The one place for your designs
To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.
SQL Injection Vulnerability
In file interface/lib/classes/listform.inc.php on line 155:
$_SESSION['search'][$list_name][$search_prefix.$field] = $_REQUEST[$search_prefix.$field];
and below on line 184:
$sql_where .= " $field ".$i['op']." '".$i['prefix'].$_SESSION['search'][$list_name][$search_prefix.$field].$i['suffix']."' and";
without input sanitization may causes function getSearchSQL() returning injected sql WHERE substring!
I put simple workaround under line 155:
if(preg_match("/['\\]/", $_SESSION['search'][$list_name][$search_prefix.$field])) $_SESSION['search'][$list_name][$search_prefix.$field] = '';