Ticket #2988 (closed Bugs: fixed)

Opened 4 months ago

Last modified 4 months ago

System Recordings Edit Recording - Potential SQL Injection

Reported by: br00t Assigned to:
Priority: minor Milestone: 2.5
Component: System Recordings Version: 2.4-branch
Keywords: SQL Injectior Fatal Error Cc:
Confirmation: Need testing SVN Revision (if applicable):
Backend Engine: Asterisk 1.4.x Backend Engine Version:

Description

System Recordings Edit Recording

Put ""test"" into Descriptive Name text box ... resulted in following error:

FATAL ERROR UPDATE recordings SET displayname = "test-annoucement", description = ""test"" WHERE id = "23" [nativecode=1064 ** You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'test"" WHERE id = "23"' at line 1]SQL - UPDATE recordings SET displayname = "test-annoucement", description = ""test"" WHERE id = "23"

Change History

08/04/08 15:00:16 changed by p_lindheimer

  • status changed from new to closed.
  • resolution set to fixed.

(In [6280]) fixes #2988 fix potential SQL injection please test

08/04/08 15:03:44 changed by p_lindheimer

(In [6281]) re #2988 Merged revisions 6280 via svnmerge from http://svn.freepbx.org/modules/branches/2.4

........

r6280 | p_lindheimer | 2008-08-04 15:00:16 -0700 (Mon, 04 Aug 2008) | 1 line

fixes #2988 fix potential SQL injection please test

........

08/04/08 15:09:46 changed by p_lindheimer

  • confirmation changed from Unreviewed to Need testing.
  • milestone changed from Cut Line to 2.5.

please test the fix on 2.4 as I don't have a 2.4 system to test on right now. This was already addressed in 2.5. You can pull the tarball and load it with the upload modules manually from here:

http://mirror.freepbx.org/modules/release/2.4/recordings-3.3.6.3.tgz

or for 2.3:

http://mirror.freepbx.org/modules/release/2.3/recordings-3.3.5.5.tgz

but I need confirmation that the fix is ok since I have not been able to test and then I will publish it to the online repository.

Donate



Support
Download
Develop
Forums
News
Documentation
Paid Support
About

Paid Ads