[Koha-bugs] [Bug 1953] New: remove possible SQL injection attacks
bugzilla-daemon at pippin.metavore.com
bugzilla-daemon at pippin.metavore.com
Tue Mar 18 21:16:06 CET 2008
http://bugs.koha.org/cgi-bin/bugzilla/show_bug.cgi?id=1953
Summary: remove possible SQL injection attacks
Product: Koha
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: Database
AssignedTo: Andrew.moore at liblime.com
ReportedBy: Andrew.moore at liblime.com
QAContact: koha-bugs at nongnu.org
I've found a handful of SQL queries that don't use placeholders and bind
variables, but instead have variables passed directly into them. These may
allow SQL injection attacks. I plan on refactoring them so that they use
placeholders instead.
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Koha-bugs
mailing list