AOH :: HP Unsorted A :: TB13442.HTM

Aida-Web Information Exposure
Aida-Web Information Exposure
Aida-Web Information Exposure

Hi list,

Parameters being transferred per $_GET aren't sanitised properly.


Everyone can read any comment and its poster, although it should be
readable only for superiors

You can see, which supervisor the task was forwarded to and their UniqueIDs

Anyways, everything is acting really strange if you try to test something.
Out of 10 tries, u get
8x All information you want to get
1x a weird name instead of the real one
1x a Errorpage like 404, "session timed out", blank site,...

For all these tests it is not necessary to be logged in.
There might be a lot more bugs, but I can't look for them on a live system :(



The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to