[Koha-devel] Possible OPAC security pb
Fridolyn SOMERS
fridolyn.somers at biblibre.com
Mon Jul 15 13:17:04 CEST 2013
Hie,
I've just opened
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590.
I've set it to critical because I think it is a security problem
existing at OPAC :
In opac-topissues the parameter limit is directly added at the end of
the SQL query, without testing its value.
A user can edit this parameter to add SQL code to query : for example :
limit=10;DROP+TABLE+borrowers;.
Please have a look and test.
Best regards,
--
Fridolyn SOMERS
Biblibre - Pôle support
fridolyn.somers at biblibre.com
More information about the Koha-devel
mailing list