[minor] SQL Injection possible when creating categories!

Started by auric, May 28, 2011, 14:40:08

0 Members and 2 Guests are viewing this topic.

auric

When creating a new category, enter a name with a ' (quote) in it and save it.
It won't appear in the list, but Locus will generate an error log which gives away some nice SQL statements  :twisted:
LM Pro - LocusMap 4 🥇
  •  

Menion

thank you, fixed
- Official help (ideas, questions, problems): help.locusmap.eu
- Advanced topics, sharing of knowledges: you're here!
- LM 4 Beta download, LM 4 Release download
  •