Jump to content

3.0.4 Local PHP File Inclusion and SQL Injection


awiedman

Recommended Posts

The advisory of course sounds scary, but realistically both issues are relatively mitigated already. The SQL injection requires a moderator account (or above) to perform, and the local file inclusion requires that a malicious script has already been uploaded to your server. We have been verifying the patches over the weekend and they've proved stable. We decided to simply roll them into 3.0.5 and release 3.0.5 this week, instead of making a separate release for the patches this week.

Link to comment
Share on other sites


The advisory of course sounds scary, but realistically both issues are relatively mitigated already. The SQL injection requires a moderator account (or above) to perform, and the local file inclusion requires that a malicious script has already been uploaded to your server. We have been verifying the patches over the weekend and they've proved stable. We decided to simply roll them into 3.0.5 and release 3.0.5 this week, instead of making a separate release for the patches this week.



Is there going to be something released for 2.3.6 too?
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...