#242 - SQL injection in Tickets listing
Type Defect
Status Fixed
Milestone 2.3.3
Version 2.3.2
Component Tickets
Priority Normal
Severity Critical
Owner Trupik
Assigned to -
Reported 11 years ago
Updated 9 years ago
Votes 0
Related tickets
Proposed time
Worked time

What did you do to cause this? I fiddled a bit with URL in my installation and stumbled upon an SQL injection situation. It has been made even easier by showing me the actual query.

What page were you on? .../tickets?status=open&type=1%29;SQL_INJECTION%28

Describe the defect: It shows me the query, and allows me to put anything into it. Any skilled hacker would abuse this with great pleasure.

Ticket History

11 years and 6 months ago by Jack

  • Closed ticket as Fixed
  • custom_field 0% 100%

Should be fixed now. Thanks for reporting this.