Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #7831 SQL injection in trove cat listing
    Actions
    Infos
    #7831
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-02-03 11:32
    7838
    Details
    SQL injection in trove cat listing

    Tuleap does not sanitize properly user inputs when constructing a SQL queries in the trove cat listing.

    Impact

    An attacker could execute arbitrary SQL queries.
    CVSSv2 score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

    Exploitation

    The page <tuleap_url>/softwaremap/trove_list.php is exploitable via the parameter discrim_queryand. This is only possible because register_globals is set to on.
    You can trigger a DB error with <tuleap_url>/softwaremap/trove_list.php?discrim_queryand=' to demonstrate the vulnerability.

    References

    https://cwe.mitre.org/data/definitions/89.html
    https://www.owasp.org/index.php/SQL_Injection

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-02-05
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referencing request #7831

    Artifact Tracker v5

    rel #7843 7.11

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/98/3598/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 9f3b22499e
    User avatar Benjamin Dauton (bdauton_enalean) , 2015-02-05 11:10
    request #7831: Fix SQL injection in trove cat listing 42f4d8df0a
    User avatar Thomas Gerbet (tgerbet) , 2015-02-03 11:34
    request #7831: Fix SQL injection in trove cat listing 9a6af3de39
    User avatar Thomas Gerbet (tgerbet) , 2015-03-02 11:07
    Referenced by request #7831

    Other

    gerrit #3598
    Display settings

    Follow-ups