oss-sec mailing list archives
CVE request: Serendipity before 1.6.2 SQL Injection
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 22 May 2012 11:05:02 +0200
Upstream: http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html Advisory: https://www.htbridge.com/advisory/HTB23092 Upstream description of the issue: "The error here is that input is not properly validated and can be used (when magic_quotes_gpc is off) to inject SQL code to a SQL query; since our DB layer does not execute multiple statements, and the involved SQL query is not used to produce output code, we regard the impact as low. Nevertheless, please upgrade your installation." Please assign CVE. -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- CVE request: Serendipity before 1.6.2 SQL Injection Hanno Böck (May 22)
- Re: CVE request: Serendipity before 1.6.2 SQL Injection Henri Salo (May 22)
- Re: CVE request: Serendipity before 1.6.2 SQL Injection Hanno Böck (May 22)
- Re: CVE request: Serendipity before 1.6.2 SQL Injection Henri Salo (May 22)