Subject: The mailing list for listmasters using Sympa
List archive
- From: IKEDA Soji <address@concealed>
- To: Roy Sigurd Karlsbakk <address@concealed>
- Cc: "address@concealed" <address@concealed>
- Subject: Re: [en@sympa] SQL injection
- Date: Tue, 8 Oct 2024 08:09:48 +0900
Hi Roy,
> 2024/10/08 3:52、Roy Sigurd Karlsbakk <address@concealed>のメール:
>
> It seems there's an SQL injection bug for Sympa 6.2.70 (from Debian). I
> can't find any docs on this. Is this known?
>
> This was found by Nessus on one of our regular scans and indeed it managed
> to insert data into the db without having login to the system.
>
> I have more data if that is necessary. I'll just check with my colleagues
> if the report is suitable to be sent in the open.
>
Please provide sensitive information about security flaw to
<address@concealed <mailto:address@concealed>>. Thank you.
— Soji
> roy
> --
> Roy Sigurd Karlsbakk
> address@concealed
> +47 9801 3356
> --
> I all pedagogikk er det essensielt at pensum presenteres intelligibelt. Det
> er et elementært imperativ for alle pedagoger å unngå eksessiv anvendelse
> av idiomer med xenotyp etymologi. I de fleste tilfeller eksisterer adekvate
> og relevante synonymer på norsk.
>
-
[en@sympa] SQL injection,
Roy Sigurd Karlsbakk, 10/07/2024
- Re: [en@sympa] SQL injection, IKEDA Soji, 10/07/2024
Archive powered by MHonArc 2.6.19+.