Security News > 2020 > January > I'm the queen of Gibraltar and will never get a traffic ticket... just two of the things anyone could have written into country's laws thanks to unsanitised SQL input vuln
An SQL injection vulnerability in the Government of Gibraltar's website paved the way for any old Joe to rewrite official web versions of the British Overseas Territory's laws.
Security researcher Ax Sharma spotted the vuln while poring over the Gibraltar government's visa rules, which he accessed from the Gibraltar Borders and Coastguard Agency website.
A malicious person using the information exposed by the government website could have deleted and uploaded PDF files to the official online repository of Gibraltar's laws.
Although the Gibraltar Government has pulled the affected webpages offline, the incident will be a timely reminder to sysadmins that basic SQL hygiene and security practices remains as important as ever.
The spokesman continued: "It should also be noted that the Government of Gibraltar website is hosted outside our corporate network and therefore the earlier vulnerabilities posed no risk to the security of the government's communication systems."