Sql Injection Issue

- OpenX Community Forums

Welcome Guest ( Log In | Register )

OpenX Community Forums > Announcements > News and Announcements

Closed Topic

Start new topic

Sql Injection Issue

alicia_openx View Member Profile	Aug 12 2010, 11:27 PM Post #1
Expert Group: Admin Posts: 163 Joined: 13-January 09 From: Pasadena, CA Member No.: 25,179	Dear Community, It came to our attention this week that there is a potentially serious SQL injection vulnerability in the current and past versions of OpenX 2.8. The vulnerability is limited to read queries for MySQL users, but could be used to allow update, insert and delete queries for those of you who are using Postgres. There is already a fix in the public svn repository (see the fisheye links below). https://developer.openx.org/fisheye/changel...openx/?cs=58625 https://developer.openx.org/fisheye/changel...openx/?cs=58626 We anticipate rolling this and other fixes/features into the next 2.8 release in the next week. Until then if you are comfortable with OpenX code we highly recommend you take the time to apply the changes to your running server especially if you run Postgres as your database. We appreciate the members of the community who brought this to our attention and also to those in the community for the fixes. Best, The OpenX Team

« Next Oldest · News and Announcements · Next Newest »

Closed Topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Blog | Newsletter | Advertisers | Partners | About Us | Terms | Privacy

© 2009 OpenX