Closed nijel closed 7 years ago
Reported by Emanuel Bronshtein:
Markdown injection in: https://github.com/phpmyadmin/scripts/blob/master/phpmyadmin-reports#L144 https://github.com/phpmyadmin/scripts/blob/master/phpmyadmin-reports#L144 commit message & issue title are inserted into markdown link text context without escaping. sample injection: A](https://phishing.com) [t
fix: escape needed chars: \ ] in order to avoid the injection.
Reported by Emanuel Bronshtein:
Markdown injection in: https://github.com/phpmyadmin/scripts/blob/master/phpmyadmin-reports#L144 https://github.com/phpmyadmin/scripts/blob/master/phpmyadmin-reports#L144 commit message & issue title are inserted into markdown link text context without escaping. sample injection: A](https://phishing.com) [t
fix: escape needed chars: \ ] in order to avoid the injection.