Stefan Hornburg wrote:
I manually applied this patch to the 4.8.6 system I have running, restarted IC, flushed my browser cache and still seeing the same results... any thoughts?Dear Interchange community ! All versions of Interchange (4.8.x, 5.0.x, 5.1.x) contain a security hole which allows an attacker to expose arbitrary variable contents by usingan URL like http://shop.example.com/cgi-bin/store/__SQLUSER__.All Interchange applications using the standard "missing" special page from the demo catalog or a similar one are vulnerable to this attack. The attacker may learn the SQL access information for your Interchange application and use this information to read and manipulate sensitivedata.Attached are patches for the following Interchange versions: 4.8.x: Page-4.8.diff
Barry -- Barry Treahy, Jr E-mail: suppressed Midwest Microwave Phone: 480/314-1320 Vice President & CIO FAX: 480/661-7028
_______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.