Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9359

SQL error message also given if DEBUG-mode disabled

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 3.0.x
    • Fix Version/s: 3.0.15-RC1
    • Component/s: Other
    • Labels:
      None

      Description

      Don't know whether this is by design or not: the complete SQL error message including parts of the faulty SQL statement is given to all users even if DEBUG-mode is disabled. This might give an attacker some information about potential issues with faulty modifications.

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. PHPBB3-9079 Display backtrace on all E_USER_ERROR errors, not only SQL errors (when DEBUG_EXTRA is enabled)

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. PHPBB3-10581 Malformed SQL is logged when user triggering it is shown the offending SQL

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Activity

              People

              • Assignee:
                CHItA CHItA
                Reporter:
                PhilippK PhilippK [X] (Inactive)
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: