Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #7818 SQL injection in trove categories help
    Actions
    Infos
    #7818
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-01-30 15:20
    7825
    Details
    SQL injection in trove categories help

    Tuleap does not sanitize properly user inputs when constructing a SQL queries in the trove cat help.

    Impact

    An attacker could execute arbitrary SQL queries.
    CVSSv2 score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

    Exploitation

    The page <tuleap_url>/help/trove_cat.php is exploitable via the parameter helpid.

    References

    https://cwe.mitre.org/data/definitions/89.html
    https://www.owasp.org/index.php/SQL_Injection

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-02-05
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referencing request #7818

    Artifact Tracker v5

    rel #7843 7.11

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/80/3580/2' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD dc68f6da33
    User avatar Benjamin Dauton (bdauton_enalean) , 2015-02-05 11:54
    request #7818: Fix SQL injection in trove cat 29322b4e83
    User avatar Thomas Gerbet (tgerbet) , 2015-01-30 17:13
    request #7818: Fix SQL injection in trove cat 4816dc37aa
    User avatar Thomas Gerbet (tgerbet) , 2015-03-02 11:08
    Referenced by request #7818

    Other

    gerrit #3580
    Display settings

    Follow-ups