Re: [Phpwiki-talk] Re: [SECUNIA] PhpWiki

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Reini Urban schrieb:
> Thomas Kristensen schrieb:
>> In the recent changelog for PhpWiki you describe two security issues.
>> http://sourceforge.net/project/shownotes.php?release_id=315974
>>
>> I would like some details about who and how this could be exploited,
>> also I would like to know if any mitigating factors apply.
> 
> 
> problem from 1.3.10 - 1.3.11
> * security fix for create ACL: action=edit is now checked for create"
> 
> If someone edits the ACL to let someone edit but not create a page, and 
> if someone creates a page by using the edit button, the create ACL was 
> not ignored.

oops:
=> ... the create ACL was ignored.

-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban
http://phpwiki.org