Differences

This shows you the differences between two versions of the page.

Link to this comparison view

cve-2013-7326 [2014/02/24 20:30] (current)
joebordes created
Line 1: Line 1:
 +====== CVE-2013-7326 ======
  
 + [[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7326|Vulnerability Summary for CVE-2013-7326 ]]
 +
 +
 +This vulnerability isn't that dangerous, the link has to be launched from within vtiger CRM, so you already have to be logged in, which means basically that it has to be done by some installed extension....
 +
 +In any case, {{:vulnerabilidad:cve-2013-7326_vtigercrm540.diff|this is the patch that fixes the issue for vtiger CRM 5.4.0}}
 +
 +<code>
 +Index: modules/com_vtiger_workflow/savetask.php
 +===================================================================
 +--- modules/com_vtiger_workflow/savetask.php (revisión: 7011)
 ++++ modules/com_vtiger_workflow/savetask.php (copia de trabajo)
 +@@ -18,7 +18,7 @@
 +  $util = new VTWorkflowUtils();
 +  $module = new VTWorkflowApplication("savetask");
 +  $mod = return_module_language($current_language, $module->name);
 +-
 ++ $request = vtlib_purify($request);  // this cleans all values of the array
 +  if(!$util->checkAdminAccess()){
 +  $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
 +  $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
 +Index: modules/com_vtiger_workflow/edittask.php
 +===================================================================
 +--- modules/com_vtiger_workflow/edittask.php (revisión: 7011)
 ++++ modules/com_vtiger_workflow/edittask.php (copia de trabajo)
 +@@ -20,6 +20,7 @@
 +  function vtTaskEdit($adb, $request, $current_language, $app_strings){
 +  global $theme;
 +  $util = new VTWorkflowUtils();
 ++ $request = vtlib_purify($request);  // this cleans all values of the array
 +  $image_path = "themes/$theme/images/";
 + 
 +  $module = new VTWorkflowApplication('edittask');
 +Index: modules/com_vtiger_workflow/deletetask.php
 +===================================================================
 +--- modules/com_vtiger_workflow/deletetask.php (revisión: 7011)
 ++++ modules/com_vtiger_workflow/deletetask.php (copia de trabajo)
 +@@ -18,7 +18,7 @@
 +  $util = new VTWorkflowUtils();
 +  $module = new VTWorkflowApplication("deltetask");
 +  $mod = return_module_language($current_language, $module->name);
 +-
 ++ $request = vtlib_purify($request);  // this cleans all values of the array
 +  if(!$util->checkAdminAccess()){
 +  $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
 +  $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
 +Index: modules/com_vtiger_workflow/saveworkflow.php
 +===================================================================
 +--- modules/com_vtiger_workflow/saveworkflow.php (revisión: 7011)
 ++++ modules/com_vtiger_workflow/saveworkflow.php (copia de trabajo)
 +@@ -19,7 +19,7 @@
 +  $util = new VTWorkflowUtils();
 +  $module = new VTWorkflowApplication("saveworkflow");
 +  $mod = return_module_language($current_language, $module->name);
 +-
 ++ $request = vtlib_purify($request);  // this cleans all values of the array
 +  if(!$util->checkAdminAccess()){
 +  $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
 +  $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
 +Index: modules/com_vtiger_workflow/savetemplate.php
 +===================================================================
 +--- modules/com_vtiger_workflow/savetemplate.php (revisión: 7011)
 ++++ modules/com_vtiger_workflow/savetemplate.php (copia de trabajo)
 +@@ -20,7 +20,7 @@
 +  $util = new VTWorkflowUtils();
 +  $module = new VTWorkflowApplication("savetemplate");
 +  $mod = return_module_language($current_language, $module->name);
 +-
 ++ $request = vtlib_purify($request);  // this cleans all values of the array
 +  if(!$util->checkAdminAccess()){
 +  $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']);
 +  $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']);
 +</code>