Merge branch '224-cve-2024-9987-sql-injection-en-obtencion-csv-datos-de-modulo' into 'develop'

Resolve "[CVE-2024-9987] SQL Injection en obtención csv datos de modulo" See merge request artica/pandorafms!7462
2025-07-24 06:15:16 +02:00 · 2024-12-09 15:40:05 +00:00 · 2024-12-09 15:40:05 +00:00 · 3bed3bbac4
commit 3bed3bbac4
parent 374e62ee94 02500f6978
1 changed files with 2 additions and 1 deletions
--- a/pandora_console/include/functions_modules.php
+++ b/pandora_console/include/functions_modules.php
@ -4779,6 +4779,7 @@ function export_agents_module_csv($filters)
 {
    $query_filter = '';
    foreach ($filters as $key => $filter) {
+        $filter = io_safe_input($filter);
        switch ($key) {
            case 'group_id':
                if ($filter != 0) {
@ -4804,7 +4805,7 @@ function export_agents_module_csv($filters)
                if (count($filter) > 0) {
                    if (is_numeric($filter[0]) === false) {
                        foreach ($filter as $key => $module) {
-                            $filter[$key] = io_safe_input($module);
+                            $filter[$key] = $module;
                        }

                        $module_filter = '(\''.implode("', '", $filter).'\')';