Package: hoteldruid X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for hoteldruid. I couldn't find a bug tracker or code repository for hoteldruid but it seems you are involved in upstream development somehow. Are you aware of this issue already? CVE-2018-1000871[0]: | HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL | Injection vulnerability in "id_utente_mod" parameter in | gestione_utenti.php file that can result in An attacker can dump all | the database records of backend webserver. This attack appear to be | exploitable via the attack can be done by anyone via specially crafted | sql query passed to the "id_utente_mod=1" parameter. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000871 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000871 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
