MantisBT: master-1.2.x 99ffb0af
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master-1.2.x | 2014-10-30 06:31 | master-1.2.x 43c39d75 |
Affected Issues | 0016880: CVE-2014-1609: SQL injection vulnerabilities | |||
0017812: CVE-2014-8554: SQL injection in SOAP API | ||||
0017823: CVE-2014-8554 - SQL injection vulnerability in SOAP API | ||||
Changeset | SQL injection in mc_project_get_attachments() This is a follow-up on CVE-2014-1609 / issue 0016880. Edwin Gozeling and Wim Visser from ITsec Security Services BV The same issue was also reported by Paul Richards in issue 0017823. This patch fixes the problem by typecasting the Project ID parameter Fixes 0017812, CVE-2014-8554 |
|||
mod - api/soap/mc_project_api.php | Diff File |