Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9478

"query" parameter allows SQL injection

    XMLWordPrintable

Details

    • Horizon - July 12th

    Description

      The RESTv1 service supports a "query" parameter that can be used for SQL injection. This parameter is mentioned in the docs but should probably be removed anyway since it can be used for injection.

      https://docs.opennms.org/opennms/releases/20.0.0/guide-development/guide-development.html#_alarms

      Attachments

        Activity

          People

            seth Seth Leger
            seth Seth Leger
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.