Ticket #2033 (closed defeito: fixed)

Opened 8 years ago

Last modified 8 years ago

Correção de vulnerabilidade

Reported by: brunocosta Owned by: ninguem
Priority: normal Milestone: Expresso 2.2.6
Component: API Version: branch 2.2
Severity: grave Keywords: TAG2.2.0.1.5, SS 112506, Sync24
Cc: WorkGroup:

Description (last modified by brunocosta) (diff)

Corrogir possível vulnerabilidade no sistema.

Change History

comment:1 Changed 8 years ago by brunocosta

  • Status changed from new to closed
  • Resolution set to fixed

Resolvido na [4632]

Incluído "escape" para evitar sql injection, em class.categories.inc.php na função return_sorted_array.

comment:2 Changed 8 years ago by guilherme.silva

  • Keywords TAG2.2.0.1.5, SS 112506 added; TAG2.2.0.1.5 removed

comment:3 Changed 8 years ago by brunocosta

  • Status changed from closed to reopened
  • Summary changed from SQL Injection no arquivo class.categories.inc.php to Correção de vulnerabilidade
  • Resolution fixed deleted
  • Description modified (diff)
  • Milestone changed from Expresso 2.2.0.1 to Expresso 2.2.6

comment:4 Changed 8 years ago by brunocosta

  • Status changed from reopened to closed
  • Resolution set to fixed

Comitado no branch 2.2 na revisão [4691]

comment:5 Changed 8 years ago by niltonneto

Well done! ;)

comment:6 Changed 8 years ago by douglasz

  • Keywords 112506, Sync24 added; 112506 removed
Note: See TracTickets for help on using tickets.