Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?
Sign Up

Forums
All Activity
Guidelines
Hosting
- Home
- Help Desk
- Billing
- Status
More
- More

Security Discussions

B2evolution "title" Sql Injection Vulnerability

TCH-Thomas

By TCH-Thomas
January 6, 2005 in Security Discussions

Share

https://forums.totalchoicehosting.com/topic/15759-b2evolution-title-sql-injection-vulnerability/

Recommended Posts

TCH-Thomas

Grand Master

TCH-Thomas

Posted January 6, 2005

Posted January 6, 2005

I think there are a few here on TCH using b2evolution as blog.

Secunia (http://secunia.com/advisories/13718/) writes

Description:
r0ut3r has reported a vulnerability in b2evolution, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "title" parameter in "index.php" is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:

Edit the source code to ensure that input is properly sanitised.

Quote

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.

Reply to this topic...

× Pasted as rich text. Paste as plain text instead

Only 75 emoji are allowed.

× Your link has been automatically embedded. Display as a link instead

× Your previous content has been restored. Clear editor

× You cannot paste images directly. Upload or insert images from URL.

Insert image from URL

×

Share

https://forums.totalchoicehosting.com/topic/15759-b2evolution-title-sql-injection-vulnerability/

Go to topic listing

×

Forums
All Activity
Guidelines
Hosting
- Back
- Home
- Help Desk
- Billing
- Status

×

Create New...