From 5d5bfc654dfaad238c62540ba0819fef810e8f86 Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Mon, 22 Jan 2024 12:39:43 +0100 Subject: [PATCH 1/2] #12753 fixed os command injection --- pandora_console/include/ajax/events.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pandora_console/include/ajax/events.php b/pandora_console/include/ajax/events.php index 007ba77d89..851a22040b 100644 --- a/pandora_console/include/ajax/events.php +++ b/pandora_console/include/ajax/events.php @@ -1335,6 +1335,15 @@ if ($perform_event_response === true) { } $command = $event_response['target']; + + // Prevent OS command injection. + $prev_command = get_events_get_response_target($event_id, $event_response, $server_id); + + if ($command !== $prev_command) { + echo __('unauthorized'); + return; + } + $command_timeout = ($event_response !== false) ? $event_response['command_timeout'] : 90; if (enterprise_installed() === true) { if ($event_response !== false From 538177c3e5b34df01527948183722236b2dac274 Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Tue, 23 Jan 2024 17:08:06 +0100 Subject: [PATCH 2/2] #12753 fixed vul command in ajax --- pandora_console/include/functions_events.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/include/functions_events.php b/pandora_console/include/functions_events.php index cd22b55f1b..e328f4cd91 100644 --- a/pandora_console/include/functions_events.php +++ b/pandora_console/include/functions_events.php @@ -3804,7 +3804,7 @@ function events_get_response_target( } $event = db_get_row('tevento', 'id_evento', $event_id); - $target = io_safe_output($event_response['target']); + $target = io_safe_output(db_get_value('target', 'tevent_response', 'id', $event_response['id'])); // Replace parameters response. if (isset($response_parameters) === true