SQL Vulnerability in Guestbook

posted on: 02.04.2008

News: BUG

You can find all information about the Extension at Guestbooks detail page.

Download

Take latest download from the Guestbooks detail page.

Details

If more than one page of Guestbook entrys was displayed, the "start" parameter wasn't properly handled. There is no report of a working SQL injection Exploit; but anyway ...

Please update all your Communities to use the latest version: 1.4.1!

Comments

  1. Kevin
    wrote on April 6, 2008 at 21:10
    Hi Guys!

    For everyone who installed 1.4 already, please upgrade again ;) to 1.4.1. There was an SQL Statement failure, so no entrys where shown with 1.4.

    Regards Kevin
  2. Danis
    wrote on April 9, 2008 at 09:41
    There is a little Link Bug ind the Guestbook detail page.
    Link to Version 1.4.2 is:
    http://sourceforge.net/project/downloading.php?group_id=149865&use_mirror=osdn&filename=guestbook_1.4.2.zip&67807958
  3. Kevin
    wrote on April 9, 2008 at 11:28
    Thanks, fixed link to http://downloads.sourceforge.net/bigace/guestbook_1.4.2.zip.
    Updated the remote extension as well.

Add a comment