SiT! Bugs - SiT!
View Issue Details
0000869SiT!Skillspublic2009-08-15 15:532009-08-16 14:39
ivan 
ivan 
urgentblockhave not tried
closedfixed 
 
3.503.50 
0000869: edit_user_skills.php does not properly sanitise input
edit_user_skills.php does not properly sanitise input.

This potentially allow somebody to insert random data (or worse, remove it) from the database. The user would have to first authenticate and have 'Manage user skills' permission to exploit this.
security
Issue History
2009-08-15 15:53ivanNew Issue
2009-08-15 15:53ivanTag Attached: security
2009-08-15 15:53ivanTarget Version => 3.50
2009-08-15 15:56ivanStatusnew => confirmed
2009-08-15 15:57ivanStatusconfirmed => assigned
2009-08-15 15:57ivanAssigned To => ivan
2009-08-15 16:14ivanNote Added: 0001550
2009-08-15 16:14ivanStatusassigned => resolved
2009-08-15 16:14ivanFixed in Version => Current SVN
2009-08-15 16:14ivanResolutionopen => fixed
2009-08-16 13:15ivanFixed in VersionCurrent SVN => 3.50
2009-08-16 14:39ivanNote Added: 0001671
2009-08-16 14:39ivanStatusresolved => closed

Notes
(0001550)
ivan   
2009-08-15 16:14   
Fixed in trunk svn r5767 & r5768
(0001671)
ivan   
2009-08-16 14:39   
Released in 3.50rc1