From: Oliver H. <ro...@re...> - 2006-09-19 00:28:13
|
Marcus Better wrote: > Any comments? > Betreff: > [pkg-tikiwiki-devel] Bug#388122: CVE-2006-4734: tikiwiki arbitrary SQL > execution vulnerability > Debian Bug Tracking System <su...@bu...> > > Package: tikiwiki > Severity: grave > Tags: security > Justification: user security hole > > A security issue has been found in tikiwiki: > > Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php > in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL > commands via the (1) pid and (2) where parameters. > > Please mention the CVE id in the changelog. Fixed right now in BRANCH-1-9. Working on other tiki-g-* files... Oliver |