New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities

New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities

El Forum
Guest

#11

07-13-2007, 10:17 AM

[eluser]Derek Jones[/eluser]
[quote author="david_ais" date="1184356461"]Can you confirm - does v1.5.4 fully address these vulnerabilities?

Regards

David Bell[/quote]

1, 2, and 3, yes. For 4, as I told Mr. Pilorz when he first emailed me about this list, responsibility falls on the developer of an application, not the framework, to validate any user input used in a helper function in such a manner. It would be akin to doing the following without any validating or sanitization:

Code:
echo $_POST['foo'];

Messages In This Thread

New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities - by El Forum - 07-10-2007, 07:19 AM

New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities - by El Forum - 07-11-2007, 09:15 AM

New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities - by El Forum - 07-11-2007, 05:50 PM

New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities - by El Forum - 07-11-2007, 07:50 PM

New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities - by El Forum - 07-11-2007, 08:05 PM

New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities - by El Forum - 07-11-2007, 09:03 PM

New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities - by El Forum - 07-11-2007, 09:06 PM

New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities - by El Forum - 07-11-2007, 11:16 PM

New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities - by El Forum - 07-12-2007, 06:51 AM

New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities - by El Forum - 07-13-2007, 08:54 AM

New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities - by El Forum - 07-13-2007, 10:17 AM