Sorry, I've been to hasty:
The redirection vulnerability in jumpto.php is CVE-2005-3649 and
the SQL injection vulnerabilities are CVE-2005-3648.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
These are all fixed in 1.5.3.
Well, to be exact about the SQL injection we found it was almost impossible
to fix completely so we now just recommend correct PHP settings to overcome
that problem. It turns out that the particular settings that allowed
the SQL
injection were actually quite
On Friday, 18 November 2005 15:32, Martin Dougiamas wrote:
These are all fixed in 1.5.3.
Well, to be exact about the SQL injection we found it was almost impossible
to fix completely so we now just recommend correct PHP settings to overcome
that problem. It turns out that the particular
3 matches
Mail list logo
