Recent
Categories
Tags
You need to be logged in to view a user's profile.
View Replies (3)

Resolved SQL Injection issue - High Vulnerability found - RSVP Pro

  1. Issue
0
Votes
Undo
  1. intellitech
    intellitech
    Gold Member
  2. JEvents Translations (Free Access)
  3. Thursday, 25 March 2021
Please see the attached scanned report and do the needful ASAP.
Attachments (1)
20210321_Affected_Items_www_scl_org_sg (1).pdf
  1. RSVP pro
  2. RSVPPro
Cannot use 3.6.13 - Gets kicked out to main web pa...
Blank New/Edit Screen in backend after update to 3...
Responses (3)
mimmomgl
mimmomgl
Accepted Answer Pending Moderation
0
Votes
Undo
What's new about this vulnerability?
  1. more than a month ago
  2. JEvents Translations (Free Access)
  3. # 1
tonyp
tonyp
Support Team
Accepted Answer Pending Moderation
0
Votes
Undo
Can you please confirm your RSVP Pro Version for testing?

Many thanks
Tony
JEvents Club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits. Join the JEvents club today!Join the JEvents club today!
  1. more than a month ago
  2. JEvents Translations (Free Access)
  3. # 2
geraint
geraint
Support Team
Accepted Answer Pending Moderation
0
Votes
Undo
Thank you for highlighting this issue.

I see where this message is coming from and I can assure you that it is not exploitable as an SQL injection because the input is filtered and any SQL or Javascript is removed and the error is caught in the code. What is incorrect is to output an error message as opposed to silently returning no results.

I will resolve this in the next release due in the next few days
JEvents Club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits. Join the JEvents club today!
  1. more than a month ago
  2. JEvents Translations (Free Access)
  3. # 3
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!