phpdevshell team mailing list archive
-
phpdevshell team
-
Mailing list archive
-
Message #00450
[Bug 734706] [NEW] log to database possibly not filtered
*** This bug is a security vulnerability ***
Private security bug reported:
When working on a menu having a ' in its name, the log request is not
filtered:
INSERT INTO
_db_core_logs (id, log_type, log_description, log_time, user_id, user_display_name, menu_id, file_name, menu_name, user_ip)
VALUES
('', '1', 'User Root User saved.', '1300091210', '1', 'Root User', '885145814', 'user-admin/user-admin.link', 'Edition de l'Utilisateur', '82.230.154.245')
** Affects: phpdevshell
Importance: High
Assignee: TitanKing (titan-phpdevshell)
Status: New
** Changed in: phpdevshell
Assignee: (unassigned) => TitanKing (titan-phpdevshell)
--
You received this bug notification because you are a member of
PHPDevShell, which is a direct subscriber.
https://bugs.launchpad.net/bugs/734706
Title:
log to database possibly not filtered
Status in Open Source PHP RAD Framework with UI.:
New
Bug description:
When working on a menu having a ' in its name, the log request is not
filtered:
INSERT INTO
_db_core_logs (id, log_type, log_description, log_time, user_id, user_display_name, menu_id, file_name, menu_name, user_ip)
VALUES
('', '1', 'User Root User saved.', '1300091210', '1', 'Root User', '885145814', 'user-admin/user-admin.link', 'Edition de l'Utilisateur', '82.230.154.245')
Follow ups
References
