Openbravo Issue Tracking System - Openbravo ERP |
View Issue Details |
|
ID | Project | Category | View Status | Date Submitted | Last Update |
0036252 | Openbravo ERP | 09. Financial management | public | 2017-06-13 08:58 | 2017-06-15 10:08 |
|
Reporter | alostale | |
Assigned To | collazoandy4 | |
Priority | immediate | Severity | major | Reproducibility | have not tried |
Status | closed | Resolution | fixed | |
Platform | | OS | 5 | OS Version | |
Product Version | | |
Target Version | 3.0PR17Q1.2 | Fixed in Version | 3.0PR17Q1.2 | |
Merge Request Status | |
Review Assigned To | aferraz |
OBNetwork customer | |
Web browser | |
Modules | Core |
Support ticket | |
Regression level | |
Regression date | |
Regression introduced in release | |
Regression introduced by commit | |
Triggers an Emergency Pack | No |
|
Summary | 0036252: Security problem in Create Budget Reports in Excel report |
Description | SQL injection security problem in Create Budget Reports in Excel report.
Problem is how ReportBudgetGenerateExcel.printPageDataExcel method creates the query. Parameters are appended to the query without being parsed to avoid SQL injection.
See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9437 [^] |
Steps To Reproduce | - |
Proposed Solution | |
Additional Information | |
Tags | No tags attached. |
Relationships | blocks | defect | 0036239 | | closed | collazoandy4 | Security problem in Create Budget Reports in Excel report |
|
Attached Files | |
|
Issue History |
Date Modified | Username | Field | Change |
2017-06-14 11:34 | aferraz | Type | defect => backport |
2017-06-14 11:34 | aferraz | Target Version | => 3.0PR17Q1.2 |
2017-06-15 09:14 | hgbot | Checkin | |
2017-06-15 09:14 | hgbot | Note Added: 0097403 | |
2017-06-15 09:14 | hgbot | Status | scheduled => resolved |
2017-06-15 09:14 | hgbot | Resolution | open => fixed |
2017-06-15 09:14 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/backports/3.0PR17Q1.2/rev/140153ba6306875c34e26979ad8d3bebae3f7e9b [^] |
2017-06-15 10:08 | aferraz | Review Assigned To | => aferraz |
2017-06-15 10:08 | aferraz | Note Added: 0097410 | |
2017-06-15 10:08 | aferraz | Status | resolved => closed |
2017-06-15 10:08 | aferraz | Fixed in Version | => 3.0PR17Q1.2 |