Impact
A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
This one can be exploited from a logged-in user that have rights to set member status.
Patches
Upgrade to 0.9.6. No workaround is available.
JoshuaMart Analyst
Impact
A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
This one can be exploited from a logged-in user that have rights to set member status.
Patches
Upgrade to 0.9.6. No workaround is available.