oss-sec mailing list archives
CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php
From: Ronald van den Blink <oss-security () securityview nl>
Date: Wed, 18 Jan 2012 14:31:19 +0100
Hi, Can we please have a CVE assigned for the following fix in Batavi 1.2.1 (http://sourceforge.net/projects/batavi/files/). As pointed out by Canberk BOLAT of Mavituna Security, version before 1.2.1 have a Blind SQL Injection Vulnerability in the boxToReload parameter of ajax.php. This has been fixed in Batavi 1.2.1. Relevant part of the changelog: For details about the changes of the downloaded version you'll find a changes.txt in the root folder of the package. Version 1.2.1 [..] Security: - Fixed SQL injection in modules; - Improvements methods of Database to handle it; - All data which come from user going via special check to strip all dangerous values. [..] With kind regards, Ronald van den Blink Project Manager Iceshop BV Iceshop BV is the main contributor to the next generation open source e-commerce software Batavi. Batavi is the first open source e-commerce software that can easy handle more than 100.000 products and has native Icecat (www.icecat.biz) integration.
Current thread:
- CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 18)
- Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Kurt Seifried (Jan 18)
- Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 18)
- Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 19)
- Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Kurt Seifried (Jan 19)
- Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Henri Salo (Jan 19)
- Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 18)
- Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Kurt Seifried (Jan 18)