[Vtigercrm-developers] vTiger mulitple vulnerabilities
mfedyk at mikefedyk.com
Wed Aug 23 16:32:24 PDT 2006
If there are any patches published, they should go into the 4.2.5 release.
No more "patch" releases. That is what point releases are for.
From: vtigercrm-developers-bounces at lists.vtigercrm.com
[mailto:vtigercrm-developers-bounces at lists.vtigercrm.com] On Behalf Of Gopal
Sent: Tuesday, August 22, 2006 9:23 PM
To: vtigercrm-developers at lists.vtigercrm.com
Subject: Re: [Vtigercrm-developers] vTiger mulitple vulnerabilities
Dear Mike O'Loan,
Thanks for notifying issues in some of the modules. We will ensure that
these issues are fixed immediately. If required we will release a patch for
ph: +1 877 788 4437
---- On Tue, 22 Aug 2006 Mike O'Loan <mike.oloan at saucesoft.com> wrote ----
The following files still have the same SQL injection vulnerability, carried
over from vTiger 4.2.3. Although these aren't a problem with
magic_quotes_gpc turned ON, it still needs to be fixed. It has been fixed in
other modules by putting the PearDatabase::quote() function around any
variable that needs to be placed in an SQL statement.
Implementing this would reduce the SQL injection vulnerability for vTiger
Chief Technical Officer
Sauce Software Pty Ltd
Phone: +61 1300 559 165
Fax: +61 7 3009 0442
Email: mike.oloan at saucesoft.com
Get started with creating presentations online - http://zohoshow.com?vt
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vtigercrm-developers