[ic] Security Problem in Interchange
Lyn St George
lyn at zolotek.net
Mon Mar 29 13:14:58 EST 2004
On Mon, 29 Mar 2004 13:56:33 +0200, Stefan Hornburg wrote:
>Dear Interchange community !
>
>All versions of Interchange (4.8.x, 5.0.x, 5.1.x) contain a security hole
>which allows an attacker to expose arbitrary variable contents by using
>an URL like http://shop.example.com/cgi-bin/store/__SQLUSER__.
This also applies to 4.9.x, but I can confirm that Kevin's
patch fixes the problem for 4.9.6 and 4.9.7.
-
Cheers
Lyn St George
+---------------------------------------------------------------------------------
+ http://www.zolotek.net .. eCommerce hosting, consulting
+----------------------------------------------------------------------------------
More information about the interchange-users
mailing list