http://www.htbridge.ch/advisory/xss_vul ... pwcms.html
It seems to have an effect only when you are logged in to the backend. If you do not use the calendar module of phpwcms, just delete folder
include/inc_module/mod_calendar
The fix for this is change starting around line 42 to:
For all releases this is enough:
- Code: Select all
// Change:
$_SESSION['calendardate'] = clean_slweg($_GET['calendardate']);
// To:
$_SESSION['calendardate'] = substr(clean_slweg($_GET['calendardate']), 0, 7);
For newer releases use
- Code: Select all
// define some defaults
if(isset($_GET['calendardate'])) {
$_SESSION['calendardate'] = substr(clean_slweg($_GET['calendardate']), 0, 7);
}
if(!empty($_SESSION['calendardate'])) {
@list($plugin['current_month'], $plugin['current_year']) = explode('-', $_SESSION['calendardate']);
$plugin['current_month'] = intval($plugin['current_month']);
$plugin['current_year'] = intval($plugin['current_year']);
if(empty($plugin['current_year'])) {
$plugin['current_year'] = gmdate('Y');
}
if(empty($plugin['current_month'])) {
$plugin['current_month'] = gmdate('n');
}
} else {
$plugin['current_year'] = gmdate('Y');
$plugin['current_month'] = gmdate('n');
}
Or use the attached file
