|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16312 (SECURITY) Non-CVS users can set statys to anything (including Critical)
Submitted: 2002-03-27 11:30 UTC Modified: 2002-05-12 14:01 UTC
From: nopman at hackermail dot com Assigned:
Status: Closed Package: Website problem
PHP Version: 4.1.2 OS: Unix
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: nopman at hackermail dot com
New email:
PHP Version: OS:


 [2002-03-27 11:30 UTC] nopman at hackermail dot com
I read the sources of this error reporting page and found
out that you correctly provide list of available
State-options, but you do not validate the input.

So one can make their own form and add there to be options
for Critical,Analyzed etc.

I'm pretty sure that it works, but i'll test it with this report.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-27 11:33 UTC] nopman at hackermail dot com
Trying to set this as Critical.

 [2002-03-27 11:34 UTC] nopman at hackermail dot com
Damn!! It worked!!!!
 [2002-03-27 12:39 UTC]
Hm... another bug in this system... you can also fake addresses.
This is critical indeed :)
 [2002-05-12 13:18 UTC]
 [2002-05-12 14:01 UTC]
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at In case this was a documentation 
problem, the fix will show up soon at 
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 05 05:01:29 2024 UTC