WordPress plugin CevherShare 2.0 SQL Injection defects and repair

 

Affected Versions: WordPress CevherShare 2.0 plugin

Developer: http://phpkode.com/

: Http://phpkode.com/download/s/cevhershare.zip

Test Platform: Ubuntu-Linux

Defect code page: cevhershare/cevhershare-admin.php

Test:

Http://www.bkjia.com/wp-content/plugins/cevhershare/cevhershare-admin.php? Id = [SQL-Injection]

$ Id = $ _ GET ['id']? $ _ GET ['id']: $ _ POST ['id'];

$ Pos = $ _ GET ['pos']? $ _ GET ['pos']: $ _ POST ['pos'];

$ Status = $ _ GET ['status']? $ _ GET ['status']: $ _ POST ['status'];

$ Task = $ _ GET ['T']? $ _ GET ['T']: $ _ POST ['T'];

$ Do = $ _ POST ['do '];

If ($ do = "update-lang "){

$ Uplang = $ _ POST ['Update-loan'];

Update_option ('cevhershare _ Language', $ uplang );

} Www.2cto.com

If ($ id) $ item = $ wpdb-> get_row ("SELECT * FROM". $ wpdb-> prefix. "cevhershare WHERE id = $ id ");

If ($ do = 'update') $ wpdb-> query ("update ". $ wpdb-> prefix. "cevhershare SET enabled = '". $ _ POST ['enabled']. "', position = '". $ _ POST ['position']. "', name = '". $ _ POST ['name']. "', big = '". $ _ POST ['Big ']. "', small = '". $ _ POST ['small']. "'where id = '$ id '");

Elseif ($ do = 'add') $ wpdb-> query ("insert ". $ wpdb-> prefix. "cevhershare (position, name, big, small) VALUES ('". $ _ POST ['position']. "','". $ _ POST ['name']. "','". $ _ POST ['Big ']. "','". $ _ POST ['small']. "')");

Elseif ($ do = 'delete') $ wpdb-> query ("delete FROM". $ wpdb-> prefix. "cevhershare WHERE id = $ id LIMIT 1 ");

Elseif ($ do = 'reset') cevhershare_reset ();

Elseif ($ do = 'settings '){

Fix: Filter