From 9a66359b3c1b0453f0016161f96bdd898605c39b Mon Sep 17 00:00:00 2001
From: alejandro-campos <alejandro.campos@artica.es>
Date: Mon, 20 Apr 2020 18:00:20 +0200
Subject: [PATCH] fix vulnerability in password recovery

---
 pandora_console/index.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/pandora_console/index.php b/pandora_console/index.php
index cc79382b82..145b809b97 100755
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -731,12 +731,13 @@ if (! isset($config['id_user'])) {
         $first = (boolean) get_parameter('first', 0);
         $reset_hash = get_parameter('reset_hash', '');
 
-        if ($correct_pass_change) {
+        $pass1 = get_parameter_post('pass1');
+        $pass2 = get_parameter_post('pass2');
+        $id_user = get_parameter_post('id_user');
+
+        if ($correct_pass_change && !empty($pass1) && !empty($pass2) && !empty($id_user)) {
             $correct_reset_pass_process = '';
             $process_error_message = '';
-            $pass1 = get_parameter('pass1');
-            $pass2 = get_parameter('pass2');
-            $id_user = get_parameter('id_user');
 
             if ($pass1 == $pass2) {
                 $res = update_user_password($id_user, $pass1);