Pligg Beta 9.9.0 Remote SQL Injection Vulnerability Discovered

A new security vulnerability in Pligg V9.9.0 has been discovered at, the exact type of security threat is that of a Remote SQL Injection in Pligg’s story.php. The pligg team have been alerted to the vulnerability from a user post by edupin in the pligg forums here, the post however now seems to have been deleted. You can view a Google cached version of the original pligg post here or find it through a Google search here.

The exact details of the exploit can be found over at milw0rm.comPligg Beta 9.9.0 (id) Remote SQL Injection Vulnerability. I think the pligg team are woking on it so hopefully we should see a solution soon.

Update: Pligg have made a blog post concerning this and another exploit also mentioned in the post is the fact that a new release of pligg will be with us soon, this is absolutley great news. You can read the blog post here.

Update: Ash digg Pligg’s former lead developer has released a fork of the pligg codebase titled YADC, YADC fixes all security holes found within the pliggv9.9.0 codebase.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Article Details


Author: on July 29th, 2008

Category: Pligg

Tags: , , , ,

Comments are closed.