Bug #12254 Highly exploitable SQL Injection in MySQL Eventum
Submitted: 28 Jul 2005 23:39 Modified: 29 Jul 2005 0:45
Reporter: James Bercegy Email Updates:
Status: Closed Impact on me:
None 
Category:Eventum Severity:S1 (Critical)
Version:MySQL Eventum 1.5.5 OS:FreeBSD (FreeBSD/Apache)
Assigned to: Joao Prado Maia CPU Architecture:Any

[28 Jul 2005 23:39] James Bercegy 
Description:
Hello,

I wish to report a few serious SQL Injection issues in the latest version of MySQL Eventum.

How to repeat:
I will not post technical details here, but developers may contact me at security [@] gulftech[.] org

Suggested fix:
Will post privately to developers :)
[29 Jul 2005 0:45] Joao Prado Maia 
James,

Thank you for the report. I just fixed the bugs you outlined on our bitkeeper repository of Eventum. We will discuss possibly releasing a 1.5.6 release with these fixes.

--Joao
[29 Jul 2005 0:57] Joao Prado Maia 
Err, I guess I wasn't very clear on my last sentence.

I meant that I will discuss with my co-worker possibly releasing in the next day or so a 1.5.6 version of Eventum with the fix for these bugs. Our roadmap right now is to release 1.6.0 a few weeks from now.

Thanks again for your report.

--Joao