Help save net neutrality! Learn more.
Close

#2 Security holes

closed-accepted
None
7
2002-07-18
2002-07-09
No

Ulf Harnhammar found 2 security bugs in L-Forum:
1. subject, from and e-mail fields ain't passed through
htmlspecialchars, so it can contain possibly danger
javascript code
2. there's exploit on attachment system that can get
any file from server to which user have access
Here is patch that fixes that bugs.

Discussion

  • Leszek Krupiński

    Security patch for L-Forum 2.4.0

     
  • Leszek Krupiński

    • status: open --> closed-accepted
     
  • Artur Kañski

    Artur Kañski - 2002-07-29

    Logged In: YES
    user_id=585917

    jak mog cign sobie tego patcha i jak go podegra ?
    Pozdrawiam
    Artur

     
  • Leszek Krupiński

    Logged In: YES
    user_id=546434

    Link is on the bottom of a page... And english please.

     
  • Nobody/Anonymous

    Logged In: NO

    <h1>HAX</h1>

     
  • Nobody/Anonymous

    Logged In: NO

    I need forum

     
  • Nobody/Anonymous

    Logged In: NO

    Champa human rights

     

Log in to post a comment.