[OLIO-152] The php app is a walking SQL injection - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 0.2
Fix Version/s: None
Component/s: php-app
Labels:
None

Description

No sql statement escaping is done and users can walk all over the database.

Entering user lol'; update PERSON set firstname='sqlparty'

changes all of the firstnames in the database.

Entering user '; drop table

is worse

I haven't looked at the java or rails versions.

Attachments

Activity

People

Assignee:: Shanti Subramanyam

Reporter:: John C McCullough

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 01/Sep/10 22:21

Updated:: 01/Sep/10 22:21