On Mon, 29 Mar 2004 13:56:33 +0200, Stefan Hornburg wrote: >Dear Interchange community ! > >All versions of Interchange (4.8.x, 5.0.x, 5.1.x) contain a security hole >which allows an attacker to expose arbitrary variable contents by using >an URL like http://shop.example.com/cgi-bin/store/__SQLUSER__. This also applies to 4.9.x, but I can confirm that Kevin's patch fixes the problem for 4.9.6 and 4.9.7. - Cheers Lyn St George +--------------------------------------------------------------------------------- + http://www.zolotek.net .. eCommerce hosting, consulting +---------------------------------------------------------------------------------- _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.