Hi
I am getting sql injection error on WebPortal while trying to perform attestation for a business roles.
I am using version 8.1.1
WebApp log:
Module instance created: ATT_Attestation_MyAttestations
2020-12-16 15:15:12.3358 INFO ( WebLog s0xjgi1ydmrf0vz3qcopxvxx) : Creating form ATT_Attestation_MyAttestations ATT_Attestation_MyAttestations
2020-12-16 15:15:12.4295 WARN ( ObjectLog s0xjgi1ydmrf0vz3qcopxvxx) : Potential SQL injection attack by brute-force, adding time penalty of 00:00:03.2620000, WHERE clause: (uid_attestationcase in ( select uid_attestationcase from dbo.ATT_FTAttCasesForBaseObject(N'<Key><T>Person</T><P>somePersonID</P></Key>'))) and (uid_attestationpolicy in ( select uid_attestationpolicy from attestationpolicy where uid_attestationobject in ( select ao.uid_attestationobject from attestationobject ao join dialogtable dt on dt.uid_dialogtable = ao.uid_dialogtable where dt.tablename like 'PersonHas%' or dt.tablename like 'PersonIn%') ))
Currently the version upgrade is not possible.
Can you please help to find the place where I can edit manually the above sql query?
