[Vtigercrm-developers] vTiger mulitple vulnerabilities
Mike O'Loan
mike.oloan at saucesoft.com
Tue Aug 22 21:10:54 PDT 2006
The following files still have the same SQL injection vulnerability, carried
over from vTiger 4.2.3. Although these aren't a problem with
magic_quotes_gpc turned ON, it still needs to be fixed. It has been fixed in
other modules by putting the PearDatabase::quote() function around any
variable that needs to be placed in an SQL statement.
Affected files:
modules\Faq\ListView.php
modules\HelpDesk\ListView.php
modules\Invoice\Popup.php
modules\Leads\ListView.php
modules\Leads\Popup.php
modules\Products\Popup.php
Implementing this would reduce the SQL injection vulnerability for vTiger
4.2.x
--
Mike O'Loan
Chief Technical Officer
Sauce Software Pty Ltd
http://saucesoft.com
Phone: +61 1300 559 165
Fax: +61 7 3009 0442
Email: mike.oloan at saucesoft.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20060823/0b47382f/attachment-0004.html
More information about the vtigercrm-developers
mailing list