Impact
SQL Injection. All servers running 1.8 are vulnerable. A user could inject SQL code using the nicknames system. Particularly with the /nick command. This could result in the entire database being corrupted or damaged.
Patches
All users of MultiChat 1.8 should update immediately to 1.8.1
Workarounds
Do not use the SQL database function. Or limit the use of the /nick, /realname and /username commands to trusted staff members.
References
https://github.com/MultiChat/Development/releases/tag/v1.8.1
For more information
If you have any questions or comments about this advisory:
Impact
SQL Injection. All servers running 1.8 are vulnerable. A user could inject SQL code using the nicknames system. Particularly with the /nick command. This could result in the entire database being corrupted or damaged.
Patches
All users of MultiChat 1.8 should update immediately to 1.8.1
Workarounds
Do not use the SQL database function. Or limit the use of the /nick, /realname and /username commands to trusted staff members.
References
https://github.com/MultiChat/Development/releases/tag/v1.8.1
For more information
If you have any questions or comments about this advisory: