tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-04-08 18:55:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-12752-unauth-time-based-sql-injection' into 'develop'

Browse Source 
Ent 12752 Unauth Time-Based SQL Injection

See merge request artica/pandorafms!6861
This commit is contained in:
Rafael Ameijeiras 2024-01-23 07:38:34 +00:00
commit 013d2119d6
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pandora_console/extensions/grafana/index.php
View File

@ -23,7 +23,10 @@ if ($headers['X-DS-Authorization']) {
list($user, $password) = explode(':', base64_decode($headers['X-DS-Authorization']));
// Check user login
// Prevent sql injection.
$user = mysqli_real_escape_string($config['dbconnection'], $user);
// Check user login.
$user_in_db = process_user_login($user, $password, true);
if ($user_in_db !== false) {