On Sat, Aug 01, 2009 at 03:53:05AM +0200, Ansgar Burchardt wrote:
> Package: gnudip
> Version: 2.1.1-4.1
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Hi,
> 
> gnudip's web interface is vulnerable to SQL injections.  If one changes
> the email address to something like
> 
>     [email protected]", level="ADMIN
> 
> one gets administrator permissions.  The server script gdips.pl also
> looks prone to SQL injection attacks.

Sam, what's the status? This bug is more than two months old.

Cheers,
        Moritz



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to