Please sign in to comment.
This commit addresses an SQL injection vulnerability in ORM lookup function. * ORM implementation failed to properly quote fields, used in SQL statements, that might originate from unsanitized user input. * AttachmentFile lookup allowed for key based SQL injection by blindly delegating non-string lookup to ORM.
- Loading branch information...