Edit Email & Password - fail to verify SQL injection in new password
Bug #909313 reported by
Vo Hung Anh
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| DiaDiemAnUong |
Won't Fix
|
Medium
|
Trinh Minh Duc | ||
Bug Description
When user change the new password in "Edit Email & Password" function, the user can types the same SQL queries (eg. 1' or 1 = 1--) in both new and confirm new password fields without verifying from the system. Meaning that the system allow this kind of password, which is not match with requirement.
| Changed in ddantesting: | |
| status: | New → Won't Fix |
| importance: | Undecided → Medium |
| assignee: | nobody → Trinh Minh Duc (trinhminhduc1810) |
To post a comment you must log in.
