PhotoPost Community - View Single Post

WB · March 22nd, 2005, 03:58 PM

For Michael P:

We recently upgraded to 5.02.

When we ran across:

http://secunia.com/advisories/14576/

we didn't pay it much mind as those issues appear to be fixed based on the release notes for 5.01 and/or 5.02.

Number 2 in the list however, appears to still be an issue on our site.

The release notes have:

misc.php
added a user check to only allow registered users to submit a report photo

for 5.01 but that doesn't appear to be the case for 5.02. Using the example provided, I can still generate emails without being authenticated.

Not really a big issue per se about the email but it does raise the question about the aforementioned holes and whether or not 5.02 may have inadvertently reintroduced some of them.

Question:

Can you confirm that the issues 1 - 5 mentioned on Secunia have been dealt with as of 5.02?

Thanks.

March 22nd, 2005, 03:58 PM	#1 (permalink)
WB Member Verified Customer Join Date: Jan 2002 Posts: 265	[5.02] Security Related Question For Michael P: We recently upgraded to 5.02. When we ran across: http://secunia.com/advisories/14576/ we didn't pay it much mind as those issues appear to be fixed based on the release notes for 5.01 and/or 5.02. Number 2 in the list however, appears to still be an issue on our site. The release notes have: misc.php added a user check to only allow registered users to submit a report photo for 5.01 but that doesn't appear to be the case for 5.02. Using the example provided, I can still generate emails without being authenticated. Not really a big issue per se about the email but it does raise the question about the aforementioned holes and whether or not 5.02 may have inadvertently reintroduced some of them. Question: Can you confirm that the issues 1 - 5 mentioned on Secunia have been dealt with as of 5.02? Thanks.