A new security vulnerability in Pligg V9.9.0 has been discovered at milw0rm.com, the exact type of security threat is that of a Remote SQL Injection in Pligg’s story.php. The pligg team have been alerted to the vulnerability from a user post by edupin in the pligg forums here, the post however now seems to have been deleted. You can view a Google cached version of the original pligg post here or find it through a Google search here.

The exact details of the exploit can be found over at milw0rm.com “Pligg Beta 9.9.0 (id) Remote SQL Injection Vulnerability“. I think the pligg team are woking on it so hopefully we should see a solution soon.

Update: Pligg have made a blog post concerning this and another exploit also mentioned in the post is the fact that a new release of pligg will be with us soon, this is absolutley great news. You can read the blog post here.

Update: Ash digg Pligg’s former lead developer has released a fork of the pligg codebase titled YADC, YADC fixes all security holes found within the pliggv9.9.0 codebase.