Edit Profile - fail to check SQL injection in homepage URL
Bug #909316 reported by
Vo Hung Anh
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| DiaDiemAnUong |
In Progress
|
Medium
|
Vo Hung Anh | ||
Bug Description
When user edits the profile, he/she can inserts/changes his/her homepage URL. Instead of a correct URL, the user can insert SQL query (eg. 1' or 1 = 1--) without error message from the system.
| Changed in ddantesting: | |
| status: | New → In Progress |
| importance: | Undecided → Medium |
| assignee: | nobody → Vo Hung Anh (anh-vohung) |
To post a comment you must log in.
