KVE-2019-0082 원격취약점 수정

2019-03-13 15:20:13 +09:00
parent bf75dc1d97
commit e1bd6082b2
10 changed files with 52 additions and 36 deletions
--- a/adm/shop_admin/personalpaylistdelete.php
+++ b/adm/shop_admin/personalpaylistdelete.php
@ -16,8 +16,9 @@ for ($i=0; $i<$count; $i++)
 {
    // 실제 번호를 넘김
    $k = $_POST['chk'][$i];
+    $ppp_id = (int) $_POST['pp_id'][$k];

-    $sql = " delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$_POST['pp_id'][$k]}' ";
+    $sql = " delete from {$g5['g5_shop_personalpay_table']} where pp_id = '{$ppp_id}' ";
    sql_query($sql);
 }