Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SECURITY] SQLi in AuthenticationService
The environment variable `HTTP_HOST` is used in SQL statements but is not properly escaped, leading to an SQL injection vulnerability. Resolves: #75740 Releases: 7.6, 6.2 Security-Commit: 137f240450524afedb3f341305c65ab798004e98 Security-Bulletins: TYPO3-CORE-SA-2016-014, 015, 016, 017, 018 Change-Id: I73554a1503a3a408bbbd8ff60b5196a429579b4e Reviewed-on: https://review.typo3.org/49068 Reviewed-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Oliver Hader <oliver.hader@typo3.org>
- Loading branch information