Users of coWiki please be advised of a SQL Injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
coWiki-SA-07/21/2010: SQL Injection vulnerability in coWiki
Advisory: SQL Injection vulnerability in coWiki
Details:
This is SQL Injection vulnerability.
SQL Injection:
http://site/index.php?node=-1'%20or%20version()%3E’5
Already when I informed developers in 2007 about XSS hole, they answered me
that they didn't support this engine any more. So users of this system must
fix this hole by themselves (as previous one).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua Read more at www.criticalwatch.com
See this Amp at http://bit.ly/boWs2C
No comments:
Post a Comment