Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla SQL Injection

Found this, has it been addressed?

http://www.exploit-db.com/exploits/24927/

Answers

  • hgtonighthgtonight ∞ · New Moderator

    I believe so.

    For more details, check out the latest security update.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    Yes that is why there is an update to 2.0.18.8 please upgrade

  • peregrineperegrine MVP
    edited April 2013

    who reads announcements? they are almost as bad as reading documentation. :)

    but then again - the announcement doesn't explicitly say it relates to the same issue.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • I read the announcement and I already updated I was double checking it was the same issue.

  • H00jH00j
    edited April 2013

    You can never be too safe.

  • It's not immediately obvious that the latest release fixes this issue. Can you clarify as a matter of urgency please @Todd?

  • ToddTodd Chief Product Officer Vanilla Staff

    The latest security release addresses this issue, yes. We've been in contact with the firm that released this and they coordinated with us to get the security release out before they announced it.

    Very standup of them I might add.

  • Thank you sir. Can you tell us which change was directed at this issue? I just want to be sure that no plugins expose the same vulnerability.

  • @50sQuiff said:
    Thank you sir. Can you tell us which change was directed at this issue? I just want to be sure that no plugins expose the same vulnerability.

    http://vanillaforums.org/discussion/comment/180288/#Comment_180288

    There was an error rendering this rich post.

  • Ah, sorry for the double post. There were some brief issues with the forum last night and I thought that comment had been lost.

Sign In or Register to comment.