Resources

Getting started

Support

Development

Topics

User Functions

Events

There are no upcoming events

What's New

Stories

No new stories

Comments last 2 weeks


Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

NEW FILES last 14 days

No new files

Welcome to Geeklog Wednesday, June 19 2013 @ 06:54 AM EDT

> >

EasyFile plugin SQL injection

Security
  • Thursday, March 29 2012 @ 12:15 PM EDT
  • Contributed by:
  • Views:
    3,351

An SQL injection vulnerability in the EasyFile plugin has been found and published by a user who calls himself Hellboy (the vulnerability is reported as being in Geeklog, but it really only affects the EasyFile plugin).

Given that the EasyFile plugin hasn't been updated in years, we assume that it is no longer maintained. If you use this plugin on your site, we recommend that you uninstall the plugin and remove all the files that belong to it as soon as possible.

We have removed the EasyFile plugin from our download area. If there are any other sites out there mirroring the plugin, please remove it from those sites as well. Thank you.

What's Related

Story Options

Trackback

Trackback URL for this entry:
http://www.geeklog.net/trackback.php/easyfile-plugin-sql-injection

Here's what others have to say about 'EasyFile plugin SQL injection':

[...] Geeklog entfernt und sollte aus Mirrors und allen betroffenen Installationen gelöscht werden. Details: EasyFile plugin SQL injection Tags: Blog-Software, CMS, Content Management Systeme, Freie Software, Geeklog, Open Source, WCM, Web Content [...] [read more]

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Post a Comment

Your Name
Create Account
Allowed HTML Tags:
<p>, <b>, <strong>, <i>, <a>, <em>, <br>, <tt>, <hr>, <li>, <ol>, <ul>, <code>, <pre>, [code], [raw], [page_break], [staticpage:]InformationInformation[staticpage: id alternate title] - Displays a link to a static page using the static page title as the title. An alternate title may be specified but is not required. , [event:]InformationInformation[event: id alternate title] - Displays a link to an Event Link from the Calendar using the Event Title as the title. An alternate title may be specified but is not required. , [poll:]InformationInformation[poll: id alternate title] - Displays a link to a poll using the Poll Topic as the title. An alternate title may be specified but is not required. , [link:]InformationInformation[link: id alternate title] - Displays a link to a Link from the Links Plugin using the Link Title as the title. An alternate title may be specified but is not required. , [faq:], [forum:]InformationInformation[forum: id alternate title] - Displays a link to a forum topic using the text 'here' as the title. An alternate title may be specified but is not required. , [file:], [story:]InformationInformation[story: id alternate title] - Displays a link to a Story using the Story Title as the title. An alternate title may be specified but is not required. , [user:]InformationInformation[user: name alternate title] - Displays a link to a User using the Username as the title. An alternate title may be specified but is not required.
 

Security code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

What code is in the image?
Enter the bolded text, case sensitive!
Important Stuff
  • Please try to keep posts on topic.
  • Try to reply to other people comments instead of starting new threads.
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Your email address will NOT be made public.