Important patch for sql injection security issue in UliCMS

Datum: 04.02.2016 13:51

The security researcher Manuel Garcia has discovered a sql injection security issue in spamfilter settings of UliCMS.

This security issue can be exploited even without authentication, since there is also the bug that the permission check on saving spamfilter settings is missing.
Manuel Garcia rates the security risk with 7,1 von 10 Punkten.

A patch was released.
Please install the patch "security-fix-spamfilter-settings" as soon as possible.

If you can't install the patch in UliCMS because your webserver doesn't allow connections to other servers you can download and install the patch manually.

Downloads

« Package Source for UliCMS 9.8.1 updatedUliCMS 9.8.2 "Insektopia Travel" released »

Comments

Name: *  
Homepage:  
Email: *  

 Ich habe die Datenschutzerklärung zur Kenntnis genommen. Ich stimme zu, dass meine Angaben und Daten zur Beantwortung meiner Anfrage elektronisch erhoben und gespeichert werden. Hinweis: Sie können Ihre Einwilligung jederzeit für die Zukunft per E-Mail an daten-entfernen@ulicms.de widerrufen.

No Comments existing yet.

Don't click this link