|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16312 (SECURITY) Non-CVS users can set statys to anything (including Critical)
Submitted: 2002-03-27 11:30 UTC Modified: 2002-05-12 14:01 UTC
From: nopman at hackermail dot com Assigned:
Status: Closed Package: Website problem
PHP Version: 4.1.2 OS: Unix
Private report: No CVE-ID: None
 [2002-03-27 11:30 UTC] nopman at hackermail dot com
I read the sources of this error reporting page and found
out that you correctly provide list of available
State-options, but you do not validate the input.

So one can make their own form and add there to be options
for Critical,Analyzed etc.

I'm pretty sure that it works, but i'll test it with this report.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-27 11:33 UTC] nopman at hackermail dot com
Trying to set this as Critical.

 [2002-03-27 11:34 UTC] nopman at hackermail dot com
Damn!! It worked!!!!
 [2002-03-27 12:39 UTC]
Hm... another bug in this system... you can also fake addresses.
This is critical indeed :)
 [2002-05-12 13:18 UTC]
 [2002-05-12 14:01 UTC]
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at In case this was a documentation 
problem, the fix will show up soon at 
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Feb 26 09:01:26 2024 UTC