SeoPanel Official Website: https://www.seopanel.org/
Github: https://github.com/seopanel/Seo-Panel
Latest version 4.9.0: https://www.seopanel.org/spdownload/, https://github.com/seopanel/Seo-Panel/tree/7c107c789be74bdb284f857cd6a51877f0e0c11b, or the file attached to this gist below.
In api/user.api.php
, the function getUserName
directly calls function __checkUserName
in controllers/user.ctrl.php
file without filtering on variables. Attacker can pass arbitrary string to username
variable through $info
. This allows injection to the __checkUsername
function directly: