We deployed umbraco 6 to our many customers. But one of them has returned a feedback about sql injection. They had done a penetration test and found sql injection vulnerability. We checked out it and found some sqls in business layers generated by concatenated strings.
And if it´s none of these and some new vulnerabilities then you should get in touch with the HQ, so there are aware of it. You could get in contact with them here: http://umbraco.com/contact/send-us-an-email or try to get in touch on Twitter, some of the from HQ are on Twitter.
Sql injection
Hi,
We deployed umbraco 6 to our many customers. But one of them has returned a feedback about sql injection. They had done a penetration test and found sql injection vulnerability. We checked out it and found some sqls in business layers generated by concatenated strings.
Any idea?
Hi Sercan and welcome to our,
What version of Umbraco 6 are you using?
Here are some blogpost about vulnerabilities found in Umbraco the latest is from Monday, July 21, 2014.
https://umbraco.com/follow-us/blog-archive/2014/7/21/security-issues-found-in-umbraco-4,-6-and-7
http://umbraco.com/follow-us/blog-archive/2013/5/1/security-update-two-major-vulnerabilities-found.aspx
http://umbraco.com/follow-us/blog-archive/2013/4/29/security-vulnerability-found-immediate-action-recommended.aspx
And if it´s none of these and some new vulnerabilities then you should get in touch with the HQ, so there are aware of it. You could get in contact with them here: http://umbraco.com/contact/send-us-an-email or try to get in touch on Twitter, some of the from HQ are on Twitter.
Hope this helps,
/Dennis
is working on a reply...