CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!

https://forum.cmsmadesimple.org/viewtopic.php?t=76180

Page 1 of 1

Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!

Posted: Thu Feb 16, 2017 10:35 pm
by Jo Morg
This is an important release which fixes a number of vulnerabilities that are critical and may expose sites to serious threats. Please upgrade as soon as possible!
A number of important vulnerabilities reported by Peter Arts (from daylight-it.com), as well as a vulnerability reported by Tyler Joseph Boespflug (aka Tyman00), thank you both.

*Note: 0.8.1.5 had a bug. Fixed and new release made.

Re: Formbuiler 0.8.1.5 Released: Vulnerabilities Fix!

Posted: Fri Feb 17, 2017 10:00 am
by lumimies
Hello

After upgrade 0.8.1.4 >> 0.8.1.5 i have error:

"You need the "Modify Forms" permission to perform that operation."

.. on form page.

Is there a solution for this?

----------------------------------------------

Cms Version: 1.12.1

Installed Modules:

CMSMailer: 5.2.2
CMSPrinting: 1.0.5
FileManager: 1.4.5
MenuManager: 1.8.7
MicroTiny: 1.2.9
ModuleManager: 1.5.8
News: 2.15.2
Search: 1.7.13
ThemeManager: 1.1.8
CGExtensions: 1.41.2
CGSmartImage: 1.16.2
PDFGenerator: 0.2
Gallery: 2.0.1
FormBuilder: 0.8.1.5
FormBrowser: 0.4.2
TinyMCE: 2.9.12


Config Information:

php_memory_limit:
process_whole_template:
max_upload_size: 32000000
url_rewriting: none
page_extension:
query_var: page
image_manipulation_prog: GD
auto_alias_content: true
locale:
default_encoding: utf-8
admin_encoding: utf-8
set_names: true


Php Information:

phpversion: 5.5.18
md5_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 2048
E_DEPRECATED: 8192
memory_limit: 128M
max_execution_time: 30
output_buffering: On
safe_mode: Off (False)
file_uploads: On (True)
post_max_size: 32M
upload_max_filesize: 32M
session_save_path: /Applications/MAMP/tmp/php (0775)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)


Server Information:

Server Api: apache2handler
Server Db Type: MySQL (mysqli)
Server Db Version: 5.5.38
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable
Server Time Diff: No filesystem time difference found


----------------------------------------------

Re: Formbuiler 0.8.1.5 Released: Vulnerabilities Fix!

Posted: Fri Feb 17, 2017 10:20 am
by lumimies
Some more. Form works if i am logged in.

Re: Formbuiler 0.8.1.5 Released: Vulnerabilities Fix!

Posted: Fri Feb 17, 2017 10:44 am
by Jo Morg
lumimies wrote:Some more. Form works if i am logged in.
Confirmed! I'll fix it and re-release it in a bit.
Thanks.

Re: Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!

Posted: Fri Feb 17, 2017 11:00 am
by Jo Morg
New release on the forge. Thank you. Topic updated.

Re: Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!

Posted: Fri Feb 17, 2017 11:30 am
by lumimies
Thank You for this ultra-fast response & solution!

Re: Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!

Posted: Mon Feb 20, 2017 5:32 pm
by Trenia
Thank you Jo Morg! :)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited