Forums

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

Ouch! Joomla ChronoForms 6.0.17 SQL Injection

ct

ctweed 19 Feb, 2020

Does this affect ChronoForums and how can I check what version is used please?

https://packetstormsecurity.com/files/151845/Joomla-ChronoForms-6.0.17-SQL-Injection.html

Max_admin 23 Feb, 2020

Answer

1 Likes

This is wrong, the passed values are escaped, unless you use a custom query and in that case you need to escape yourself with PHP code.

So that page is wrong!

Best regards

Max, ChronoForms developer
ChronoMyAdmin: Database administration within Joomla, no phpMyAdmin needed.
ChronoMails simplifies Joomla email: newsletters, logging, and custom templates.

ct

ctweed 24 Feb, 2020

Thanks.

This topic is locked and no more replies can be posted.