KVE-2018-0300,0331,0356,0358,0370 그누보드/영카트 다중 취약점 수정

2018-05-23 11:58:06 +09:00
parent d9cc2f9414
commit c245be09a3
9 changed files with 13 additions and 4 deletions
--- a/adm/shop_admin/wishlist.php
+++ b/adm/shop_admin/wishlist.php
@ -18,6 +18,7 @@ if( preg_match("/[^0-9]/", $fr_date) ) $fr_date = '';
 if( preg_match("/[^0-9]/", $to_date) ) $to_date = '';

 if ($sort1 == "") $sort1 = "it_id_cnt";
+if (!in_array($sort1, array('mb_id', 'it_id', 'wi_time', 'wi_ip'))) $sort1 = "it_id_cnt";
 if ($sort2 == "" || $sort2 != "asc") $sort2 = "desc";

 $sql  = " select a.it_id,