Write to DB danger with Plugin: Redmine Wiki SQL

Just wanted to bring to people's attention that the "Wiki SQL" plugin allows sql commands to write to the DB. For example, you are able to change user passwords!

Here's the link to the plugin: http://www.redmine.org/plugins/redmine_wiki_sql

~sanjay

Replies (2)

RE: Write to DB danger with Plugin: Redmine Wiki SQL - Added by Frank Church about 13 years ago

Sanjay jain wrote:

Just wanted to bring to people's attention that the "Wiki SQL" plugin allows sql commands to write to the DB. For example, you are able to change user passwords!

Here's the link to the plugin: http://www.redmine.org/plugins/redmine_wiki_sql

~sanjay

Doesn't the Redmine have a mailing list or other place to report security issues?

RE: Write to DB danger with Plugin: Redmine Wiki SQL - Added by Mischa The Evil about 13 years ago

Frank Church wrote:

Doesn't the Redmine have a mailing list or other place to report security issues?

See Submissions. But note that security issues of Redmine plugins need to be reported/fixed to the plugin author instead of the Redmine developer(s).

(1-2/2)

Project

General

Profile

Redmine

Write to DB danger with Plugin: Redmine Wiki SQL

Replies (2)

RE: Write to DB danger with Plugin: Redmine Wiki SQL - Added by Frank Church about 13 years ago

RE: Write to DB danger with Plugin: Redmine Wiki SQL - Added by Mischa The Evil about 13 years ago