[pmwiki-announce] Vulnerability in SQLite PageStore class, new version

Petko Yotov 5ko at 5ko.fr
Mon Jul 18 14:40:02 CDT 2011


Hello,

I've just released the SQLite PageStore class, available from:

    http://www.pmwiki.org/wiki/Cookbook/SQLite
    http://notamment.fr/common/cookbook/sqlite.txt

The purpose of this release is to close a potential security vulnerability 
reported earlier today, that could potentially allow an SQL injection. No 
known actual exploits of this vulnerability have been reported, but all users 
are urged to upgrade.

For those who are running older versions of sqlite.php, the vulnerability can 
be avoided by upgrading to this release.

Upgrading from the previous version should be without any difficulties (just 
replacing the old file with the new one).

Before upgrading from even older versions, please read the installation 
instructions and the release notes:
   http://www.pmwiki.org/wiki/Cookbook/SQLite

If upgrading poses a difficulty for any site, please contact me at 5ko <snail> 
5ko.fr for assistance.

Thanks,
Petko



More information about the pmwiki-announce mailing list