Project

General

Profile

Actions

Bug #23724

closed

Unescape SQL in eventlog filter

Added by François ARMAND about 1 year ago. Updated 8 months ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

In eventlog filter, we don't correctly escape the input from user before doing the SQL query. That doesn't look like being exploitable (backend correclty fault), but db information about the faulty request are returned in the (console) error message. The DB structure is open source, but still, this case must be forbidden by construction, way before we reach that error.


Subtasks 1 (0 open1 closed)

Bug #23738: Error in upmerge (empty TestMigrateSystemTechnique7_0.scala)ReleasedVincent MEMBRÉActions
Actions

Also available in: Atom PDF