4

Debian: 2030-1: mahara: sql injection

view full story
linux-howto

http://www.linuxsecurity.com – LinuxSecurity.com: It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names. [More...] (Security)