HostMarx
Geral : Pacth de segurança para Xoops 2.3.3
Enviado por Hostmarx em 20,08,09 (668 leituras)


SegurançaFoi encontrada falhas de segurança em sites Xoops 2.3.3 nos módulos:


PM

Profile

Protector


 





As discussed previously in forums, there are potential vulnerabilities identified in:



a) PM, Profile, and

b) Protector



modules.



While (a) is addressed by having Protector installed, and (b) is addressed by having "register_globals" disabled and having XOOPS_TRUST_PATH outside of the Document Root, we've addressed the issues in XOOPS 2.4.



However, since we don't know when exactly we'll release XOOPS 2.4, we're releasing this Security Patch for XOOPS 2.3.3 users.



Download: SourceForge XOOPS.



Installation: See the ReadMe.txt file



You are highly encouraged to implement the patch to your existing XOOPS 2.3.3 system.



Special thanks to Trabis, who addressed these issues.


FONTE: www.xoops.org


 
Página de impressão amigável Enviar esta história par aum amigo Criar um arquvo PDF do artigo