Some vulnerablities has been found in piCal 0.60beta03.
Date 2004-06-22 19:10:31 | Category: Site News
|
A XOOPS site in brasil has been posted illegal events from some cracker as a guest yesterday. The cracker introduce him/herself as LEONE_PARK.
Although I don't see how to post the events, I've found some vulnerablities -SQL Injection & CSRF- from piCal 0.60beta03 at least.
Thus, I've just released fixed version of piCal named 0.60beta04.
I don't think this vulnerablity is so serious or emergency, you'd better update piCal to 0.60beta04.
This vulnerablities might exist in all versions of piCal but >= 0.60beta04.
|
|