I found the following site reporting SQL injection an XSS vulnerabilities: http://www.securelist.com/en/advisories/34983
I looked into the tematres wiki, but could not detect any mentioning of a fix in one of the newer version.
So I also tried a simple XSS and it was indeed not fixed.
One other thing was the storing of unencripted passwords, but that is already being handled:
The SQL injection is a serious thing, I cannot use Tematres until it is fixed.
If it is not fixed in 3.5 is there any indication when it will be?
Hi, the security problem reported in http://www.securelist.com/en/advisories/34983 was solved in 1.031 version. Other security problem was solved in 1.41.
Do you found others problems? please let me know any bug.
About the storing of unencripted passwords… :(. We hope solve this problem in the next release (1.6).
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.