[krunner] [Bug 436347] New: SQL injection fail?

Allan Sandfeld Thu, 29 Apr 2021 03:26:38 -0700

https://bugs.kde.org/show_bug.cgi?id=436347


            Bug ID: 436347
           Summary: SQL injection fail?
           Product: krunner
           Version: 5.20.90
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: alexander.loh...@gmx.de
          Reporter: k...@carewolf.com
                CC: plasma-b...@kde.org
  Target Milestone: ---

Found this directory:

carewolf@twilight% ls -l                                                       
                                                      ~/.cache/plasmashell
total 96
drwxrwxr-x 4 carewolf carewolf  4096 Mai 29  2017  attica
drwxrwxr-x 4 carewolf carewolf  4096 Mai 29  2017  knewstuff
drwxrwxr-x 2 carewolf carewolf  4096 Mai 29  2017 
KRunner-Favicons-firefox-default
drwxrwxr-x 2 carewolf carewolf  4096 Feb  8 16:15 'KRunner-Favicons-SELECT icon
FROM icons WHERE url = :url LIMIT 1;'
drwxrwxr-x 2 carewolf carewolf 77824 Apr 15 09:55  qmlcache

I don't think SQL queries were meant to be in the file-system names.

The creation date fits my 5.20.90 build, so it might already be fixed.

-- 
You are receiving this mail because:
You are watching all bug changes.

[krunner] [Bug 436347] New: SQL injection fail?

Reply via email to