Menu

The Uploader 2.0.5 released

On 28th July 2011 The Uploader 2.0.5 was released, carrying two important security fixes and other minor fixes.

Changelog:
- A security flaw allowed everyone to gain access to administration without the proper credentials using a SQL-Injection.
- The configuration file has been properly secured from unauthorized downloads.
- Apostrophes can now be used in admin's names without receiving a MySQL error and having the user not added.
- Some actions triggered MySQL errors due to code problems with the logging functions.

Thank to Danny Moules (security researcher) for bug reporting.

Posted by Ste_95 2011-07-29

Log in to post a comment.