SQL injection vulnerability in HumHub allows database access

During an internal evaluation of the social networking solution HumHub, the senior security consultant Eric Sesterhenn from LSE Leading Security Experts GmbH discovered an SQL injection vulnerability in versions 0.11.2 and 0.20.0-beta.2. The vulnerability allows read/write access to the underlying HumHub MySQL database. This includes full access to private user data and all conversations.

For further Informations about the LSE Leading Security Experts please visit our website www.foxmole.com

Feel free to share the newsShare on Facebook
Share on Google+
Tweet about this on Twitter
Share on LinkedIn