Froxlor icon indicating copy to clipboard operation
Froxlor copied to clipboard
verified publisher icon froxlor

Customers can create databases from the customer admin sql user

Open Raraph84 opened this issue 1 year ago • 0 comments

Describe the bug Customers can create databases from the customer "admin" sql user, regardless the allowed databases count of the customer, with a direct connection to the sql server or from phpmyadmin

System information

  • Froxlor version: 2.2.4
  • Web server: apache2
  • OS/Version: Debian 12 Bookworm
  • Database: MariaDB 10.11.6-MariaDB-0+deb12u1

To Reproduce Steps to reproduce the behavior:

  1. Create a customer
  2. Connect to the database (with phpmyadmin for example), with the customer "admin" sql user
  3. Try creating databases with names starting by the username of the customer
  4. The database is created

Raraph84 avatar Oct 14 '24 17:10 Raraph84