MantisBT: master-1.2.x 00b4c170
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
Paul Richards | dregad | master-1.2.x | 2014-01-17 11:24 | master-1.2.x b72fdaeb |
Affected Issues | 0016879: CVE-2014-1608: soap:Envelope SQL injection attack | |||
Changeset | Fix CVE-2014-1608: mc_issue_attachment_get SQL injection Use of db_query() instead of db_query_bound() allowed SQL injection This issue was reported by e-mail by Andrea Barisani from oCERT, on Fixes 0016879 Signed-off-by: Damien Regad <dregad@mantisbt.org> Conflicts: |
|||
mod - api/soap/mc_file_api.php | Diff File |