You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@fineract.apache.org by "Francis Guchie (Jira)" <ji...@apache.org> on 2021/03/31 15:54:00 UTC
[jira] [Created] (FINERACT-1338) SQL Injection - While "runreports"
api is trying to load report parameters
Francis Guchie created FINERACT-1338:
----------------------------------------
Summary: SQL Injection - While "runreports" api is trying to load report parameters
Key: FINERACT-1338
URL: https://issues.apache.org/jira/browse/FINERACT-1338
Project: Apache Fineract
Issue Type: Bug
Reporter: Francis Guchie
Attachments: image-2021-03-31-15-53-00-571.png
After solving the error at FINERACT-1336 a new error shows up.
while api - runreports
fineract-provider/api/v1/runreports/OfficeIdSelectOne?parameterType=true
is spooling the report parameters, user will not see any error on the UI
!image-2021-03-31-15-53-00-571.png!
but looking through the console OR postman you see error below
{
"developerMessage": "The request was invalid. This typically will happen due to validation errors which are provided.",
"httpStatusCode": "400",
"defaultUserMessage": "Unexpected SQL Commands found",
*"userMessageGlobalisationCode": "error.msg.found.sql.injection"*
}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)