News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
Serendipity 1.1.3 and 1.2-beta2 released due to SQL exploit
June 19, 2007 @ 07:47:00

As Christopher Kunz points out, Serendipity users should check out a new blog posting over on the CMS system's website concerning an immediate update they've released.

Serendipity 1.1.3 and 1.2-beta2 have been released due to a SQL injection attack reported by Dr. Neal Krawetz today. It is possible to abuse a 'commentMode' variable to inject SQL code that was targeted to the function that fetches comment information. This variable was introduced to Serendipity 1.1 - all prior versions are not affected.

They also suggest checking you access logs for a "commentMode" variable issued in requests to see if there were any kind of attacks made already. The fix is a simple matter of editing the functions_comments.inc.php file and replacing the line of code they give with the more secure versions. Again, this is recommended as an immediate upgrade for Serendipity users.

0 comments voice your opinion now!
serendipity cms sql exploit commentmode functioncomments serendipity cms sql exploit commentmode functioncomments


blog comments powered by Disqus

Similar Posts

Community News: Serendipity 1.1.3 and 1.2-beta2 released due to SQL exploit

Michelangelo van Dam's Blog: Book review: CMS Design Using PHP and JQuery

Stefan Mischook's Blog: Defending against SQL Injection attacks

CodePoets.co.uk: A Quickstart to using PEAR with PHP

Hasin Hayder's Blog: Vulnerable bug in CodeIgniter which took us hours to fix our corrupted database


Community Events





Don't see your event here?
Let us know!


unittest interview refactor podcast threedevsandamaybe list testing series framework install laravel configure code release developer community introduction language opinion wordpress

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework