SQL injection in username field
Bug #556369 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Critical
|
Unassigned | ||
mahara (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Jaunty |
Fix Released
|
High
|
Unassigned | ||
Karmic |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: mahara
There is an exploitable SQL injection in the code used to generate new usernames.
I will attach here debdiffs for both jaunty and karmic.
For lucid, I will file a separate sync request.
( Also see upstream bug report at https:/
CVE References
To post a comment you must log in.
Marking Invalid for Lucid. See bug #556407 instead (sync request).