History | Log In     View a printable version of the current page.  
Issue Details (XML | Word | Printable)

Key: OX-4811
Type: Sub-task Sub-task
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: andrew.hill
Reporter: andrew.hill
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
OpenX Ad Server
OX-4794

Issue Item #17

Created: 27/Jan/09 04:03 PM   Updated: 30/Jan/09 02:13 PM
Component/s: OXP: User Interface
Affects Version/s: OpenX 2.6.3, OpenX 2.7.28-beta
Fix Version/s: OpenX 2.6.4, Milestone 27, OpenX 2.7.29-beta
Security Level: Public (All users can see these issues)

Time Tracking:
Original Estimate: 1h
Original Estimate - 1h
Remaining Estimate: 0.45h
Time Spent - 0.55h Remaining Estimate - 0.45h
Time Spent: 0.55h
Time Spent - 0.55h Remaining Estimate - 0.45h

Issue Links:
Depends
 

Passed QA Version/s: OpenX 2.6.4 and OpenX 2.7.29-beta


 Description  « Hide
"Input passed to the "listorder" parameter in "www/admin/userlog-index.php" is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code."

 All   Comments   Work Log   Change History   FishEye   Crucible   Builds      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.