Druckversion des Themas

Hier klicken um das Topic im Orginalformat anzusehen

Forum Sefrengo.org _ Bugs Module, Plugins, Sonstiges _ SQL injection vulnerability in Lastest version Sefrengo V1.6.4

Geschrieben von: 0keeteam Wed. 24. June 2015, 04:53

Dear developer team.

We are a information security team from QIHU 360 company, China.
We found a SQL injection vulnerability in lastest version Sefrengo V1.6.4 and already sent you the technical details to info@sefrengo.org ,If you can't get the information, please provide me another email address.

Thank you

[Team info]
name: 0keeTeam
company: QIHU 360 company, China
email: g-sec-web@360.cn

Geschrieben von: mvsxyz Wed. 24. June 2015, 07:50

Hello 0keeTeam,

thanks for testing Sefrengo and the security report. I recieved it and will publish a fix soon.

Geschrieben von: 0keeteam Wed. 24. June 2015, 11:36

This issue assigned by CVEID: CVE-2015-5052

Geschrieben von: mvsxyz Thu. 25. June 2015, 22:14

Security fix is included in http://forum.sefrengo.org/index.php?showtopic=3400.

Unterstützt von Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)