XMB Forum Software
Not logged in [Login - Register]
Go To Bottom

Printable Version  
Author: Subject: [Critical] Patch for Attachments
miqrogroove
XMB 1.9.12 Lead Developer
*********


Avatar


Posts: 462
Registered: 10-1-2002
Location: Florida
Member Is Offline

Mood: Past Three O'Clock

[*] posted on 3-21-2009 at 11:05 PM
[Critical] Patch for Attachments


Issue #312

Bug Source: XMB-1.9.11.00.zip through XMB-1.9.11.04.zip

Symptoms: The "Move to Database" links in the attachments panel cause unexpected data loss.

Security Impact: This command also could be triggered by a CSRF attack in a very unlikely set of circumstances.

Workaround: It is recommended that you delete the file attach-admin.inc.php from your server unless it can be patched immediately.

Fixed By: XMB-1.9.11.05.zip and later are not affected.

Patch: Attachment: XMB-1.9.11-attachments-critical.patch.txt (556B)
This file has been downloaded 622 times
View user's profile Visit user's homepage View All Posts By User

  Go To Top

Powered by XMB 1.9.12 (Debug Mode)
XMB Forum Software © 2001-2024 The XMB Group
[Queries: 16] [PHP: 29.2% - SQL: 70.8%]