Follow glFusion on Facebook

Follow glFusion on Twitter

glFusion v1.1.2 and earlier SQL Injection Issue

Friday, April 03 2009 @ 03:48 PM CDT

Contributed by: Mark

An additional SQL injection vulnerability has been identified in all current versions of glFusion that could allow an attacker to expose the password hash for any user on your site. This could lead to an attacker successfully logging into your site using those compromised credentials.

All glFusion users should replace the lib-sessions.php source file with this updated version which will remove the vulnerability:

private/system/lib-sessions.zip

glFusion v1.1.3 has been released and includes all security fixes.

Currently 0.00/5

Rating: 0.00/5 (0 votes cast)

What's Related

Story Options

Navigation

My Account

Sign up as a New User
Lost your password?

What's New

Stories

Comments last 2 days

No new comments

DokuWiki last 2 days

No new items

Files last 14 days

Syndication

New Articles
New Comments
New Forum Posts
Latest File Uploads
Wiki Updates
Known Issues/Updates

Want to Help?

Join the Dev Community today!

Interested in helping out?
Join our Dev Community!

Support glFusion

Vote for glFusion at opensourcecms.com

Arabic

Bulgarian

Catalan

Chinese Simplified

Chinese Traditional

Croatian

Czech

Danish

Dutch

Filipino

Finnish

French

German

Greek

Hebrew

Hindi

Indonesian

Italian

Japanese

Korean

Latvian

Lithuanian

Norwegian

Polish

Portugese

Romanian

Russian

Serbian

Slovak

Slovenian

Spanish

Swedish

Ukrainian

Vietnamese