PHPDeveloper.org: Community News: Serendipity 1.1.3 and 1.2-beta2 released due to SQL exploit

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

Job Posting: Kodak Graphic Communications Group Seeks PHP Application Developer (Stamford, CT)

News Archive

Till's Blog: ZendFramework (performance) II

Sebastian Bergmann's Blog: Freezing and Thawing PHP Objects

Jani Hartikainen's Blog: NetBeans 6.5 review (with PHP support)

Rob Allen's Blog: File uploads with Zend_Form_Element_File

PHPro.org: Calculate Friday The 13th With Datetime Class

Marco Tabini's Blog: It turns out, I was wrong

Community News: Latest PEAR Releases for 12.01.2008

Site News: Job Postings for the week of 11.23.2008

KillerPHP.com: Creating a Wordpress Theme from Scratch (Video)

Chris Hartjes' Blog: Handling Multiple Environments In Your PHP Application

Community News:
Serendipity 1.1.3 and 1.2-beta2 released due to SQL exploit

by Chris Cornutt June 19, 2007 @ 07:47:00

As Christopher Kunz points out, Serendipity users should check out a new blog posting over on the CMS system's website concerning an immediate update they've released.

Serendipity 1.1.3 and 1.2-beta2 have been released due to a SQL injection attack reported by Dr. Neal Krawetz today. It is possible to abuse a 'commentMode' variable to inject SQL code that was targeted to the function that fetches comment information. This variable was introduced to Serendipity 1.1 - all prior versions are not affected.

They also suggest checking you access logs for a "commentMode" variable issued in requests to see if there were any kind of attacks made already. The fix is a simple matter of editing the functions_comments.inc.php file and replacing the line of code they give with the more secure versions. Again, this is recommended as an immediate upgrade for Serendipity users.

0 comments voice your opinion now!
serendipity cms sql exploit commentmode functioncomments serendipity cms sql exploit commentmode functioncomments

Similar Posts

Community News: Drupal Wins Packt's Overall Open Source Content Management System Award

Technovated.com: A CMS solution on Mediatemple w/ the Seagull PHP Framework, inc Google Maps

OpenSourceCommunity.org: What do you think makes a good CMS?

Paul Jones' Blog: What Does This Say About Unit-Testing in PHP Land?

FrSIRT: Vivvo Article Management CMS SQL Injection and PHP File Inclusion Vulnerabilities

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework