View Issue Details

IDProjectCategoryView StatusLast Update
0006974OXID eShop (all versions)4.04. Securitypublic2019-07-31 11:14
Reportermarco_steinhaeuser Assigned To 
Status resolvedResolutionfixed 
Product Version6.1.3 
Fixed in Version6.1.4 
Summary0006974: Parameters are not escaped in RDFa payment data
DescriptionThe user-controlled parameter is directly placed into the SQL statement without any escaping
Steps To Reproducesee for steps to reproduce
Additional InformationPls see for additional information
TagsNo tags attached.
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined



2019-04-24 14:02

administrator   ~0012870