View Issue Details

IDProjectCategoryView StatusLast Update
0000208Main CAcert Websitesource codepublic2013-11-20 22:23
Reporterblshkv Assigned ToSourcerer  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version2006 
Summary0000208: [security bug] unverified SQL injeciton in gpg.php
Descriptionit might be possible to create special formated certificate with SQL code in email.
It will be included to SQL queiry in gpp.php in "emailaddies" field because there is no usuall mysql_escape_string function to escape userinput.
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0000460 closedSourcerer Please disable GPG signing until we have a production-quality system 

Activities

duane

2006-04-21 06:44

developer   ~0000165

made liberal use of mysql_real_escape_string()

bluec

2006-04-24 05:41

manager   ~0000196

Change not yet visible in tarball.

Sourcerer

2008-11-17 20:54

administrator   ~0001258

Problem seems to have been closed long ago

Issue History

Date Modified Username Field Change
2006-04-16 11:02 blshkv New Issue
2006-04-20 19:32 bluec Relationship added related to 0000183
2006-04-21 06:44 duane Status new => closed
2006-04-21 06:44 duane Note Added: 0000165
2006-04-21 06:44 duane Resolution open => fixed
2006-04-21 06:44 duane Fixed in Version => production
2006-04-24 05:41 bluec Note Added: 0000196
2006-04-24 05:41 bluec Assigned To => bluec
2006-04-24 05:41 bluec Status closed => needs work
2006-08-14 18:28 duane Relationship deleted related to 0000183
2007-10-24 05:10 evaldo Relationship added related to 0000460
2008-11-17 20:54 Sourcerer Note Added: 0001258
2008-11-17 20:54 Sourcerer Assigned To bluec =>
2008-11-17 20:54 Sourcerer Status needs work => solved?
2008-11-17 20:54 Sourcerer Status solved? => closed
2008-11-17 20:54 Sourcerer Assigned To => Sourcerer
2013-01-14 08:06 Werner Dworak Fixed in Version => 2006
2013-11-20 22:23 NEOatNHNG View Status private => public