security img.php in comoblog 1.1 - solved ?

Help
hans
2006-10-31
2013-04-02
  • hans

    hans - 2006-10-31

    since a year or so there is stil the security issue published re
    [SA19379] CoMoblog "img.php" Cross-Site Scripting Vulnerability
    see
    http://www.security.nnov.ru/source/SECUNIA.html
    or
    http://cve.mitre.org/cve/refs/refmap/source-XF.html

    has this bulnerability been solved meanwhile or still an issue ??

     
    • Mark Wallis (aka serialmonkey)

      That fix is currently only in CVS and will be released in 1.2

      If you wish you can pull the latest img.php file from CVS and overwrite your existing copy to protect yourself in the mean time - but it's only really a problem if you let multiple people you don't trust post to your blog.

       
    • hans

      hans - 2006-11-01

      ok
      thanks for th efast reply
      i made chmod 000 after i found the security issue online - since i post via online form and have all pics on my webspace image folders and never never via cellphone

      but in future versions it s goot to knwow that all holes are closed

      I had hackers on my site last winter / different SW - long time and very active - i have no desire to repeat that experience once more in life

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks