-
Type:
Enhancement
-
Status: Closed
-
Priority:
Critical
-
Resolution: Unresolved
-
Component/s: None
-
Labels:None
-
Module:BenAdmin - Security
-
Reported by:Harbinger
-
Item State:Development - Ready for Local Testing
-
Issue Importance:Must Have
When we add input on notes category like asdf' or '1'='1 , category is getting added successfully.
We should block use of OR with '. it should show sql injection character message.
| Field | Original Value | New Value |
|---|---|---|
| Summary | SQL Injection OR condition generic implementation | SQL Injection : Block use of OR condition as input with quote |
| Module | Parent values: BenAdmin(10100) | Parent values: BenAdmin(10100)Level 1 values: Security(10112) |
| Item State | Parent values: Development(10200)Level 1 values: In Progress(10206) | Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) |
| Status | New Request [ 10029 ] | Pending for Approval [ 10002 ] |
| Status | Pending for Approval [ 10002 ] | Rejected [ 10004 ] |
| Status | Rejected [ 10004 ] | Closed [ 6 ] |