Author Topic: Security Patch for WB 2.8.0 available  (Read 18377 times)

Offline FrankH

  • Posts: 734
  • Gender: Male
    • Website Baker Demos
Security Patch for WB 2.8.0 available
« on: October 06, 2009, 08:01:56 PM »
A Security related bug has been found in the WebsiteBaker CMS.

Affected systems
    * Only WebsiteBaker version 2.8.0
    * Only installations which have enabled the options to sign in or to change user settings in the frontend

Vulnerability Impact
    * Spamming, annoying and impersonating registered users
    * To protect still unpatched systems, no further details will be published during the next 3 months

Maximum Severity Rating
    * High (for systems matching all of the conditions under the Affected Systems section)
    * None (for all other systems)

Instructions how to patch
  • Just download the patched file attached to this message
  • Unzip this file
  • Replace the file /framework/class.wb.php with the patched version by ftp

Acknowledgements
We want to thank the users Chio, Thorn and Stefek for reporting this bug in an appropriate manner.

Frank Heyne (WebsiteBaker Security Team)


[gelöscht durch Administrator]
Ochs und Esel in ihrem Lauf
halt ich leider auch nicht auf

Offline kweitzel

  • WebsiteBaker Org e.V.
  • **
  • Posts: 6983
  • Gender: Male
Re: Security Patch for WB 2.8.0 available
« Reply #1 on: October 07, 2009, 12:43:34 AM »
Dear all,

there was a misconfiguration in the board which prevented everybody from seeing the attachment. This has been changed now, the attachment should be available to every member and visitor of this forum now!

cheers

Klaus

 

postern-length