Menu
▾
▴
Re: [WebERP-developers] Fwd: Aw: Vulnerabilities in webERP
|
From: Rafael C. <raf...@gm...> - 2020-07-22 16:04:40
|
I will check also this week end. Regards, Le mar. 21 juil. 2020 à 20:20, Paul T. <pth...@gm...> a écrit : > I'll have to check, might not be until the weekend, though. > > On Tue, Jul 21, 2020, 21:39 Phil Daintree <ph...@lo...> wrote: > > > Gents, > > > > This looks like it is sent as GET parameter but is not captured by our > > session cleansing routine? > > > > Anyone any ideas? > > > > Phil > > -------- Forwarded Message -------- > > Subject: Aw: Vulnerabilities in webERP > > Date: Sat, 18 Jul 2020 10:51:14 +0200 > > From: Mario Riederer <Mar...@gm...> > > To: Phil Daintree <ph...@lo...> > > > > > > > > Hello Phil, > > thanks for your reply :) > > I found 2 Cross Site Scripting and 2 SQL Injections in the software. > > You can find an explanation of the vulnerabilities in the Attachment. > > Please let me know if you need further help. > > Best regards, > > Mario > > *Gesendet:* Samstag, 18. Juli 2020 um 07:22 Uhr > > *Von:* "Phil Daintree" <ph...@lo...> > > *An:* mar...@gm..., "in...@we..." <in...@we...> > > *Betreff:* Vulnerabilities in webERP > > Hi Mario, > > > > Further to your message to me at Logic Works ... if you could expand on > > the vulnerabilities please so we can fix. > > > > Many thanks > > > > Phil > > > > -- > > Phil Daintree > > 0275 567890 > > _______________________________________________ > > Web-erp-developers mailing list > > Web...@li... > > https://lists.sourceforge.net/lists/listinfo/web-erp-developers > > > > _______________________________________________ > Web-erp-developers mailing list > Web...@li... > https://lists.sourceforge.net/lists/listinfo/web-erp-developers > |
