[KVE-2025-0234] 관리자 XSS 취약점 수정

2025-04-15 10:11:31 +09:00
parent 918ad48675
commit c5817594d0
12 changed files with 156 additions and 36 deletions
--- a/adm/member_form_update.php
+++ b/adm/member_form_update.php
@ -19,7 +19,7 @@ $mb_certify     = isset($_POST['mb_certify']) ? preg_replace('/[^0-9a-z_]/i', ''
 $mb_zip         = isset($_POST['mb_zip']) ? preg_replace('/[^0-9a-z_]/i', '', $_POST['mb_zip']) : '';

 // 관리자가 자동등록방지를 사용해야 할 경우 ( 회원의 비밀번호 변경시 캡챠를 체크한다 )
-if ($mb_password && function_exists('get_admin_captcha_by') && get_admin_captcha_by()) {
+if ($mb_password) {
    include_once(G5_CAPTCHA_PATH . '/captcha.lib.php');

    if (!chk_captcha()) {