#242 - SQL injection in Tickets listing
Type Defect
Status Fixed
Milestone 2.3.3
Version 2.3.2
Component Tickets
Priority Normal
Severity Critical
Owner Trupik
Assigned to -
Reported 12 years ago
Updated 10 years ago
Votes 0
Related tickets
Proposed time
Worked time

What did you do to cause this? I fiddled a bit with URL in my installation and stumbled upon an SQL injection situation. It has been made even easier by showing me the actual query.

What page were you on? .../tickets?status=open&type=1%29;SQL_INJECTION%28

Describe the defect: It shows me the query, and allows me to put anything into it. Any skilled hacker would abuse this with great pleasure.

Ticket History

12 years ago by Jack

  • Closed ticket as Fixed
  • custom_field 0% 100%

Should be fixed now. Thanks for reporting this.