•  
      request #7872 SQL injections in surveys
    Infos
    #7872
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-02-16 16:21
    7878
    Details
    SQL injections in surveys

    Tuleap does not sanitize properly user inputs when constructing a SQL query in the survey service.

    Impact

    An attacker could execute arbitrary SQL queries.
    CVSSv2 score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

    Exploitation

    With just an user logged in, the page <tuleap_url>/survey/rating_resp.php is exploitable via the parameters vote_on_id, response and flag.

    If you have an user who can administrate the survey service you can also exploit this vulnerability with the page <tuleap_url>/survey/admin/edit_survey.php and the parameter survey_id.

    References

    https://cwe.mitre.org/data/definitions/89.html
    https://www.owasp.org/index.php/SQL_Injection

    Survey
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-03-02
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Merged in 7.10.99.59

    • Status changed from Under review to Closed
    • Close date set to 2015-03-02