13 lines
No EOL
672 B
Text
13 lines
No EOL
672 B
Text
source: https://www.securityfocus.com/bid/7634/info
|
|
|
|
A problem with ttCMS/ttForum could make it possible for a remote user to launch SQL injection attacks.
|
|
|
|
It has been reported that a problem exists in the Instant-Messages script distributed as part of the software. Due to insufficient sanitizing of input, it is possible for a remote user to inject arbitrary SQL into the database used by the web forums.
|
|
|
|
It should be noted that the current version of YaBB SE, the Forum that ttForum was derived from, is not affected by this vulnerability.
|
|
|
|
http://www.example.org/board/index.php?action=imprefs
|
|
|
|
Go to the Ignorelist-Textfield and enter:
|
|
|
|
',memberGroup='Administrator |