Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2013-002: SQL injection in Versioned.php

Severity:
Critical (?)
Identifier:
SS-2013-002
Versions Affected:
2.4
Versions Fixed:
2.4.11
Release Date:
2013-08-08

The archiveDate parameter wasn't correctly escaping user input through URL parameters (download patch)

Thanks to Dean Jerkovich of NCC Group for reporting.