search

colinlennon / xDripAPS

REST service designed to allow xDrip CGM data to be used in OpenAPS
13 stars 23 forks source link

Fix sql injection via count GET parameter #4

Open D9ping opened 6 years ago

D9ping commented 6 years ago

It's allowed to added a addition SQL query(UNION etc.) via the count parameter. As long as the connection is secure it's no real problem yet.