Full Disclosure mailing list archives
[Fwd: DeskPRO News - v1.1.2 and v2.0.0 Beta 4]
From: Rainer Gerhards <rgerhards () hq adiscon com>
Date: Tue, 07 Oct 2003 10:54:36 +0200
As I haven't seen it on this list or somewhere else. This is regarding DeskPRO, a web based help desk solution. We received this yesterday from the vendor (a second note, was also reported earlier). We now tracked down the cause of this issue as it is not fully disclosed. In short: it is the "normal" SQL injection issue with an unchecked GET integer parameter. At least, we found this after a little diff... If you use this software and have not upgraded yet, it definitely is *NOW* time to do it. You can find details at http://www.deskpro.com/ Rainer
#################################### # DESKPRO v1.1.2 RELEASE # #################################### It is vitally important that you update your DeskPRO v1 installation to v1.1.2. The release fixes a security issue which every installation is open to. Please ensure the update is done as soon as possible. It is particularly important that you update the following files: /login.php /includes/functions.php /includes/functions2.php /admin/login.php /tech/login.php
ACCESS PAGE : http://www.deskpro.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Fwd: DeskPRO News - v1.1.2 and v2.0.0 Beta 4] Rainer Gerhards (Oct 07)