U4-7158 - Fix OrderBy query string parameter which can allow SQL Injection

Created by Shannon Deminick 29 Sep 2015, 09:18:36 Updated by Shannon Deminick 29 Sep 2015, 09:45:42

The GetPagedResultsByQuery orderBy parameter can allow SQL Injection - this can only be attempted with authenticated requests and in most cases the attempt will end up with invalid SQL.


Priority: Normal

Type: Bug

State: Fixed

Assignee: Shannon Deminick

Difficulty: Normal


Backwards Compatible: True

Fix Submitted:

Affected versions:

Due in version: 7.3.0


Story Points: