Multiple vulnerabilities in extension ve_guestbook
02.08.07 09:35 Age: 3 yrs
Once again a security hole was found in a third party extension. This time the affected extension is ve_guestbook. The security bulletion says the following:
Some versions of the extension are exposed to SQL injection because they fail to properly sanitize user-supplied input. Besides that, some versions are not preventing Cross Site Scripting attacks properly.
It's highly recommend to update to version 2.0.0 which is available from the TER. Especially the timtab bloggers out there sould update asap!
Greets,
Thomas
- Related News:
Two new secutrity reports - 17-07-07 07:17- Security Bulletin: civserv - 12-07-07 12:42
Advertising
Meta
