|
Lawrence Osiris DB_eSession Class SQL Injection Vulnerability
Solution: It has been suggested that the following line of code will fix the vulnerability. Symantec has not confirmed the integrity of this patch. /* add this code at line 1092 of the DB_Session class file */ $_sess_id_set = ( empty($_sess_id_set) ) ? NULL: addslashes($_sess_id_set); |
|
|
Privacy Statement |
