Managed Hosting



Project Home Known Issues Screenshots Contact Project

ListPages Issue: SQL Injection issue - get updated tag

Name: SQL Injection issue - get updated tag
ID: 3
Project: ListPages
Type: Enhancement
Area: Code
Severity: High
Status: Fixed
Related URL:
Creator: Lars Gronholt
Created: 07/23/08 9:48 PM
Updated: 07/23/08 9:48 PM
Description: The 1.01 version of this tag was vulnerable to some SQL injection attacks. This has been fixed in version 1.02

Several cfqueryparam tags were missing from the queries. These have been added back in.

Checking was also added at line 120 (aprox.) to confirm that the url.orderby var is a value contained in the attributes.fieldnames var, if not, the url.orderby var is reset to the default value. This tag should now be safe from SQL injection attacks.
History: Created by Aegis (Lars Gronholt) : 07/23/08 9:48 PM

To add a comment to this bug, please login using the link above.