RGS Posted May 28, 2020 Share Posted May 28, 2020 (edited) Hi everyone. Somebody alerted us with a hole in our IPB4 installation with a SQL injection : We don't know how it dit it... and he claimed us a bonus in € for his help. Our version is 4.4.10 at the moment. Could you help me and / or advise us ? Edited May 28, 2020 by RGS Link to comment Share on other sites More sharing options...
Dean_ Posted May 28, 2020 Share Posted May 28, 2020 IPS should be along shortly but I’m sure there’s an official way to submit things like this. Link to comment Share on other sites More sharing options...
bfarber Posted May 28, 2020 Share Posted May 28, 2020 Hello, This is not an SQL injection - he supplied a username that was longer than we are able to store in the login log column. We'll address this as a bug, but there's no security concern here. Thanks Rhett and BomAle 2 Link to comment Share on other sites More sharing options...
RGS Posted May 28, 2020 Author Share Posted May 28, 2020 Thx for your messages. We can sleep calmly. Link to comment Share on other sites More sharing options...
Recommended Posts