VideoDB index.php Unspecified Input Filtering Issue

2004-12-04T03:45:33
ID OSVDB:13944
Type osvdb
Reporter OSVDB
Modified 2004-12-04T03:45:33

Description

Vulnerability Description

Several security fixes at:

profile.php: sql injection in VDBuserid cookie setup.php: sql injection in VDBuserid cookie users.php: sql injection in password borrowask.php: no changes? index.php: some input filtering changes--unknown result

Solution Description

Upgrade to version 2.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Several security fixes at:

profile.php: sql injection in VDBuserid cookie setup.php: sql injection in VDBuserid cookie users.php: sql injection in password borrowask.php: no changes? index.php: some input filtering changes--unknown result

References:

Vendor URL: http://videodb.sourceforge.net/ Vendor Specific News/Changelog Entry: http://cvs.sourceforge.net/viewcvs.py/videodb/videodb/doc/CHANGES?view=markup Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=295443 Secunia Advisory ID:13765 Related OSVDB ID: 13940 Related OSVDB ID: 13942 Related OSVDB ID: 13943 Related OSVDB ID: 13941 Mail List Post: http://archives.neohapsis.com/archives/apps/freshmeat/2005-01/0007.html