- Posts: 28
- Thank you received: 0
Kunena 6.2.6 released
The Kunena team has announce the arrival of Kunena 6.2.6 [K 6.2.6] which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x. This version addresses most of the issues that were discovered in K 6.1 / K 6.2 and issues discovered during the last development stages of K 6.2
Solved kunena 5.0.2 is suspect to Vulnerability SQL Injection
i think kunena 5.0.2 is suspect to Vulnerability SQL Injection
because
i see in source kunena
please goto : com_kunena-->models-->user.php
for example cod (in line 83) :
in this cod, not use from quoteName
please see link : docs.joomla.org/Selecting_data_using_JDatabase
this in page say, for prevent sql injection using from quoteName (for query)
can i from you,why not used from quoteName ?
source from joomla --> com_users-->models-->user.php
1- Really Are Vulnerability ? or I think mistake
2- Can i change any connect to DB, and insert in cod with quoteName ?
please see link : api.joomla.org/cms-3/classes/JDatabaseQuery.html
this in page say about quoteName :
Thank you for read topicWrap an SQL statement identifier name such as column, table or database names in quotes to prevent injection risks and reserved word conflicts.
please answer me
i will wait for answer you
Please Log in or Create an account to join the conversation.
I am worried, because i think this cod is not safe and is Vulnerability
kunena is very good component i want to use kunena beside jomsocial
please answer me
Thank you
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
in the future , (for next version kunena), imporved cod SQL kunena?But we can include it.
sorry , I do not understand what you mean (But we can include it)
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
thank you very much
is It possible , check all cod (query SQL) and added in next version for all query in source ?
because i see all queri in kunena (fontend) , not include quoteName
is It possible ?
Thank you for answer
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Hello,davood71 wrote: excuse me for open topic again
thank you very much
is It possible , check all cod (query SQL) and added in next version for all query in source ?
because i see all queri in kunena (fontend) , not include quoteName
is It possible ?
Thank you for answer
There are vunaribilities when the entries from form aren't filtered correctly, so by using JDatabaseQuery it just make the queries database agnostic.
I don't provide support by PM, because this can be useful for someone else.
Please Log in or Create an account to join the conversation.
your team is Great
i will waiting for kunena 5.1 for imroved queries
Thank you
Good Luck
Please Log in or Create an account to join the conversation.