2009/1/30 Raphael Geissert :
[...]
>
> [1]http://cognifty.com/blog.entry/id=6/addslashes_dont_call_it_a_comeback.html
Here's[2] another reference as to what mysql_real_escape_string does.
On a side note, while the conclusion in [1] "partially" true, it
misses the part of real input encoding, which
On Friday 30 January 2009 15:09:34 Nico Golde wrote:
> Hi,
>
> * Nelson A. de Oliveira [2009-01-30 19:06]:
> > glpi versions prior to 0.71.4 are affected by a SQL injection
> > vulnerability. See the upstream announce [1] and SecurityFocus [2].
> >
> > [1]
> > http://www.glpi-project.org/spip.php
Hi,
* Nelson A. de Oliveira [2009-01-30 19:06]:
> glpi versions prior to 0.71.4 are affected by a SQL injection vulnerability.
> See the upstream announce [1] and SecurityFocus [2].
>
> [1] http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en
> [2] http://www.securityfocus.com/b
Package: glpi
Version: 0.71.2-2
Severity: grave
Tags: security
Justification: user security hole
Hi!
glpi versions prior to 0.71.4 are affected by a SQL injection vulnerability.
See the upstream announce [1] and SecurityFocus [2].
[1] http://www.glpi-project.org/spip.php?page=annonce&id_breve=16
4 matches
Mail list logo
