Piwigo Bugtracker

Piwigo bug tracker has moved to Github

This bugtracker is kept to provide history on old issues.


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002774Piwigosecuritypublic2012.10.19 22:142012.10.19 22:17
Reporterplg 
Assigned Toplg 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.4.4 
Target Version2.4.5Fixed in Version2.4.5 
Summary0002774: [password.php] user input vulnerability
Description$_POST['username_or_email'] needs to be "better" HTML-sanitized before being displayed back in HTML content. Better than 0002750

Original report by Stefan Schurtz via Secunia SVCRP
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships
related to 0002750closedplg [password.php] unprotected user input 

-  Notes
(0006684)
svn (reporter)
2012.10.19 22:15

[Subversion] r18699 by plg on branch 2.4

-----[Subversion commit log]----------------------------------------------------
bug 2774 fixed: better sanitize on username_or_email user input
(0006685)
svn (reporter)
2012.10.19 22:16

[Subversion] r18700 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r18699 from branch 2.4 to trunk

bug 2774 fixed: better sanitize on username_or_email user input

- Issue History
Date Modified Username Field Change
2012.10.19 22:14 plg New Issue
2012.10.19 22:14 plg Status new => assigned
2012.10.19 22:14 plg Assigned To => plg
2012.10.19 22:14 plg browser => any
2012.10.19 22:14 plg Web server => Apache 1.3.x
2012.10.19 22:15 svn Checkin
2012.10.19 22:15 svn Note Added: 0006684
2012.10.19 22:16 svn Checkin
2012.10.19 22:16 svn Note Added: 0006685
2012.10.19 22:17 plg Status assigned => closed
2012.10.19 22:17 plg Resolution open => fixed
2012.10.19 22:17 plg Fixed in Version => 2.4.5
2012.10.19 22:17 plg Relationship added related to 0002750


Copyright © 2000 - 2018 MantisBT Team
Contact
Powered by Mantis Bugtracker