WB 2.11.0: Issueshttps://project.websitebaker.org/https://project.websitebaker.org/favicon.ico?16699092072017-03-28T12:51:19ZTracking
Redmine Security #40 (Done): multiple attack vectors [reported by Marek Alaksa from citadelo]https://project.websitebaker.org/issues/402017-03-28T12:51:19ZAnonymous
<p>The 3rd component idna_convert (include/idna_convert/example.php) is vulnerable to Reflected Cross-site scripting because it fails to properly sanitize user-supplied input.</p>
<p><a class="external" href="http://www.citadelo.com/">http://www.citadelo.com/</a></p>
<p>(endusers also can delete the example.com. This file is needed only to fullfill the license by distributing.)</p> Security #39 (Done): SQL injection vulnerabilities [reported by Marek Alaksa from citadelo]https://project.websitebaker.org/issues/392017-03-24T15:58:38ZManuelamanu54@isteam.de
<p>Overview<br />WebsiteBaker 2.10.0 and lower versions are vulnerable to SQL injection vulnerabilities.<br />Details<br />It is possible for an unauthenticated user to inject SQL code into the variables "username" and<br />"display_name" in the "account/signup.php" PHP script (signup form). The vulnerability exists due to<br />insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains access to all<br />records stored in the database with the privileges of the WebsiteBaker database user (e.g. administrator<br />password MD5 hash).</p>
<p><a class="external" href="http://www.citadelo.com/">http://www.citadelo.com/</a></p> Security #10 (Done): readable file error.loghttps://project.websitebaker.org/issues/102017-02-14T17:10:31ZUwe
<p>is it possible to read the file var/logs/error.log without any permission check</p> Security #6 (Done): Update PHP Mailer to version 5.2.22https://project.websitebaker.org/issues/62017-02-12T21:20:14ZMatthiasinfo@familie-gallas.de
<p><a class="external" href="https://github.com/PHPMailer/PHPMailer">https://github.com/PHPMailer/PHPMailer</a></p>
<p>SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to msgHTML() is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML() without a $basedir will not import images with relative URLs, and relative URLs containing .. will be ignored.</p>