firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

[KVE-2025-0510] Stored XSS (bypass html_purify patch) to RCE 취약점 수정

Browse Source
This commit is contained in:
2025-08-27 11:48:36 +09:00
parent 5da91ab73e
commit f69b66dced
5 changed files with 46 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/common.lib.php
View File

@ -4248,7 +4248,7 @@ function is_include_path_check($path='', $is_input='')
return false;
}
if (preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) || preg_match('/pear(cmd)?\.php/i', $replace_path)){
if (preg_match('/\/data\/(file|editor|qa|cache|member|member_image|session|tmp)\/[A-Za-z0-9_]{1,20}\//i', $replace_path) || preg_match('/pe(?:ar|cl)(?:cmd)?\.php/i', $replace_path)){
return false;
}
if( preg_match('/'.G5_PLUGIN_DIR.'\//i', $replace_path) && (preg_match('/'.G5_OKNAME_DIR.'\//i', $replace_path) || preg_match('/'.G5_KCPCERT_DIR.'\//i', $replace_path) || preg_match('/'.G5_LGXPAY_DIR.'\//i', $replace_path)) || (preg_match('/search\.skin\.php/i', $replace_path) ) ){