View Issue Details

IDProjectCategoryView StatusLast Update
0002229OXID eShop (all versions)4.04. Securitypublic2011-02-03 13:44
Reporterdainius.bigelis 
PriorityimmediateSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.4.4 revision 30554 
Target Version4.4.6 revision 32697Fixed in Version4.4.6 revision 32697 
Summary0002229: SQL injection is possible when using some particular functionality
DescriptionWhen using specially crafted data, it's possible to make SQL injection from eShop frontend.
TagsNo tags attached.
Theme
BrowserAll
PHP Versionany
Database Versionany

Activities

dainius.bigelis

2011-01-10 16:44

reporter   ~0003955

Last edited: 2011-02-03 13:37

View 2 revisions

The security bulletin for this fix:
http://wiki.oxidforge.org/Security_bulletins/2011-001