MantisBT: master-2.28 6ad20bea
| Author | Committer | Branch | Timestamp | Parent |
|---|---|---|---|---|
| dregad | dregad | master-2.28 | 2026-05-17 12:05 | master-2.28 e3571c31 |
| Affected Issues | 0037123: CVE-2026-47142: SQL Injection via `history_order` Configuration Value | |||
| Changeset | Fix SQL injection in history_query_result() Sanitize $t_history_order variable so only ASC/DESC can be added to the Fixes 0037123, GHSA-mw6p-33vw-46cc |
|||
| mod - core/history_api.php | Diff File | |||