Contributed by: Dirk on Saturday, April 18 2009 @ 07:15 am EDT
Last modified on
Bookoo of the Nine Situations Group has posted yet another SQL injection exploit. This time, the problem is in usersettings.php and can again be used by an attacker to extract the password hash for any account. Geeklog 1.5.2sr4 fixes this issue and is available for download