Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Pushpa 12 posts 92 karma points
    Aug 02, 2021 @ 13:07
    Pushpa
    0

    SQL injection vulnerability found in media image files

    Hello Team,

    We found SQL injection vulnerability when we are opening any media image files from media folder as mentioned below.

    affected url below

    https://our website name/media/6142/indexdiversitygroup.jpg?width=1400&mode=crop&height=%27and(select*from(select(Sleep(5)))a)----+

    is it expected behaviour, bug/issue in the umbraco core?

    We are using umbraco version 7.15.3

    Please let me know.

  • Søren Gregersen 417 posts 1719 karma points MVP 2x c-trib
    Aug 02, 2021 @ 13:46
    Søren Gregersen
    0

    Hi,

    I just tried the parameters on a media on an internal site. I could'nt see any issues, or a 5 second sleep.

    How do you classify this as a "SQL injection vulnerability"?

Please Sign in or register to post replies

Write your reply to:

Draft