[Koha-devel] Possible OPAC security pb

Fridolyn SOMERS Mon, 15 Jul 2013 04:18:14 -0700

Hie,

I've just openedhttp://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590.I've set it to critical because I think it is a security problemexisting at OPAC :In opac-topissues the parameter limit is directly added at the end ofthe SQL query, without testing its value.A user can edit this parameter to add SQL code to query : for example :limit=10;DROP+TABLE+borrowers;.


Please have a look and test.

Best regards,

--
Fridolyn SOMERS
Biblibre - Pôle support
fridolyn.som...@biblibre.com
_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-devel] Possible OPAC security pb

Reply via email to