MantisBT: master 7c8a564c
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dhx | dhx | master | 2011-08-18 03:43 | master fe9da540 |
Affected Issues | 0013245: Cross site scripting and remote SQL injection vulnerabilities | |||
Changeset | Fix 0013245: XSS issues with search.php parameters Net.Edit0r (Net.Edit0r@Att.net) from BlACK Hat Group The full report is available at filter_api.php is the culprit for this vulnerability as it passes user It should be noted that numerous other XSS vulnerabilities (all related) The second SQL injection vulnerability identified by Net.Edit0r is core.php: This usage is safe because nothing is ever done with $_GET['mbadmin']. Conflicts: |
|||
mod - core/filter_api.php | Diff File |