Package: gnudip Version: 2.1.1-4.1 Severity: grave Tags: security Justification: user security hole
Hi,
gnudip's web interface is vulnerable to SQL injections. If one changes
the email address to something like
[email protected]", level="ADMIN
one gets administrator permissions. The server script gdips.pl also
looks prone to SQL injection attacks.
Regards,
Ansgar
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
