question about sql injection patch | WordPress.org

Resolved m202020
(@m202020)

11 years, 1 month ago

Hello,
I noticed that your response to the security vulnerability, which was recently identified, was to limit the number of characters of the input to 32 (line 51 in /wp-business-intelligence-lite/functions.php) Was anything else changed to account for the potential of a sql injection? Would it not be possible for an injection to come from an input that is 32 characters?

https://wordpress.org/plugins/wp-business-intelligence-lite/

Viewing 2 replies - 1 through 2 (of 2 total)

claudio
(@calberti)

11 years, 1 month ago

Hello,
this is a quick fix we pushed before the actual release of 1.6.3 where we better address the issue.

claudio
(@calberti)

11 years, 1 month ago

1.6.3 is now better addressing the issue

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘question about sql injection patch’ is closed to new replies.

2 replies
2 participants
Last reply from: claudio
Last activity: 11 years, 1 month ago
Status: resolved