On Friday, 18 November 2005 15:32, Martin Dougiamas wrote:
> These are all fixed in 1.5.3.
>
> Well, to be exact about the SQL injection we found it was almost impossible
> to fix completely so we now just recommend correct PHP settings to overcome
> that problem. It turns out that the particular
These are all fixed in 1.5.3.
Well, to be exact about the SQL injection we found it was almost impossible
to fix completely so we now just recommend correct PHP settings to overcome
that problem. It turns out that the particular settings that allowed
the SQL
injection were actually quite rare.
Sorry, I've been to hasty:
The redirection vulnerability in jumpto.php is CVE-2005-3649 and
the SQL injection vulnerabilities are CVE-2005-3648.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
3 matches
Mail list logo
