[pLog-svn] sql exploit?

Mark Wu markplace at gmail.com
Tue Jun 10 13:05:12 EDT 2008


This bug exist in version 1.0.x, but already fixed after verion 1.1.

Mark 

> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net 
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
> Sent: Wednesday, June 11, 2008 12:27 AM
> To: LifeType SVN
> Subject: [pLog-svn] sql exploit?
> 
> Can anyone duplicate this?  I can't on the current svn 
> branch, and I downgraded to 1.2.8 and can't either.
> 
> (I also checked Reto's blog, and got the same error as mine -
> error_fetching_album)
> 
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2629
> 
> Maybe the security report has a typo in it, and it is only a 
> drupal module that it is affected.  The example exploit shows 
> downloading lifetype from sourceforge...
> 
> 
> --
> Jon Daley
> http://jon.limedaley.com
> ~~
> I want to get quoted. I think I say enough stuff to get quoted.
> -- JoAnn Paul
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn



More information about the pLog-svn mailing list