0000378: CCSR API SQL Injection - CAcert Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0000378	Main CAcert Website	source code	public	2006-12-29 13:28	2013-11-20 22:23

Reporter	Sourcerer	Assigned To	Sourcerer
Priority	immediate	Severity	major	Reproducibility	have not tried
Status	closed	Resolution	fixed
Fixed in Version	2009 Q2

Summary	0000378: CCSR API SQL Injection
Description	I was just told that we have a SQL Injection Vulnerability in the ccsr.php API.
Additional Information	Bluec: Can you verify it please?
Tags	No tags attached.

Reviewed by
Test Instructions

Date Modified	Username	Field	Change
2006-12-29 13:28	Sourcerer	New Issue
2006-12-29 13:42	duane	View Status	public => private
2006-12-29 14:55	duane	Note Added: 0000762
2009-04-26 19:51	Sourcerer	Note Added: 0001386
2009-04-26 19:51	Sourcerer	Status	new => solved?
2009-07-20 20:33	Sourcerer	Status	solved? => closed
2009-07-20 20:33	Sourcerer	Resolution	open => fixed
2009-07-20 20:33	Sourcerer	Assigned To	=> Sourcerer
2013-01-14 21:04	Werner Dworak	Fixed in Version	=> 2009 Q2
2013-11-20 22:23	NEOatNHNG	View Status	private => public

duane 2006-12-29 14:55 developer ~0000762	Can someone please explain the exploit, I wasn't able to see anything obvious by doing a code inspection on the file.

Sourcerer 2009-04-26 19:51 administrator ~0001386	I have verified the sourcecode and couldn't find a SQL injection there.