Uploaded image for project: 'Openfire (ARCHIVED)'
  1. Openfire (ARCHIVED)
  2. JM-1488

CallLogDAO in SIP Plugin enables SQL Injection

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.6.1
    • Component/s: Plugins
    • Labels:
      None
    • Environment:
      All

      Description

      CallLogDAO in SIP Plugin is using prepared Statements.
      But still inserting SQL Query values in the initialization String.

      The values MUST be inserted in the prepared Statement via PreparedStatement Instance to prevent SQL Injection.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                thiago Thiago Rocha Camargo
                Reporter:
                thiago Thiago Rocha Camargo
              • Votes:
                1 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: