Opened 13 years ago
Closed 13 years ago
#544 closed defect (fixed)
Get User SQL injection potential
| Reported by: | jesseeichar | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | v2.6.5 |
| Component: | General | Version: | v2.6.3 |
| Keywords: | Cc: |
Description
Get passes the id parameter directly to the SQL which is potential SQL injection attack. Attached is a patch for a fix
Attachments (1)
Change History (2)
by , 13 years ago
| Attachment: | getuserSqlInjectionPatch.patch added |
|---|
comment:1 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
