input[""price_taxfree""] - ($input[""price_taxfree""] * ($discount / 100)); $tax = new PluginOrderOrderTax(); $tax->getFromDB($plugin_order_ordertaxes_id); $input[""price_ati""] = $this->getPricesATI($input[""price_discounted""], $tax->getRate()); $this->update($input); }",True,PHP,updatePrice_taxfree,order_item.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36459,"public function getTotalQuantityByRef($orders_id, $references_id) { global $DB; $query = ""SELECT COUNT(*) AS quantity FROM `"".self::getTable().""` WHERE `plugin_order_orders_id` = '$orders_id' AND `plugin_order_references_id` = '$references_id' ""; $result = $DB->query($query); return ($DB->result($result, 0, 'quantity')); }",True,PHP,getTotalQuantityByRef,order_item.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36460,public function updateAnalyticNature($post) { global $DB; $this->getFromDB($post['item_id']); $input = $this->fields; $input['plugin_order_analyticnatures_id'] = $post['plugin_order_analyticnatures_id']; $this->update($input); },True,PHP,updateAnalyticNature,order_item.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36461,"public function checkIFReferenceExistsInOrder($orders_id, $ref_id) { return (countElementsInTable( $this->getTable(), [ 'plugin_order_orders_id' => $orders_id, 'plugin_order_references_id' => $ref_id, ] )); }",True,PHP,checkIFReferenceExistsInOrder,order_item.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($days as $value) { $regitem[] = $value; } 36462,"public function checkIfSupplierInfosExists($plugin_order_orders_id) { if ($plugin_order_orders_id) { $devices = getAllDataFromTable(self::getTable(), ['plugin_order_orders_id' => $plugin_order_orders_id]); if (!empty($devices)) { return true; } else { return false; } } }",True,PHP,checkIfSupplierInfosExists,order_supplier.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($days as $value) { $regitem[] = $value; } 36463,"public static function getFiles($directory, $ext) { $array_dir = []; $array_file = []; if (is_dir($directory)) { if ($dh = opendir($directory)) { while (($file = readdir($dh)) !== false) { $filename = $file; $filetype = filetype($directory. $file); $filedate = Html::convDate(date (""Y-m-d"", filemtime($directory.$file))); $basename = explode('.', basename($filename)); $extension = array_pop($basename); if ($filename == "".."" OR $filename == ""."") { echo """"; } else { if ($filetype == 'file' && $extension == $ext) { if ($ext == PLUGIN_ORDER_SIGNATURE_EXTENSION) { $name = array_shift($basename); if (strtolower($name) == strtolower($_SESSION[""glpiname""])) { $array_file[] = [$filename, $filedate, $extension]; } } else { $array_file[] = [$filename, $filedate, $extension]; } } else if ($filetype == ""dir"") { $array_dir[] = $filename; } } } closedir($dh); } } rsort($array_file); return $array_file; }",True,PHP,getFiles,preference.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($days as $value) { $regitem[] = $value; } 36464,"public function deleteDelivery($detailID) { global $DB; $detail = new PluginOrderOrder_Item(); $detail->getFromDB($detailID); if ($detail->fields[""itemtype""] == 'SoftwareLicense') { $result = $PluginOrderOrder_Item->queryRef($_POST[""plugin_order_orders_id""], $detail->fields[""plugin_order_references_id""], $detail->fields[""price_taxfree""], $detail->fields[""discount""], PluginOrderOrder::ORDER_DEVICE_DELIVRED); $nb = $DB->numrows($result); if ($nb) { for ($i = 0; $i < $nb; $i++) { $detailID = $DB->result($result, $i, 'id'); $detail->update([ ""id"" => $detailID, ""delivery_date"" => 'NULL', ""states_id"" => PluginOrderOrder::ORDER_DEVICE_NOT_DELIVRED, ""delivery_number"" => """", ""plugin_order_deliverystates_id"" => 0, ""delivery_comment"" => """", ]); } } } else { $detail->update([ ""id"" => $detailID, ""date"" => 0, ""states_id"" => PluginOrderOrder::ORDER_DEVICE_NOT_DELIVRED, ""delivery_number"" => """", ""plugin_order_deliverystates_id"" => 0, ""delivery_comment"" => """", ]); } }",True,PHP,deleteDelivery,reception.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($days as $value) { $regitem[] = $value; } 36466,"public function dropdownReceptionActions($itemtype, $plugin_order_references_id, $plugin_order_orders_id) { global $CFG_GLPI; $rand = mt_rand(); echo """"; $params = [ 'action' => '__VALUE__', 'itemtype' => $itemtype, 'plugin_order_references_id' => $plugin_order_references_id, 'plugin_order_orders_id' => $plugin_order_orders_id, ]; Ajax::updateItemOnSelectEvent(""receptionActions$rand"", ""show_receptionActions$rand"", Plugin::getWebDir('order').""/ajax/receptionactions.php"", $params); echo "" ""; }",True,PHP,dropdownReceptionActions,reception.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($days as $value) { $regitem[] = $value; } 36467,"function getSpecificMassiveActions($checkitem = null) { $isadmin = static::canUpdate(); $actions = parent::getSpecificMassiveActions($checkitem); unset($actions[MassiveAction::class.MassiveAction::CLASS_ACTION_SEPARATOR.'add_transfer_list']); $sep = __CLASS__.MassiveAction::CLASS_ACTION_SEPARATOR; $actions[$sep.'reception'] = __(""Take item delivery"", ""order""); $actions[$sep.'transfer_order_item'] = """" . _x('button', 'Transfer', 'order'); return $actions; }",True,PHP,getSpecificMassiveActions,reception.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($days as $value) { $regitem[] = $value; } 36468,"public static function getPerTypeJavascriptCode() { global $CFG_GLPI; $out = """"; return $out; }",True,PHP,getPerTypeJavascriptCode,reference.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,foreach ($days as $value) { $regitem[] = $value; } 36469,"public static function showSelector($target) { $rand = mt_rand(); Plugin::loadLang('order'); echo ""
    "".__(""Select the wanted item type"", ""order"") .""
    ""; echo """".str_replace("" "", "" "", __(""Show all"")).""
    ""; echo ""
    ""; echo """"; echo ""
    ""; echo ""
    ""; }",True,PHP,showSelector,reference.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36470,"public function title() { echo ""
    ""; echo self::getPerTypeJavascriptCode(); echo """" .__(""View by item type"", ""order"").""""; echo ""
    ""; }",True,PHP,title,reference.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36471,"public function getPriceByReferenceAndSupplier($plugin_order_references_id, $suppliers_id) { global $DB; $table = self::getTable(); $query = ""SELECT `price_taxfree` FROM `$table` WHERE `plugin_order_references_id` = '$plugin_order_references_id' AND `suppliers_id` = '$suppliers_id' ""; $result = $DB->query($query); if ($DB->numrows($result) > 0) { return $DB->result($result, 0, ""price_taxfree""); } else { return 0; } }",True,PHP,getPriceByReferenceAndSupplier,reference_supplier.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36473,"public function showReferenceManufacturers($ID) { global $DB, $CFG_GLPI; $ref = new PluginOrderReference(); $ref->getFromDB($ID); $target = Toolbox::getItemTypeFormURL(__CLASS__); Session::initNavigateListItems($this->getType(), __(""Product reference"", ""order"") ."" = "". $ref->fields[""name""]); $candelete = $ref->can($ID, DELETE); $query = ""SELECT * FROM `"".self::getTable().""` WHERE `plugin_order_references_id` = '$ID' ""; $query .= getEntitiesRestrictRequest("" AND"", self::getTable(), ""entities_id"", $ref->fields['entities_id'], $ref->fields['is_recursive']); $result = $DB->query($query); $rand = mt_rand(); echo ""
    ""; echo ""
    ""; echo Html::hidden('plugin_order_references_id', ['value' => $ID]); echo """"; echo """"; echo """"; echo """"; echo """"; echo """"; echo """"; if ($DB->numrows($result) > 0) { echo """"; echo Html::hidden('plugin_order_references_id', ['value' => $ID]); while ($data = $DB->fetchArray($result)) { Session::addToNavigateListItems($this->getType(), $data['id']); echo Html::hidden(""item["".$data[""id""].""]"", ['value' => $ID]); echo """"; echo """"; $link = Toolbox::getItemTypeFormURL($this->getType()); echo """"; echo """"; echo """"; echo """"; } echo ""
    "".__(""Supplier Detail"", ""order"").""
     "".__(""Supplier"")."""".__(""Product reference"", ""order"")."""".__(""Unit price tax free"", ""order"").""
    ""; if ($candelete) { echo """"; } echo """" .Dropdown::getDropdownName(""glpi_suppliers"", $data[""suppliers_id""]).""""; echo $data[""reference_code""]; echo """"; echo Html::formatNumber($data[""price_taxfree""]); echo ""
    ""; if ($candelete) { echo ""
    ""; echo """"; echo """"; echo """"; echo """"; echo ""
    "".__(""Check all"").""/"".__(""Uncheck all"").""""; echo """"; echo """"; echo ""
    ""; echo ""
    ""; } } else { echo """"; } Html::closeForm(); echo ""
    ""; }",True,PHP,showReferenceManufacturers,reference_supplier.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36474,"public function addDetails($ref_id, $itemtype, $orders_id, $quantity, $price, $discounted_price, $taxes_id) { $order = new PluginOrderOrder(); if ($quantity > 0 && $order->getFromDB($orders_id)) { for ($i = 0; $i < $quantity; $i++) { $input[""plugin_order_orders_id""] = $orders_id; $input[""plugin_order_ordertaxes_id""] = $taxes_id; $input[""itemtype""] = $itemtype; $input[""entities_id""] = $order->getEntityID(); $input[""is_recursive""] = $order->isRecursive(); $input[""price_taxfree""] = $price; $input[""price_discounted""] = $price - ($price * ($discounted_price / 100)); $input[""states_id""] = PluginOrderOrder::ORDER_DEVICE_NOT_DELIVRED; $input[""price_ati""] = $this->getPricesATI($input[""price_discounted""], Dropdown::getDropdownName(""glpi_plugin_order_ordertaxes"", $taxes_id)); $input[""discount""] = $discounted_price; $this->add($input); } } }",True,PHP,addDetails,referencefree.class.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36475,"function plugin_version_order() { return [ 'name' => __(""Orders management"", ""order""), 'version' => PLUGIN_ORDER_VERSION, 'author' => 'The plugin order team', 'homepage' => 'https: 'license' => 'GPLv2+', 'requirements' => [ 'glpi' => [ 'min' => PLUGIN_ORDER_MIN_GLPI, 'max' => PLUGIN_ORDER_MAX_GLPI, 'dev' => true, ] ] ]; }",True,PHP,plugin_version_order,setup.php,https://github.com/pluginsGLPI/order,pluginsGLPI,Cédric Anne,2023-02-02 12:08:34+01:00,Clean-up code,CWE-502,Deserialization of Untrusted Data,The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.,https://cwe.mitre.org/data/definitions/502.html,CVE-2023-29006,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36476,"$updated = $temporal->toUserTime($active_session['last_accessed']); $sessions_card .= << {$this->lang->t9n('Client IP')} {$active_session['remote_ip']} {$this->lang->t9n('Software')} {$active_session['user_agent']} {$this->lang->t9n('Started')} $created {$this->lang->t9n('Last access')} $updated HTML; } $el = $this->di->get('Row'); $el->addClass('d-flex align-content-start no-gutters'); $el->column($bc, 'col-12'); $el->column($cards[0] ?? '', 'col-xl-6 mb-3 pr-xl-2'); $el->column($cards[1] ?? '', 'col-xl-6 mb-3 pl-xl-2'); $el->column($cards[2] ?? '', 'col-xl-6 mb-3 pr-xl-2'); $el->column($cards[3] ?? '', 'col-xl-6 mb-3 pl-xl-2'); $el->column($cards[4] ?? '', 'col-xl-6 mb-3 pr-xl-2'); $el->column($cards[5] ?? '', 'col-xl-6 mb-3 pl-xl-2'); $el->column($cards[6] ?? '', 'col-xl-6 mb-3 pr-xl-2'); $el->column($cards[7] ?? '', 'col-xl-6 mb-3 pl-xl-2'); $el->column($sessions_card, 'col-12 mb-3'); $content = $el->render(); $el = $this->di->get('Button'); $el->addClass('search-submit'); $el->context('primary'); $el->html($this->lang->t9n('Search-VERB')); $search_button = $el->render(); $el = null; $el = $this->di->get('Modal'); $el->id('modal-advanced-search'); $el->header($this->lang->t9n('Search library')); $el->button($search_button); $el->body($this->sharedAdvancedSearch($data['tags']), 'bg-darker-5'); $el->componentSize('large'); $content .= $el->render(); $el = null; $this->append([ 'html' => $content ]); return $this->send(); }",True,PHP,toUserTime,dashboard.php,https://github.com/mkucej/i-librarian-free,mkucej,Martin Kucej,2023-05-31 08:00:21-05:00,stored XSS vulnerability fix,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-3021,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36505,"public function createAdmin(array $data) { $admin = $this->di['db']->dispense('Admin'); $admin->role = 'admin'; $admin->admin_group_id = 1; $admin->name = 'Administrator'; $admin->email = $data['email']; $admin->pass = $this->di['password']->hashIt($data['password']); $admin->protected = 1; $admin->status = 'active'; $admin->created_at = date('Y-m-d H:i:s'); $admin->updated_at = date('Y-m-d H:i:s'); $newId = $this->di['db']->store($admin); $this->di['logger']->info('Main administrator %s account created', $admin->email); $this->_sendMail($admin, $data['password']); $data['remember'] = true; return $newId; }",True,PHP,createAdmin,Service.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-19 04:14:29-07:00,"Replace Box_Session and improve session handling (#1332) * Replace Box_Session and improve session handling * Improve weights, capitalize class name correctly * Make the tests pass, update the SQL structure * Tweak to the fingerprint class, fix more tests * Regenerate session IDs when logging in * Improve readability * Update ServiceTest.php * Tweak weights and added Huntr badge to the readme * Improve readability, add PHPDocs, and updated weight * Update SECURITY.md",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-3394,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36506,"protected function _sendMail($admin, $admin_pass) { $admin_name = $admin->name; $admin_email = $admin->email; $client_url = $this->di['url']->link('/'); $admin_url = $this->di['url']->adminLink('/'); $content = ""Hello, $admin_name. "" . PHP_EOL; $content .= 'You have successfully installed FOSSBilling at ' . BB_URL . PHP_EOL; $content .= 'Access the client area at: ' . $client_url . PHP_EOL; $content .= 'Access the admin area at: ' . $admin_url . ' with login details:' . PHP_EOL; $content .= 'Email: ' . $admin_email . PHP_EOL; $content .= 'Password: ' . $admin_pass . PHP_EOL . PHP_EOL; $content .= 'Read the FOSSBilling documentation to get started https: $content .= 'Thank you for using FOSSBilling.' . PHP_EOL; $subject = sprintf('FOSSBilling is ready at ""%s""', BB_URL); $systemService = $this->di['mod_service']('system'); $from = $systemService->getParamValue('company_email'); $emailService = $this->di['mod_service']('Email'); $emailService->sendMail($admin_email, $from, $subject, $content); }",True,PHP,_sendMail,Service.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-19 04:14:29-07:00,"Replace Box_Session and improve session handling (#1332) * Replace Box_Session and improve session handling * Improve weights, capitalize class name correctly * Make the tests pass, update the SQL structure * Tweak to the fingerprint class, fix more tests * Regenerate session IDs when logging in * Improve readability * Update ServiceTest.php * Tweak weights and added Huntr badge to the readme * Improve readability, add PHPDocs, and updated weight * Update SECURITY.md",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-3394,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36508,"public function testInjector() { $di = $this->di; $this->assertInstanceOf('Box_Mod', $di['mod']('admin')); $this->assertInstanceOf('Box_Log', $di['logger']); $this->assertInstanceOf('Box_Crypt', $di['crypt']); $this->assertTrue(isset($di['pdo'])); $this->assertTrue(isset($di['db'])); $this->assertInstanceOf('Box_Pagination', $di['pager']); $this->assertInstanceOf('Box_Url', $di['url']); $this->assertInstanceOf('Box_EventManager', $di['events_manager']); $this->assertInstanceOf('\Box_Session', $di['session']); $this->assertInstanceOf('Box_Authorization', $di['auth']); $this->assertInstanceOf('Twig\Environment', $di['twig']); $this->assertInstanceOf('\FOSSBilling\Tools', $di['tools']); $this->assertInstanceOf('\FOSSBilling\Validate', $di['validator']); $this->assertTrue(isset($di['mod'])); $this->assertTrue(isset($di['mod_config'])); $this->assertInstanceOf('Box\\Mod\\Cron\\Service', $di['mod_service']('cron')); $this->assertInstanceOf('\FOSSBilling\ExtensionManager', $di['extension_manager']); $this->assertInstanceOf('\Box_Update', $di['updater']); $this->assertInstanceOf('\Server_Package', $di['server_package']); $this->assertInstanceOf('\Server_Client', $di['server_client']); $this->assertInstanceOf('\Server_Account', $di['server_account']); $this->assertTrue(isset($di['server_manager'])); $this->assertInstanceOf('\FOSSBilling\Requirements', $di['requirements']); $this->assertInstanceOf('\Box\Mod\Theme\Model\Theme', $di['theme']); $this->assertInstanceOf('\Model_Cart', $di['cart']); $this->assertInstanceOf('\GeoIp2\Database\Reader', $di['geoip']); $this->assertInstanceOf('\Box_Password', $di['password']); $this->assertInstanceOf('\Box_Translate', $di['translate']()); }",True,PHP,testInjector,DiTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-19 04:14:29-07:00,"Replace Box_Session and improve session handling (#1332) * Replace Box_Session and improve session handling * Improve weights, capitalize class name correctly * Make the tests pass, update the SQL structure * Tweak to the fingerprint class, fix more tests * Regenerate session IDs when logging in * Improve readability * Update ServiceTest.php * Tweak weights and added Huntr badge to the readme * Improve readability, add PHPDocs, and updated weight * Update SECURITY.md",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-3394,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36509,"public function testGetSessionCartExists() { $service = new \Box\Mod\Cart\Service(); $session_id = 'rrcpqo7tkjh14d2vmf0car64k7'; $model = new \Model_Cart(); $model->loadBean(new \DummyBean()); $model->session_id = $session_id; $dbMock = $this->getMockBuilder('Box_Database')->getMock(); $dbMock->expects($this->atLeastOnce()) ->method('findOne') ->will($this->returnValue($model)); $sessionMock = $this->getMockBuilder(""\Box_Session"") ->disableOriginalConstructor() ->getMock(); $sessionMock->expects($this->atLeastOnce()) ->method(""getId"") ->will($this->returnValue($session_id)); $di = new \Pimple\Container(); $di['db'] = $dbMock; $di['session'] = $sessionMock; $service->setDi($di); $result = $service->getSessionCart(); $this->assertInstanceOf('Model_Cart', $result); $this->assertEquals($result->session_id, $session_id); }",True,PHP,testGetSessionCartExists,ServiceTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-19 04:14:29-07:00,"Replace Box_Session and improve session handling (#1332) * Replace Box_Session and improve session handling * Improve weights, capitalize class name correctly * Make the tests pass, update the SQL structure * Tweak to the fingerprint class, fix more tests * Regenerate session IDs when logging in * Improve readability * Update ServiceTest.php * Tweak weights and added Huntr badge to the readme * Improve readability, add PHPDocs, and updated weight * Update SECURITY.md",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-3394,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36512,"public function testlogin() { $data = array( 'email' => 'test@example.com', 'password' => 'sezam', 'remember' => true, ); $model = new \Model_Client(); $model->loadBean(new \DummyBean()); $serviceMock = $this->getMockBuilder('\Box\Mod\Client\Service')->getMock(); $serviceMock->expects($this->atLeastOnce()) ->method('authorizeClient') ->with($data['email'], $data['password']) ->will($this->returnValue($model)); $serviceMock->expects($this->atLeastOnce()) ->method('toSessionArray') ->will($this->returnValue(array())); $eventMock = $this->getMockBuilder('\Box_EventManager')->getMock(); $eventMock->expects($this->atLeastOnce())-> method('fire'); $sessionMock = $this->getMockBuilder('\Box_Session') ->disableOriginalConstructor() ->getMock(); $sessionMock->expects($this->atLeastOnce()) ->method(""set""); $toolsMock = $this->getMockBuilder('\FOSSBilling\Tools')->getMock(); $validatorMock = $this->getMockBuilder('\FOSSBilling\Validate')->disableOriginalConstructor()->getMock(); $validatorMock->expects($this->atLeastOnce()) ->method('checkRequiredParamsForArray') ->will($this->returnValue(null)); $di = new \Pimple\Container(); $di['events_manager'] = $eventMock; $di['session'] = $sessionMock; $di['logger'] = new \Box_Log(); $di['validator'] = $validatorMock; $di['tools'] = $toolsMock; $client = new \Box\Mod\Client\Api\Guest(); $client->setDi($di); $client->setService($serviceMock); $results = $client->login($data); $this->assertIsArray($results); }",True,PHP,testlogin,GuestTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-19 04:14:29-07:00,"Replace Box_Session and improve session handling (#1332) * Replace Box_Session and improve session handling * Improve weights, capitalize class name correctly * Make the tests pass, update the SQL structure * Tweak to the fingerprint class, fix more tests * Regenerate session IDs when logging in * Improve readability * Update ServiceTest.php * Tweak weights and added Huntr badge to the readme * Improve readability, add PHPDocs, and updated weight * Update SECURITY.md",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-3394,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36514,public function testLogout() { $sessionMock = $this->getMockBuilder('\Box_Session') ->disableOriginalConstructor() ->getMock(); $di = new \Pimple\Container(); $di['session'] = $sessionMock; $di['logger'] = new \Box_Log(); $adminApi = new \Box\Mod\Profile\Api\Admin(); $adminApi->setDi($di); $result = $adminApi->logout(); $this->assertTrue($result); },True,PHP,testLogout,AdminTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-19 04:14:29-07:00,"Replace Box_Session and improve session handling (#1332) * Replace Box_Session and improve session handling * Improve weights, capitalize class name correctly * Make the tests pass, update the SQL structure * Tweak to the fingerprint class, fix more tests * Regenerate session IDs when logging in * Improve readability * Update ServiceTest.php * Tweak weights and added Huntr badge to the readme * Improve readability, add PHPDocs, and updated weight * Update SECURITY.md",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-3394,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36516,"public function testLogoutClient() { $sessionMock = $this->getMockBuilder(""\Box_Session"") ->disableOriginalConstructor() ->getMock(); $sessionMock->expects($this->atLeastOnce()) ->method(""delete""); $di = new \Pimple\Container(); $di['logger'] = new \Box_Log(); $di['session'] = $sessionMock; $model = new \Model_Client(); $model->loadBean(new \DummyBean()); $service = new Service(); $service->setDi($di); $result = $service->logoutClient($model, 'new password'); $this->assertTrue($result); }",True,PHP,testLogoutClient,ServiceTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-19 04:14:29-07:00,"Replace Box_Session and improve session handling (#1332) * Replace Box_Session and improve session handling * Improve weights, capitalize class name correctly * Make the tests pass, update the SQL structure * Tweak to the fingerprint class, fix more tests * Regenerate session IDs when logging in * Improve readability * Update ServiceTest.php * Tweak weights and added Huntr badge to the readme * Improve readability, add PHPDocs, and updated weight * Update SECURITY.md",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-3394,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36517,"public function testLogin() { $email = 'email@domain.com'; $password = 'pass'; $ip = '127.0.0.1'; $admin = new \Model_Admin(); $admin->loadBean(new \DummyBean()); $admin->id = 1; $admin->email = $email; $admin->name = 'Admin'; $admin->role = 'admin'; $emMock = $this->getMockBuilder('\Box_EventManager') ->getMock(); $emMock->expects($this->atLeastOnce()) ->method('fire') ->will($this->returnValue(true)); $dbMock = $this->getMockBuilder('\Box_Database') ->getMock(); $dbMock->expects($this->atLeastOnce()) ->method('findOne') ->will($this->returnValue($admin)); $sessionMock = $this->getMockBuilder('\Box_Session') ->disableOriginalConstructor() ->getMock(); $sessionMock->expects($this->atLeastOnce()) ->method('set') ->will($this->returnValue(null)); $authMock = $this->getMockBuilder('\Box_Authorization')->disableOriginalConstructor()->getMock(); $authMock->expects($this->atLeastOnce()) ->method('authorizeUser') ->with($admin, $password) ->willReturn($admin); $di = new \Pimple\Container(); $di['events_manager'] = $emMock; $di['db'] = $dbMock; $di['session'] = $sessionMock; $di['logger'] = new \Box_Log(); $di['auth'] = $authMock; $service = new \Box\Mod\Staff\Service(); $service->setDi($di); $result = $service->login($email, $password, $ip); $expected = array( 'id' => 1, 'email' => $email, 'name' => 'Admin', 'role' => 'admin', ); $this->assertEquals($expected, $result); }",True,PHP,testLogin,ServiceTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-19 04:14:29-07:00,"Replace Box_Session and improve session handling (#1332) * Replace Box_Session and improve session handling * Improve weights, capitalize class name correctly * Make the tests pass, update the SQL structure * Tweak to the fingerprint class, fix more tests * Regenerate session IDs when logging in * Improve readability * Update ServiceTest.php * Tweak weights and added Huntr badge to the readme * Improve readability, add PHPDocs, and updated weight * Update SECURITY.md",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-3394,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36519,public function testgetPendingMessages_GetReturnsNotArray() { $di = new \Pimple\Container(); $sessionMock = $this->getMockBuilder('\Box_Session')->disableOriginalConstructor()->getMock(); $sessionMock->expects($this->atLeastOnce()) ->method('get') ->with('pending_messages') ->willReturn(null); $di['session'] = $sessionMock; $this->service->setDi($di); $result = $this->service->getPendingMessages(); $this->assertIsArray($result); },True,PHP,testgetPendingMessages_GetReturnsNotArray,ServiceTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-19 04:14:29-07:00,"Replace Box_Session and improve session handling (#1332) * Replace Box_Session and improve session handling * Improve weights, capitalize class name correctly * Make the tests pass, update the SQL structure * Tweak to the fingerprint class, fix more tests * Regenerate session IDs when logging in * Improve readability * Update ServiceTest.php * Tweak weights and added Huntr badge to the readme * Improve readability, add PHPDocs, and updated weight * Update SECURITY.md",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-3394,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36522,public function testsetPendingMessage() { $serviceMock = $this->getMockBuilder('\Box\Mod\System\Service') ->setMethods(array('getPendingMessages')) ->getMock(); $serviceMock->expects($this->atLeastOnce()) ->method('getPendingMessages') ->willReturn(array()); $di = new \Pimple\Container(); $sessionMock = $this->getMockBuilder('\Box_Session')->disableOriginalConstructor()->getMock(); $sessionMock->expects($this->atLeastOnce()) ->method('set') ->with('pending_messages'); $di['session'] = $sessionMock; $serviceMock->setDi($di); $message = 'Important Message'; $result = $serviceMock->setPendingMessage($message); $this->assertTrue($result); },True,PHP,testsetPendingMessage,ServiceTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-19 04:14:29-07:00,"Replace Box_Session and improve session handling (#1332) * Replace Box_Session and improve session handling * Improve weights, capitalize class name correctly * Make the tests pass, update the SQL structure * Tweak to the fingerprint class, fix more tests * Regenerate session IDs when logging in * Improve readability * Update ServiceTest.php * Tweak weights and added Huntr badge to the readme * Improve readability, add PHPDocs, and updated weight * Update SECURITY.md",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-3394,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36524,public function testgetPendingMessages() { $di = new \Pimple\Container(); $sessionMock = $this->getMockBuilder('\Box_Session')->disableOriginalConstructor()->getMock(); $sessionMock->expects($this->atLeastOnce()) ->method('get') ->with('pending_messages') ->willReturn(array()); $di['session'] = $sessionMock; $this->service->setDi($di); $result = $this->service->getPendingMessages(); $this->assertIsArray($result); },True,PHP,testgetPendingMessages,ServiceTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-19 04:14:29-07:00,"Replace Box_Session and improve session handling (#1332) * Replace Box_Session and improve session handling * Improve weights, capitalize class name correctly * Make the tests pass, update the SQL structure * Tweak to the fingerprint class, fix more tests * Regenerate session IDs when logging in * Improve readability * Update ServiceTest.php * Tweak weights and added Huntr badge to the readme * Improve readability, add PHPDocs, and updated weight * Update SECURITY.md",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-3394,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36526,public function testclearPendingMessages() { $di = new \Pimple\Container(); $sessionMock = $this->getMockBuilder('\Box_Session')->disableOriginalConstructor()->getMock(); $sessionMock->expects($this->atLeastOnce()) ->method('delete') ->with('pending_messages'); $di['session'] = $sessionMock; $this->service->setDi($di); $result = $this->service->clearPendingMessages(); $this->assertTrue($result); },True,PHP,testclearPendingMessages,ServiceTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-19 04:14:29-07:00,"Replace Box_Session and improve session handling (#1332) * Replace Box_Session and improve session handling * Improve weights, capitalize class name correctly * Make the tests pass, update the SQL structure * Tweak to the fingerprint class, fix more tests * Regenerate session IDs when logging in * Improve readability * Update ServiceTest.php * Tweak weights and added Huntr badge to the readme * Improve readability, add PHPDocs, and updated weight * Update SECURITY.md",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-3394,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36535,"public function getSimpleResultSet($q, $values, $per_page = 100, $page = null) { if (is_null($page)){ $page = $_GET['page'] ?? 1; } $per_page = $_GET['per_page'] ?? $per_page; $offset = ($page - 1) * $per_page; $sql = $q; $sql .= sprintf(' LIMIT %s,%s', $offset, $per_page); $result = $this->di['db']->getAll($sql, $values); $exploded = explode('FROM', $q); $sql = 'SELECT count(1) FROM ' . $exploded[1]; $total = $this->di['db']->getCell($sql , $values); $pages = ($per_page > 1) ? (int)ceil($total / $per_page) : 1; return array( ""pages"" => $pages, ""page"" => $page, ""per_page"" => $per_page, ""total"" => $total, ""list"" => $result, ); }",True,PHP,getSimpleResultSet,Pagination.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-30 22:51:50+02:00,"Limit ""LIMIT"" to numbers only + Disable upload theme (#1392) * Prevent non numeric values being used in limits Potential abuse for Sql injection Only allow integers to be used Adjust exception * Disable upload assets via Theme pages File upload was removed in an earlier PR * Make sure the test run fine * Fix the tests * Use limit instead of per_page * And another fix --------- Co-authored-by: Belle Aerni ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-3490,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36536,"public function getSimpleResultSet($q, $values, $per_page = 100, $page = null) { if (is_null($page)){ $page = $_GET['page'] ?? 1; } $per_page = $_GET['per_page'] ?? $per_page; $offset = ($page - 1) * $per_page; $sql = $q; $sql .= sprintf(' LIMIT %s,%s', $offset, $per_page); $result = $this->di['db']->getAll($sql, $values); $exploded = explode('FROM', $q); $sql = 'SELECT count(1) FROM ' . $exploded[1]; $total = $this->di['db']->getCell($sql , $values); $pages = ($per_page > 1) ? (int)ceil($total / $per_page) : 1; return array( ""pages"" => $pages, ""page"" => $page, ""per_page"" => $per_page, ""total"" => $total, ""list"" => $result, ); }",True,PHP,getSimpleResultSet,Pagination.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-30 22:51:50+02:00,"Limit ""LIMIT"" to numbers only + Disable upload theme (#1392) * Prevent non numeric values being used in limits Potential abuse for Sql injection Only allow integers to be used Adjust exception * Disable upload assets via Theme pages File upload was removed in an earlier PR * Make sure the test run fine * Fix the tests * Use limit instead of per_page * And another fix --------- Co-authored-by: Belle Aerni ",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-3491,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36546,"public function testuploadAssets() { $files = array( 'file1' => array( 'error' => UPLOAD_ERR_NO_FILE, ), 'file2' => array( 'error' => UPLOAD_ERR_OK, 'tmp_name' => 'tmpName', ), ); $service = new \Box\Mod\Theme\Service(); $service->setDi($this->di); $themeModel = $service->getTheme('huraga'); $service->uploadAssets($themeModel, $files); }",True,PHP,testuploadAssets,ServiceTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-30 22:51:50+02:00,"Limit ""LIMIT"" to numbers only + Disable upload theme (#1392) * Prevent non numeric values being used in limits Potential abuse for Sql injection Only allow integers to be used Adjust exception * Disable upload assets via Theme pages File upload was removed in an earlier PR * Make sure the test run fine * Fix the tests * Use limit instead of per_page * And another fix --------- Co-authored-by: Belle Aerni ",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-3491,foreach ($events as $event) { $extevents[$date][] = $event; } 36547,"public function testuploadAssets_Exception() { $themeMock = $this->getMockBuilder('\Box\Mod\Theme\Model\Theme')->disableOriginalConstructor()->getMock(); $themeMock->expects($this->atLeastOnce()) ->method('getPathAssets'); $files = array( 'test0' => array( 'error' => UPLOAD_ERR_CANT_WRITE ), ); $this->expectException(\Box_Exception::class); $this->expectExceptionMessage(sprintf(""Error uploading file %s Error code: %d"", 'test0', UPLOAD_ERR_CANT_WRITE)); $this->service->uploadAssets($themeMock, $files); }",True,PHP,testuploadAssets_Exception,ServiceTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-30 22:51:50+02:00,"Limit ""LIMIT"" to numbers only + Disable upload theme (#1392) * Prevent non numeric values being used in limits Potential abuse for Sql injection Only allow integers to be used Adjust exception * Disable upload assets via Theme pages File upload was removed in an earlier PR * Make sure the test run fine * Fix the tests * Use limit instead of per_page * And another fix --------- Co-authored-by: Belle Aerni ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-3490,foreach ($events as $event) { $extevents[$date][] = $event; } 36548,"public function testuploadAssets_Exception() { $themeMock = $this->getMockBuilder('\Box\Mod\Theme\Model\Theme')->disableOriginalConstructor()->getMock(); $themeMock->expects($this->atLeastOnce()) ->method('getPathAssets'); $files = array( 'test0' => array( 'error' => UPLOAD_ERR_CANT_WRITE ), ); $this->expectException(\Box_Exception::class); $this->expectExceptionMessage(sprintf(""Error uploading file %s Error code: %d"", 'test0', UPLOAD_ERR_CANT_WRITE)); $this->service->uploadAssets($themeMock, $files); }",True,PHP,testuploadAssets_Exception,ServiceTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-30 22:51:50+02:00,"Limit ""LIMIT"" to numbers only + Disable upload theme (#1392) * Prevent non numeric values being used in limits Potential abuse for Sql injection Only allow integers to be used Adjust exception * Disable upload assets via Theme pages File upload was removed in an earlier PR * Make sure the test run fine * Fix the tests * Use limit instead of per_page * And another fix --------- Co-authored-by: Belle Aerni ",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-3491,foreach ($events as $event) { $extevents[$date][] = $event; } 36549,"public function testuploadAssets() { $themeMock = $this->getMockBuilder('\Box\Mod\Theme\Model\Theme')->disableOriginalConstructor()->getMock(); $themeMock->expects($this->atLeastOnce()) ->method('getPathAssets'); $files = array( 'test2' => array( 'error' => UPLOAD_ERR_NO_FILE ), 'test1' => array( 'error' => UPLOAD_ERR_OK, 'tmp_name' => 'tempName', ), ); $this->service->uploadAssets($themeMock, $files); }",True,PHP,testuploadAssets,ServiceTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-30 22:51:50+02:00,"Limit ""LIMIT"" to numbers only + Disable upload theme (#1392) * Prevent non numeric values being used in limits Potential abuse for Sql injection Only allow integers to be used Adjust exception * Disable upload assets via Theme pages File upload was removed in an earlier PR * Make sure the test run fine * Fix the tests * Use limit instead of per_page * And another fix --------- Co-authored-by: Belle Aerni ",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-3490,foreach ($events as $event) { $extevents[$date][] = $event; } 36550,"public function testuploadAssets() { $themeMock = $this->getMockBuilder('\Box\Mod\Theme\Model\Theme')->disableOriginalConstructor()->getMock(); $themeMock->expects($this->atLeastOnce()) ->method('getPathAssets'); $files = array( 'test2' => array( 'error' => UPLOAD_ERR_NO_FILE ), 'test1' => array( 'error' => UPLOAD_ERR_OK, 'tmp_name' => 'tempName', ), ); $this->service->uploadAssets($themeMock, $files); }",True,PHP,testuploadAssets,ServiceTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-06-30 22:51:50+02:00,"Limit ""LIMIT"" to numbers only + Disable upload theme (#1392) * Prevent non numeric values being used in limits Potential abuse for Sql injection Only allow integers to be used Adjust exception * Disable upload assets via Theme pages File upload was removed in an earlier PR * Make sure the test run fine * Fix the tests * Use limit instead of per_page * And another fix --------- Co-authored-by: Belle Aerni ",CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-3491,foreach ($events as $event) { $extevents[$date][] = $event; } 36552,"public function generatePage(int $code, string $message) { $error = $this->getCodeInfo($code); $error['message'] ??= __trans('Uh-oh! You\'ve received a generic error message: :errorMessage', [':errorMessage' => '' . $message . '']); $page = ' FOSSBilling Error | ' . $error['title'] . '

    ' . $error['title'] . '

    ' . __trans('Error Code:

    ' . __trans('Component: :category', [':category' => $error['category']]) . '

    ' . $error['message'] . '

    ' . $message . '

    ' . $error['link']['label'] . '

    Powered By FOSSBilling

    '; echo $page; die(); }",True,PHP,generatePage,ErrorPage.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-07-01 14:58:13+02:00,Prevent exceptions from being interpreted as HTML (#1394),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-3521,foreach ($events as $event) { $extevents[$date][] = $event; } 36554,"$result = ['result' => null, 'error' => ['message' => $e->getMessage(), 'code' => $code]];",True,PHP,$result,load.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-07-01 14:58:13+02:00,Prevent exceptions from being interpreted as HTML (#1394),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-3521,foreach ($events as $event) { $extevents[$date][] = $event; } 36555,"public function change_password($data) { $required = [ 'current_password' => 'Current password required', 'new_password' => 'New password required', 'confirm_password' => 'New password confirmation required', ]; $validator = $this->di['validator']; $validator->checkRequiredParamsForArray($required, $data); $validator->isPasswordStrong($data['new_password']); if ($data['new_password'] != $data['confirm_password']) { throw new \Exception('Passwords do not match'); } $staff = $this->getIdentity(); if(!$this->di['password']->verify($data['current_password'], $staff->pass)) { throw new \Exception('Current password incorrect'); } return $this->getService()->changeAdminPassword($staff, $data['new_password']); }",True,PHP,change_password,Admin.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-07-20 13:23:44+01:00,Invalidate existing sessions during PW reset (#1435),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-4005,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36557,"public function change_password($data) { $required = [ 'current_password' => 'Current password required', 'new_password' => 'New password required', 'confirm_password' => 'New password confirmation required', ]; $this->di['validator']->checkRequiredParamsForArray($required, $data); $this->di['validator']->isPasswordStrong($data['new_password']); if ($data['new_password'] != $data['confirm_password']) { throw new \Exception('Passwords do not match'); } $client = $this->getIdentity(); if(!$this->di['password']->verify($data['current_password'], $client->pass)) { throw new \Exception('Current password incorrect'); } return $this->getService()->changeClientPassword($client, $data['new_password']); }",True,PHP,change_password,Client.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-07-20 13:23:44+01:00,Invalidate existing sessions during PW reset (#1435),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-4005,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36560,"public function testchange_password() { $data = array( 'id' => 1, 'password' => 'strongPass', 'password_confirm' => 'strongPass', ); $model = new \Model_Client(); $model->loadBean(new \DummyBean()); $dbMock = $this->getMockBuilder('\Box_Database')->getMock(); $dbMock->expects($this->atLeastOnce()) ->method('getExistingModelById')->will($this->returnValue($model)); $dbMock->expects($this->atLeastOnce()) ->method('store')->will($this->returnValue(1)); $eventMock = $this->getMockBuilder('\Box_EventManager')->getMock(); $eventMock->expects($this->atLeastOnce())-> method('fire'); $passwordMock = $this->getMockBuilder('\Box_Password')->getMock(); $passwordMock->expects($this->atLeastOnce()) ->method('hashIt') ->with($data['password']); $di = new \Pimple\Container(); $di['db'] = $dbMock; $di['events_manager'] = $eventMock; $di['logger'] = new \Box_Log(); $di['password'] = $passwordMock; $validatorMock = $this->getMockBuilder('\FOSSBilling\Validate')->disableOriginalConstructor()->getMock(); $validatorMock->expects($this->atLeastOnce()) ->method('checkRequiredParamsForArray') ->will($this->returnValue(null)); $di['validator'] = $validatorMock; $admin_Client = new \Box\Mod\Client\Api\Admin(); $admin_Client->setDi($di); $result = $admin_Client->change_password($data); $this->assertTrue($result); }",True,PHP,testchange_password,AdminTest.php,https://github.com/fossbilling/fossbilling,fossbilling,GitHub,2023-07-20 13:23:44+01:00,Invalidate existing sessions during PW reset (#1435),CWE-613,Insufficient Session Expiration,"According to WASC, ""Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.""",https://cwe.mitre.org/data/definitions/613.html,CVE-2023-4005,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36561,"public function __construct(ProcessHandlerRegistry $registry, Security $security) { $this->registry = $registry; $this->security = $security; }",True,PHP,__construct,ProcessDataPersister.php,https://github.com/salesagility/suitecrm-core,salesagility,Jack Anderson,2023-05-15 13:23:12+01:00,SuiteCRM 8.3.0 Release,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-3293,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36565,"public function __construct( string $projectDir, string $legacyDir, string $legacySessionName, string $defaultSessionName, LegacyScopeState $legacyScopeState, SessionInterface $session, ModuleNameMapperInterface $moduleNameMapper, BaseActionDefinitionProviderInterface $baseActionDefinitionProvider, LegacyActionResolverInterface $legacyActionResolver, AclManagerInterface $acl ) { parent::__construct( $projectDir, $legacyDir, $legacySessionName, $defaultSessionName, $legacyScopeState, $session ); $this->moduleNameMapper = $moduleNameMapper; $this->baseActionDefinitionProvider = $baseActionDefinitionProvider; $this->legacyActionResolver = $legacyActionResolver; $this->acl = $acl; }",True,PHP,__construct,UserACLHandler.php,https://github.com/salesagility/suitecrm-core,salesagility,Jack Anderson,2023-05-15 13:23:12+01:00,SuiteCRM 8.3.0 Release,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-3293,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36572,"public static function redirect( $url ) { if (!empty($_REQUEST['ajax_load'])) { ob_get_clean(); $ajax_ret = array( 'content' => ""\n"", 'menu' => array( 'module' => $_REQUEST['module'], 'label' => translate($_REQUEST['module']), ), ); $json = getJSONobj(); echo $json->encode($ajax_ret); } else { if (headers_sent()) { echo ""\n""; } else { session_write_close(); header('HTTP/1.1 301 Moved Permanently'); header(""Location: "" . $url); } } if (!defined('SUITE_PHPUNIT_RUNNER')) { exit(); } }",True,PHP,redirect,SugarApplication.php,https://github.com/salesagility/suitecrm-core,salesagility,Jack Anderson,2023-05-15 13:23:12+01:00,SuiteCRM 8.3.0 Release,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-3293,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36573,"public function handleAccessControl() { if ($GLOBALS['current_user']->isDeveloperForAnyModule()) { return; } if (!empty($_REQUEST['action']) && $_REQUEST['action'] == ""RetrieveEmail"") { return; } if (!is_admin($GLOBALS['current_user']) && !empty($GLOBALS['adminOnlyList'][$this->controller->module]) && !empty($GLOBALS['adminOnlyList'][$this->controller->module]['all']) && (empty($GLOBALS['adminOnlyList'][$this->controller->module][$this->controller->action]) || $GLOBALS['adminOnlyList'][$this->controller->module][$this->controller->action] != 'allow')) { $this->controller->hasAccess = false; return; } if (isset($_POST['action']) && $_POST['action'] == 'SubpanelCreates') { $actual_module = $_POST['target_module']; if (!empty($GLOBALS['modListHeader']) && !in_array($actual_module, $GLOBALS['modListHeader'])) { $this->controller->hasAccess = false; } return; } if (!empty($GLOBALS['current_user']) && empty($GLOBALS['modListHeader'])) { $GLOBALS['modListHeader'] = query_module_access_list($GLOBALS['current_user']); } if (in_array($this->controller->module, $GLOBALS['modInvisList']) && ((in_array('Activities', $GLOBALS['moduleList']) && in_array('Calendar', $GLOBALS['moduleList'])) && in_array($this->controller->module, $GLOBALS['modInvisListActivities'])) ) { $this->controller->hasAccess = false; return; } }",True,PHP,handleAccessControl,SugarApplication.php,https://github.com/salesagility/suitecrm-core,salesagility,Jack Anderson,2023-05-15 13:23:12+01:00,SuiteCRM 8.3.0 Release,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-3293,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36574,"function smarty_function_sugarvar($params, &$smarty) { if(empty($params['key'])) { $smarty->trigger_error(""sugarvar: missing 'key' parameter""); return; } $object = (empty($params['objectName']))?$smarty->get_template_vars('parentFieldArray'): $params['objectName']; $displayParams = $smarty->get_template_vars('displayParams'); if(empty($params['memberName'])){ $member = $smarty->get_template_vars('vardef'); $member = $member['name']; }else{ $members = explode('.', $params['memberName']); $member = $smarty->get_template_vars($members[0]); for($i = 1; $i < count($members); $i++){ $member = $member[$members[$i]]; } } $_contents = '$'. $object . '.' . $member . '.' . $params['key']; if(empty($params['stringFormat']) && empty($params['string'])) { $_contents = '{' . $_contents; if(!empty($displayParams['htmlescape'])){ $_contents .= '|escape:\'html\''; } if(!empty($params['htmlentitydecode'])){ $_contents .= '|escape:\'html_entity_decode\''; } if(!empty($displayParams['strip_tags'])){ $_contents .= '|strip_tags'; } if(!empty($displayParams['url2html'])){ $_contents .= '|url2html'; } if(!empty($displayParams['nl2br'])){ $_contents .= '|nl2br'; } $_contents .= '}'; } return $_contents; }",True,PHP,smarty_function_sugarvar,function.sugarvar.php,https://github.com/salesagility/suitecrm-core,salesagility,Jack Anderson,2023-05-15 13:23:12+01:00,SuiteCRM 8.3.0 Release,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-3293,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36577,"public function setup($parentFieldArray, $vardef, $displayParams, $tabindex, $twopass = true) { parent::setup($parentFieldArray, $vardef, $displayParams, $tabindex, $twopass); $editor = """"; if (isset($vardef['editor']) && $vardef['editor'] == ""html"") { if (!isset($displayParams['htmlescape'])) { $displayParams['htmlescape'] = false; } if ($_REQUEST['action'] == ""EditView"") { require_once(__DIR__ . ""/../../../../include/SugarTinyMCE.php""); $tiny = new SugarTinyMCE(); $editor = $tiny->getInstance($vardef['name'], 'email_compose_light'); } } $this->ss->assign(""tinymce"", $editor); }",True,PHP,setup,SugarFieldText.php,https://github.com/salesagility/suitecrm-core,salesagility,Jack Anderson,2023-05-15 13:23:12+01:00,SuiteCRM 8.3.0 Release,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-3293,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36586,"public function isValid($emailAddress) { return (bool) preg_match('/^\S+\@\S+\.\S+$/', $emailAddress); }",True,PHP,isValid,EmailValidator.php,https://github.com/shopware5/shopware,shopware5,Susanne Hartung,2023-05-10 08:48:25+02:00,SW-27102 - changing custom email validation to PHPs FILTER_VALIDATE_EMAIL,CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2023-34099,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36587,"public function getinvalidEmails() { return [ ['test'], ['test@.de'], ['@example'], ['@example.de'], ['@.'], [' @foo.de'], ['@foo.'], ['foo@ .de'], ['foo@bar. '], ]; }",True,PHP,getinvalidEmails,EmailValidatorTest.php,https://github.com/shopware5/shopware,shopware5,Susanne Hartung,2023-05-10 08:48:25+02:00,SW-27102 - changing custom email validation to PHPs FILTER_VALIDATE_EMAIL,CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2023-34099,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36588,public function testInvalidEmails($email) { static::assertFalse($this->SUT->isValid($email)); },True,PHP,testInvalidEmails,EmailValidatorTest.php,https://github.com/shopware5/shopware,shopware5,Susanne Hartung,2023-05-10 08:48:25+02:00,SW-27102 - changing custom email validation to PHPs FILTER_VALIDATE_EMAIL,CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2023-34099,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36589,"public function getValidEmails() { return [ ['test@example.de'], ['test@example.com'], ['test@example.org'], ['test@example.berlin'], ['test@example.email'], ['test@example.systems'], ['test@example.active'], ['test@example.love'], ['test@example.video'], ['test@example.app'], ['test@example.shop'], ['disposable.style.email.with+symbol@example.com'], ['other.email-with-dash@example.com'], ]; }",True,PHP,getValidEmails,EmailValidatorTest.php,https://github.com/shopware5/shopware,shopware5,Susanne Hartung,2023-05-10 08:48:25+02:00,SW-27102 - changing custom email validation to PHPs FILTER_VALIDATE_EMAIL,CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2023-34099,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36590,public function testValidEmails($email) { static::assertTrue($this->SUT->isValid($email)); },True,PHP,testValidEmails,EmailValidatorTest.php,https://github.com/shopware5/shopware,shopware5,Susanne Hartung,2023-05-10 08:48:25+02:00,SW-27102 - changing custom email validation to PHPs FILTER_VALIDATE_EMAIL,CWE-754,Improper Check for Unusual or Exceptional Conditions,The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.,https://cwe.mitre.org/data/definitions/754.html,CVE-2023-34099,foreach ($days as $value) { $regitem[] = $value; } 36594,"$file = Url::assemble($location, $name); if (File::exists($file)) { $svg = StaticStringy::collapseWhitespace( File::get($file) ); break; } } $attributes = $this->renderAttributesFromParams(['src', 'title', 'desc']); if ($this->params->get('title') || $this->params->get('desc')) { $svg = $this->setTitleAndDesc($svg); } return str_replace( 'filter()->implode(' '), $svg ); }",True,PHP,assemble,Svg.php,https://github.com/statamic/cms,statamic,GitHub,2023-07-05 12:26:57-04:00,[4.x] SVG tag sanitization (#8408),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36828,foreach ($days as $value) { $regitem[] = $value; } 36603,"private function tag($tag) { return Parse::template($tag, []); }",True,PHP,tag,SvgTagTest.php,https://github.com/statamic/cms,statamic,GitHub,2023-07-05 12:26:57-04:00,[4.x] SVG tag sanitization (#8408),CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-36828,foreach ($days as $value) { $regitem[] = $value; } 36606,"protected function putFile($sourcePath, $destinationFileName = null) { if (!$destinationFileName) { $destinationFileName = $this->disk_name; } $destinationPath = $this->getStorageDirectory() . $this->getPartitionDirectory(); if (!$this->isLocalStorage()) { return $this->copyLocalToStorage($sourcePath, $destinationPath . $destinationFileName); } $destinationPath = $this->getLocalRootPath() . '/' . $destinationPath; if ( !FileHelper::isDirectory($destinationPath) && !FileHelper::makeDirectory($destinationPath, 0777, true, true) ) { trigger_error(error_get_last()['message'], E_USER_WARNING); } return FileHelper::copy($sourcePath, $destinationPath . $destinationFileName); }",True,PHP,putFile,File.php,https://github.com/wintercms/storm,wintercms,Luke Towers,2023-07-07 11:52:24-06:00,Add support for uploading SVGs,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-37269,foreach ($days as $value) { $regitem[] = $value; } 36607,"function encode($string = '', $skey = 'cxphp') { $strArr = str_split(base64_encode($string)); $strCount = count($strArr); foreach (str_split($skey) as $key => $value) $key < $strCount && $strArr[$key] .= $value; return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr)); }",True,PHP,encode,article-chat.php,https://github.com/OpenRapid/rapidcms,OpenRapid,codewyx,2023-07-11 22:59:19+08:00,1.3.1.2,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-3852,foreach ($days as $value) { $regitem[] = $value; } 36608,"function encode($string = '', $skey = 'cxphp') { $strArr = str_split(base64_encode($string)); $strCount = count($strArr); foreach (str_split($skey) as $key => $value) $key < $strCount && $strArr[$key] .= $value; return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr)); }",True,PHP,encode,article-chat.php,https://github.com/OpenRapid/rapidcms,OpenRapid,codewyx,2023-07-11 22:59:19+08:00,1.3.1.2,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2023-4448,foreach ($days as $value) { $regitem[] = $value; } 36609,"function encode($string = '', $skey = 'cxphp') { $strArr = str_split(base64_encode($string)); $strCount = count($strArr); foreach (str_split($skey) as $key => $value) $key < $strCount && $strArr[$key] .= $value; return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr)); }",True,PHP,encode,article-edit.php,https://github.com/OpenRapid/rapidcms,OpenRapid,codewyx,2023-07-11 22:59:19+08:00,1.3.1.2,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-3852,foreach ($days as $value) { $regitem[] = $value; } 36610,"function encode($string = '', $skey = 'cxphp') { $strArr = str_split(base64_encode($string)); $strCount = count($strArr); foreach (str_split($skey) as $key => $value) $key < $strCount && $strArr[$key] .= $value; return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr)); }",True,PHP,encode,article-edit.php,https://github.com/OpenRapid/rapidcms,OpenRapid,codewyx,2023-07-11 22:59:19+08:00,1.3.1.2,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2023-4448,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36611,"function encode($string = '', $skey = 'cxphp') { $strArr = str_split(base64_encode($string)); $strCount = count($strArr); foreach (str_split($skey) as $key => $value) $key < $strCount && $strArr[$key] .= $value; return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr)); }",True,PHP,encode,article.php,https://github.com/OpenRapid/rapidcms,OpenRapid,codewyx,2023-07-11 22:59:19+08:00,1.3.1.2,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-3852,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36612,"function encode($string = '', $skey = 'cxphp') { $strArr = str_split(base64_encode($string)); $strCount = count($strArr); foreach (str_split($skey) as $key => $value) $key < $strCount && $strArr[$key] .= $value; return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr)); }",True,PHP,encode,article.php,https://github.com/OpenRapid/rapidcms,OpenRapid,codewyx,2023-07-11 22:59:19+08:00,1.3.1.2,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2023-4448,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36615,"function encode($string = '', $skey = 'cxphp') { $strArr = str_split(base64_encode($string)); $strCount = count($strArr); foreach (str_split($skey) as $key => $value) $key < $strCount && $strArr[$key] .= $value; return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr)); }",True,PHP,encode,cate-edit.php,https://github.com/OpenRapid/rapidcms,OpenRapid,codewyx,2023-07-11 22:59:19+08:00,1.3.1.2,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-3852,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36616,"function encode($string = '', $skey = 'cxphp') { $strArr = str_split(base64_encode($string)); $strCount = count($strArr); foreach (str_split($skey) as $key => $value) $key < $strCount && $strArr[$key] .= $value; return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr)); }",True,PHP,encode,cate-edit.php,https://github.com/OpenRapid/rapidcms,OpenRapid,codewyx,2023-07-11 22:59:19+08:00,1.3.1.2,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2023-4448,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36617,"function encode($string = '', $skey = 'cxphp') { $strArr = str_split(base64_encode($string)); $strCount = count($strArr); foreach (str_split($skey) as $key => $value) $key < $strCount && $strArr[$key] .= $value; return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr)); }",True,PHP,encode,category.php,https://github.com/OpenRapid/rapidcms,OpenRapid,codewyx,2023-07-11 22:59:19+08:00,1.3.1.2,CWE-434,Unrestricted Upload of File with Dangerous Type,The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.,https://cwe.mitre.org/data/definitions/434.html,CVE-2023-3852,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36618,"function encode($string = '', $skey = 'cxphp') { $strArr = str_split(base64_encode($string)); $strCount = count($strArr); foreach (str_split($skey) as $key => $value) $key < $strCount && $strArr[$key] .= $value; return str_replace(array('=', '+', '/'), array('O0O0O', 'o000o', 'oo00o'), join('', $strArr)); }",True,PHP,encode,category.php,https://github.com/OpenRapid/rapidcms,OpenRapid,codewyx,2023-07-11 22:59:19+08:00,1.3.1.2,CWE-640,Weak Password Recovery Mechanism for Forgotten Password,"The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.",https://cwe.mitre.org/data/definitions/640.html,CVE-2023-4448,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36638,"function html_input($type = 'text', $name = '', $value = '', $attributes = []) { if ($type === 'password') { $attributes['autocomplete'] = 'off'; } $attributes['type'] = $type; $attributes['name'] = $name; $attributes['value'] = $value; return html_tag_short('input', $attributes, 'input form-control'); }",True,PHP,html_input,template.helper.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-05 15:30:12+03:00,"Vulnerabilities fixed, thanks to huntr.dev",CWE-89,Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",https://cwe.mitre.org/data/definitions/89.html,CVE-2023-4188,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36639,"function html_input($type = 'text', $name = '', $value = '', $attributes = []) { if ($type === 'password') { $attributes['autocomplete'] = 'off'; } $attributes['type'] = $type; $attributes['name'] = $name; $attributes['value'] = $value; return html_tag_short('input', $attributes, 'input form-control'); }",True,PHP,html_input,template.helper.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-05 15:30:12+03:00,"Vulnerabilities fixed, thanks to huntr.dev",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4189,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36643,"private function uploadPackage(){ $this->cms_uploader->enableRemoteUpload(); if (!$this->cms_uploader->isUploaded($this->upload_name) && !$this->cms_uploader->isUploadedFromLink($this->upload_name)){ $last_error = $this->cms_uploader->getLastError(); if($last_error){ cmsUser::addSessionMessage($last_error, 'error'); } return false; } files_clear_directory(cmsConfig::get('upload_path') . $this->installer_upload_path); $result = $this->cms_uploader->upload($this->upload_name, $this->upload_exts, 0, $this->installer_upload_path); if (!$result['success']){ cmsUser::addSessionMessage($result['error'], 'error'); return false; } return $result['name']; }",True,PHP,uploadPackage,install.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36646,"public function uploadForm($post_filename, $allowed_ext = false, $allowed_size = 0, $destination = false){ $source = $_FILES[$post_filename]['tmp_name']; $error_code = $_FILES[$post_filename]['error']; $dest_size = (int)$_FILES[$post_filename]['size']; $dest_name = files_sanitize_name($_FILES[$post_filename]['name']); $dest_ext = pathinfo($dest_name, PATHINFO_EXTENSION); if(!$this->checkExt($dest_ext, $allowed_ext)){ return array( 'error' => LANG_UPLOAD_ERR_MIME, 'success' => false, 'name' => $dest_name ); } if($this->allowed_mime !== false){ if(!$this->isMimeTypeAllowed($source)){ return array( 'error' => LANG_UPLOAD_ERR_MIME.'. '.sprintf(LANG_PARSER_FILE_EXTS_FIELD_HINT, implode(', ', $this->allowed_mime_ext)), 'success' => false, 'name' => $dest_name ); } } if ($allowed_size){ if ($dest_size > $allowed_size){ return array( 'error' => sprintf(LANG_UPLOAD_ERR_INI_SIZE, files_format_bytes($allowed_size)), 'success' => false, 'name' => $dest_name ); } } if (!$destination){ $destination = $this->getUploadDestinationDirectory(); } else { $destination = $this->site_cfg->upload_path . $destination . '/'; } if (!$this->file_name) { $this->file_name = pathinfo($dest_name, PATHINFO_FILENAME); } $destination .= $this->getFileName($destination, $dest_ext); return $this->moveUploadedFile($source, $destination, $error_code, $dest_name, $dest_size); }",True,PHP,uploadForm,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36649,public function disableRemoteUpload() { $this->allow_remote = false; return $this; },True,PHP,disableRemoteUpload,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36651,public function isImage($src){ $size = getimagesize($src); return $size !== false; },True,PHP,isImage,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36652,"public function getXHRFileSize(){ if (isset($_SERVER[""CONTENT_LENGTH""])){ return (int)$_SERVER[""CONTENT_LENGTH""]; } else { return false; } }",True,PHP,getXHRFileSize,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,foreach ($days as $event) { if (empty($event->eventdate->date) || ($viewrange == 'upcoming' && $event->eventdate->date < time())) break; if (empty($event->eventstart)) $event->eventstart = $event->eventdate->date; $extitem[] = $event; } 36653,public function remove($file_path){ return @unlink($file_path); },True,PHP,remove,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36654,"public function upload($post_filename, $allowed_ext = false, $allowed_size = 0, $destination = false){ if ($this->isUploadedFromLink($post_filename)){ return $this->uploadFromLink($post_filename, $allowed_ext, $allowed_size, $destination); } if ($this->isUploadedXHR($post_filename)){ return $this->uploadXHR($post_filename, $allowed_ext, $allowed_size, $destination); } if ($this->isUploaded($post_filename)){ return $this->uploadForm($post_filename, $allowed_ext, $allowed_size, $destination); } $last_error = $this->getLastError(); return array( 'success' => false, 'error' => ($last_error ? $last_error : LANG_UPLOAD_ERR_NO_FILE) ); }",True,PHP,upload,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36656,"private function moveUploadedFile($source, $destination, $errorCode, $orig_name='', $orig_size=0){ if($errorCode !== UPLOAD_ERR_OK && isset($this->upload_errors[$errorCode])){ return array( 'success' => false, 'error' => $this->upload_errors[$errorCode], 'name' => $orig_name, 'path' => '' ); } $upload_dir = dirname($destination); if (!is_writable($upload_dir)){ @chmod($upload_dir, 0777); } if (!is_writable($upload_dir)){ return array( 'success' => false, 'error' => LANG_UPLOAD_ERR_CANT_WRITE, 'name' => $orig_name, 'path' => '' ); } return array( 'success' => @move_uploaded_file($source, $destination), 'path' => $destination, 'url' => str_replace($this->site_cfg->upload_path, '', $destination), 'name' => basename($destination), 'size' => $orig_size, 'error' => $this->upload_errors[$errorCode] ); }",True,PHP,moveUploadedFile,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36659,"private function getFileName($path, $file_ext, $file_name = false) { if(!$file_name){ if($this->file_name){ $file_name = str_replace('.'.$file_ext, '', files_sanitize_name($this->file_name.'.'.$file_ext)); } else { $file_name = substr(md5(microtime(true)), 0, 8); } } if (file_exists($path.$file_name.'.'.$file_ext)) { return $this->getFileName($path, $file_ext, $file_name.'_'.md5(microtime(true))); } return $file_name.'.'.$file_ext; }",True,PHP,getFileName,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36660,"private function isMimeTypeAllowed($file_path) { $finfo = finfo_open(FILEINFO_MIME_TYPE); $file_mime = finfo_file($finfo, $file_path); if($file_mime === false){ return false; } return in_array($file_mime, $this->allowed_mime); }",True,PHP,isMimeTypeAllowed,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36661,public function isUploadedXHR($name){ return !empty($_GET['qqfile']); },True,PHP,isUploadedXHR,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36663,"public function resizeImage($source_file, $size){ $dest_dir = $this->getUploadDestinationDirectory(); $dest_ext = pathinfo($source_file, PATHINFO_EXTENSION); $dest_name = $this->getFileName($dest_dir, $dest_ext); $dest_file = $dest_dir . $dest_name; if (!isset($size['height'])) { $size['height'] = 0; } if (!isset($size['quality'])) { $size['quality'] = 90; } if (img_resize($source_file, $dest_file, $size['width'], $size['height'], $size['is_square'], $size['quality'])) { return str_replace($this->site_cfg->upload_path, '', $dest_file); } return false; }",True,PHP,resizeImage,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,"foreach ($day as $extevent) { $event_cache = new stdClass(); $event_cache->feed = $extgcalurl; $event_cache->event_id = $extevent->event_id; $event_cache->title = $extevent->title; $event_cache->body = $extevent->body; $event_cache->eventdate = $extevent->eventdate->date; if (isset($extevent->dateFinished) && $extevent->dateFinished != -68400) $event_cache->dateFinished = $extevent->dateFinished; if (isset($extevent->eventstart)) $event_cache->eventstart = $extevent->eventstart; if (isset($extevent->eventend)) $event_cache->eventend = $extevent->eventend; if (isset($extevent->is_allday)) $event_cache->is_allday = $extevent->is_allday; $found = false; if ($extevent->eventdate->date < $start) $found = $db->selectObject('event_cache','feed=""'.$extgcalurl.'"" AND event_id=""'.$event_cache->event_id.'"" AND eventdate='.$event_cache->eventdate); if (!$found) $db->insertObject($event_cache,'event_cache'); }" 36676,public function setUserId($id) { $this->user_id = $id; return $this; },True,PHP,setUserId,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,foreach ($events as $event) { $extevents[$date][] = $event; } 36677,public function getUploadDestinationDirectory(){ return files_get_upload_dir($this->user_id); },True,PHP,getUploadDestinationDirectory,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,foreach ($events as $event) { $extevents[$date][] = $event; } 36680,"$aext = mb_strtolower(trim(trim((string)$aext, '., ')));",True,PHP,mb_strtolower,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,foreach ($events as $event) { $extevents[$date][] = $event; } 36682,public function isUploadedFromLink($name){ return $this->allow_remote && !empty($_POST[$name]); },True,PHP,isUploadedFromLink,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,foreach ($events as $event) { $extevents[$date][] = $event; } 36686,public function enableRemoteUpload() { $this->allow_remote = true; return $this; },True,PHP,enableRemoteUpload,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,foreach ($events as $event) { $extevents[$date][] = $event; } 36688,"public function getMaxUploadSize(){ $max_size = min(files_convert_bytes(@ini_get('upload_max_filesize')), files_convert_bytes(@ini_get('post_max_size'))); return files_format_bytes($max_size); }",True,PHP,getMaxUploadSize,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-11 19:02:19+03:00,Fixed upload XSS with wrong extension,CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4652,foreach ($events as $event) { $extevents[$date][] = $event; } 36697,"function file_save_from_url($url, $destination){ if (!function_exists('curl_init')){ return false; } $dest_file = @fopen($destination, ""w""); $curl = curl_init(); if(strpos($url, 'https') === 0){ curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); } curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_FILE, $dest_file); curl_setopt($curl, CURLOPT_HEADER, false); curl_exec($curl); curl_close($curl); fclose($dest_file); return true; }",True,PHP,file_save_from_url,files.helper.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-14 14:28:13+03:00,Fix SSRF Blind in the image upload,CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2023-4651,foreach ($events as $event) { $extevents[$date][] = $event; } 36699,"public function getProfileEditMenu($profile) { $menu = []; $menu[] = [ 'title' => LANG_USERS_EDIT_PROFILE_MAIN, 'url' => href_to_profile($profile, ['edit']) ]; if ($this->cms_template->hasProfileThemesOptions() && $this->options['is_themes_on']) { $menu[] = [ 'title' => LANG_USERS_EDIT_PROFILE_THEME, 'url' => href_to_profile($profile, ['edit', 'theme']) ]; } if (cmsEventsManager::getEventListeners('user_notify_types')) { $menu[] = [ 'title' => LANG_USERS_EDIT_PROFILE_NOTICES, 'url' => href_to_profile($profile, ['edit', 'notices']) ]; } if (!empty($this->options['is_friends_on'])) { $menu[] = [ 'title' => LANG_USERS_EDIT_PROFILE_PRIVACY, 'url' => href_to_profile($profile, ['edit', 'privacy']) ]; } $menu[] = [ 'title' => LANG_SECURITY, 'url' => href_to_profile($profile, ['edit', 'password']) ]; $menu[] = [ 'title' => LANG_USERS_SESSIONS, 'url' => href_to_profile($profile, ['edit', 'sessions']) ]; list($menu, $profile) = cmsEventsManager::hook('profile_edit_menu', [$menu, $profile]); return $menu; }",True,PHP,getProfileEditMenu,frontend.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-14 14:31:14+03:00,"Administrators cannot change other administrators' passwords & #1472",CWE-284,Improper Access Control,The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.,https://cwe.mitre.org/data/definitions/284.html,CVE-2023-4650,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36701,"public function setData() { if (empty($this->data['detect_ip_key']) || !isset($_SERVER[$this->data['detect_ip_key']])) { $this->data['detect_ip_key'] = 'REMOTE_ADDR'; } if (empty($this->data['session_save_path'])) { $this->data['session_save_path'] = session_save_path(); if (empty($this->data['session_save_path'])) { $this->data['session_save_path'] = rtrim(sys_get_temp_dir(), '/'); } if (!is_writable($this->data['session_save_path'])) { $this->data['session_save_path'] = ''; } } if (!array_key_exists('allow_users_time_zone', $this->data)) { $this->data['allow_users_time_zone'] = 1; } if (!array_key_exists('bcmathscale', $this->data)) { $this->data['bcmathscale'] = 8; } define('BCMATHSCALE', $this->data['bcmathscale']); if(function_exists('bcscale')){ bcscale($this->data['bcmathscale']); } if (empty($this->data['native_yaml']) || !function_exists('yaml_emit')) { $this->data['native_yaml'] = 0; } $this->upload_host_abs = $this->upload_host; if (mb_strpos($this->upload_host, $this->host) === 0) { $url_parts = parse_url(trim($this->host, '/')); $host = empty($url_parts['path']) ? $this->host : $url_parts['scheme'] . ': $this->upload_host = str_replace($host, '', $this->upload_host); $replace_upload_host_protocol = true; } $this->set('document_root', rtrim(PATH, $this->root)); $this->set('root_path', PATH . DIRECTORY_SEPARATOR); $this->set('system_path', $this->root_path . 'system/'); $this->set('upload_path', $this->document_root . $this->upload_root); $this->set('cache_path', $this->document_root . $this->cache_root); $protocol = 'http: if ( (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || (!empty($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') ) { $protocol = 'https: $this->host = str_replace('http: if (!empty($replace_upload_host_protocol)) { $this->upload_host_abs = str_replace('http: } } $this->set('protocol', $protocol); if (!empty($_SERVER['HTTP_HOST'])) { $this->set('current_domain', $_SERVER['HTTP_HOST']); } return true; }",True,PHP,setData,config.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-16 00:47:41+03:00,"Add session regenerate after login & logout. Secure cookie if HTTPS. close #1473",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-4649,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36702,"public function setData() { if (empty($this->data['detect_ip_key']) || !isset($_SERVER[$this->data['detect_ip_key']])) { $this->data['detect_ip_key'] = 'REMOTE_ADDR'; } if (empty($this->data['session_save_path'])) { $this->data['session_save_path'] = session_save_path(); if (empty($this->data['session_save_path'])) { $this->data['session_save_path'] = rtrim(sys_get_temp_dir(), '/'); } if (!is_writable($this->data['session_save_path'])) { $this->data['session_save_path'] = ''; } } if (!array_key_exists('allow_users_time_zone', $this->data)) { $this->data['allow_users_time_zone'] = 1; } if (!array_key_exists('bcmathscale', $this->data)) { $this->data['bcmathscale'] = 8; } define('BCMATHSCALE', $this->data['bcmathscale']); if(function_exists('bcscale')){ bcscale($this->data['bcmathscale']); } if (empty($this->data['native_yaml']) || !function_exists('yaml_emit')) { $this->data['native_yaml'] = 0; } $this->upload_host_abs = $this->upload_host; if (mb_strpos($this->upload_host, $this->host) === 0) { $url_parts = parse_url(trim($this->host, '/')); $host = empty($url_parts['path']) ? $this->host : $url_parts['scheme'] . ': $this->upload_host = str_replace($host, '', $this->upload_host); $replace_upload_host_protocol = true; } $this->set('document_root', rtrim(PATH, $this->root)); $this->set('root_path', PATH . DIRECTORY_SEPARATOR); $this->set('system_path', $this->root_path . 'system/'); $this->set('upload_path', $this->document_root . $this->upload_root); $this->set('cache_path', $this->document_root . $this->cache_root); $protocol = 'http: if ( (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || (!empty($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') ) { $protocol = 'https: $this->host = str_replace('http: if (!empty($replace_upload_host_protocol)) { $this->upload_host_abs = str_replace('http: } } $this->set('protocol', $protocol); if (!empty($_SERVER['HTTP_HOST'])) { $this->set('current_domain', $_SERVER['HTTP_HOST']); } return true; }",True,PHP,setData,config.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-16 00:47:41+03:00,"Add session regenerate after login & logout. Secure cookie if HTTPS. close #1473",CWE-614,Sensitive Cookie in HTTPS Session Without 'Secure' Attribute,"The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.",https://cwe.mitre.org/data/definitions/614.html,CVE-2023-4654,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36709,"public static function setCookie($key, $value, $time = 3600, $path = '/', $http_only = true, $domain = '') { $cookie_domain = cmsConfig::get('cookie_domain'); if (!$domain && $cookie_domain) { $domain = $cookie_domain; } if (PHP_VERSION_ID < 70300) { return setcookie('icms[' . $key . ']', $value, time() + $time, $path, $domain, false, $http_only); } else { return setcookie('icms[' . $key . ']', $value, [ 'expires' => time() + $time, 'path' => $path, 'domain' => $domain, 'samesite' => 'Lax', 'secure' => false, 'httponly' => $http_only ]); } }",True,PHP,setCookie,user.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-16 00:47:41+03:00,"Add session regenerate after login & logout. Secure cookie if HTTPS. close #1473",CWE-384,Session Fixation,"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.",https://cwe.mitre.org/data/definitions/384.html,CVE-2023-4649,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36710,"public static function setCookie($key, $value, $time = 3600, $path = '/', $http_only = true, $domain = '') { $cookie_domain = cmsConfig::get('cookie_domain'); if (!$domain && $cookie_domain) { $domain = $cookie_domain; } if (PHP_VERSION_ID < 70300) { return setcookie('icms[' . $key . ']', $value, time() + $time, $path, $domain, false, $http_only); } else { return setcookie('icms[' . $key . ']', $value, [ 'expires' => time() + $time, 'path' => $path, 'domain' => $domain, 'samesite' => 'Lax', 'secure' => false, 'httponly' => $http_only ]); } }",True,PHP,setCookie,user.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-16 00:47:41+03:00,"Add session regenerate after login & logout. Secure cookie if HTTPS. close #1473",CWE-614,Sensitive Cookie in HTTPS Session Without 'Secure' Attribute,"The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.",https://cwe.mitre.org/data/definitions/614.html,CVE-2023-4654,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36718,"$user = cmsCore::getModel('users')->getUserByAuth($profile['email'], $value); if (!$user){ return LANG_OLD_PASS_INCORRECT; } return true; }) ) )),",True,PHP,getUserByAuth,form_password.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-16 14:00:16+03:00,New password cannot be the same as the old password,NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2023-4381,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36719,"$user = cmsCore::getModel('users')->getUserByAuth($profile['email'], $value); if (!$user){ return LANG_OLD_PASS_INCORRECT; } return true; }) ) )), new fieldString('password1', array( 'title' => LANG_NEW_PASS, 'is_password' => true, 'options'=>array( 'min_length'=> 6, 'max_length'=> 72 ) )), new fieldString('password2', array( 'title' => LANG_RETYPE_NEW_PASS, 'is_password' => true, 'options'=>array( 'min_length'=> 6, 'max_length'=> 72 ) )) ) )",True,PHP,getModel,form_password.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-08-16 14:00:16+03:00,New password cannot be the same as the old password,NVD-CWE-Other,Other,"NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.",https://nvd.nist.gov/vuln/categories,CVE-2023-4381,foreach ($grpusers as $u) { $emails[$u->email] = trim(user::getUserAttribution($u->id)); } 36722,"public function uploadFromLink($post_filename, $allowed_size = 0, $destination = false) { $link = $file_name = trim($_POST[$post_filename]); if ( filter_var($link, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED) !== $link || preg_match('#^(?:(?:https?):\/\/)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).* ) { return [ 'success' => false, 'error' => 'Not allowed', 'name' => '', 'path' => '' ]; } $curl = curl_init(); curl_setopt($curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS | CURLPROTO_HTTP); curl_setopt($curl, CURLOPT_URL, $link); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_NOBODY, true); curl_setopt($curl, CURLOPT_TIMEOUT, 5); $headers = curl_exec($curl); curl_close($curl); $matches = []; if (preg_match(""/(?:Location:|URI:)([^\n]+)*/is"", $headers, $matches)) { $url = trim($matches[1]); if (strpos($url, 'http') !== 0) { $url_data = parse_url($link); $link = $url_data['scheme'] . ': } else { $link = $url; } $_POST[$post_filename] = $link; return $this->uploadFromLink($post_filename, $allowed_size, $destination); } if (preg_match('#filename=""([^""]+) $file_name = trim($matches[1]); } $dest_name = files_sanitize_name($file_name); $file_bin = file_get_contents_from_url($link); if (!$file_bin) { return [ 'success' => false, 'error' => LANG_UPLOAD_ERR_NO_FILE, 'name' => $dest_name, 'path' => '' ]; } return $this->saveFileFromString($file_bin, $allowed_size, $destination, $dest_name); }",True,PHP,uploadFromLink,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-09-10 20:46:58+03:00,"Fixed xss in admin panel, complete fix SSRF in upload by link, option for store via html filter, jQuery v3.7.1, update Toastr.",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2023-4878,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36723,"public function uploadFromLink($post_filename, $allowed_size = 0, $destination = false) { $link = $file_name = trim($_POST[$post_filename]); if ( filter_var($link, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED) !== $link || preg_match('#^(?:(?:https?):\/\/)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).* ) { return [ 'success' => false, 'error' => 'Not allowed', 'name' => '', 'path' => '' ]; } $curl = curl_init(); curl_setopt($curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS | CURLPROTO_HTTP); curl_setopt($curl, CURLOPT_URL, $link); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_HEADER, true); curl_setopt($curl, CURLOPT_NOBODY, true); curl_setopt($curl, CURLOPT_TIMEOUT, 5); $headers = curl_exec($curl); curl_close($curl); $matches = []; if (preg_match(""/(?:Location:|URI:)([^\n]+)*/is"", $headers, $matches)) { $url = trim($matches[1]); if (strpos($url, 'http') !== 0) { $url_data = parse_url($link); $link = $url_data['scheme'] . ': } else { $link = $url; } $_POST[$post_filename] = $link; return $this->uploadFromLink($post_filename, $allowed_size, $destination); } if (preg_match('#filename=""([^""]+) $file_name = trim($matches[1]); } $dest_name = files_sanitize_name($file_name); $file_bin = file_get_contents_from_url($link); if (!$file_bin) { return [ 'success' => false, 'error' => LANG_UPLOAD_ERR_NO_FILE, 'name' => $dest_name, 'path' => '' ]; } return $this->saveFileFromString($file_bin, $allowed_size, $destination, $dest_name); }",True,PHP,uploadFromLink,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-09-10 20:46:58+03:00,"Fixed xss in admin panel, complete fix SSRF in upload by link, option for store via html filter, jQuery v3.7.1, update Toastr.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4879,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36726,"public function uploadForm($filename, $allowed_size = 0, $destination = false) { $source = $_FILES[$filename]['tmp_name']; $error_code = $_FILES[$filename]['error']; $dest_size = (int) $_FILES[$filename]['size']; $dest_name = files_sanitize_name($_FILES[$filename]['name']); $file = new cmsUploadfile($source, $this->allowed_mime); if (!$file->isAllowed()) { return [ 'error' => LANG_UPLOAD_ERR_MIME . '. ' . sprintf(LANG_PARSER_FILE_EXTS_FIELD_HINT, implode(', ', $this->allowed_mime_ext)), 'success' => false, 'name' => $dest_name ]; } if ($allowed_size) { if ($dest_size > $allowed_size) { return [ 'error' => sprintf(LANG_UPLOAD_ERR_INI_SIZE, files_format_bytes($allowed_size)), 'success' => false, 'name' => $dest_name ]; } } $dest_ext = $file->getExt(); if (!$destination) { $destination = $this->getUploadDestinationDirectory(); } else { $destination = $this->site_cfg->upload_path . $destination . '/'; } if (!$this->file_name) { $this->file_name = pathinfo($dest_name, PATHINFO_FILENAME); } $destination .= $this->getFileName($destination, $dest_ext); return $this->moveUploadedFile($source, $destination, $error_code, $dest_name, $dest_size); }",True,PHP,uploadForm,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-09-10 20:46:58+03:00,"Fixed xss in admin panel, complete fix SSRF in upload by link, option for store via html filter, jQuery v3.7.1, update Toastr.",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2023-4878,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36727,"public function uploadForm($filename, $allowed_size = 0, $destination = false) { $source = $_FILES[$filename]['tmp_name']; $error_code = $_FILES[$filename]['error']; $dest_size = (int) $_FILES[$filename]['size']; $dest_name = files_sanitize_name($_FILES[$filename]['name']); $file = new cmsUploadfile($source, $this->allowed_mime); if (!$file->isAllowed()) { return [ 'error' => LANG_UPLOAD_ERR_MIME . '. ' . sprintf(LANG_PARSER_FILE_EXTS_FIELD_HINT, implode(', ', $this->allowed_mime_ext)), 'success' => false, 'name' => $dest_name ]; } if ($allowed_size) { if ($dest_size > $allowed_size) { return [ 'error' => sprintf(LANG_UPLOAD_ERR_INI_SIZE, files_format_bytes($allowed_size)), 'success' => false, 'name' => $dest_name ]; } } $dest_ext = $file->getExt(); if (!$destination) { $destination = $this->getUploadDestinationDirectory(); } else { $destination = $this->site_cfg->upload_path . $destination . '/'; } if (!$this->file_name) { $this->file_name = pathinfo($dest_name, PATHINFO_FILENAME); } $destination .= $this->getFileName($destination, $dest_ext); return $this->moveUploadedFile($source, $destination, $error_code, $dest_name, $dest_size); }",True,PHP,uploadForm,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-09-10 20:46:58+03:00,"Fixed xss in admin panel, complete fix SSRF in upload by link, option for store via html filter, jQuery v3.7.1, update Toastr.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4879,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36728,"private function saveFileFromString($file_bin, $allowed_size, $destination, $dest_name) { $file = new cmsUploadfile($file_bin, $this->allowed_mime); if (!$file->isAllowed()) { return [ 'error' => LANG_UPLOAD_ERR_MIME . '. ' . sprintf(LANG_PARSER_FILE_EXTS_FIELD_HINT, implode(', ', $this->allowed_mime_ext)), 'success' => false, 'name' => $dest_name ]; } $dest_ext = $file->getExt(); $file_size = strlen($file_bin); if ($allowed_size) { if ($file_size > $allowed_size) { return [ 'error' => sprintf(LANG_UPLOAD_ERR_INI_SIZE, files_format_bytes($allowed_size)), 'success' => false, 'name' => $dest_name ]; } } if (!$destination) { $destination = $this->getUploadDestinationDirectory(); } else { $destination = $this->site_cfg->upload_path . $destination . '/'; } $destination .= $this->getFileName($destination, $dest_ext); if (!is_writable(dirname($destination))) { return [ 'success' => false, 'error' => LANG_UPLOAD_ERR_CANT_WRITE, 'name' => $dest_name, 'path' => '' ]; } if(file_put_contents($destination, $file_bin) === false){ return [ 'success' => false, 'error' => LANG_UPLOAD_ERR_CANT_WRITE, 'name' => $dest_name, 'path' => '' ]; } return [ 'success' => true, 'path' => $destination, 'url' => str_replace($this->site_cfg->upload_path, '', $destination), 'name' => basename($destination), 'size' => $file_size ]; }",True,PHP,saveFileFromString,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-09-10 20:46:58+03:00,"Fixed xss in admin panel, complete fix SSRF in upload by link, option for store via html filter, jQuery v3.7.1, update Toastr.",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2023-4878,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36729,"private function saveFileFromString($file_bin, $allowed_size, $destination, $dest_name) { $file = new cmsUploadfile($file_bin, $this->allowed_mime); if (!$file->isAllowed()) { return [ 'error' => LANG_UPLOAD_ERR_MIME . '. ' . sprintf(LANG_PARSER_FILE_EXTS_FIELD_HINT, implode(', ', $this->allowed_mime_ext)), 'success' => false, 'name' => $dest_name ]; } $dest_ext = $file->getExt(); $file_size = strlen($file_bin); if ($allowed_size) { if ($file_size > $allowed_size) { return [ 'error' => sprintf(LANG_UPLOAD_ERR_INI_SIZE, files_format_bytes($allowed_size)), 'success' => false, 'name' => $dest_name ]; } } if (!$destination) { $destination = $this->getUploadDestinationDirectory(); } else { $destination = $this->site_cfg->upload_path . $destination . '/'; } $destination .= $this->getFileName($destination, $dest_ext); if (!is_writable(dirname($destination))) { return [ 'success' => false, 'error' => LANG_UPLOAD_ERR_CANT_WRITE, 'name' => $dest_name, 'path' => '' ]; } if(file_put_contents($destination, $file_bin) === false){ return [ 'success' => false, 'error' => LANG_UPLOAD_ERR_CANT_WRITE, 'name' => $dest_name, 'path' => '' ]; } return [ 'success' => true, 'path' => $destination, 'url' => str_replace($this->site_cfg->upload_path, '', $destination), 'name' => basename($destination), 'size' => $file_size ]; }",True,PHP,saveFileFromString,uploader.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-09-10 20:46:58+03:00,"Fixed xss in admin panel, complete fix SSRF in upload by link, option for store via html filter, jQuery v3.7.1, update Toastr.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4879,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36742,"public function __construct($file_path, $allowed_mime = null) { $this->allowed_mime = $allowed_mime; $this->mime_types = (new cmsConfigs('mimetypes.php'))->getAll(); $finfo = finfo_open(FILEINFO_MIME_TYPE); if(strpos($file_path, DIRECTORY_SEPARATOR) === 0){ $this->file_mime = finfo_file($finfo, $file_path); } else { $this->file_mime = finfo_buffer($finfo, $file_path); } finfo_close($finfo); }",True,PHP,__construct,uploadfile.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-09-10 20:46:58+03:00,"Fixed xss in admin panel, complete fix SSRF in upload by link, option for store via html filter, jQuery v3.7.1, update Toastr.",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2023-4878,"foreach ($week as $dayNum => $day) { if ($dayNum == $now['mday']) { $currentweek = $weekNum; } if ($dayNum <= $endofmonth) { $monthly[$weekNum][$dayNum]['number'] = ($monthly[$weekNum][$dayNum]['ts'] != -1) ? $ed->find(""count"", $locsql . "" AND date >= "" . expDateTime::startOfDayTimestamp($day['ts']) . "" AND date <= "" . expDateTime::endOfDayTimestamp($day['ts'])) : -1; } }" 36743,"public function __construct($file_path, $allowed_mime = null) { $this->allowed_mime = $allowed_mime; $this->mime_types = (new cmsConfigs('mimetypes.php'))->getAll(); $finfo = finfo_open(FILEINFO_MIME_TYPE); if(strpos($file_path, DIRECTORY_SEPARATOR) === 0){ $this->file_mime = finfo_file($finfo, $file_path); } else { $this->file_mime = finfo_buffer($finfo, $file_path); } finfo_close($finfo); }",True,PHP,__construct,uploadfile.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-09-10 20:46:58+03:00,"Fixed xss in admin panel, complete fix SSRF in upload by link, option for store via html filter, jQuery v3.7.1, update Toastr.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4879,foreach ($days as $value) { $regitem[] = $value; } 36750,"$template->addJSFromContext('wysiwyg/redactor/files/plugins/'.$plugin.'/'.$plugin.'.js'); } if (in_array('clips', $this->options['plugins'])){ $this->options['clipsUrl'] = href_to('wysiwyg/redactor/files/plugins/clips/index.html'); } } if($this->lang !== 'en'){ $template->addJSFromContext('wysiwyg/redactor/files/lang/'.$this->lang.'.js'); } ob_start(); ?> addBottom(ob_get_clean()); self::$redactor_loaded = true; }",True,PHP,addJSFromContext,wysiwyg.class.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-09-10 20:46:58+03:00,"Fixed xss in admin panel, complete fix SSRF in upload by link, option for store via html filter, jQuery v3.7.1, update Toastr.",CWE-918,Server-Side Request Forgery (SSRF),"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",https://cwe.mitre.org/data/definitions/918.html,CVE-2023-4878,foreach ($days as $value) { $regitem[] = $value; } 36751,"$template->addJSFromContext('wysiwyg/redactor/files/plugins/'.$plugin.'/'.$plugin.'.js'); } if (in_array('clips', $this->options['plugins'])){ $this->options['clipsUrl'] = href_to('wysiwyg/redactor/files/plugins/clips/index.html'); } } if($this->lang !== 'en'){ $template->addJSFromContext('wysiwyg/redactor/files/lang/'.$this->lang.'.js'); } ob_start(); ?> addBottom(ob_get_clean()); self::$redactor_loaded = true; }",True,PHP,addJSFromContext,wysiwyg.class.php,https://github.com/instantsoft/icms2,instantsoft,fuzegit,2023-09-10 20:46:58+03:00,"Fixed xss in admin panel, complete fix SSRF in upload by link, option for store via html filter, jQuery v3.7.1, update Toastr.",CWE-79,Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.,https://cwe.mitre.org/data/definitions/79.html,CVE-2023-4879,foreach ($days as $value) { $regitem[] = $value; } 36754,"public function __construct() { mt_srand(intval(((double) microtime()) * 1000000)); import('lib.pkp.classes.core.Core'); import('lib.pkp.classes.core.PKPString'); import('lib.pkp.classes.core.Registry'); import('lib.pkp.classes.config.Config'); require_once('lib/pkp/lib/vendor/autoload.php'); ini_set('display_errors', Config::getVar('debug', 'display_errors', ini_get('display_errors'))); if (!defined('SESSION_DISABLE_INIT') && !Config::getVar('general', 'installed')) { define('SESSION_DISABLE_INIT', true); } Registry::set('application', $this); import('lib.pkp.classes.db.DAORegistry'); import('lib.pkp.classes.db.XMLDAO'); import('lib.pkp.classes.cache.CacheManager'); import('lib.pkp.classes.security.RoleDAO'); import('lib.pkp.classes.security.Validation'); import('lib.pkp.classes.session.SessionManager'); import('classes.template.TemplateManager'); import('classes.notification.NotificationManager'); import('lib.pkp.classes.statistics.PKPStatisticsHelper'); import('lib.pkp.classes.plugins.PluginRegistry'); import('lib.pkp.classes.plugins.HookRegistry'); import('classes.i18n.AppLocale'); PKPString::init(); $microTime = Core::microtime(); Registry::set('system.debug.startTime', $microTime); $notes = array(); Registry::set('system.debug.notes', $notes); if (Config::getVar('general', 'installed')) $this->initializeDatabaseConnection(); spl_autoload_register(function($class) { $prefix = 'PKP\\'; $rootPath = BASE_SYS_DIR . ""/lib/pkp/classes""; customAutoload($rootPath, $prefix, $class); }); spl_autoload_register(function($class) { $prefix = 'APP\\'; $rootPath = BASE_SYS_DIR . ""/classes""; customAutoload($rootPath, $prefix, $class); }); }",True,PHP,__construct,PKPApplication.inc.php,https://github.com/pkp/pkp-lib,pkp,Alec Smecher,2023-07-10 12:11:14-07:00,pkp/pkp-lib#9138 Do not use mt_ functions for secrets,CWE-1241,Use of Predictable Algorithm in Random Number Generator,The device uses an algorithm that is predictable and generates a pseudo-random number.,https://cwe.mitre.org/data/definitions/1241.html,CVE-2023-4695,foreach ($days as $value) { $regitem[] = $value; } 36756,"function insertNewRSSToken($userId, $contextId) { $token = uniqid(rand()); if($this->getUserIdByRSSToken($token, $contextId)) return $this->insertNewRSSToken($userId, $contextId); $this->update( 'INSERT INTO notification_subscription_settings (setting_name, setting_value, user_id, context, setting_type) VALUES (?, ?, ?, ?, ?)', [ 'token', $token, (int) $userId, (int) $contextId, 'string' ] ); return $token; }",True,PHP,insertNewRSSToken,NotificationSubscriptionSettingsDAO.inc.php,https://github.com/pkp/pkp-lib,pkp,Alec Smecher,2023-07-10 12:11:14-07:00,pkp/pkp-lib#9138 Do not use mt_ functions for secrets,CWE-1241,Use of Predictable Algorithm in Random Number Generator,The device uses an algorithm that is predictable and generates a pseudo-random number.,https://cwe.mitre.org/data/definitions/1241.html,CVE-2023-4695,foreach ($days as $value) { $regitem[] = $value; } 36758,"function insertToken($token) { do { $token->id = md5(uniqid(mt_rand(), true)); $result = $this->retrieve( 'SELECT COUNT(*) AS row_count FROM oai_resumption_tokens WHERE token = ?', [$token->id] ); $row = $result->current(); $val = $row->row_count; } while($val != 0); $this->update( 'INSERT INTO oai_resumption_tokens (token, record_offset, params, expire) VALUES (?, ?, ?, ?)', [$token->id, $token->offset, serialize($token->params), $token->expire] ); return $token; }",True,PHP,insertToken,PKPOAIDAO.inc.php,https://github.com/pkp/pkp-lib,pkp,Alec Smecher,2023-07-10 12:11:14-07:00,pkp/pkp-lib#9138 Do not use mt_ functions for secrets,CWE-1241,Use of Predictable Algorithm in Random Number Generator,The device uses an algorithm that is predictable and generates a pseudo-random number.,https://cwe.mitre.org/data/definitions/1241.html,CVE-2023-4695,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36760,"public function extractPlugin($filePath, $originalFileName) { $fileManager = new FileManager(); $matches = array(); PKPString::regexp_match_get('/^[a-zA-Z0-9]+/', basename($originalFileName, '.tar.gz'), $matches); $pluginShortName = array_pop($matches); if (!$pluginShortName) { throw new Exception(__('manager.plugins.invalidPluginArchive')); } $pluginExtractDir = dirname($filePath) . DIRECTORY_SEPARATOR . $pluginShortName . substr(md5(mt_rand()), 0, 10); if (!mkdir($pluginExtractDir)) throw new Exception('Could not create directory ' . $pluginExtractDir); $tarBinary = Config::getVar('cli', 'tar'); if (empty($tarBinary) || !file_exists($tarBinary)) { rmdir($pluginExtractDir); throw new Exception(__('manager.plugins.tarCommandNotFound')); } $output = ''; $returnCode = 0; if (in_array('exec', explode(',', ini_get('disable_functions')))) throw new Exception('The ""exec"" PHP function has been disabled on your server. Contact your system adminstrator to enable it.'); exec($tarBinary.' -xzf ' . escapeshellarg($filePath) . ' -C ' . escapeshellarg($pluginExtractDir), $output, $returnCode); if ($returnCode) { $fileManager->rmtree($pluginExtractDir); throw new Exception(__('form.dropzone.dictInvalidFileType')); } if (is_dir($tryDir = $pluginExtractDir . '/' . $pluginShortName)) { return $tryDir; } PKPString::regexp_match_get('/^[a-zA-Z0-9.-]+/', basename($originalFileName, '.tar.gz'), $matches); if (is_dir($tryDir = $pluginExtractDir . '/' . array_pop($matches))) { return $tryDir; } $fileManager->rmtree($pluginExtractDir); throw new Exception(__('manager.plugins.invalidPluginArchive')); }",True,PHP,extractPlugin,PluginHelper.inc.php,https://github.com/pkp/pkp-lib,pkp,Alec Smecher,2023-07-10 12:11:14-07:00,pkp/pkp-lib#9138 Do not use mt_ functions for secrets,CWE-1241,Use of Predictable Algorithm in Random Number Generator,The device uses an algorithm that is predictable and generates a pseudo-random number.,https://cwe.mitre.org/data/definitions/1241.html,CVE-2023-4695,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36761,"public static function generatePassword($length = null) { if (!$length) { $siteDao = DAORegistry::getDAO('SiteDAO'); $site = $siteDao->getSite(); $length = $site->getMinPasswordLength(); } $letters = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ'; $numbers = '23456789'; $password = """"; for ($i=0; $i<$length; $i++) { $password .= mt_rand(1, 4) == 4 ? $numbers[mt_rand(0,strlen($numbers)-1)] : $letters[mt_rand(0, strlen($letters)-1)]; } return $password; }",True,PHP,generatePassword,Validation.inc.php,https://github.com/pkp/pkp-lib,pkp,Alec Smecher,2023-07-10 12:11:14-07:00,pkp/pkp-lib#9138 Do not use mt_ functions for secrets,CWE-1241,Use of Predictable Algorithm in Random Number Generator,The device uses an algorithm that is predictable and generates a pseudo-random number.,https://cwe.mitre.org/data/definitions/1241.html,CVE-2023-4695,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }" 36763,"function getCSRFToken() { $csrf = $this->getSessionVar('csrf'); if (!is_array($csrf) || time() > $csrf['timestamp'] + (60*60)) { if (function_exists('openssl_random_pseudo_bytes')) $data = openssl_random_pseudo_bytes(128); elseif (function_exists('random_bytes')) $data = random_bytes(128); else $data = sha1(mt_rand()); $token = null; $salt = Config::getVar('security', 'salt'); $algos = hash_algos(); foreach (array('sha256', 'sha1', 'md5') as $algo) { if (in_array($algo, $algos)) { $token = hash_hmac($algo, $data, $salt); } } if (!$token) $token = md5($data . $salt); $csrf = $this->setSessionVar('csrf', array( 'timestamp' => time(), 'token' => $token, )); } else { $csrf['timestamp'] = time(); $this->setSessionVar('csrf', $csrf); } return $csrf['token']; }",True,PHP,getCSRFToken,Session.inc.php,https://github.com/pkp/pkp-lib,pkp,Alec Smecher,2023-07-10 12:11:14-07:00,pkp/pkp-lib#9138 Do not use mt_ functions for secrets,CWE-1241,Use of Predictable Algorithm in Random Number Generator,The device uses an algorithm that is predictable and generates a pseudo-random number.,https://cwe.mitre.org/data/definitions/1241.html,CVE-2023-4695,"foreach ($evs as $key=>$event) { if ($condense) { $eventid = $event->id; $multiday_event = array_filter($events, create_function('$event', 'global $eventid; return $event->id === $eventid;')); if (!empty($multiday_event)) { unset($evs[$key]); continue; } } $evs[$key]->eventstart += $edate->date; $evs[$key]->eventend += $edate->date; $evs[$key]->date_id = $edate->id; if (!empty($event->expCat)) { $catcolor = empty($event->expCat[0]->color) ? null : trim($event->expCat[0]->color); $evs[$key]->color = $catcolor; } }"