Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Revisions: Issue #36239 Back to Issue ]
Summary 0036239: Security problem in Create Budget Reports in Excel report
Revision 2017-06-13 13:12 by aferraz
Description SQL injection security problem in Create Budget Reports in Excel report.

Problem is how ReportBudgetGenerateExcel.printPageDataExcel method creates the query. Parameters are appended to the query without being parsed to avoid SQL injection.

See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9437 [^]
Revision 2017-06-13 09:08 by aferraz
Description See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9437 [^]


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker