Arbitrary SQL code execution via adodb Support and security / Security Posted by TiMax on Jan 09, 2006 - 02:02 PM |
|
The MAXdev CMS Development Team was notified by Andreas Krapohl [larsneo] about an exploit discovered by secunia.com that is a vulnerability in the adodb database abstraction layer. VULNERABILTIES Arbitrary SQL code execution via adodb (when db-user is 'root' without password) SOLUTION It is recommended that all admins check for the following file and remove it if found: pnadodb/server.php The main MD-Pro packages have been updated. CREDITS The exploit was originally discovered by Secunia (http://www.secunia.com [1]), additional information was provided by Maksymilian Arciemowicz (http://www.securityreason.com [2])MAXdev Team |
|
This story comes from MAXdev http://www.maxdev.com/ The URL for this story is: http://www.maxdev.com/modules.php?op=modload&name=News&file=article&sid=550 Links in this article [1] http://www.secunia.com/ [2] http://www.securityreason.com/ |