We're updating the issue view to help you get more done. 

CallLogDAO in SIP Plugin enables SQL Injection

Description

CallLogDAO in SIP Plugin is using prepared Statements.
But still inserting SQL Query values in the initialization String.

The values MUST be inserted in the prepared Statement via PreparedStatement Instance to prevent SQL Injection.

Environment

All

Acceptance Test - Entry

None

Activity

Show:
Guus der Kinderen
November 10, 2008, 8:17 PM

This should fix problem #2 as described in http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt

Guus der Kinderen
November 12, 2008, 3:41 PM

I've linked the other JIRA issues that relate to the same security advisory to this JIRA issue.

Fixed

Assignee

Thiago Rocha Camargo

Reporter

Thiago Rocha Camargo

Labels

None

Expected Effort

None

Ignite Forum URL

None

Time tracking

0m

Time remaining

4h

Components

Fix versions

Priority

Major
Configure