tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

#12753 fixed os command injection

This commit is contained in:
Daniel Cebrian 2024-01-22 12:39:43 +01:00
parent 1276b1a972
commit 5d5bfc654d
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pandora_console/include/ajax/events.php
View File

@ -1335,6 +1335,15 @@ if ($perform_event_response === true) {
} }
$command = $event_response['target']; $command = $event_response['target'];
// Prevent OS command injection.
$prev_command = get_events_get_response_target($event_id, $event_response, $server_id);
if ($command !== $prev_command) {
echo __('unauthorized');
return;
}
$command_timeout = ($event_response !== false) ? $event_response['command_timeout'] : 90; $command_timeout = ($event_response !== false) ? $event_response['command_timeout'] : 90;
if (enterprise_installed() === true) { if (enterprise_installed() === true) {
if ($event_response !== false if ($event_response !== false