EE security notice, read this.

Pekka · 1st of June 2005 (Wed)

In all current EE installations, due to a possibility of "mysql injection" attack, please change line 8 in file slashwork.php

print mysql_error();

with

//print mysql_error();

This will void possible textual result of injection attack. EE 1.22 users are adviced to upgrade to EE 1.5RC4 and apply above fix. In next EE version all database errors are logged in editor only.

Thanks for Bernhard Mueller from http://www.sec-consult.com for reporting me this security advisory.

I have attached the fixed slashwork.php file for EE 1.5RC4:

neil_r · 1st of June 2005 (Wed)

many thanks

N

Adrian · 20th of July 2005 (Wed)

Much obliged,

Thanks

1st of June 2005 (Wed)	#2
neil_r Cream of the Proverbial Crop Landscape and Cityscape Photographer 2006 Join Date: Jan 2003 Location: Mumbai, Pune or Bengaluru Posts: 12,782	Re: EE security notice, read this. many thanks N __________________ Neil - © NHR Photography Commercial Site - Fun Site - Gear List  There are no rules for good photographs, there are only good photographs. ~ Ansel Adams

20th of July 2005 (Wed)	#3
Adrian Member Join Date: Sep 2003 Location: East Sussex, UK. Posts: 368 IMAGE EDITING OK	Re: EE security notice, read this. Much obliged, Thanks __________________ All the best, Adrian... Do not deprive me of solitude without providing me with company. (Alexander Pope 1711) **Equipment list**

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
At first I didn't notice the people	sam casey	Nature & Landscapes	3	10th of July 2007 (Tue) 14:37
Be still and no one will notice	athomefun	Birds	3	28th of January 2007 (Sun) 16:27
I have read all I can read on lighting...	kpiela	Small Flash and Studio Lighting	13	17th of September 2006 (Sun) 11:22
ever notice......	saturnin	General Photography Talk	9	21st of April 2006 (Fri) 10:41