Welcome to WebmasterWorld Guest from 3.228.21.186

Forum Moderators: open

remote-code execution hole in SQLite

Don't panic, just patch now

     
5:52 am on May 11, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10465
votes: 1096


Talos published a walkthrough, complete with examples of code highlighting precisely what the vuln is and how it exists. The fix is easy, up to a point: update your project or product to SQLite version 3.28, available on the SQLite website and then roll out the fix to your end users.
[theregister.co.uk...]

As always, maintain the latest updates possible.
9:03 am on May 11, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member graeme_p is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts: 3004
votes: 207


Its not major for most of us because you would need access to the DB or and SQL injection vulenratbility to exploit it.

The biggest problem is desktop and mobile apps updating, not websites,