This website can use cookies to improve the user experience

This website can use cookies to improve the user experience and to provide certain services and functions to users. Cookies contain small amounts of information (such as login information and user preferences) and will be stored on your device.

Enable All Cookies Privacy Policy

Security: SQL Injection Vulnerability in Storyteller CMS


avatar
Philipp
Administrator
1342
From: Austria
Storyteller CMS is the predecessor of Contentteller, which will be still used by some websites.

Shamus from the  http://antijasakom.net/forum forum discovered a weakness in Storyteller CMS where an attacker may execute arbitrary SQL statements on the vulnerable system. I was able to pinpoint the vulnerability and have released the patch below.

Unzip the patch and upload the new core.php to your Storyteller main directory. This vulnerability exists only in Storyteller, Contentteller is using a completely different code base.
   st182_fix.zip

Notice

This topic is archived. New comments cannot be posted and votes cannot be cast.

Responses to this topic


1 Re: Security: SQL Injection Vulnerability in Storyteller CMS
avatar
OP
Administrator
1342
From: Austria
Just wondered what the base64_encode is for in this?

In line 751? To make the username file system safe, so special characters will not break the filename.
1 Re: Security: SQL Injection Vulnerability in Storyteller CMS
avatar
8
From: -
Storyteller CMS is the predecessor of Contentteller, which will be still used by some websites.

Shamus from the  http://antijasakom.net/forum forum discovered a weakness in Storyteller CMS where an attacker may execute arbitrary SQL statements on the vulnerable system. I was able to pinpoint the vulnerability and have released the patch below.

Unzip the patch and upload the new core.php to your Storyteller main directory. This vulnerability exists only in Storyteller, Contentteller is using a completely different code base.


Just wondered what the base64_encode is for in this?

Notice

This topic is archived. New comments cannot be posted and votes cannot be cast.