SQL injection vulnerability in HumHub allows database access

Lesezeit: 1 Minute

During an internal evaluation of the social networking solution HumHub, the senior security consultant Eric Sesterhenn from LSE Leading Security Experts GmbH discovered an SQL injection vulnerability in versions 0.11.2 and 0.20.0-beta.2. The vulnerability allows read/write access to the underlying HumHub MySQL database. This includes full access to private user data and all conversations.

For further Informations about the LSE Leading Security Experts please visit our website

Von |2015-11-30T13:14:20+00:0030. November, 2015 um 13:14 Uhr|KEYIDENTITY|Noch keine Kommentare

Über den Autor: