Neviem ci sa jedna o dolezity projekt ale mnoho SQL prikazov v routes zlozke dovoluje vykonat SQL Injection. Tu je jeden z nich. Ak to nie je dolezity projekt, issue mozes closnut.
|
`SELECT ${select} FROM downlink_messages ` + |
|
"LEFT JOIN aps ON aps.id = downlink_messages.ap_id " + |
|
"INNER JOIN nodes ON nodes.id = downlink_messages.node_id " + |
|
"LEFT JOIN applications ON applications.id = downlink_messages.application_id " + |
|
`WHERE downlink_messages.sent = ${sent} AND nodes.id = '${deviceId}' ` + |
|
`ORDER BY ${column} ${order.toUpperCase()}, dev_id ${order.toUpperCase()} ` + |
|
`LIMIT ${rowsPerPage} OFFSET ${rowsPerPage * page - rowsPerPage}`, |
Neviem ci sa jedna o dolezity projekt ale mnoho SQL prikazov v routes zlozke dovoluje vykonat SQL Injection. Tu je jeden z nich. Ak to nie je dolezity projekt, issue mozes closnut.
lora-application-server/routes/device.js
Lines 168 to 174 in 94fb7ad