SQL Injection Error
I was informed by a fellow web developer that there is a possible SQL injection vulnerability in csrf_token.
Is anyone else aware of this? It's both the token and 1=1 that is able to be injected.
-
- · bbunnelle
- ·
Is there a developer that can take a look into this? The issue is a pretty big deal.
-
-
·
Alex T⚜️
- ·
It can't be SQL injections in csrf_token because all MySQL queries related to CSRF are written using prepared statements.
If you can show how to reproduce the issue via private message and please specify what version of UNA you are using, we'll investigate it more carefully and make an urgent fix.
-
·
Alex T⚜️
-
- · bbunnelle
- ·
I will gather my details related to this and PM you this afternoon. Thank you for getting back to me.