Possible security hole in EasyBook 1.x |
A few days ago an exploit for a SQL-injection leak in EasyBook 1.x has been published. We're working hard on a fixed version, which will be published during the next days. Please notice that the leak can only be used when the administrators e-mail address has been spoofed by the attackers - so, it's recommend to change the address to something that can't be guessed by any attackers.
More information under: http://secunia.com/advisories/30539/
|