miqrogroove - 3-21-2009 at 11:05 PM
Issue #312
Bug Source: XMB-1.9.11.00.zip through XMB-1.9.11.04.zip
Symptoms: The "Move to Database" links in the attachments panel cause unexpected data loss.
Security Impact: This command also could be triggered by a CSRF attack in a very unlikely set of circumstances.
Workaround: It is recommended that you delete the file attach-admin.inc.php from your server unless it can be patched immediately.
Fixed By: XMB-1.9.11.05.zip and later are not affected.
Patch: Attachment: XMB-1.9.11-attachments-critical.patch.txt (556B)
This file has been downloaded 622 times