Re: phpbb 3.x sql injection (with global moderator rights)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: phpbb 3.x sql injection (with global moderator rights)
From: bugtraq@xxxxxxxxxxxxxx
Date: 14 Jul 2006 13:18:39 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This issue has been fixed in CVS. I will also remind everyone that 3.0 is beta 
software and has not yet had a security audit, and therefore we do not 
recommend to use the beta in a live environment.

I would also like to remind people that in future we would appreciate it if 
such reports could be reported to us first in our security tracker at:
http://www.phpbb.com/security/add_report.php

NeoThermic

Prev by Date: VBZooM <=V1.11 "sub-join.php" SQL Injection
Next by Date: Re: LAMP vs Microsoft
Previous by thread: phpbb 3.x sql injection (with global moderator rights)
Next by thread: [ MDKSA-2006:123 ] - Updated kernel packages fixes multiple vulnerabilities
Index(es):
- Date
- Thread