#4322 closed defect (bug) (fixed)
Sql injection blind fishing exploit
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 2.0.11 | Priority: | highest omg bbq |
| Severity: | critical | Version: | 2.1.3 |
| Component: | Security | Keywords: | security, bug |
| Focuses: | Cc: |
Description
BIG security bug in "admin-ajax.php" sql injection blind fishing exploit
More info on: http://www.waraxe.us/ftopict-1780.html#7560
Attachments (1)
Change History (5)
#1
@
16 years ago
- Keywords security added; securtiy removed
- Milestone changed from 2.2.1 to 2.0.11
- Resolution set to fixed
- Status changed from new to closed
#2
follow-up:
↓ 3
@
16 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
According to this page:
"None of these are safe to use, except the latest in the 2.0 or 2.1 series, which are both actively maintained."
However version 2.1.3 is still not patched for this bug?
#3
in reply to:
↑ 2
@
16 years ago
- Resolution set to fixed
- Status changed from reopened to closed
Replying to hvdkamer:
According to this page:
"None of these are safe to use, except the latest in the 2.0 or 2.1 series, which are both actively maintained."
However version 2.1.3 is still not patched for this bug?
2.1.3 will not be patched.
The only security supported versions are 2.0.x and 2.2.x
This fix is in 2.2.1 which has just gone RC.
Note: See
TracTickets for help on using
tickets.
Fixed for 2.2, 2.0.11 (soon to be released) and in trunk for 2.3
[5440]
[5441]
[5442]