Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9478

"query" parameter allows SQL injection

    Details

    • Sprint:
      Horizon - July 12th

      Description

      The RESTv1 service supports a "query" parameter that can be used for SQL injection. This parameter is mentioned in the docs but should probably be removed anyway since it can be used for injection.

      https://docs.opennms.org/opennms/releases/20.0.0/guide-development/guide-development.html#_alarms

        Attachments

          Activity

            People

            • Assignee:
              seth Seth Leger
              Reporter:
              seth Seth Leger
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: