Univention Bugzilla – Bug 49445
sql injection in remove_s4_rejected.py
Last modified: 2024-02-23 13:36:27 CET
Created attachment 10020 [details] patch root@master100:/usr/share/univention-s4-connector# ./remove_s4_rejected.py 'OU=ôscŵ\?ê\3Dô\<4,OU=öGF!*'"'"')%%ẑ,DC=school,DC=dev' Traceback (most recent call last): File "./remove_s4_rejected.py", line 66, in <module> remove_s4_rejected(s4_dn) File "./remove_s4_rejected.py", line 46, in remove_s4_rejected c.execute("SELECT key FROM 'S4 rejected' WHERE value='%s'" % s4_dn) sqlite3.OperationalError: near ")": syntax error
univention-s4-connector.yaml ce2aeeadeb46 | Bug #49445: fix sql evaluation in remove_{ucs,s4}_rejected.py univention-s4-connector (13.0.2-16) ce2aeeadeb46 | Bug #49445: fix sql evaluation in remove_{ucs,s4}_rejected.py
OK
<http://errata.software-univention.de/ucs/4.4/155.html>