Home Downloads FAQs Forums Pricing Blog Contact Demo Login
Latest News:
Latest Tutorial:
Home
/
Forums
/
Ouch! Joomla ChronoForms 6.0.17 SQL Injection

Ouch! Joomla ChronoForms 6.0.17 SQL Injection

Address a reported SQL injection vulnerability in ChronoForms.

Overview

The report incorrectly suggests a vulnerability exists in the core CF code when using standard queries.
The core CF code properly escapes values. Only custom queries written in PHP require manual escaping by the developer.

Answered
ct ctweed 19 Feb, 2020
Does this affect ChronoForums and how can I check what version is used please?

https://packetstormsecurity.com/files/151845/Joomla-ChronoForms-6.0.17-SQL-Injection.html
Max_admin Max_admin 23 Feb, 2020
Answer
1 Likes
This is wrong, the passed values are escaped, unless you use a custom query and in that case you need to escape yourself with PHP code.

So that page is wrong!

Best regards
Max, ChronoForms developer
ChronoMyAdmin: Database administration within Joomla, no phpMyAdmin needed.
ChronoMails simplifies Joomla email: newsletters, logging, and custom templates.
This topic is locked and no more replies can be posted.

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

Receive notifications by email about new updates, products or special offers.

Subscribe to our Newsletters

Terms Of Use Privacy Policy Business Partners

We accept paypal logo  stripe logo

© 2006 - 2026 ChronoEngine.com