Kunena 6.2.6 released

The Kunena team has announce the arrival of Kunena 6.2.6 [K 6.2.6] which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x. This version addresses most of the issues that were discovered in K 6.1 / K 6.2 and issues discovered during the last development stages of K 6.2

Solved kunena 5.0.2 is suspect to Vulnerability SQL Injection

More
7 years 6 months ago - 7 years 6 months ago #1 by davood71
kunena 5.0.2 is suspect to Vulnerability SQL Injection was created by davood71
Hi
i think kunena 5.0.2 is suspect to Vulnerability SQL Injection
because
i see in source kunena
please goto : com_kunena-->models-->user.php
for example cod (in line 83) :
Code:
// Hide super admins from the list if (KunenaFactory::getConfig()->superadmin_userlist) { $db = JFactory::getDBO(); $query = "SELECT user_id FROM `#__user_usergroup_map` WHERE group_id =8"; $db->setQuery($query); $superadmins = (array) $db->loadColumn(); if (!$superadmins) { $superadmins = array(0); } $this->setState('list.exclude', implode(',', $superadmins)); $where = ' u.id NOT IN (' . $this->getState('list.exclude') . ') AND '; }

in this cod, not use from quoteName
please see link : docs.joomla.org/Selecting_data_using_JDatabase
this in page say, for prevent sql injection using from quoteName (for query)
can i from you,why not used from quoteName ?

source from joomla --> com_users-->models-->user.php
Code:
// Remove the users from the group if requested. if (isset($doDelete)) { $query = $db->getQuery(true); // Remove users from the group $query->delete($db->quoteName('#__user_usergroup_map')) ->where($db->quoteName('user_id') . ' IN (' . implode(',', $user_ids) . ')'); // Only remove users from selected group if ($doDelete == 'group') { $query->where($db->quoteName('group_id') . ' = ' . (int) $group_id); } $db->setQuery($query);
this in cod, using from quoteName for query

1- Really Are Vulnerability ? or I think mistake
2- Can i change any connect to DB, and insert in cod with quoteName ?

please see link : api.joomla.org/cms-3/classes/JDatabaseQuery.html
this in page say about quoteName :

Wrap an SQL statement identifier name such as column, table or database names in quotes to prevent injection risks and reserved word conflicts.

Thank you for read topic
please answer me
i will wait for answer you :)
Last edit: 7 years 6 months ago by davood71.

Please Log in or Create an account to join the conversation.

More
7 years 6 months ago #2 by davood71
Replied by davood71 on topic kunena 5.0.2 is suspect to Vulnerability SQL Injection
please answer me
I am worried, because i think this cod is not safe and is Vulnerability
kunena is very good component i want to use kunena beside jomsocial
please answer me
Thank you

Please Log in or Create an account to join the conversation.

More
7 years 6 months ago #3 by 810
Replied by 810 on topic kunena 5.0.2 is suspect to Vulnerability SQL Injection
the code is safe, you don't have to be worry about it. But we can include it.
The following user(s) said Thank You: davood71

Please Log in or Create an account to join the conversation.

More
7 years 6 months ago #4 by davood71
Replied by davood71 on topic kunena 5.0.2 is suspect to Vulnerability SQL Injection
Thank you for answer

But we can include it.

in the future , (for next version kunena), imporved cod SQL kunena?
sorry , I do not understand what you mean (But we can include it)

Please Log in or Create an account to join the conversation.

More
7 years 6 months ago #5 by 810
Replied by 810 on topic kunena 5.0.2 is suspect to Vulnerability SQL Injection
I have added the code to the next version
The following user(s) said Thank You: davood71

Please Log in or Create an account to join the conversation.

More
7 years 6 months ago #6 by davood71
Replied by davood71 on topic kunena 5.0.2 is suspect to Vulnerability SQL Injection
excuse me for open topic again
thank you very much
is It possible , check all cod (query SQL) and added in next version for all query in source ?
because i see all queri in kunena (fontend) , not include quoteName
is It possible ?
Thank you for answer

Please Log in or Create an account to join the conversation.

More
7 years 6 months ago #7 by 810
Replied by 810 on topic kunena 5.0.2 is suspect to Vulnerability SQL Injection
I will add it on the K5.1 todo list.
The following user(s) said Thank You: davood71

Please Log in or Create an account to join the conversation.

More
7 years 6 months ago #8 by xillibit
Replied by xillibit on topic kunena 5.0.2 is suspect to Vulnerability SQL Injection

davood71 wrote: excuse me for open topic again
thank you very much
is It possible , check all cod (query SQL) and added in next version for all query in source ?
because i see all queri in kunena (fontend) , not include quoteName
is It possible ?
Thank you for answer

Hello,

There are vunaribilities when the entries from form aren't filtered correctly, so by using JDatabaseQuery it just make the queries database agnostic.
I don't provide support by PM, because this can be useful for someone else.
The following user(s) said Thank You: davood71

Please Log in or Create an account to join the conversation.

More
7 years 6 months ago #9 by davood71
Replied by davood71 on topic kunena 5.0.2 is suspect to Vulnerability SQL Injection
thank you very much
your team is Great
i will waiting for kunena 5.1 for imroved queries
Thank you
Good Luck

Please Log in or Create an account to join the conversation.

Time to create page: 0.350 seconds