Possible SQL Injection Attack Risk

Created on 19 October 2007, about 17 years ago

Updated 11 December 2023, 12 months ago

Possible SQL injection hole in the Faceted Search.

enterring the following EXACTLY (including the ' ) should NOT display results
' and 1=1 --

This is equivalent to: SELECT * FROM sometableorother WHERE keywords = ' ' and 1=1 -- '
This will ALWAYS be TRUE in MySQL.

🐛 Bug report

Status

Fixed

Version

0.3

Component

Code

Created by

🇦🇺Australia ivrh

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024