Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
We found SQL injection vulnerability when we are opening any media image files from media folder as mentioned below.
affected url below
https://our website name/media/6142/indexdiversitygroup.jpg?width=1400&mode=crop&height=%27and(select*from(select(Sleep(5)))a)----+
is it expected behaviour, bug/issue in the umbraco core?
We are using umbraco version 7.15.3
Please let me know.
I just tried the parameters on a media on an internal site. I could'nt see any issues, or a 5 second sleep.
How do you classify this as a "SQL injection vulnerability"?
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted