#2 Security holes

closed-accepted
None
7
2002-07-18
2002-07-09
No

Ulf Harnhammar found 2 security bugs in L-Forum:
1. subject, from and e-mail fields ain't passed through
htmlspecialchars, so it can contain possibly danger
javascript code
2. there's exploit on attachment system that can get
any file from server to which user have access
Here is patch that fixes that bugs.

Discussion

  • Security patch for L-Forum 2.4.0

     
    Attachments
    • status: open --> closed-accepted
     
  • Artur Kañski
    Artur Kañski
    2002-07-29

    Logged In: YES
    user_id=585917

    jak mog cign sobie tego patcha i jak go podegra ?
    Pozdrawiam
    Artur

     
  • Logged In: YES
    user_id=546434

    Link is on the bottom of a page... And english please.

     
  • Logged In: NO

    <h1>HAX</h1>

     
  • Logged In: NO

    I need forum

     
  • Logged In: NO

    Champa human rights