×
Blue Eagle (1.5.0) for K5.1 is released (20 Jul 2018)

Please update the Kunena Blue Eagle to 1.5.0 if you use Kunena 5.1.
We made several bug fixes and improvements. Also Blue Eagle has now all the features from Crypsis.
Download: www.kunena.org/download/templates/category/blue-eagle-5

×

Please Read This First:


This category is only for reporting defects with K 3.0.

Do not use this category:
  • to ask general questions about how to use K 3.0 or to ask when new versions of Kunena will be released;
  • to ask about other (older) versions of Kunena; or
  • if you have tried to install K 3.0 on J! 1.5; or
  • if you installed K 3.0 on a live, production site and you want your site restored to its previous state; or
  • if this website ( www.kunena.org ) works but works differently to how you expected.

You must include your K 3.0 configuration report; if you do not include your configuration report, your topic may be closed (locked) or deleted without any further warnings from the moderators.

Topics that have been closed (resolved) will be archived and no further discussion on those topics will be allowed.

Question SQL Injection Vulnerability (false alarm)

More
3 years 4 months ago - 3 years 4 months ago #1 by clickprecision
I get scanned from McAfee Secure and they picked up on this vulnerability:
This message contains confidential information


Many thanks
Last edit: 3 years 4 months ago by Matias.

Please Log in or Create an account to join the conversation.

More
3 years 4 months ago #2 by 810
could you add the kunena report.

Please Log in or Create an account to join the conversation.

More
3 years 4 months ago #3 by clickprecision
This message contains confidential information

Database collation check: The collation of your table fields are correct

Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Disabled |

This message contains confidential information
htaccess: Exists | PHP environment: Max execution time: 180 seconds | Max execution memory: 64M | Max file upload: 20M

Kunena menu details:

Warning: Spoiler! [ Click to expand ]

Joomla default template details : theme3022 | author: TemplateMonster.com | version: 3.0 | creationdate: Unknown

Kunena default template details : Custom | author: TemplateMonster | version: 3.0.6 | creationdate: 2014-02-26

Kunena version detailed: Kunena 3.0.6 | 2014-07-28 [ Tala ]
| Kunena detailed configuration:

Warning: Spoiler! [ Click to expand ]
| Kunena integration settings:
Warning: Spoiler! [ Click to expand ]
| Joomla! detailed language files installed:
Warning: Spoiler! [ Click to expand ]

Third-party components: None

Third-party SEF components: None

Plugins: None

Modules: None

Please Log in or Create an account to join the conversation.

More
3 years 4 months ago #4 by 810
Look at you kunena template components\com_kunena\template\your_template\html\user\list.php

And look that the inputs are $this->escape. Then you will be fine.

You can use the default kunena template, and do a scan again.

Please Log in or Create an account to join the conversation.

More
3 years 4 months ago - 3 years 4 months ago #5 by clickprecision
Thank you for your help, however that did not seem to fix the issue. Example:

This message contains confidential information
Last edit: 3 years 4 months ago by 810.
The following user(s) said Thank You: xillibit

Please Log in or Create an account to join the conversation.

More
3 years 4 months ago #6 by 810
thank you for your report, we will fix this issue
The following user(s) said Thank You: clickprecision

Please Log in or Create an account to join the conversation.

More
3 years 4 months ago #7 by 810
fyi, this is no sql injection, but the filter get a unknown input and breaks. we will have the fix included in the next version.

Please Log in or Create an account to join the conversation.

More
3 years 4 months ago #8 by clickprecision
Thank you for your help. I know this is not usual visitor behavior and since there is no system compromise, the issue is small. Good to keep McAfee alarms down though.

Please Log in or Create an account to join the conversation.

More
3 years 4 months ago #9 by Matias
I personally reviewed the code and there is no SQL injection vulnerability, but there is fatal error because of the illegal input caused a value to become NULL instead of array, which was expected by a function.

There is an easy fix for this; just return on bad input instead of continuing..
The following user(s) said Thank You: ChaosHead

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Time to create page: 0.143 seconds