id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	blocking
2213	Ungefilterter GET Parameter tracking.php	flth@…	somebody	"In der tracking.php werden in Zeile 37 und 40 zwei GET Parameter ungefiltert in die Session geschrieben.
Never trust an external parameter :)

$_SESSION['tracking']['refID'] = $_GET['refID'];
    $sql_data_array = array(
      'user_ip' => ip_clearing($_SESSION['tracking']['ip']),
      'campaign' => $_GET['refID'],
      'time' => 'now()'
    );"	Bug/Fehler	new	normal	modified-shop-2.0.7.1	Sicherheit	2.0.7.0