Author Topic: Security Patch for WB 2.8.0 available  (Read 19706 times)

Offline FrankH

  • Posts: 734
  • Gender: Male
    • Website Baker Demos
Security Patch for WB 2.8.0 available
« on: October 06, 2009, 08:01:56 PM »
A Security related bug has been found in the WebsiteBaker CMS.

Affected systems
    * Only WebsiteBaker version 2.8.0
    * Only installations which have enabled the options to sign in or to change user settings in the frontend

Vulnerability Impact
    * Spamming, annoying and impersonating registered users
    * To protect still unpatched systems, no further details will be published during the next 3 months

Maximum Severity Rating
    * High (for systems matching all of the conditions under the Affected Systems section)
    * None (for all other systems)

Instructions how to patch
  • Just download the patched file attached to this message
  • Unzip this file
  • Replace the file /framework/class.wb.php with the patched version by ftp

We want to thank the users Chio, Thorn and Stefek for reporting this bug in an appropriate manner.

Frank Heyne (WebsiteBaker Security Team)

[gelöscht durch Administrator]
Ochs und Esel in ihrem Lauf
halt ich leider auch nicht auf

Offline kweitzel

  • WebsiteBaker Org e.V.
  • **
  • Posts: 6983
  • Gender: Male
Re: Security Patch for WB 2.8.0 available
« Reply #1 on: October 07, 2009, 12:43:34 AM »
Dear all,

there was a misconfiguration in the board which prevented everybody from seeing the attachment. This has been changed now, the attachment should be available to every member and visitor of this forum now!