Kunena 7.0.5 & Kunena 6.4.11 – Security Updates Released

The Kunena team has announce the arrival of Kunena 7.0.5 [K 7.0.5] in stable which is now available for download as a native Joomla extension for J! 5.4.x/6.0.x. This version addresses most of the issues that were discovered in K 6.2 / K 6.3 / K 6.4 and issues discovered during the last development stages of K 7.0.

The Kunena team is also pleased to announce the eleventh version of Kunena 6.4, a native Joomla extension for Joomla! 5.0, 5.1, 5.2, 5.3, 5.4 and 6.0.

Please Read This First:


This category is only for reporting defects with K 3.0.

Do not use this category:
  • to ask general questions about how to use K 3.0 or to ask when new versions of Kunena will be released;
  • to ask about other (older) versions of Kunena; or
  • if you have tried to install K 3.0 on J! 1.5; or
  • if you installed K 3.0 on a live, production site and you want your site restored to its previous state; or
  • if this website ( www.kunena.org ) works but works differently to how you expected.

You must include your K 3.0 configuration report; if you do not include your configuration report, your topic may be closed (locked) or deleted without any further warnings from the moderators.

Topics that have been closed (resolved) will be archived and no further discussion on those topics will be allowed.

Question SQL Injection Vulnerability (false alarm)

More
11 years 1 month ago #163106 by 810
Replied by 810 on topic SQL Injection Vulnerability
fyi, this is no sql injection, but the filter get a unknown input and breaks. we will have the fix included in the next version.

Please Log in or Create an account to join the conversation.

More
11 years 1 month ago #163107 by clickprecision
Replied by clickprecision on topic SQL Injection Vulnerability
Thank you for your help. I know this is not usual visitor behavior and since there is no system compromise, the issue is small. Good to keep McAfee alarms down though.

Please Log in or Create an account to join the conversation.

More
11 years 1 month ago #163114 by Matias
Replied by Matias on topic SQL Injection Vulnerability (false alarm)
I personally reviewed the code and there is no SQL injection vulnerability, but there is fatal error because of the illegal input caused a value to become NULL instead of array, which was expected by a function.

There is an easy fix for this; just return on bad input instead of continuing..
The following user(s) said Thank You: ChaosHead

Please Log in or Create an account to join the conversation.

Time to create page: 0.244 seconds