Public bug reported:

I discovered a strange issue with the save dialogue. if you search for
the string 'a-bc' in a save modal it throws an SQL parse error (See
attached screenshot). This appears to be for any string with a hyphen.

The modal in my case is opened by Firefox.

Could this be a SQL injection vulnerability?

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "Selection_009.png"

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  Searches containing a hyphen in a save dialog triggers a SQLParse

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to