Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Scan Returns Advanced Search Result and Customer Address Form Post Vulnerabilities
 
janellez
Jr. Member
 
Total Posts:  15
Joined:  2010-03-08
 

On a Community 1.7.0.2 install, a security scan came back with the result that these two pages/processes are vulnerable to blind SQL injection -

/catalogsearch/advanced/result
/customer/address/formPost/

I have a hard time believing that no one else has had this or that if it’s a true issue, there isn’t a patch.  Or is there, and I haven’t seen it?

Thanks for any help or insight.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top