Make WordPress Core

Opened 23 months ago

Last modified 23 months ago

#55924 new defect (bug)

Search by category can be changed to search invalid month

Reported by: floridsleeves's profile floridsleeves Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.0
Component: General Keywords:
Focuses: Cc:

Description

In admin 'Posts' page, the search category can be selected by drop down menu:
https://ibb.co/mHH5nxG

However, client-side attackers can bypass items in drop down menu by intercepting the 'cat' field in request, which will return data from other non-existing categories.

Possible fix is to add server-side checks to this field to validate whether the category is valid.

Change History (1)

Note: See TracTickets for help on using tickets.