Package: gnudip Version: 2.1.1-4.1 Severity: grave Tags: security Justification: user security hole
Hi, gnudip's web interface is vulnerable to SQL injections. If one changes the email address to something like t...@example.com", level="ADMIN one gets administrator permissions. The server script gdips.pl also looks prone to SQL injection attacks. Regards, Ansgar -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org