SiT! Bugs

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000507SiT!reportspublic2009-02-19 17:042009-02-27 16:25
Reporterivan 
Assigned Topaulh 
PriorityhighSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version3.45Fixed in Version3.45 
Summary0000507: report incidents by engineer does not check input
Descriptione.g. $incsql .= "u.id={$_POST['inc'][$i]}";


must be authenticated and have report permission to run though.
Tagssecurity
Attached Files

- Relationships

-  Notes
User avatar (0000647)
paulh (administrator)
2009-02-21 14:22

r5178 resolves

- Issue History
Date Modified Username Field Change
2009-02-19 17:04 ivan New Issue
2009-02-19 17:05 ivan Tag Attached: security
2009-02-21 14:08 paulh Status new => assigned
2009-02-21 14:08 paulh Assigned To => paulh
2009-02-21 14:22 paulh Note Added: 0000647
2009-02-21 14:22 paulh Status assigned => resolved
2009-02-21 14:22 paulh Resolution open => fixed
2009-02-21 14:22 paulh Fixed in Version => Current SVN
2009-02-27 13:54 ivan Fixed in Version Current SVN => 3.45
2009-02-27 16:25 ivan Status resolved => closed


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker