| « XML-RPC vulnerability | Stats performance tuning » |
SQL injection vulnerability
04/18/05
17:26:07, by fplanque , 40 words
Categories: Version 0.8.7 "Cream", Version 0.8.9 "Spring", Other versions, Version 0.8.6.2 "Snow", Closed, Version 0.9.0.3 "Europe", Version 0.9.0.5 "Berlin", Version 0.9.0.8 "Oslo", Version 0.9.0.9 "Madrid", Version 0.9.0.11 "Paris", Version 0.9.0.10 "Copenhagen", Version 0.9.0.12 "Amsterdam"
Categories: Version 0.8.7 "Cream", Version 0.8.9 "Spring", Other versions, Version 0.8.6.2 "Snow", Closed, Version 0.9.0.3 "Europe", Version 0.9.0.5 "Berlin", Version 0.9.0.8 "Oslo", Version 0.9.0.9 "Madrid", Version 0.9.0.11 "Paris", Version 0.9.0.10 "Copenhagen", Version 0.9.0.12 "Amsterdam"
SQL injection vulnerability
A moderately critical security advisory has been posted here: http://secunia.com/advisories/13718/
Methods to fix this issue are described here: http://forums.b2evolution.net/viewtopic.php?t=2695
We are encouraging all b2evo users to update their installation.
3 comments
but there’s no NEW security risk, it’s only the old one from january, right?
2005-04-18 @ 18:22
Nope, there seems to be a more recent one - see my blog post about the exploit.
2005-04-20 @ 16:20
