Some vulnerablities has been found in piCal 0.60beta03.

Date 2004-06-22 19:10:31 | Category: Site News

A XOOPS site in brasil has been posted illegal events from some cracker as a guest yesterday.
The cracker introduce him/herself as LEONE_PARK.

Although I don't see how to post the events, I've found some vulnerablities -SQL Injection & CSRF- from piCal 0.60beta03 at least.

Thus, I've just released fixed version of piCal named 0.60beta04.

I don't think this vulnerablity is so serious or emergency, you'd better update piCal to 0.60beta04.

This vulnerablities might exist in all versions of piCal but >= 0.60beta04.




You can read more news at PEAK XOOPS.
http://xoops.peak.ne.jp

The URL for this story is:
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=17