Hie,
I've just opened
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10590.
I've set it to critical because I think it is a security problem
existing at OPAC :
In opac-topissues the parameter limit is directly added at the end of
the SQL query, without testing its value.
A user can edit this parameter to add SQL code to query : for example :
limit=10;DROP+TABLE+borrowers;.
Please have a look and test.
Best regards,
--
Fridolyn SOMERS
Biblibre - Pôle support
fridolyn.som...@biblibre.com
_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/