firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2025-0510] Stored XSS (bypass html_purify patch) to RCE 취약점 수정

Browse Source
This commit is contained in:
2025-08-27 11:48:36 +09:00
parent 5da91ab73e
commit f69b66dced
5 changed files with 46 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adm/board_form_update.php
View File

@ -37,7 +37,7 @@ $bo_include_head = isset($_POST['bo_include_head']) ? preg_replace(array("#[\\\]
$bo_include_tail = isset($_POST['bo_include_tail']) ? preg_replace(array("#[\\\]+$#", "#(<\?php|<\?)#i"), "", substr($_POST['bo_include_tail'], 0, 255)) : '';
// 관리자가 자동등록방지를 사용해야 할 경우
if ($board && (isset($board['bo_include_head']) && $board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail) && function_exists('get_admin_captcha_by') && get_admin_captcha_by()) {
if ($board && (isset($board['bo_include_head']) && $board['bo_include_head'] !== $bo_include_head || $board['bo_include_tail'] !== $bo_include_tail)) {
include_once(G5_CAPTCHA_PATH . '/captcha.lib.php');
if (!chk_captcha()) {