MantisBT - Piwigo
View Issue Details
0002750Piwigosecuritypublic2012.09.18 14:062012.09.18 14:15
plg 
plg 
normalminoralways
closedfixed 
2.4.3 
2.4.42.4.4 
any
Apache 1.3.x
0002750: [password.php] unprotected user input
$_POST['username_or_email'] needs to be HTML-sanitized before being displayed back in HTML content.

Original report by Stefan Schurtz via Secunia SVCRP
No tags attached.
related to 0002774closed plg [password.php] user input vulnerability 
Issue History
2012.09.18 14:06plgNew Issue
2012.09.18 14:06plgStatusnew => assigned
2012.09.18 14:06plgAssigned To => plg
2012.09.18 14:06plgbrowser => any
2012.09.18 14:06plgWeb server => Apache 1.3.x
2012.09.18 14:07svnCheckin
2012.09.18 14:07svnNote Added: 0006635
2012.09.18 14:09svnCheckin
2012.09.18 14:09svnNote Added: 0006636
2012.09.18 14:15plgStatusassigned => closed
2012.09.18 14:15plgResolutionopen => fixed
2012.09.18 14:15plgFixed in Version => 2.4.4
2012.10.19 22:17plgRelationship addedrelated to 0002774

Notes
(0006635)
svn   
2012.09.18 14:07   
[Subversion] r17983 by plg on branch 2.4

-----[Subversion commit log]----------------------------------------------------
bug 2750 fixed: HTML-sanitize $_POST['username_or_email'] before display (both
username and email don't allow HTML tags...)

Original report by Stefan Schurtz via Secunia SVCRP
(0006636)
svn   
2012.09.18 14:09   
[Subversion] r17984 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r17983 from branch 2.4 to trunk

bug 2750 fixed: HTML-sanitize $_POST['username_or_email'] before display (both
username and email don't allow HTML tags...)

Original report by Stefan Schurtz via Secunia SVCRP