Security issue: CVE-2023-34600 #102
Description
Hello, according to the following pages:
https://www.cvedetails.com/cve/CVE-2023-34600/
https://github.com/costacoco/Adiscon/tree/8ff446fbf8b33dbe43ab93e411cc071b70248214
It is possible to do SQL injection in some loganalyzer admin pages, using the 'id' attribute.
From what I see in the code, there are several places where SQL queries are constructed with the following PHP code (example from src/admin/searches.php):
$content['SEARCHID'] = strip_tags(DB_RemoveBadChars($_GET['id']));
$sqlquery = "SELECT * FROM " . DB_SEARCHES . " WHERE ID = " . $content['SEARCHID'];
I think a simple call to 'intval' should solve this particular issue. E.g:
$content['SEARCHID'] = intval(strip_tags(DB_RemoveBadChars($_GET['id'])));