You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 16, 2019. It is now read-only.
Noticed from the sql errors displayed in issue #504 (url with the empty sessions parameter) that the /ws/highdata.php
'vid' and 'sessions' parameters are not handled safely.
This would appear to be an issue with the way sanitizer.php handles things, as that code /should/ be working - which means other things may very well have the same issue.
Edit(0): confirmed that at least newvis.php suffers from what appears at first glance to be the same issue.
Edit(1): confirmed upload.php's "id" parameter is injectable. the google_key param should also be vulnerable.
Noticed from the sql errors displayed in issue #504 (url with the empty sessions parameter) that the /ws/highdata.php
'vid' and 'sessions' parameters are not handled safely.
This would appear to be an issue with the way sanitizer.php handles things, as that code /should/ be working - which means other things may very well have the same issue.
Edit(0): confirmed that at least newvis.php suffers from what appears at first glance to be the same issue.
Edit(1): confirmed upload.php's "id" parameter is injectable. the google_key param should also be vulnerable.
For motivation:
The text was updated successfully, but these errors were encountered: