Webmin / Bugs / #4042 SQL Injection with Passwords

#4042 SQL Injection with Passwords

Status: closed-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2012-01-22

Created: 2012-01-21

Creator: Mr. Gecko

Private: No

The passwords do not get escaped. Therefore, when I use my password which has an ' character in it, it errors out saying syntax error near my password. This is annoying because that's my password and it means anyone who has an account can change their password to inject sql.

This is on postgresql using virtual min to create the account.

Discussion

Jamie Cameron - 2012-01-22

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jamie Cameron - 2012-01-22

Thanks for pointing this out .. this will be fixed in the next Virtualmin release.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

SQL Injection with Passwords

A web-based interface for system administration of UNIX

Group

Searches

Help

#4042 SQL Injection with Passwords

Discussion