[BUG] in v2.1.2 Mysql error, possible sql injection exploit?

  1. scru2

    scru2 - Aug 20, 2017 New Member

    Credit
    Point
    Hi, installed latest brivium support ticket system on latest xenforo 1.5.14.


    1st: Search support tickets can't be hidden or disallowed for registered users, why?

    2nd: when using [public search > search support tickets] if I increment reply count I get:

    Mysqli prepare error: Unknown column 'support_ticket.reply_count' in 'where clause'
    1. Zend_Db_Statement_Mysqli->_prepare() in Zend/Db/Statement.php at line 115
    2. Zend_Db_Statement->__construct() in Zend/Db/Adapter/Mysqli.php at line 381
    3. Zend_Db_Adapter_Mysqli->prepare() in Zend/Db/Adapter/Abstract.php at line 478
    4. Zend_Db_Adapter_Abstract->query() in Zend/Db/Adapter/Abstract.php at line 734
    5. Zend_Db_Adapter_Abstract->fetchAll() in XenForo/Search/SourceHandler/MySqlFt.php at line 310
    6. XenForo_Search_SourceHandler_MySqlFt->executeSearch() in XenForo/Search/SourceHandler/Abstract.php at line 152
    7. XenForo_Search_SourceHandler_Abstract->searchType() in XenForo/Search/Searcher.php at line 111
    8. XenForo_Search_Searcher->searchType() in XenForo/ControllerPublic/Search.php at line 249
    9. XenForo_ControllerPublic_Search->actionSearch() in XenForo/FrontController.php at line 351
    10. XenForo_FrontController->dispatch() in XenForo/FrontController.php at line 134
    11. XenForo_FrontController->run() in C:/xampp/htdocs/x/index.php at line 13
     
    Loading...