Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

fix(ldap): Fix SQL injection on LDAP page #8008

Merged
merged 1 commit into from
Oct 28, 2019
Merged

fix(ldap): Fix SQL injection on LDAP page #8008

merged 1 commit into from
Oct 28, 2019

Conversation

callapa
Copy link
Contributor

@callapa callapa commented Oct 18, 2019
edited by sc979
Loading

Description

When a user is connected he can perform an SQL injection (Time-Based SQL Injection Attacks) on the following page:
.../centreon/include/Administration/parameters/ldap/xml/ldap_host.php

Fixes # (CVE-2019-15300)

After verification, this file is no longer used in Centreon.
We have deleted this file and all the others related to it.

Type of change

  • Patch fixing an issue (non-breaking change)
  • New functionality (non-breaking change)
  • Breaking change (patch or feature) that might cause side effects breaking part of the Software
  • Updating documentation (missing information, typo...)

Target serie

  • 2.8.x
  • 18.10.x
  • 19.04.x
  • 19.10.x (master)

How this pull request can be tested ?

please contact us

Checklist

Community contributors & Centreon team

  • I followed the coding style guidelines provided by Centreon
  • I have commented my code, especially new classes, functions or any legacy code modified. (docblock)
  • I have commented my code, especially hard-to-understand areas of the PR.
  • I have made corresponding changes to the documentation.
  • I have rebased my development branch on the base branch (master, maintenance).

Centreon team only

  • I have made sure that the unit tests related to the story are successful.
  • I have made sure that unit tests cover 80% of the code written for the story.
  • I have made sure that acceptance tests related to the story are successful (local and CI)

@callapa callapa force-pushed the MON-4094 branch 2 times, most recently from 71aeffc to dc05d78 Compare October 18, 2019 13:43
@callapa callapa marked this pull request as ready for review October 18, 2019 13:49
@callapa callapa requested a review from sc979 October 18, 2019 13:49
@callapa callapa merged commit 0fb497e into master Oct 28, 2019
@callapa callapa deleted the MON-4094 branch October 28, 2019 12:14
@callapa callapa restored the MON-4094 branch October 28, 2019 12:42
callapa added a commit that referenced this pull request Oct 28, 2019
@callapa
fix(ldap): Fix SQL injection on LDAP page (#8008)
468e0cb 
When a user is connected he can perform an SQL injection (Time-Based SQL Injection Attacks) on the following page:
.../centreon/include/Administration/parameters/ldap/xml/ldap_host.php

Fixes # (CVE-2019-15300)
callapa added a commit that referenced this pull request Oct 28, 2019
@callapa
fix(ldap): Fix SQL injection on LDAP page (#8008)
f5e2cd9 
When a user is connected he can perform an SQL injection (Time-Based SQL Injection Attacks) on the following page:
.../centreon/include/Administration/parameters/ldap/xml/ldap_host.php

Fixes # (CVE-2019-15300)
@callapa callapa deleted the MON-4094 branch May 25, 2021 12:41
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sc979 sc979 sc979 approved these changes

@kduret kduret kduret approved these changes

Assignees

@callapa callapa

Labels
area/security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@callapa @kduret @sc979