| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rgerhards at hq.adiscon.com (Rainer Gerhards) Subject: [Fwd: DeskPRO News - v1.1.2 and v2.0.0 Beta 4] As I haven't seen it on this list or somewhere else. This is regarding DeskPRO, a web based help desk solution. We received this yesterday from the vendor (a second note, was also reported earlier). We now tracked down the cause of this issue as it is not fully disclosed. In short: it is the "normal" SQL injection issue with an unchecked GET integer parameter. At least, we found this after a little diff... If you use this software and have not upgraded yet, it definitely is *NOW* time to do it. You can find details at http://www.deskpro.com/ Rainer > #################################### > > # DESKPRO v1.1.2 RELEASE # > > #################################### > > > > It is vitally important that you update your DeskPRO v1 installation to v1.1.2. The release fixes a security issue which every installation is open to. Please ensure the update is done as soon as possible. It is particularly important that you update the following files: > > > > /login.php > > /includes/functions.php > > /includes/functions2.php > > /admin/login.php > > /tech/login.php > > ACCESS PAGE : http://www.deskpro.com/ >
Powered by blists - more mailing lists