diff --git a/front/devices.php b/front/devices.php
index 1e8a5682..e42c9b3d 100755
--- a/front/devices.php
+++ b/front/devices.php
@@ -18,6 +18,13 @@ if ($_SESSION["login"] != 1)
 
   require 'php/templates/header.php';
   require 'php/templates/graph.php';
+  require 'php/server/util.php';
+
+  // check permissions
+  $dbPath = "../db/pialert.db";
+  $confPath = "../config/pialert.conf";
+
+  checkPermissions([$dbPath, $confPath]);
 ?>
 
 <!-- Page ------------------------------------------------------------------ -->
diff --git a/front/php/server/nmap_scan.php b/front/php/server/nmap_scan.php
index 06cbb0b6..88c90389 100755
--- a/front/php/server/nmap_scan.php
+++ b/front/php/server/nmap_scan.php
@@ -3,20 +3,26 @@
 $PIA_HOST_IP = $_REQUEST['scan'];
 $PIA_SCAN_MODE = $_REQUEST['mode'];
 
-if ($PIA_SCAN_MODE == 'fast') {
-    exec('nmap -F '.$PIA_HOST_IP, $output);
-} elseif ($PIA_SCAN_MODE == 'normal') {
-    exec('nmap '.$PIA_HOST_IP, $output);
-} elseif ($PIA_SCAN_MODE == 'detail') {
-    exec('nmap -A '.$PIA_HOST_IP, $output);
-} elseif ($PIA_SCAN_MODE == 'skipdiscovery') {
-    exec('nmap -Pn '.$PIA_HOST_IP, $output);
-}
+if(filter_var($PIA_HOST_IP, FILTER_VALIDATE_IP))  // Vulnerability fix v22.12.20
+{
+    if ($PIA_SCAN_MODE == 'fast') {
+        exec('nmap -F '.$PIA_HOST_IP, $output);
+    } elseif ($PIA_SCAN_MODE == 'normal') {
+        exec('nmap '.$PIA_HOST_IP, $output);
+    } elseif ($PIA_SCAN_MODE == 'detail') {
+        exec('nmap -A '.$PIA_HOST_IP, $output);
+    } elseif ($PIA_SCAN_MODE == 'skipdiscovery') {
+        exec('nmap -Pn '.$PIA_HOST_IP, $output);
+    }
 
-echo '<h4>Scan ('.$PIA_SCAN_MODE.') Results of: '.$PIA_HOST_IP.'</h4>';
-echo '<pre style="border: none;">'; 
-foreach($output as $line){
-    echo $line . "\n";
+    echo '<h4>Scan ('.$PIA_SCAN_MODE.') Results of: '.$PIA_HOST_IP.'</h4>';
+    echo '<pre style="border: none;">'; 
+    foreach($output as $line){
+        echo $line . "\n";
+    }
+    echo '</pre>';
+} else
+{
+    echo '<h4>Internal error.</h4>';
 }
-echo '</pre>';
 ?>
\ No newline at end of file
diff --git a/front/php/server/util.php b/front/php/server/util.php
index 171c85e0..19be52d0 100755
--- a/front/php/server/util.php
+++ b/front/php/server/util.php
@@ -16,6 +16,15 @@ $timezone_line = explode("'", $config_file_lines_timezone[0]);
 $Pia_TimeZone = $timezone_line[1];
 date_default_timezone_set($Pia_TimeZone);
 
+$FUNCTION = $_REQUEST['function'];
+
+
+if ($FUNCTION  == 'savesettings') {
+  saveSettings();
+} elseif ($PIA_SCAN_MODE == 'test') {
+    // other function
+}
+
 //------------------------------------------------------------------------------
 // Formatting data functions
 //------------------------------------------------------------------------------
@@ -59,6 +68,49 @@ function formatIPlong ($IP) {
 //------------------------------------------------------------------------------
 // Others functions
 //------------------------------------------------------------------------------
+function checkPermissions($files)
+{
+  foreach ($files as $file)
+  {
+    // check access to database
+    if(file_exists($file) != 1)
+    {
+      displayMessage("File ".$file." not found or inaccessible. Grant read & write permissions to the file to the correct user.");
+    }
+  }
+ 
+}
+
+
+function displayMessage($message)
+{
+  echo '<script>alert("'.$message.'")</script>';
+}
+
+
+function saveSettings()
+{
+  $config_file = "../../../config/pialert.conf";
+  // save in the file
+  $new_location = $config_file.'_'.strtotime("now").'.backup';
+
+  if(file_exists( $config_file) == 1)
+  {
+    // create a backup copy    
+    if (!copy($config_file, $new_location))
+    {      
+      echo "Failed to copy file ".$config_file." to ".$new_location." <br/> Check your permissions to allow read/write access to the /config folder.";
+    }
+    {
+      echo "Backup of pialert.conf created: <code>".$new_location."</code>";
+    }
+  } else {
+    echo 'File "'.$config_file.'" not found or missing read permissions.';
+  }
+
+  // save in the DB
+}
+
 function getString ($codeName, $default, $pia_lang) {
 
   $result = $pia_lang[$codeName];
diff --git a/front/settings.php b/front/settings.php
index 26748fa6..7709bbf5 100644
--- a/front/settings.php
+++ b/front/settings.php
@@ -21,14 +21,22 @@ require 'php/server/db.php';
 require 'php/server/util.php';
 require 'php/templates/language/'.$pia_lang_selected.'.php';
 
+
+
 //------------------------------------------------------------------------------
 //  Action selector
 //------------------------------------------------------------------------------
 // Set maximum execution time to 15 seconds
 ini_set ('max_execution_time','30');
 
+// check permissions
+$dbPath = "../db/pialert.db";
+$confPath = "../config/pialert.conf";
+
+checkPermissions([$dbPath, $confPath]);
+
 // Open DB
-OpenDB('../db/pialert.db');
+OpenDB($dbPath);
 
 global $db;
 global $pia_lang;
@@ -171,7 +179,8 @@ $db->close();
    
     <!-- /.content -->
     <div class="table_row" >
-          <button type="button" class="btn btn-default pa-btn bg-green dbtools-button" id="save" onclick="alert('Not yet implemented.')"><?php echo $pia_lang['DevDetail_button_Save'];?></button>
+          <button type="button" class="btn btn-default pa-btn bg-green dbtools-button" id="save" onclick="saveSettings()"><?php echo $pia_lang['DevDetail_button_Save'];?></button>
+          <div id="result"></div>
       </div>
 </div>
 
@@ -180,5 +189,18 @@ $db->close();
 
 <!-- ----------------------------------------------------------------------- -->
 <?php
-  require 'php/templates/footer.php';
+  require 'php/templates/footer.php';  
 ?>
+
+<script>
+  function saveSettings() {    
+    $.ajax({
+      method: "POST",
+      url: "../php/server/util.php",
+      data: { function: 'savesettings' },
+      success: function(data, textStatus) {
+          $("#result").html(data);    
+      }
+    })
+  }
+</script>