Quote:
Originally Posted by Drixevel
Pushed a fix for 1 vulnerability which I believe is the one you're talking about. (rest of the plugins don't use mysql at all)
|
The PerformBan function formats a player name into a SQL query using %N without escaping.
It looks like the changeset you added might just be borked though - it only added lines.
__________________