Security Patch for WB 2.8.0 available

[kweitzel]

Dear all,

there was a misconfiguration in the board which prevented everybody from seeing the attachment. This has been changed now, the attachment should be available to every member and visitor of this forum now!

cheers

Klaus

[FrankH]

A Security related bug has been found in the WebsiteBaker CMS.

Affected systems
    * Only WebsiteBaker version 2.8.0
    * Only installations which have enabled the options to sign in or to change user settings in the frontend

Vulnerability Impact
    * Spamming, annoying and impersonating registered users
    * To protect still unpatched systems, no further details will be published during the next 3 months

Maximum Severity Rating
    * High (for systems matching all of the conditions under the Affected Systems section)
    * None (for all other systems)

Instructions how to patch

• Just download the patched file attached to this message
• Unzip this file
• Replace the file /framework/class.wb.php with the patched version by ftp

Acknowledgements
We want to thank the users Chio, Thorn and Stefek for reporting this bug in an appropriate manner.

Frank Heyne (WebsiteBaker Security Team)


[gelöscht durch Administrator]