Ineffective pcrud (and probably cstore) input sanitization
Bug #1164575 reported by
Lebbeous Fogle-Weekley
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
Critical
|
Unassigned | ||
2.1 |
Fix Released
|
Critical
|
Unassigned | ||
2.2 |
Fix Released
|
Critical
|
Unassigned | ||
2.3 |
Fix Released
|
Critical
|
Unassigned |
Bug Description
Probably all versions, but confirmed in master using srfsh:
{EXAMPLE OF SQL INJECTION}
Thanks to Dan Scott for noticing something fishy in his logs that made this obvious.
Changed in evergreen: | |
status: | New → Confirmed |
description: | updated |
information type: | Private Security → Public Security |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
BTW, after conferring briefly with Galen, I've excised the comment I made that sparked Lebbeous' investigation from the IRC logs.