Menu

Topic-icon Vulnerabilities database

  • jhvanee
  • jhvanee's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
1 month 3 days ago - 1 month 3 days ago #7524 by jhvanee
Vulnerabilities database was created by jhvanee
It's not realy a bug, but according to the database Huge IT Slider Component version 1.1.0 is vulnerable. However, according to joomla data, this version is not vulnerable.
"Huge IT Slider,1.0.9,SQL Injection Resolution: update to 1.1.0 update notice: huge-it.com/joomla-extensions-security-notice/ "
Last edit: 1 month 3 days ago by jhvanee.

Please Log in or Create an account to join the conversation.

More
1 month 3 days ago #7525 by Jose
Replied by Jose on topic Vulnerabilities database
Hi jhvanee,

I didn't test it, but I followed this notice:
packetstormsecurity.com/files/138076/Hug...S-SQL-Injection.html

Please, take note that I also check other sources to contruct the database, so there could be differences between Joomla data and mine.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • jhvanee
  • jhvanee's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
1 month 3 days ago - 1 month 3 days ago #7526 by jhvanee
Replied by jhvanee on topic Vulnerabilities database
Jose, thanks for your quick reply.
The info on packetstormsecurity.com/files/138076/Hug...S-SQL-Injection.html concerns version 1.0.9
Due to the vulnerability, an update has been made to version 1.1.0. It would be safe again. At least I understand this from this info and the information from Joomla ;)

Regards,
Harry
Last edit: 1 month 3 days ago by jhvanee.

Please Log in or Create an account to join the conversation.

More
1 month 3 days ago #7527 by Jose
Replied by Jose on topic Vulnerabilities database
You're welcome Harry!

Due to the vulnerability, an update has been made to version 1.1.0. It would be safe again. At least I understand this from this info and the information from Joomla

Yes, having a version upper to 1.0.9 will keep you safe.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • jhvanee
  • jhvanee's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
1 month 3 days ago #7528 by jhvanee
Replied by jhvanee on topic Vulnerabilities database
Thank you, but isn't it strange that SCP indicates that version 1.1.0 is vulnerable? Sorry to insist that way.
The following user(s) said Thank You: Jose

Please Log in or Create an account to join the conversation.

More
1 month 3 days ago #7529 by Jose
Replied by Jose on topic Vulnerabilities database
Hi Harry,

Sorry for the delay.

You're right: there was a duplicate entry for Huge IT saying that 1.1.0 version was vulnerable. I have removed it and it will be fine in the next update.

Thank you very much for reporting this!

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.128 seconds
Powered by Kunena Forum

Login or Sign In