Skip to content

Security Release 0.10.34 - Possible authenticated SQL injection via API
Compare
Choose a tag to compare
@d00p d00p released this 01 Apr 07:42
0.10.34
This tag was signed with the committer’s verified signature.
d00p Michael Kaufmann
GPG key ID: F6B4A8704F9E9BBC
Verified
Learn about vigilant mode.
4546c00
This commit was signed with the committer’s verified signature.
d00p Michael Kaufmann
GPG key ID: 08A83830520FCECB
Verified
Learn about vigilant mode.

This security release fixes a vulnerability that allows remote attackers to execute arbitrary SQL queries on affected installations of froxlor. Authentication as a admin/customer with API access is required to exploit this vulnerability. See more here: https://bit.ly/rls01034

Assets 4
Loading