That fix is currently only in CVS and will be released in 1.2
If you wish you can pull the latest img.php file from CVS and overwrite your existing copy to protect yourself in the mean time - but it's only really a problem if you let multiple people you don't trust post to your blog.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
ok
thanks for th efast reply
i made chmod 000 after i found the security issue online - since i post via online form and have all pics on my webspace image folders and never never via cellphone
but in future versions it s goot to knwow that all holes are closed
I had hackers on my site last winter / different SW - long time and very active - i have no desire to repeat that experience once more in life
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
since a year or so there is stil the security issue published re
[SA19379] CoMoblog "img.php" Cross-Site Scripting Vulnerability
see
http://www.security.nnov.ru/source/SECUNIA.html
or
http://cve.mitre.org/cve/refs/refmap/source-XF.html
has this bulnerability been solved meanwhile or still an issue ??
That fix is currently only in CVS and will be released in 1.2
If you wish you can pull the latest img.php file from CVS and overwrite your existing copy to protect yourself in the mean time - but it's only really a problem if you let multiple people you don't trust post to your blog.
ok
thanks for th efast reply
i made chmod 000 after i found the security issue online - since i post via online form and have all pics on my webspace image folders and never never via cellphone
but in future versions it s goot to knwow that all holes are closed
I had hackers on my site last winter / different SW - long time and very active - i have no desire to repeat that experience once more in life