SQL injection in Advanced Search
Bug #909032 reported by
Vo Hung Anh
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| DiaDiemAnUong |
Confirmed
|
Medium
|
Trinh Minh Duc | ||
Bug Description
In advanced Search function, when user selects "Search Multiple Content Types" tab, then provide an SQL injection (for example: 1' or 1 = 1--) in search field and choose "All type" for searching. The system cannot filter for this kind of injection.
| Changed in ddantesting: | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| assignee: | nobody → Trinh Minh Duc (trinhminhduc1810) |
To post a comment you must log in.
