#544: Get User SQL injection potential
-------------------------+--------------------------------------------------
Reporter: jesseeichar | Owner: geonetwork-devel@…
Type: defect | Status: new
Priority: critical | Milestone: v2.6.5
Component: General | Version: v2.6.3
Keywords: |
-------------------------+--------------------------------------------------
Get passes the id parameter directly to the SQL which is potential SQL
injection attack. Attached is a patch for a fix
--
Ticket URL: <http://trac.osgeo.org/geonetwork/ticket/544>
GeoNetwork opensource Developer website <http://sourceforge.net/projects/geonetwork/>
GeoNetwork opensource is a standards based, Free and Open Source catalog application to manage spatially referenced resources through the web. It provides powerful metadata editing and search functions as well as an embedded interactive web map viewer. This website contains information related to the development of the software.