Schoorbs 1.0.3 comes with a fix for the first detected security problem in Schoorbs ever (:-(). Despite it is a SQL injection vulnerability, it doesn’t give the users who could exploit it any more right since the affected code passage is only callable by administrators. Although this is a security release, a E-Mail-Logging-Backend is now included, so that one could be notified by mail if a booking will be created or edited. In short this has been done:

  • Added a backend for logging via E-Mail
  • Fixed SQL injection vulnerability in edit_area_room.php

Links: