Fork me on GitHub
Subscribe 3

Ticket #990 (fixed bug)

SQL injection in profile.php

  • Created: 2014-10-17 12:59:46
  • Reported by: Franz
  • Assigned to: quy
  • Milestone: 1.5.7
  • Component: security
  • Priority: highest

The latest release contains a SQL injection vulnerability that allows attacker to change the passwords of other users.

History

Franz 2014-10-17 13:00:27

  • Owner set to quy.

quy 2014-10-18 14:49:23

Commit 1ebf5d9 to fluxbb master

#990: Fix security vulnerability in profile.php.

quy 2014-10-18 14:50:01

Commit 308d901 to fluxbb master

Escape output of emails in admin panel.

Related to #990.

adaur 2014-10-20 09:35:30

Should $cur_user['activate_string'] be escaped?

Franz 2014-10-20 09:44:27

Yes, that's the culprit. I'll push the fix in a couple of minutes.

quy 2014-10-20 10:22:48

Commit cc081a1 to fluxbb fluxbb-1.4

#990: Fix security vulnerability in profile.php.

Franz 2014-10-20 11:53:38

  • Status changed from open to fixed.

Franz 2014-10-20 12:05:41

  • Visibility set to public.