0002229: SQL injection is possible when using some particular functionality

ID	Project	Category	View Status	Date Submitted	Last Update

0002229	OXID eShop (all versions)	4.04. Security	public	2010-12-01 10:38	2011-02-03 13:44

Reporter	dainius.bigelis	Assigned To
Priority	immediate	Severity	major	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	4.4.4 revision 30554
Target Version	4.4.6 revision 32697	Fixed in Version	4.4.6 revision 32697

Summary	0002229: SQL injection is possible when using some particular functionality
Description	When using specially crafted data, it's possible to make SQL injection from eShop frontend.
Tags	No tags attached.

Theme
Browser	All
PHP Version	any
Database Version	any

dainius.bigelis 2011-01-10 16:44 reporter ~0003955 Last edited: 2011-02-03 13:37	The security bulletin for this fix: http://wiki.oxidforge.org/Security_bulletins/2011-001