Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Jan 2015 13:07:32 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-Request -- ferretCMS v.1.0.4-alpha --
 Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file
 upload

On Fri, Jan 23, 2015 at 07:14:56AM +0100, Steffen Rösemann wrote:
> I found multiple reflecting/stored XSS- and SQLi-vulnerabilities as well as
> an unrestricted file upload in the CMS ferretCMS v.1.0.4 which is currently
> in the alpha development stage.

>From https://github.com/JRogaishio/ferretCMS/issues/63

"""
However, please know that ferretCMS is in the 'alpha' development stage and as
such is NOT recommended to be used on live websites.
"""

-- 
Henri Salo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ