firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2020-0100,0101]그누보드 관리자페이지 XSS 취약점 수정

Browse Source
This commit is contained in:
thisgun
2020-02-13 15:23:11 +09:00
parent 120d8cf564
commit 3cf0546711
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/sms_admin/form_write.php
View File

@ -6,6 +6,8 @@ auth_check($auth[$sub_menu], "w");
$g5['title'] = "이모티콘 "; $g5['title'] = "이모티콘 ";
$fg_no = isset($fg_no) ? (int) $fg_no : '';
if ($w == 'u' && is_numeric($fo_no)) { if ($w == 'u' && is_numeric($fo_no)) {
$write = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'"); $write = sql_fetch("select * from {$g5['sms5_form_table']} where fo_no='$fo_no'");
$g5['title'] .= '수정'; $g5['title'] .= '수정';

2
adm/sms_admin/sms_write_form.php
View File

@ -7,6 +7,8 @@ while ($res = sql_fetch_array($qry)) array_push($group, $res);
$res = sql_fetch("select count(*) as cnt from `{$g5['sms5_form_table']}` where fg_no=0"); $res = sql_fetch("select count(*) as cnt from `{$g5['sms5_form_table']}` where fg_no=0");
$no_count = $res['cnt']; $no_count = $res['cnt'];
$fg_no = isset($fg_no) ? (int) $fg_no : '';
?> ?>
<form name="emo_frm"> <form name="emo_frm">