[Vtigercrm-developers] vTiger mulitple vulnerabilities
Gopal
gopals at vtiger.com
Tue Aug 22 21:22:49 PDT 2006
Dear Mike O'Loan,
Thanks for notifying issues in some of the modules. We will ensure that these issues are fixed immediately. If required we will release a patch for v4.2.3 immediately.
Regards,
Gopal
---
S.S.G.Gopal
skype: sripadag
ph: +1 877 788 4437
blog: http://gopal.vtiger.com
---- On Tue, 22 Aug 2006 Mike O'Loan <mike.oloan at saucesoft.com> wrote ----
The following files still have the same SQL injection vulnerability, carried over from vTiger 4.2.3. Although these aren't a problem with magic_quotes_gpc turned ON, it still needs to be fixed. It has been fixed in other modules by putting the PearDatabase::quote() function around any variable that needs to be placed in an SQL statement.
Affected files:
modules\Faq\ListView.php
modules\HelpDesk\ListView.php
modules\Invoice\Popup.php
modules\Leads\ListView.php
modules\Leads\Popup.php
modules\Products\Popup.php
Implementing this would reduce the SQL injection vulnerability for vTiger 4.2.x
--
Mike O'Loan
Chief Technical Officer
Sauce Software Pty Ltd
http://saucesoft.com
Phone: +61 1300 559 165
Fax: +61 7 3009 0442
Email: mike.oloan at saucesoft.com_______________________________________________
Get started with creating presentations online - http://zohoshow.com?vt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20060822/c95ef9f3/attachment-0004.html
More information about the vtigercrm-developers
mailing list