* Article in English
Security flaw found in numerous famous applications from big companies, such as Google, MSN, etc. Applications that affected are namely Google Maps, Gmail, AOL’s AIM Mail, Flikr and MSN Virtual Earth and so on.
The CPAINT flaw could allow an attacker to execute malicious code on a server running CPAINT, or running an application built using CPAINT
The AJAX approach has been adopted by a number of Web developers, the best known of them being Google, whose Google Maps, Google Suggest, Gmail and other applications use AJAX, although Google has since stated that Gmail is not affected. Other high-profile AJAX-based services include Microsoft’s MSN Virtual Earth, Yahoo’s Flickr and AOL’s AIM Mail. Many lesser-known services have also adopted AJAX, such as Swiss mapping service map.search.ch and invoicing program Blinksale.
The bug affects ALL existing versions of CPAINT, both the ASP and PHP implementations. The project issued a patch fixing the issue, CPAINT v1.3-SP, and is creating a more comprehensive fix for the forthcoming version 2.0.0.
So if you have any project using CPAINT, don’t forget to update to the latest version before it is too late.