MantisBT: master 3be86ce3
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
Paul Richards | dregad | master | 2014-01-17 11:24 | master a6a3a136 |
Affected Issues | 0016879: CVE-2014-1608: soap:Envelope SQL injection attack | |||
Changeset | Fix CVE-2014-1608: mc_issue_attachment_get SQL injection Use of db_query() instead of db_query_bound() allowed SQL injection This issue was reported by e-mail by Andrea Barisani from oCERT, on Fixes 0016879 Signed-off-by: Damien Regad <dregad@mantisbt.org> |
|||
mod - api/soap/mc_file_api.php | Diff File |