Glastopf Webinterface - Bug #126: Multiple SQL Injection Vulnerabilities - Glaslos Code Repository

Bug #126

Multiple SQL Injection Vulnerabilities

Added by Sven Vetsch about 2 years ago. Updated about 2 years ago.

Status:

Closed

Start date:

01/02/2010

Priority:

Urgent

Due date:

Assignee:

Sven Vetsch

% Done:

Category:

Vulnerability

Spent time:

Target version:

0.0.1

Description

There are multiple SQL Injection vulnerabilities in the web interface. Some of them can even be exploited without having a valid user account. An attacker can get full access to the application and also dump the whole database.

Global input validation (white list approach where possible) needs to be implemented and also only prepared statements should be used.

More details will not be made public available for security reasons.

History

#1
Updated by Sven Vetsch about 2 years ago

Status changed from New to Assigned
Assignee changed from Marcel Koßin to Sven Vetsch

#2
Updated by Sven Vetsch about 2 years ago

Status changed from Assigned to Closed

fixed by implementing global filters

Also available in: Atom PDF

Glastopf » Glastopf Webinterface

Issues

Bug #126

Multiple SQL Injection Vulnerabilities

History

#1
Updated by Sven Vetsch about 2 years ago

#2
Updated by Sven Vetsch about 2 years ago

Glastopf » Glastopf Webinterface

Issues

Bug #126

Multiple SQL Injection Vulnerabilities

History

#1 Updated by Sven Vetsch about 2 years ago

#2 Updated by Sven Vetsch about 2 years ago

#1
Updated by Sven Vetsch about 2 years ago

#2
Updated by Sven Vetsch about 2 years ago