Menu
▾
▴
#38 Possible vulnerability?
this is mostly FYI, and it could very well be the fault of the user that set this up, but I wanted to bring this to your attention in case there is a low-level vulnerability in your code
I received a "phishing scam" that pointed to this link:
http://www.ricorico.it/joomla/components/com_extcalendar/lib/usbank.html
Obviously, the perp managed to write to a (presumably) secure area of the site [com_extcalendar/lib], and as I said, this could be the fault of the person setting up the site and somehow allowing more permissions than are neccessary [or his admin password was compromised]
(I also don't know if this is a new or old version of extcal as I haven't actually gone to the site to check it)
