dolibarr-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dolibarr-dev] Vulnerabilities

From: Doursenaud , Raphaël
Subject: Re: [Dolibarr-dev] Vulnerabilities
Date: Fri, 18 Oct 2013 17:02:59 +0200

2013/10/17 Laurent Léonard <address@hidden>
As specified at the end of the article you pointed, those vulnerabilities are
fixed in Dolibarr 3.4.1:

It also says "However, their sanitization methods were not fixed, and no mention was made on a future patch.  Other SQLi vectors are likely." in the introduction.

We should think about converting the source code to use parametrized queries. Maybe in a 4.0 branch ?
What's your opinion ?
--
Raphaël Doursenaud
05 35 53 97 13 - 06 68 48 20 10
address@hidden

http://gpcsolutions.fr
Technopole Hélioparc
2 avenue du Président Pierre Angot
64053 PAU CEDEX 9
SARL GPC.solutions au capital de 7 500 € - R.C.S. PAU 528 995 921
reply via email to
[Prev in Thread] Current Thread [Next in Thread]