Edit Email & Password - fail to verify SQL injection in new password
Bug #909313 reported by
Vo Hung Anh
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
DiaDiemAnUong |
Won't Fix
|
Medium
|
Trinh Minh Duc |
Bug Description
When user change the new password in "Edit Email & Password" function, the user can types the same SQL queries (eg. 1' or 1 = 1--) in both new and confirm new password fields without verifying from the system. Meaning that the system allow this kind of password, which is not match with requirement.
Changed in ddantesting: | |
status: | New → Won't Fix |
importance: | Undecided → Medium |
assignee: | nobody → Trinh Minh Duc (trinhminhduc1810) |
To post a comment you must log in.