Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0009145 | Openbravo ERP | 07. Sales management | public | 2009-05-22 18:14 | 2009-06-18 00:00 |
|
| Reporter | shuehner | |
| Assigned To | shuehner | |
| Priority | urgent | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | duplicate | |
| Platform | | OS | 5 | OS Version | |
| Product Version | pi | |
| Target Version | | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | No |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0009145: SQL injection in Report Invoice Discount |
| Description | This report has an issue where it is possible to inject code into the executed SQL statement via crafted parameters |
| Steps To Reproduce | |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | duplicate of | defect | 0009501 | | closed | shuehner | Audit all xsql to ensure that all xsql-parameters of type argument/replace are properly validated -part1 | | depends on | feature request | 0009500 | | closed | shuehner | Add infrastructure to VariablesBase class to allow for technical validation of request parameters |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2009-05-22 18:14 | shuehner | New Issue | |
| 2009-05-22 18:14 | shuehner | Assigned To | => rafaroda |
| 2009-05-22 18:14 | shuehner | OBNetwork customer | => No |
| 2009-05-22 18:16 | shuehner | Note Added: 0016592 | |
| 2009-05-25 09:58 | rafaroda | Note Added: 0016601 | |
| 2009-05-25 09:58 | rafaroda | Assigned To | rafaroda => shuehner |
| 2009-05-25 09:58 | rafaroda | Status | new => scheduled |
| 2009-05-25 09:58 | rafaroda | fix_in_branch | => pi |
| 2009-06-16 16:33 | shuehner | Relationship added | depends on 0009500 |
| 2009-06-16 16:40 | shuehner | Relationship added | blocks 0009501 |
| 2009-06-17 18:31 | shuehner | Relationship replaced | duplicate of 0009501 |
| 2009-06-17 18:31 | shuehner | Status | scheduled => closed |
| 2009-06-17 18:31 | shuehner | Note Added: 0017396 | |
| 2009-06-17 18:31 | shuehner | Duplicate ID | 0 => 9501 |
| 2009-06-17 18:31 | shuehner | Resolution | open => duplicate |
| 2009-06-18 00:00 | anonymous | sf_bug_id | 0 => 2807995 |