Uploaded image for project: 'AdMax'
  1. AdMax
  2. ADMAX-2220

pixel DB quoting problem (SQL Injection)

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: unspecified
    • Fix Version/s: None
    • Component/s: Data Summarization
    • Labels:
      None
    • Environment:

      Operating System: Linux

      Platform: PC

    • Bugzilla Id:
      2754

      Description

      Creates the potential for SQL injection through pixel tracking. see attached log

      file to reproduce, debug and fix.

      When fixing this bug, we should look into other fields that might also have the

      potential for SQL injection.

      We should switch to prepared statements for all of the queries in SpikePlayer

      that deal with user input, but we might not have the time and resources to do

      that right now. If we don't, a separate bug should be filed.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              therouxj Jeff Theroux
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated: