#53 DaloRadius CSRF / XSS / SQL Injectionl

all
open
nobody
1
2013-11-02
2013-03-30
Anonymous
No

Dali radius is suffering from CSRF / XSS / SQL Injectionl.
The bug is due to not sanitizing the GET POST fields Correctly..

For full detials
http://security-geeks.blogspot.com/2013/03/daloradius-csrf-xss-sql-injection.html

Discussion

  • Liran Tal
    Liran Tal
    2013-04-09

    Indeed, it's a known issue and I've emailed on this previously on the community mailing list to inform users to only allow access to daloRADIUS web interface to trusted peers and take all measures to lock it down.

     

  • Anonymous
    2013-11-02

    Are you going to fix this?

     


Anonymous


Cancel   Add attachments