Bug #12254 Highly exploitable SQL Injection in MySQL Eventum
Submitted: 29 Jul 2005 1:39 Modified: 29 Jul 2005 2:45
Reporter: James Bercegy
Status: Closed
Category:Eventum Severity:S1 (Critical)
Version:MySQL Eventum 1.5.5 OS:FreeBSD (FreeBSD/Apache)
Assigned to: Bugs System Target Version:

[29 Jul 2005 1:39] James Bercegy 
Description:
Hello,

I wish to report a few serious SQL Injection issues in the latest version of MySQL
Eventum.

How to repeat:
I will not post technical details here, but developers may contact me at security [@]
gulftech[.] org

Suggested fix:
Will post privately to developers :)
[29 Jul 2005 2:45] Joao Prado Maia 
James,

Thank you for the report. I just fixed the bugs you outlined on our bitkeeper repository
of Eventum. We will discuss possibly releasing a 1.5.6 release with these fixes.

--Joao
[29 Jul 2005 2:57] Joao Prado Maia 
Err, I guess I wasn't very clear on my last sentence.

I meant that I will discuss with my co-worker possibly releasing in the next day or so a
1.5.6 version of Eventum with the fix for these bugs. Our roadmap right now is to release
1.6.0 a few weeks from now.

Thanks again for your report.

--Joao