[KVE-2022-0175] 그누보드 sql 취약점 수정

2022-06-23 14:29:14 +09:00
parent 2366e8ebfb
commit 929183b3e3
9 changed files with 39 additions and 11 deletions
--- a/adm/board_copy_update.php
+++ b/adm/board_copy_update.php
@ -89,10 +89,10 @@ $sql = " insert into {$g5['board_table']}
                bo_new = '{$board['bo_new']}',
                bo_hot = '{$board['bo_hot']}',
                bo_image_width = '{$board['bo_image_width']}',
-                bo_skin = '{$board['bo_skin']}',
-                bo_mobile_skin = '{$board['bo_mobile_skin']}',
-                bo_include_head = '{$board['bo_include_head']}',
-                bo_include_tail = '{$board['bo_include_tail']}',
+                bo_skin = '" . sql_real_escape_string($board['bo_skin']). "',
+                bo_mobile_skin = '" . sql_real_escape_string($board['bo_mobile_skin']). "',
+                bo_include_head = '" . sql_real_escape_string($board['bo_include_head']). "',
+                bo_include_tail = '" . sql_real_escape_string($board['bo_include_tail']). "',
                bo_content_head = '" . addslashes($board['bo_content_head']) . "',
                bo_content_tail = '" . addslashes($board['bo_content_tail']) . "',
                bo_mobile_content_head = '" . addslashes($board['bo_mobile_content_head']) . "',