| View Issue Details [ Jump to Notes ] | [ Print ] |
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0015244 | phplist | Subscriber Import | public | 19-03-09 09:49 | 23-03-09 15:14 |
|
| Reporter | steveh | |
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | 2.10.9 | |
| Target Version | 2.10.10 | Fixed in Version | 2.10.10 | |
|
| Summary | 0015244: Potential for SQL injection in import |
| Description | If records that are quote delimted are imported then the sql in users fails with syntax errors.
|
| Additional Information | Create a file:-
"steve@xyz.com"
"fred@bert.com"
Import this file, then go to the user management page, you'll see sql syntax errors.
|
| Tags | No tags attached. |
|
| Attached Files | |
|
Relationships 
Relationships 