Current time: 11-24-2024, 01:54 AM Hello There, Guest! (LoginRegister)


Post Reply 
ispCP Omega 1.0.5 Security Announcement
Author Message
Nuxwin
Unregistered

 
Post: #1
Exclamation ispCP Omega 1.0.5 Security Announcement
Dear ispCP Users ;

Today, a new security hole was discovered in ispCP stable release.

This security hole allows your customers to connect to the database (pma) from other customers by passing arbitrary identifiers in the URL via the client/sql_auth.php script.

For better information, and to learn how to fix this security hole, you can read the following ticket:

http://isp-control.net/ispcp/ticket/2410

Note: This security hole also affect all prior versions of ispCP ω that implement the client/sql_auth.php script.

Best Regards :


Edit:

See http://isp-control.net/ispcp/ticket/2410#comment:9 for a quick fix.
07-23-2010 10:02 PM
Quote this message in a reply
Nuxwin
Unregistered

 
Post: #2
RE: ispCP Omega 1.0.5 Security Announcement
Benedikt was provided a patch for the client/sql_auth.php script :

http://isp-control.net/ispcp/raw-attachm...auth.patch

This patch fix the security hole described above.

Best Regards ;
07-24-2010 02:55 AM
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)