For a Shotwell Scope SQL injection Demo , i attached a screenshot. Code can be injected with a file name in the function getPhotoForUri.
Demonstration: a) rename some picture like this xx " UNION SELECT 1,'2','Hello','World',5,6,7,8,9,10,11,12,'13','14','15',16,17,18,19,20,21,22,23,24,'25',26,27,28,29 -- ".png b) start shotwell and ensure the picture gets into the shotwell database c) close shotwell d) Search for xx in the Unity Dash and click on the picture e) Have look at the picture dimensions and the size. It reads "Hello x World Pixels", size : 5.0b. This is only a harmles demo. Other things may happen like crashes or code execution. ** Attachment added: "unity-scope-shotwell SQL injection Demo" https://bugs.launchpad.net/ubuntu/+source/unity-scope-clementine/+bug/1483037/+attachment/4542841/+files/screenshot.png -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1483037 Title: Possible Shell Command Injection in daemon To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity-scope-audacious/+bug/1483037/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs