oss-sec mailing list archives

CVE request: contao before 2.11.4 sql injection

From: Hanno Böck <hanno () hboeck de>
Date: Fri, 31 Aug 2012 12:21:05 +0200

bug tracker info:
https://github.com/contao/core/issues/4427

Upstream changelog:
http://contao.org/en/changelog/versions/2.11.html
"Fixed a critical privilege escalation vulnerability which allowed
regular users to make themselves administrators (thanks to Fabian
Mihailowitsch) (see #4427)."

I think this has no CVE yet, please assign CVE.

-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:

Current thread:

CVE request: contao before 2.11.4 sql injection Hanno Böck (Aug 31)
- Re: CVE request: contao before 2.11.4 sql injection Kurt Seifried (Aug 31)