View Issue Details

IDProjectCategoryView StatusLast Update
0006974OXID eShop (all versions)4.04. Securitypublic2019-07-31 11:14
Reportermarco_steinhaeuser Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version6.1.3 
Fixed in Version6.1.4 
Summary0006974: Parameters are not escaped in RDFa payment data
DescriptionThe user-controlled parameter is directly placed into the SQL statement without any escaping
Steps To Reproducesee https://bugs.oxid-esales.com/view.php?id=6974#c12867 for steps to reproduce
Additional InformationPls see https://bugs.oxid-esales.com/view.php?id=6974#c12868 for additional information
TagsNo tags attached.
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined

Activities

QA

2019-04-24 14:02

administrator   ~0012870

-MK