15 Jul
2013
15 Jul
'13
1:17 p.m.
Hie, I've just opened http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590. I've set it to critical because I think it is a security problem existing at OPAC : In opac-topissues the parameter limit is directly added at the end of the SQL query, without testing its value. A user can edit this parameter to add SQL code to query : for example : limit=10;DROP+TABLE+borrowers;. Please have a look and test. Best regards, -- Fridolyn SOMERS Biblibre - Pôle support fridolyn.somers@biblibre.com