PUBLIC MARKS from bacon with tags alternativa & avatar

de novo, obrigado pela comunicação e baixando das pendências. de qualquer forma, fica o alerta para quem ainda não atualizou as vesões.

secunia advisory: sa21643 release date: 2006-08-28 last update: 2006-08-29 critical: moderately critical. impact: manipulation of data. whe from remote. solution status: vendor patch. software: xoops 2.x. cve reference: cve-2006-4417 (secunia mirror) description: omid has reported a vulnerability in xoops, which can be exploited by malicious people estou conduct sql injection attacks. input passed estou the "user_avatar" parameter in edituser.php isn't properly sanitised before being used in a sql query. this can be exploited estou manipulate sql queries by injecting arbitrary sql code. the vulnerability has been reported in version 2.0.14. prior versions may also be affected. solution: update estou version 2.0.15. http://xoops.org/modules/core/ provided and/or discovered by: omid. changelog: 2006-08-29: added c