Posted by fago on September 22, 2005 at 7:17pm
Jump to:
| Project: | Flexinode |
| Version: | 4.6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
the flexinode fields select and checkbox doesn't check the submitted values before inserting them in the sql clause, as an affect this allows sql injection in the clause.
patch attached
| Attachment | Size |
|---|---|
| flexinode_sql.patch | 1.48 KB |
Comments
#1
committed to cvs. Setting to active. Check if it applies to HEAD as well.
#2
chx has already commited a fix for head.
#3