tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed vulnerability in some extensions TICKETS #3554

This commit is contained in:
fermin831 2016-04-25 18:34:32 +02:00
parent e97aff1cc4
commit aec47d20ef
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pandora_console/extensions/api_checker.php
View File

@ -54,6 +54,15 @@ function api_execute($url, $ip, $pandora_url, $apipass, $user, $password, $op, $
function extension_api_checker() {
global $config;
check_login ();
if (! check_acl ($config['id_user'], 0, "PM")) {
db_pandora_audit("ACL Violation",
"Trying to access Profile Management");
require ("general/noaccess.php");
return;
}
$url = io_safe_output(get_parameter('url', ''));
$ip = io_safe_output(get_parameter('ip', '127.0.0.1'));

9
pandora_console/extensions/net_tools.php
View File

@ -256,6 +256,15 @@ function main_net_tools () {
function godmode_net_tools() {
global $config;
check_config ();
if (! check_acl ($config['id_user'], 0, "PM")) {
db_pandora_audit("ACL Violation",
"Trying to access Profile Management");
require ("general/noaccess.php");
return;
}
ui_print_page_header (__('Config Network Tools'));
$update_traceroute = (bool)get_parameter('update_traceroute', 0);