SQL Injection attack - High Vulnerability found in RSVP Pro

You need to be logged in to view a user's profile.

Resolved SQL Injection attack - High Vulnerability found in RSVP Pro

Issue

Votes

Undo

intellitech
Gold Member
JEvents 3.4 (Free Access)
Monday, 27 September 2021

We did a website (scl.org.sg) scan & the result showed 1 high risk vulnerability in SQL Injection scan.

Scan report attached. Please do the needful ASAP.

Responses (1)

tonyp

Support Team

Accepted Answer Pending Moderation

Votes

Undo

Hello,

This is more of a false positive. They are changing the filter value from ASC / DESC to a word that doesn't exist in the order by clause hence the failover. If they tried to execute SQL any SQL Injection would be filtered within it.

I'll make a change to ensure this filter only accepts ASC/DESC however in future versions.

Many thanks
Tony

JEvents Club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits. Join the JEvents club today!Join the JEvents club today!

more than a month ago
JEvents 3.4 (Free Access)
# 1

Page :
1

There are no replies made for this post yet.
Be one of the first to reply to this post!

Please login to post a reply

You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here. Register Here »

Forgot Password?