*URGENT* CPVLab Patch (5)
If you use cpvlab, please check your email. They have just sent out a patch because a vulnerability was discovered for some server configurations.
not automatically escaping characters such as
single quotes, double quotes and where causing
problems with the login query in CPV Lab.
Please download this file...
http://cpvlab.com/forusers/escape_ch...rs_removed.zip
Unzip the file and upload to your CPV Lab Installation
overwriting the existing page.
Also note for duplicate emails, but I'll be sending this
out one more time to make sure all users receive this
email...my apologies for the duplicate email.
thanks, I do use them.
Just slapped it in, ... pretty easy, i.e replace login.php! 
When I saw his email come in, ... I thought it was the V2.12 update...... sadly not 
The "problem" it causes is being able to do SQL injection from the login screen. Meaning you can login to anyone's install very easily without their password, or run any sql commands you wanted (ie, wipe out your database). I like how sly they're being bout downplaying the issue. Classy. Noob programming FTL.
Yes kyleirwin - your right. Sql injection was possible and affected servers would be wide open for anyone to go in and rip your stuff.
I know some people got hit by this bad.
That said - most server installs are not affected because they run with "Magic Quotes On" as their default php.ini setting.
I am glad though that Robert did not spill the full beans. I would have been pritty upset if he had sent out an email with full details on how to hack my server
Yes - mine was one of the few vulnerable ones.
Home > General > Affiliate Marketing Forum