Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL injection vulnerability in Pragyan CMS v.3 #206

Closed
ghost opened this issue Jan 19, 2015 · 5 comments
Closed

SQL injection vulnerability in Pragyan CMS v.3 #206

ghost opened this issue Jan 19, 2015 · 5 comments
Labels

Comments

@ghost
Copy link

ghost commented Jan 19, 2015

Dear developer team.

Yesterday, I found a SQL injection vulnerability in the current release of Pragyan CMS v.3.

If you are interested about the information, please provide me an email address, where I can send my informations to. If you want me to post the information directly on Github, please let me know.

I located the vulnerability in the code, too, and could suggest a patch for this issue, if you are interested.

I am releasing a security advisory on my blog (without technical details, see: http://sroesemann.blogspot.de/2015/01/sroeadv-2015-11.html). If you are not responding until 2nd February 2015 (UTC+1) I am gonna release the technical details as well and post the issue to the security mailing list FullDisclosure.

Thank you for your attention.

Greetings from Germany.

Steffen Rösemann

@vshriram93
Copy link
Member

Hi Steffen Rösemann,
Thanks for reaching to us. Would be good, if you could mail the vulnerability to vshriram93@gmail.com ?
Thanks,
Shriram

@ghost
Copy link
Author

ghost commented Jan 19, 2015

Hi Shriram.

Just have sent you the technical details, including my suggestion for a patch and the screenshot to the above mentioned email address.

Thank you very much.

Greetings.

Steffen Rösemann

@ghost
Copy link
Author

ghost commented Jan 31, 2015

Dear Shriram.

Its been 12 days since my initial report for this issue.

Are there any news on patching these vulnerabilities?

Greetings.

Steffen

@ghost
Copy link
Author

ghost commented Feb 3, 2015

Details public here: http://seclists.org/fulldisclosure/2015/Feb/18

@ghost
Copy link
Author

ghost commented Feb 4, 2015

This issue has been assigned CVE-2015-1471.

See http://seclists.org/oss-sec/2015/q1/402.

@ghost ghost closed this as completed Feb 4, 2015
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants