New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2017-14396 #3959

Merged
merged 1 commit into from Sep 14, 2017

Conversation

Projects
None yet
1 participant
@protich
Member

protich commented Sep 14, 2017

This commit addresses an SQL injection vulnerability in ORM lookup function.

  • ORM implementation failed to properly quote field names, used in SQL
    statements, that might originate from unsanitized user input.

  • AttachmentFile lookup allowed for key based SQL injection by blindly delegating non-string lookup to ORM.

CVE-2017-14396
This commit addresses an SQL injection vulnerability in ORM lookup
function.

* ORM implementation failed to properly quote fields, used in SQL
statements, that might originate from unsanitized user input.

* AttachmentFile lookup allowed for key based SQL injection by blindly
delegating non-string lookup to ORM.

@protich protich merged commit ef28366 into osTicket:develop Sep 14, 2017

NFarrington added a commit to VATSIM-UK/Helpdesk that referenced this pull request Oct 7, 2017

Merge tag 'v1.10.1' into development
osTicket v1.10.1

Maintenance release for osTicket 1.10

=== Enhancements
- Users: Support search by phone number
- i18n: Fix getPrimaryLanguage() on non-object (#3799)
- Add TimezoneField (#3786)
- Chunk long text body (#3757, 7b68c99)
- Spyc: convert hex strings to INTs under PHP 7 (#3621)
- forms: Proper Field Deletion
- Move orphaned tasks on department deletion to the default department (42e2c55)
- List: Save List Item Abbreviation (8513f13)

=== Performance and Security
- XSS: Encode html entities of advanced search title (#3919)
- XSS: Encode html entities of cached form data (#3960, bcd58e8)
- ORM: Addresses an SQL injection vulnerability in ORM lookup function (#3959, 1eaa691)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment