PHPGiftReg 1.5.5 SQL Injection Vulnerability

14 views

Skip to first unread message

John Gibson

unread,

Nov 25, 2012, 5:29:02 PM11/25/12

to do-...@googlegroups.com

Hello fellow Do-Wanters,

The latest stable released version of PHPGiftReg (1.5.5) has an SQL injection vulnerability. See here for details:

http://sourceforge.net/p/phpgiftreg/bugs/31/

The issue has been patched on the trunk, but I don't think that there's been a release that includes the fix yet. I've created a patch against 1.5.5 to correct the issue:

http://sourceforge.net/p/phpgiftreg/patches/7/

So if you're not ready to take the plunge and switch to the Do Want beta, then you might want to go ahead and patch your current installation just to be safe.

John

Ryan Walberg

unread,

Nov 28, 2012, 10:16:24 AM11/28/12

to do-...@googlegroups.com

I just want to point out that phpgiftreg 2.0.0 is released and does not have that vulnerability.

Thank you,
Ryan

Reply all

Reply to author

Forward

0 new messages