SQL Injection Vulnerability
In file interface/lib/classes/listform.inc.php on line 155:
_SESSION['search'][
list_name][search_prefix.
field] = _REQUEST[
search_prefix.$field];
and below on line 184:
$sql_where .= " field ".
i['op']." '".i['prefix'].
_SESSION['search'][list_name][
search_prefix.field].
i['suffix']."' and";
without input sanitization may causes function getSearchSQL() returning injected sql WHERE substring!
I put simple workaround under line 155:
if(preg_match("/['\\]/", _SESSION['search'][
list_name][search_prefix.
field]))
_SESSION['search'][
list_name][search_prefix.
field] = '';