Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-5450

SQL injection in suggest.vm

    XMLWordPrintable

Details

    • security, sql injection
    • Integration
    • Easy

    Description

      URL parameters "classname", "fieldname", "firCol", "secCol" and "input" are concatenated with the SQL query.

      Attachments

        Activity

          People

            nickless Alex Busenius
            nickless Alex Busenius
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: