On Sat, Aug 01, 2009 at 03:53:05AM +0200, Ansgar Burchardt wrote:
> Package: gnudip
> Version: 2.1.1-4.1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
>
> gnudip's web interface is vulnerable to SQL injections. If one changes
> the email address to something like
>
> [email protected]", level="ADMIN
>
> one gets administrator permissions. The server script gdips.pl also
> looks prone to SQL injection attacks.
Sam, what's the status? This bug is more than two months old.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]