Mar 17, 2010 | 04:47 PM  
Welcome

Don't have an account yet? You can create one, it is free, just click here

as a registered user you have some advantages like free downloads, comments and posting on our forums, depending upon this site's configuration and options.

 • •  Control Panel - Register - Login  • • 
Current Stable MDPro Lite 1.0821 Download
Latest Comments
  Re: Have you receive...
العاب ون - &#...
odai

  Re: MDContact 3
We will release a new version in next days, we are work...
TiMax

  Re: MDContact 3
Mdpro is great, I can't find these features anywhere el...
irmadilley

Posted by : TiMax - Tuesday, January 10, 2006
Security
The MAXdev CMS Development Team was notified by Andreas Krapohl [larsneo] about an exploit discovered by secunia.com that is a vulnerability in the adodb database abstraction layer.
VULNERABILTIES Arbitrary SQL code execution via adodb (when db-user is 'root' without password)


SOLUTION It is recommended that all admins check for the following file and remove it if found: pnadodb/server.php
The main MD-Pro packages have been updated.
CREDITS The exploit was originally discovered by Secunia (http://www.secunia.com), additional information was provided by Maksymilian Arciemowicz (http://www.securityreason.com)MAXdev Team


   Printer friendly page  

Arbitrary SQL code execution via adodb | Login/Create an account | 1 Comment
Comments are owned by their poster. We aren't responsible for their content.
Re: Arbitrary SQL code execution via adodb (Score: 1)
by dpottier (Zar_Dos@DOS-Czars.Org) on Jan 10, 2006 - 03:59 AM
(User information | Send a Message) http://bush-waterhouse.com)

Thanks to secunia.com, larseno and the MDPro Development team for the timely Newsletter security update.