Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!

My developer Page on the Forge · Post by **Jo Morg** » Thu Feb 16, 2017 10:35 pm

This is an important release which fixes a number of vulnerabilities that are critical and may expose sites to serious threats. Please upgrade as soon as possible!
A number of important vulnerabilities reported by Peter Arts (from daylight-it.com), as well as a vulnerability reported by Tyler Joseph Boespflug (aka Tyman00), thank you both.

*Note: 0.8.1.5 had a bug. Fixed and new release made.

lumimies · Post by **lumimies** » Fri Feb 17, 2017 10:00 am

Hello

After upgrade 0.8.1.4 >> 0.8.1.5 i have error:

"You need the "Modify Forms" permission to perform that operation."

.. on form page.

Is there a solution for this?

----------------------------------------------

Cms Version: 1.12.1

Installed Modules:

CMSMailer: 5.2.2
CMSPrinting: 1.0.5
FileManager: 1.4.5
MenuManager: 1.8.7
MicroTiny: 1.2.9
ModuleManager: 1.5.8
News: 2.15.2
Search: 1.7.13
ThemeManager: 1.1.8
CGExtensions: 1.41.2
CGSmartImage: 1.16.2
PDFGenerator: 0.2
Gallery: 2.0.1
FormBuilder: 0.8.1.5
FormBrowser: 0.4.2
TinyMCE: 2.9.12

Config Information:

php_memory_limit:
process_whole_template:
max_upload_size: 32000000
url_rewriting: none
page_extension:
query_var: page
image_manipulation_prog: GD
auto_alias_content: true
locale:
default_encoding: utf-8
admin_encoding: utf-8
set_names: true

Php Information:

phpversion: 5.5.18
md5_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 2048
E_DEPRECATED: 8192
memory_limit: 128M
max_execution_time: 30
output_buffering: On
safe_mode: Off (False)
file_uploads: On (True)
post_max_size: 32M
upload_max_filesize: 32M
session_save_path: /Applications/MAMP/tmp/php (0775)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)

Server Information:

Server Api: apache2handler
Server Db Type: MySQL (mysqli)
Server Db Version: 5.5.38
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable
Server Time Diff: No filesystem time difference found

----------------------------------------------

lumimies · Post by **lumimies** » Fri Feb 17, 2017 10:20 am

Some more. Form works if i am logged in.

My developer Page on the Forge · Post by **Jo Morg** » Fri Feb 17, 2017 10:44 am

lumimies wrote:Some more. Form works if i am logged in.

Confirmed! I'll fix it and re-release it in a bit.
Thanks.

My developer Page on the Forge · Post by **Jo Morg** » Fri Feb 17, 2017 11:00 am

New release on the forge. Thank you. Topic updated.

lumimies · Post by **lumimies** » Fri Feb 17, 2017 11:30 am

Thank You for this ultra-fast response & solution!

Trenia · Post by **Trenia** » Mon Feb 20, 2017 5:32 pm

Thank you Jo Morg!

CMS Made Simple Forums

Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!

Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!

Re: Formbuiler 0.8.1.5 Released: Vulnerabilities Fix!

Re: Formbuiler 0.8.1.5 Released: Vulnerabilities Fix!

Re: Formbuiler 0.8.1.5 Released: Vulnerabilities Fix!

Re: Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!

Re: Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!

Re: Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!