oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: NeoInvoice Blind SQL Injection in signup_check.php

From: Adam Caudill <adam () adamcaudill com>
Date: Fri, 10 Aug 2012 04:55:19 -0400
All,

There is a blind SQL injection issue with NeoInvoice
(https://github.com/tlhunter/neoinvoice).

Requester: adam () adamcaudill com
Software: NeoInvoice
Attack Type: Blind SQL Injection
Vulnerable Code:
https://github.com/tlhunter/neoinvoice/blob/5e7af94641cba17df9141e95108c369cfb6e6dd5/public/signup_check.php#L29

Affected Version: Current version; project doesn't seem to be using versions.

Status: Author has been notified; awaiting a response.

-- Adam Caudill
Previous By Date Next
Previous By Thread Next

Current thread: