Package: owl-dms
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for owl-dms.

CVE-2008-3359[0]:
| SQL injection vulnerability in register.php in Steve Bourgeois and
| Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows
| remote attackers to execute arbitrary SQL commands via the username
| parameter.  NOTE: the provenance of this information is unknown; the
| details are obtained solely from third party information.

I've set the severity to important for now as not a lot of information
are given about this vulnerability. I'll try and check the code
tomorrow, but it would be good, if you could state, whether you know
anything or have a clue.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3359
    http://security-tracker.debian.net/tracker/CVE-2008-3359



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to