Vulnerabilities database

  • jhvanee
  • Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
3 years 4 days ago - 3 years 4 days ago #7524 by jhvanee
Vulnerabilities database was created by jhvanee
It's not realy a bug, but according to the database Huge IT Slider Component version 1.1.0 is vulnerable. However, according to joomla data, this version is not vulnerable.
"Huge IT Slider,1.0.9,SQL Injection Resolution: update to 1.1.0 update notice: huge-it.com/joomla-extensions-security-notice/ "
Last edit: 3 years 4 days ago by jhvanee.

Please Log in or Create an account to join the conversation.

More
3 years 4 days ago #7525 by Jose
Replied by Jose on topic Vulnerabilities database
Hi jhvanee,

I didn't test it, but I followed this notice:
packetstormsecurity.com/files/138076/Hug...S-SQL-Injection.html

Please, take note that I also check other sources to contruct the database, so there could be differences between Joomla data and mine.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • jhvanee
  • Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
3 years 4 days ago - 3 years 4 days ago #7526 by jhvanee
Replied by jhvanee on topic Vulnerabilities database
Jose, thanks for your quick reply.
The info on packetstormsecurity.com/files/138076/Hug...S-SQL-Injection.html concerns version 1.0.9
Due to the vulnerability, an update has been made to version 1.1.0. It would be safe again. At least I understand this from this info and the information from Joomla ;)

Regards,
Harry
Last edit: 3 years 4 days ago by jhvanee.

Please Log in or Create an account to join the conversation.

More
3 years 4 days ago #7527 by Jose
Replied by Jose on topic Vulnerabilities database
You're welcome Harry!

Due to the vulnerability, an update has been made to version 1.1.0. It would be safe again. At least I understand this from this info and the information from Joomla

Yes, having a version upper to 1.0.9 will keep you safe.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • jhvanee
  • Topic Author
  • Offline
  • Senior Member
  • Senior Member
More
3 years 4 days ago #7528 by jhvanee
Replied by jhvanee on topic Vulnerabilities database
Thank you, but isn't it strange that SCP indicates that version 1.1.0 is vulnerable? Sorry to insist that way.
The following user(s) said Thank You: Jose

Please Log in or Create an account to join the conversation.

More
3 years 4 days ago #7529 by Jose
Replied by Jose on topic Vulnerabilities database
Hi Harry,

Sorry for the delay.

You're right: there was a duplicate entry for Huge IT saying that 1.1.0 version was vulnerable. I have removed it and it will be fine in the next update.

Thank you very much for reporting this!

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.161 seconds
Copyright © 2023 Securitycheck Extensions. All Rights Reserved.

This site is not affiliated with or endorsed by the Joomla! Project. It is not supported or warranted by the Joomla! Project or Open Source Matters. The Joomla! logo is used under a limited license granted by Open Source Matters, the trademark holder in the United States and other countries.

We may collect your IP address and your browser's User Agent string while using our site for security reasons. This information is retained only until we check you're not trying to hack our website.