Gentoo: 202311-08 Moderate: drupal SQL Injection DoS and XSS
gentoo
September 2, 2003
phpwebsite contains an sql injection vulnerability in the calendarmodule which allows the attacker to execute sql queries.
Summary
- - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200309-03 - - ---------------------------------------------------------------------
- - ---------------------------------------------------------------------
phpwebsite contains an sql injection vulnerability in the calendar module which allows the attacker to execute sql queries.
In addition phpwebsite is also vulnerable to XSS, more information can be found in the full advisory.
Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=106062021711496&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running net-www/phpwebsite upgrade to phpwebsite-0.9.3_p1 as follows:
emerge sync emerge phpwebsite emerge clean
- - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - - ---------------------------------------------------------------------
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
PACKAGE : phpwebsite
SUMMARY : SQL Injection, DoS and XSS Vulnerabilities
DATE : 2003-09-02 08:54 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =phpwebsite-0.9.3_p1
CVE :
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!