[ic] Security Problem in Interchange

Lyn St George lyn at zolotek.net
Mon Mar 29 13:14:58 EST 2004

On Mon, 29 Mar 2004 13:56:33 +0200, Stefan Hornburg wrote:

>Dear Interchange community !
>All versions of Interchange (4.8.x, 5.0.x, 5.1.x) contain a security hole
>which allows an attacker to expose arbitrary variable contents by using
>an URL like http://shop.example.com/cgi-bin/store/__SQLUSER__. 

This also applies to 4.9.x, but I can confirm that Kevin's
patch fixes the problem for 4.9.6 and 4.9.7.
Lyn St George
+ http://www.zolotek.net .. eCommerce hosting, consulting

More information about the interchange-users mailing list