relis icon indicating copy to clipboard operation
relis copied to clipboard
verified publisher icon geodes-sms

SQL Injection may be possible

Open oEscal opened this issue 1 year ago • 0 comments

At this moment, most database queries are made using string concatenation without escaping the user input, which might allow an attacker to achieve SQL Injection. Since ReLiS is using CodeIgniter to access the database, it is probably more recommended to use its query bindings, which automatically escape the introduced query values.

oEscal avatar Mar 20 '24 10:03 oEscal