[KVE-2022-0193] 그누보드(영카트) SSRF & Business Logic Bug 취약점 수정

2022-06-17 17:11:05 +09:00
parent d4f4612b22
commit 22ea3d39c1
7 changed files with 22 additions and 12 deletions
--- a/shop/kakaopay/kakaopay_cancel.php
+++ b/shop/kakaopay/kakaopay_cancel.php
@ -62,6 +62,8 @@ if($cancelFlag == "true")

    }

+    if(! (isset($inipay) && method_exists($inipay, 'SetField'))) return;
+
    $TID = $tno;
    $inipay->SetField("type", "cancel"); // 고정
    if( $default['de_kakaopay_cancelpwd'] ){