sql injection in search_clause possible

fago - September 22, 2005 - 19:17

Project:	Flexinode
Version:	4.6.x-1.x-dev
Component:	Code
Category:	bug report
Priority:	critical
Assigned:	Unassigned
Status:	closed

Jump to:

Most recent comment

the flexinode fields select and checkbox doesn't check the submitted values before inserting them in the sql clause, as an affect this allows sql injection in the clause.

patch attached

Attachment	Size
flexinode_sql.patch	1.48 KB

» Login or register to post comments

#1

Gerhard Killesreiter - September 23, 2005 - 01:51

Status:

needs review

» active

committed to cvs. Setting to active. Check if it applies to HEAD as well.

Login or register to post comments

#2

fago - September 23, 2005 - 12:09

Status:

active

» fixed

chx has already commited a fix for head.

Login or register to post comments

#3

Anonymous - October 7, 2005 - 12:21

Status:

fixed

» closed

Login or register to post comments

Drupal is a registered trademark of Dries Buytaert.