SQL injection in Tickets listing - Tickets - Traq

#242 - SQL injection in Tickets listing

Type Defect

Status Fixed

Milestone 2.3.3

Version 2.3.2

Component Tickets

Priority Normal

Severity Critical

Owner Trupik

Assigned to -

Reported 12 years ago

Updated 10 years ago

Votes 0

Related tickets

Proposed time

Worked time

What did you do to cause this? I fiddled a bit with URL in my installation and stumbled upon an SQL injection situation. It has been made even easier by showing me the actual query.

What page were you on? .../tickets?status=open&type=1%29;SQL_INJECTION%28

Describe the defect: It shows me the query, and allows me to put anything into it. Any skilled hacker would abuse this with great pleasure.

Ticket History

12 years and 7 months ago by Jack

Closed ticket as Fixed
custom_field 0% 100%

Should be fixed now. Thanks for reporting this.