View Issue Details

IDProjectCategoryView StatusLast Update
0015244phplist applicationSubscriber Importpublic23-03-09 15:14
Status resolvedResolutionfixed 
Product Version2.10.9 
Target Version2.10.10Fixed in Version2.10.10 
Summary0015244: Potential for SQL injection in import
DescriptionIf records that are quote delimted are imported then the sql in users fails with syntax errors.

Additional InformationCreate a file:-


Import this file, then go to the user management page, you'll see sql syntax errors.
TagsNo tags attached.



23-03-09 15:14

manager   ~0050585

fixed in svn, and will get to 2.10.10 but it will also be useful to remove the quotes at import time.