Package: owl-dms Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for owl-dms.
CVE-2008-3359[0]: | SQL injection vulnerability in register.php in Steve Bourgeois and | Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows | remote attackers to execute arbitrary SQL commands via the username | parameter. NOTE: the provenance of this information is unknown; the | details are obtained solely from third party information. I've set the severity to important for now as not a lot of information are given about this vulnerability. I'll try and check the code tomorrow, but it would be good, if you could state, whether you know anything or have a clue. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3359 http://security-tracker.debian.net/tracker/CVE-2008-3359 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

