Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0008579 | Openbravo ERP | A. Platform | public | 2009-04-15 15:41 | 2009-06-04 00:00 |
|
| Reporter | shuehner | |
| Assigned To | shuehner | |
| Priority | urgent | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | 2.40 | |
| Target Version | | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | No |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0008579: SQL injection in selectors |
| Description | The selector code has issues where it is possible to inject code into the executed SQL statement via crafted parameters coming from the user. |
| Steps To Reproduce | |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | depends on | backport | 0009045 | | closed | shuehner | SQL injection in selectors | | related to | defect | 0005236 | | closed | shuehner | Sorting by more than one column is not working in at least Product Complete & Business Partner Selector | | related to | defect | 0009074 | | closed | shuehner | SQL injection in datagrid code |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2009-04-15 15:41 | shuehner | New Issue | |
| 2009-04-15 15:41 | shuehner | Assigned To | => rafaroda |
| 2009-04-15 15:41 | shuehner | OBNetwork customer | => No |
| 2009-04-15 15:41 | shuehner | Regression testing | => No |
| 2009-04-15 15:41 | shuehner | Assigned To | rafaroda => shuehner |
| 2009-04-22 20:04 | psarobe | Status | new => scheduled |
| 2009-04-22 20:04 | psarobe | fix_in_branch | => pi |
| 2009-05-13 09:02 | shuehner | Note Added: 0016309 | |
| 2009-05-13 09:02 | shuehner | Priority | normal => urgent |
| 2009-05-13 09:02 | shuehner | fix_in_branch | pi => |
| 2009-05-15 10:57 | shuehner | Status | scheduled => acknowledged |
| 2009-05-15 10:57 | shuehner | Status | acknowledged => scheduled |
| 2009-05-15 10:57 | shuehner | fix_in_branch | => pi |
| 2009-05-15 12:13 | hgbot | Checkin | |
| 2009-05-15 12:13 | hgbot | Note Added: 0016381 | |
| 2009-05-15 12:13 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/d4fedb1b06c242856f0ae288fd2972f43c04eced [^] |
| 2009-05-18 15:16 | hgbot | Checkin | |
| 2009-05-18 15:16 | hgbot | Note Added: 0016425 | |
| 2009-05-18 15:16 | hgbot | Status | scheduled => resolved |
| 2009-05-18 15:16 | hgbot | Resolution | open => fixed |
| 2009-05-18 15:16 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/d4fedb1b06c242856f0ae288fd2972f43c04eced [^] => http://code.openbravo.com/erp/devel/pi/rev/68ba24ee1a88f95d7c2727454331f052809d9468 [^] |
| 2009-05-18 15:24 | shuehner | Relationship added | related to 0005236 |
| 2009-05-18 15:34 | shuehner | Relationship added | related to 0009074 |
| 2009-06-03 12:00 | psarobe | Status | resolved => closed |
| 2009-06-04 00:00 | anonymous | sf_bug_id | 0 => 2800770 |