php Arcade Script
May 22, 2012, 01:11:17 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: To upgrade your forum account and access the phpAS Owners Only Section, you need to Log in to the members area and fill out the box at the top of the page. Doing this will get you verified as an official script owner and you will then be able to access the phpAS owner forums.

WARNING: At no time can a phpArcadeScript Owner offer a copy of phpArcadeScript to another person, whether it be someone who is looking for the script or even a current phpArcadeScript owner. Please refer all questions for sales or support at http://www.phparcadescript.com/support    Click Here To Check If Licence Is Valid.

Important notice regarding Php Arcade Script: http://www.phparcadescript.com/forums/index.php/topic,8316.0.html
Important notice regarding forum support: http://www.phparcadescript.com/forums/index.php/topic,8317.0.html

Is your email updated? http://www.phparcadescript.com/forums/index.php/topic,8321.0.html
 
   Home   Help Arcade Login Register  
php Arcade Script  > phpArcadeScript > Pre-Sales Questions > SQL injection vulnarability as reported by nist.gov

IMPORTANT:

We have started a new forum that will replace this one in full shortly. You can still reply to existing topics on this forum, but new topics cannot be started here. Please start your new topics on the new forum: here.
Read more about this change here.
Pages: [1]
« previous next »
  Print  
Author Topic: SQL injection vulnarability as reported by nist.gov  (Read 1126 times)
ThaiIDN
Newbie
*
Posts: 7
« on: February 06, 2010, 02:42:25 PM »
Hi,

I was wondering about the vularability of PHPAS having SWL injection vulnarability as reported by nist.gov here: Source: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3711

Specifically:
SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action.
Vulnerable software and versions
 Configuration 1

  OR

   * cpe:/a:phparcadescript:phparcadescript:4.0

Has this vulnaribility been fixed/patched?
Logged
ThaiIDN
Newbie
*
Posts: 7
« Reply #1 on: February 06, 2010, 02:48:07 PM »
Sorry, the forum doesn't allow me to edit, I meant SQL Injection not SWL
Logged
ThaiIDN
Newbie
*
Posts: 7
« Reply #2 on: February 06, 2010, 02:53:59 PM »
I am asking this because I am strongly considering to buy phparcadescript.com but I also saw someone reporting the problem on http://www.talkarcades.com/phparcadescript/10040-phpas-v4-sql-injection.html as well.
Logged
phpas
Administrator
Sr. Member
*****
Posts: 341



WWW
« Reply #3 on: February 08, 2010, 12:39:38 PM »
This was patched a long time ago and no longer is a issue.
Logged
phpAS Addons / Mods
PHP Arcade Templates
HostGator $4.95 per Month
Pages: [1]
  Print  

IMPORTANT:

We have started a new forum that will replace this one in full shortly. You can still reply to existing topics on this forum, but new topics cannot be started here. Please start your new topics on the new forum: here.
Read more about this change here.
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!