#53 DaloRadius CSRF / XSS / SQL Injectionl

all
open
nobody
1
2013-11-02
2013-03-30
Anonymous
No

Dali radius is suffering from CSRF / XSS / SQL Injectionl.
The bug is due to not sanitizing the GET POST fields Correctly..

For full detials
http://security-geeks.blogspot.com/2013/03/daloradius-csrf-xss-sql-injection.html

Discussion

  • Liran Tal

    Liran Tal - 2013-04-09

    Indeed, it's a known issue and I've emailed on this previously on the community mailing list to inform users to only allow access to daloRADIUS web interface to trusted peers and take all measures to lock it down.

     
  • Anonymous - 2013-11-02

    Are you going to fix this?

     


Anonymous

Cancel  Add attachments





Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks