Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9478

"query" parameter allows SQL injection

    XMLWordPrintable

    Details

    • Sprint:
      Horizon - July 12th

      Description

      The RESTv1 service supports a "query" parameter that can be used for SQL injection. This parameter is mentioned in the docs but should probably be removed anyway since it can be used for injection.

      https://docs.opennms.org/opennms/releases/20.0.0/guide-development/guide-development.html#_alarms

        Attachments

          Activity

            People

            Assignee:
            seth Seth Leger (Inactive)
            Reporter:
            seth Seth Leger (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: