Uploaded image for project: 'AdMax'
  1. AdMax
  2. ADMAX-2220

pixel DB quoting problem (SQL Injection)

          Details

          • Type: Bug
          • Status: Open
          • Priority: Major
          • Resolution: Unresolved
          • Affects Version/s: unspecified
          • Fix Version/s: None
          • Component/s: Data Summarization
          • Labels:
            None
          • Environment:

            Operating System: Linux

            Platform: PC

          • Bugzilla Id:
            2754

            Description

            Creates the potential for SQL injection through pixel tracking. see attached log

            file to reproduce, debug and fix.

            When fixing this bug, we should look into other fields that might also have the

            potential for SQL injection.

            We should switch to prepared statements for all of the queries in SpikePlayer

            that deal with user input, but we might not have the time and resources to do

            that right now. If we don't, a separate bug should be filed.

              Attachments

                Activity

                  People

                  • Assignee:
                    Unassigned
                    Reporter:
                    therouxj Jeff Theroux
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated: