Injection SQL in IPB 4.4.10

RGS · May 28, 2020

Hi everyone.

Somebody alerted us with a hole in our IPB4 installation with a SQL injection :

We don't know how it dit it... and he claimed us a bonus in € for his help.

Our version is 4.4.10 at the moment.

Could you help me and / or advise us ?

Edited May 28, 2020 by RGS

Dean_ · May 28, 2020

IPS should be along shortly but I’m sure there’s an official way to submit things like this.

bfarber · May 28, 2020

Hello,

This is not an SQL injection - he supplied a username that was longer than we are able to store in the login log column. We'll address this as a bug, but there's no security concern here.

Thanks

RGS · May 28, 2020

Thx for your messages.

We can sleep calmly.

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

Injection SQL in IPB 4.4.10

Recommended Posts

RGS

Dean_

bfarber

RGS

Recently Browsing 0 members

More