Contrib.social

Possible SQL Injection Attack Risk

Open on Drupal.org β†’
Created on 19 October 2007, over 16 years ago
Updated 11 December 2023, 7 months ago

Possible SQL injection hole in the Faceted Search.

enterring the following EXACTLY (including the ' ) should NOT display results
' and 1=1 --

This is equivalent to: SELECT * FROM sometableorother WHERE keywords = ' ' and 1=1 -- '
This will ALWAYS be TRUE in MySQL.

πŸ› Bug report
Status

Fixed

Version

0.3

Component

Code

Created by

πŸ‡¦πŸ‡ΊAustralia ivrh

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024