Author Topic: Security Hint (Read 17765 times)

DarkViper · « **on:** November 27, 2013, 01:23:04 PM »

Last days we got a message that one of a 3^thParty package, used in WebsiteBaker, contains a minor security issue. It is not a High-Risk-Level but anyway.

The endangered package you can find in wb/includes/idna_convert/.
There is a CSRF issue in the file examples.php. This file itself is never needed by WebsiteBaker and can/should be deleted from webspaces as soon as possible.

There is no fix/patch planned against.
To solve these problem, from next official release of WB the file is encapsulated in a ZIP archive, so there is no more possibility to call it from outside.

News

Support WebsiteBaker

Your donations will help to:

You can donate by clicking on the button below.

Author Topic: Security Hint (Read 17765 times)

DarkViper

Security Hint