From index.php: $res = bugs_mysql_query("update userstable set last_seen='$last_seen' where uname='".$_COOKIE['FIDOlogin'][1]."' limit 1",$link); the string is passed unchecked to the mysql db, leading to a possible SQL Injection as the index.php is unprotected, no login is needed to trigger it. I notified upstream today as well
Jokey, please let us know when a fix is available.
any news on this one? changing whiteboard, as this has never been stable it seems
Invalid as after working with upstream we found this hackish line in constants.inc.php: $_COOKIE = array_map('addslashes_deep', $_COOKIE);