Needs review
Project:
Context Help
Version:
6.x-1.0
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
25 Jan 2011 at 14:43 UTC
Updated:
25 Jan 2011 at 14:43 UTC
I've found a security vulnerability, line 267 of contexthelp.module. The $url variable is not escaped and that allows SQL Injection via the url in your browser.
Here is a patch to fix this :
| Comment | File | Size | Author |
|---|---|---|---|
| fix-SQL-Injection-contexthelp.module.patch | 850 bytes | Shrek |
