URL: <https://savannah.nongnu.org/support/?111093>
Summary: Account Registration page information disclosure
Group: Savannah Administration
Submitter: None
Submitted: Thu 18 Jul 2024 08:14:21 AM UTC
Category: Savannah website
Priority: 5 - Normal
Severity: 6 - Security
Status: None
Privacy: Public
Assigned to: None
Originator Email: d...@20i.com
Operating System: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Thu 18 Jul 2024 08:14:21 AM UTC By: Anonymous
Hi,
I hope you are doing well.
I am trying to register an account on
https://savannah.gnu.org/account/register.php I am getting an error showing
the raw SQL query.
This could be used as an attack vector for SQL Injection attacks.
I am attaching a screenshot, the name is GNU-Savannah-registration-page.png.
Due to the SQL error described above new user registration is not working.
Would you please look into this issue too?
Thank you.
Best regards,
Dimitar Nikov
_______________________________________________________
File Attachments:
-------------------------------------------------------
Name: GNU-Savannah-registration-page.png Size: 28KiB
<https://file.savannah.nongnu.org/file/GNU-Savannah-registration-page.png?file_id=56276>
AGPL NOTICE
These attachments are served by Savane. You can download the corresponding
source code of Savane at
https://git.savannah.nongnu.org/cgit/administration/savane.git/snapshot/savane-b921eb6f47f98f9b46802ed414f7b7f6c3798603.tar.gz
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/support/?111093>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
signature.asc
Description: PGP signature
