SQL Injection Vulnerability
In file interface/lib/classes/listform.inc.php on line 155:
$_SESSION['search'][$list_name][$search_prefix.$field] = $_REQUEST[$search_prefix.$field];
and below on line 184:
$sql_where .= " $field ".$i['op']." '".$i['prefix'].$_SESSION['search'][$list_name][$search_prefix.$field].$i['suffix']."' and";
without input sanitization may causes function getSearchSQL() returning injected sql WHERE substring!
I put simple workaround under line 155:
if(preg_match("/['\\]/", $_SESSION['search'][$list_name][$search_prefix.$field])) $_SESSION['search'][$list_name][$search_prefix.$field] = '';