Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #7872 SQL injections in surveys
    Actions
    Infos
    #7872
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-02-16 16:21
    7879
    Details
    SQL injections in surveys

    Tuleap does not sanitize properly user inputs when constructing a SQL query in the survey service.

    Impact

    An attacker could execute arbitrary SQL queries.
    CVSSv2 score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

    Exploitation

    With just an user logged in, the page <tuleap_url>/survey/rating_resp.php is exploitable via the parameters vote_on_id, response and flag.

    If you have an user who can administrate the survey service you can also exploit this vulnerability with the page <tuleap_url>/survey/admin/edit_survey.php and the parameter survey_id.

    References

    https://cwe.mitre.org/data/definitions/89.html
    https://www.owasp.org/index.php/SQL_Injection

    Survey
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-03-02
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referencing request #7872

    Artifact Tracker v5

    rel #7843 7.11

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/42/3642/1' of ssh://gerrit.tuleap.net:29418/tuleap into tuleap-stable-master d3dc23788e
    User avatar Manuel Vacelet (vaceletm) , 2015-03-02 13:40
    request #7872: Escape all SQL queries parameters in survey service 68c01e1539
    User avatar Thomas Gerbet (tgerbet) , 2015-02-17 13:44
    Referenced by request #7872

    Other

    gerrit #3642
    Display settings

    Follow-ups

    User avatar
    Manuel Vacelet (vaceletm)2015-03-02 13:47
    Merged in 7.10.99.59
    • Status changed from Under review to Closed
    • Close date set to 2015-03-02