Package: src:dtc Version: 0.32.10-2 Severity: critical Tags: security upstream
SQL injection in the package installer: $q = "SELECT DISTINCT db.Db,db.User FROM mysql.user,mysql.db WHERE user.dtcowner='$adm_login' AND db .User=user.User AND db.Db='".$_REQUEST["database_name"]."';"; Ansgar -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
