MantisBT: master 3e37b404
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master | 2020-11-21 00:34 | master 30b37742 |
Affected Issues | 0027495: CVE-2020-28413: SQL injection in the parameter "access" on the mc_project_get_users function throught the API SOAP. | |||
Changeset | Fix SQL injection in Project API The query's where clause in project_get_all_user_rows() was built by Relying on DbQuery object ensures use of query parameters, making the Partial backport from commit 682a182d4b2ae9abd2edb9c2ed40eb80723988b1. Fixes 0027495, CVE-2020-28413 |
|||
mod - core/project_api.php | Diff File |