U4-7158 - Fix OrderBy query string parameter which can allow SQL Injection

Created by Shannon Deminick 29 Sep 2015, 09:18:36 Updated by Shannon Deminick 29 Sep 2015, 09:45:42

The GetPagedResultsByQuery orderBy parameter can allow SQL Injection - this can only be attempted with authenticated requests and in most cases the attempt will end up with invalid SQL.

Comments

Priority: Normal

Type: Bug

State: Fixed

Assignee: Shannon Deminick

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions:

Due in version: 7.3.0

Sprint:

Story Points:

Cycle: