Closed GoogleCodeExporter closed 8 years ago
The database abstraction in module dbconnector doesn't mask user input and thus allows code injection.
Original issue reported on code.google.com by christop...@gmail.com on 10 Nov 2008 at 3:58
christop...@gmail.com
With move to SQLAlchemy all input now is quoted.
Original comment by christop...@gmail.com on 12 May 2009 at 10:25
Original issue reported on code.google.com by
christop...@gmail.com
on 10 Nov 2008 at 3:58