[buddypress-trac] [BuddyPress] #1223: Filters are often used in SQL without proper quote escaping (possible injection vulnerability)
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Mon Oct 12 21:54:18 UTC 2009
#1223: Filters are often used in SQL without proper quote escaping (possible
injection vulnerability)
--------------------------+-------------------------------------------------
Reporter: rvenable | Owner:
Type: defect | Status: new
Priority: critical | Milestone: 1.1.2
Keywords: sql injection |
--------------------------+-------------------------------------------------
Comment(by rvenable):
Also, the like_escape() function returns its value, but that returned
value isn't actually being used.
--
Ticket URL: <http://trac.buddypress.org/ticket/1223#comment:1>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list