[Vtigercrm-developers] vTiger mulitple vulnerabilities
gopals at vtiger.com
Tue Aug 22 21:22:49 PDT 2006
Dear Mike O'Loan,
Thanks for notifying issues in some of the modules. We will ensure that these issues are fixed immediately. If required we will release a patch for v4.2.3 immediately.
ph: +1 877 788 4437
---- On Tue, 22 Aug 2006 Mike O'Loan <mike.oloan at saucesoft.com> wrote ----
The following files still have the same SQL injection vulnerability, carried over from vTiger 4.2.3. Although these aren't a problem with magic_quotes_gpc turned ON, it still needs to be fixed. It has been fixed in other modules by putting the PearDatabase::quote() function around any variable that needs to be placed in an SQL statement.
Implementing this would reduce the SQL injection vulnerability for vTiger 4.2.x
Chief Technical Officer
Sauce Software Pty Ltd
Phone: +61 1300 559 165
Fax: +61 7 3009 0442
Email: mike.oloan at saucesoft.com_______________________________________________
Get started with creating presentations online - http://zohoshow.com?vt
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vtigercrm-developers