SS-2015-011: Potential SQL Injection Vulnerability
- Low (?)
- Versions Affected:
- 3.0.13 and below, 3.1.0 to 3.1.13-rc1
- Versions Fixed:
- 3.0.14, 3.1.13
- Release Date:
A potential SQL injection vulnerability exists in SQLQuery when used in conjunction with the default FulltextSearch functionality.
When a search query containing the term " as " is performed, SQLQuery will misunderstand the SQL generated by MySQLDatabase and attempt to rewrite the query in a way that generates malformed queries. This is due to support for legacy behaviour being incorrectly implemented. However, valid SQL cannot be generated using this exploit.
A fix has been applied to correct the legacy support.
Thanks to Ed Chipman for reporting this vulnerability.