Security Hint

Print
Go Down Pages1
User actions

DarkViper

#1
November 27, 2013, 01:23:04 PM
Last days we got a message that one of a 3thParty package, used in WebsiteBaker, contains a minor security issue. It is not a High-Risk-Level but anyway.

The endangered package  you can find in wb/includes/idna_convert/.
There is a CSRF issue in the file examples.php. This file itself is never needed by WebsiteBaker and can/should be deleted from webspaces as soon as possible.

There is no fix/patch planned against.
To solve these problem, from next official release of WB the file is encapsulated in a ZIP archive, so there is no more possibility to call it from outside.
[url=http://www.youtube.com/watch?v=tmzDAz6ZvFQ]Der blaue Planet[/url] - er ist nicht unser Eigentum - wir haben ihn nur von unseren Nachkommen geliehen[br]
[i]"You have to take the men as they are... but you can not leave them like that !" :-P [/i]
[i]Das tägliche Stoßgebet: [b]Oh Herr, wirf Hirn vom Himmel ![/b][/i]
Print
Go Up Pages1
User actions
SMF 2.1.4 © 2023, Simple Machines
ProCurve Theme Made By : TwitchisMental