Opened 2 years ago
Last modified 2 years ago
#55924 new defect (bug)
Search by category can be changed to search invalid month
Reported by: | floridsleeves | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 6.0 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
In admin 'Posts' page, the search category can be selected by drop down menu:
However, client-side attackers can bypass items in drop down menu by intercepting the 'cat' field in request, which will return data from other non-existing categories.
Possible fix is to add server-side checks to this field to validate whether the category is valid.
Note: See
TracTickets for help on using
tickets.
Related to #55923