Bug
ArcGIS Survey123 sends a poorly constructed query and is logically correct but appears as a potential SQL injection attack on firewalls fixed in version 3.6 but returns in version 3.12.
| Bug ID Number | BUG-000139808 |
|---|---|
| Submitted | May 11, 2021 |
| Last Modified | June 5, 2024 |
| Applies to | ArcGIS Survey123 |
| Version found | 3.12 |
| Operating System | Windows OS |
| Operating System Version | N/A |
| Status | Non-Reproducible |
Additional Information
The ArcGIS JavaScript API 3.x version appends AND (1=1) to the WHERE parameter.Workaround
Disable firewalls or whitelist for ArcGIS Survey123 domains.
Steps to Reproduce
Bug ID: BUG-000139808
Software:
- ArcGIS Survey123
Get notified when the status of a bug changes
Discover more on this topic
Search for related information
Find training related to this topic
Explore ideas and give feedback
Get help from ArcGIS experts
Download the Esri Support App