MantisBT - Piwigo
View Issue Details
0002774Piwigosecuritypublic2012.10.19 22:142012.10.19 22:17
plg 
plg 
normalminorhave not tried
closedfixed 
2.4.4 
2.4.52.4.5 
any
Apache 1.3.x
0002774: [password.php] user input vulnerability
$_POST['username_or_email'] needs to be "better" HTML-sanitized before being displayed back in HTML content. Better than 0002750

Original report by Stefan Schurtz via Secunia SVCRP
No tags attached.
related to 0002750closed plg [password.php] unprotected user input 
Issue History
2012.10.19 22:14plgNew Issue
2012.10.19 22:14plgStatusnew => assigned
2012.10.19 22:14plgAssigned To => plg
2012.10.19 22:14plgbrowser => any
2012.10.19 22:14plgWeb server => Apache 1.3.x
2012.10.19 22:15svnCheckin
2012.10.19 22:15svnNote Added: 0006684
2012.10.19 22:16svnCheckin
2012.10.19 22:16svnNote Added: 0006685
2012.10.19 22:17plgStatusassigned => closed
2012.10.19 22:17plgResolutionopen => fixed
2012.10.19 22:17plgFixed in Version => 2.4.5
2012.10.19 22:17plgRelationship addedrelated to 0002750

Notes
(0006684)
svn   
2012.10.19 22:15   
[Subversion] r18699 by plg on branch 2.4

-----[Subversion commit log]----------------------------------------------------
bug 2774 fixed: better sanitize on username_or_email user input
(0006685)
svn   
2012.10.19 22:16   
[Subversion] r18700 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r18699 from branch 2.4 to trunk

bug 2774 fixed: better sanitize on username_or_email user input