Possible SQL Injection Attack Risk

Created on 19 October 2007, about 17 years ago
Updated 11 December 2023, about 1 year ago

Possible SQL injection hole in the Faceted Search.

enterring the following EXACTLY (including the ' ) should NOT display results
' and 1=1 --

This is equivalent to: SELECT * FROM sometableorother WHERE keywords = ' ' and 1=1 -- '
This will ALWAYS be TRUE in MySQL.

🐛 Bug report
Status

Fixed

Version

0.3

Component

Code

Created by

🇦🇺Australia ivrh

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024