SQL Injection

Question

SQL Injection

Closed this issue 7 months ago · 1 comments

It is possible for players to SQL Inject by changing their gang name. The name is not properly escaped in the code, so for example " or "" would break a large portion of the database.

Answer 1 · 2021-04-28T00:13:17.000Z

Thanks! A pretty serious reason to avoid using this plugin entirely until a fork is properly maintained