jellyfin-archive/jellyfin-plugin-autoorganize

Fix SQL Query Parameterization

mark-monteiro opened this issue · 0 comments

There are several SQL queries using un-escaped string concatenation to specify parameters instead of the standard parameter bindings. The risk/consequences of injection seems fairly minimal for this plugin, but these queries should still be updated.

An non-exhaustive list of offending queries: