As I thought (and you pointed out), they failed to use cfqeuryparam. It still amazes me that anyone would consider this a good idead.
On 4/26/06, Munson, Jacob <[EMAIL PROTECTED]> wrote: > Those of you that use CartWeaver for CF should be aware that some SQL > injection holes have been found. Check out my blog entry for details: > http://www.techfeed.net/blog/index.cfm/2006/4/26/cartweaver-holes -- CFAJAX docs and other useful articles: http://jr-holmes.coldfusionjournal.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:238843 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
