0006974: Parameters are not escaped in RDFa payment data

ID	Project	Category	View Status	Date Submitted	Last Update

0006974	OXID eShop (all versions)	4.04. Security	public	2019-04-24 13:50	2019-07-31 11:14

Reporter	marco_steinhaeuser	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	6.1.3
Fixed in Version	6.1.4

Summary	0006974: Parameters are not escaped in RDFa payment data
Description	The user-controlled parameter is directly placed into the SQL statement without any escaping
Steps To Reproduce	see https://bugs.oxid-esales.com/view.php?id=6974#c12867 for steps to reproduce
Additional Information	Pls see https://bugs.oxid-esales.com/view.php?id=6974#c12868 for additional information
Tags	No tags attached.

Theme	Not defined
Browser	Not defined
PHP Version	Not defined
Database Version	Not defined

QA 2019-04-24 14:02 administrator ~0012870	-MK