From: Marco K. <kuh...@we...> - 2005-11-18 12:45:51
|
hi all, i read about some security vulnerability in phpbt version 0.9.1. I know,that this reports are 1 year ago, but the current CVS version contain not the patch described below. reports: http://networksecurityarchive.org/html/Vuln-Dev/2004-11/msg00197.html http://networksecurityarchive.org/html/Vuln-Dev/2004-11/msg00208.html patch: http://www.phpsecure.info/v2/.php?zone=pDl&id=169 e.g. the patch for vote_view($bug_id) in bug.php: the patch check the variable $bug_id witch $bug_id = intval($bug_id); Did you fix the security gap differently? Best reagards -- marco |