#1183 fix query parameter processing in multiple calls
Closed: Fixed 3 years ago by mikem. Opened 3 years ago by mikem.

The following functions use unsafe techniques to handle some of their query parameters: list_archives, get_archive_type, and listHosts.
These bugs allow an attacker to inject arbitrary sql commands.

This issue has been assigned CVE-2018-1002161

You can read the full announcement here:

Metadata Update from @mikem:
- Issue private status set to: False (was: True)

3 years ago

Metadata Update from @mikem:
- Issue priority set to: High (was: Normal)
- Issue set to the milestone: 1.17
- Issue tagged with: bug

3 years ago

Login to comment on this ticket.