Posted by A. W. on Dec 09
[+] Humhub [1] SQL injection vulnerability
[+] Discovered by: Jos Wetzels, Emiel Florijn
[+] Affects: Humhub <= 0.10.0-rc.1
The Humhub social networking kit versions 0.10.0-rc.1 and prior suffer
from an SQL injection vulnerability, which has now been resolved in
cooperation with the vendor [2], in its notification listing
functionality allowing an attacker to obtain backend database access.
In the actionIndex() function located in…