• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: CVE-2018-10086
PostPosted: Wed Jun 20, 2018 9:08 am 
Offline
New Member
New Member

Joined: Wed Jun 20, 2018 7:23 am
Posts: 2
What is the status on this?

Cheers, Christian.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: CVE-2018-10086
PostPosted: Mon Jun 25, 2018 8:56 am 
Offline
Dev Team Member
Dev Team Member

Joined: Mon Nov 28, 2011 9:29 am
Posts: 3020
Location: The Netherlands
The description is rather vague and I don't see how it can be a vulnerability.

Note that in general we don't consider it a vulnerability when an admin user can do admin things.

Please let me know if I'm missing something obvious.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: CVE-2018-10086
PostPosted: Wed Jun 27, 2018 9:29 am 
Offline
New Member
New Member

Joined: Wed Jun 20, 2018 7:23 am
Posts: 2
I'm probably not the right person to judge the implications. But if the vulnerabilities are only applicable to logged in users in the admin or designer groups, I also fail to see the problem. Since these users will already be allowed execute more or less arbitrary php code through other means.

Thanks for the answer.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: CVE-2018-10086
PostPosted: Wed Jun 27, 2018 4:30 pm 
Offline
Dev Team Member
Dev Team Member

Joined: Mon Nov 28, 2011 9:29 am
Posts: 3020
Location: The Netherlands
anthon wrote:
I'm probably not the right person to judge the implications. But if the vulnerabilities are only applicable to logged in users in the admin or designer groups, I also fail to see the problem. Since these users will already be allowed execute more or less arbitrary php code through other means.

Thanks for the answer.


That's exactly what we understand from it too.
It's a pity those reports popup regularly but we don't have time to reply to every one of them (the 'invalid' ones I mean).

However, if you think we might have missed an important vulnerability it's ok to ask about it of course.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: CVE-2018-10086
PostPosted: Wed Jul 11, 2018 3:48 pm 
Offline
New Member
New Member

Joined: Fri Nov 10, 2017 10:25 am
Posts: 6
The different CVEs read rather nicely:
https://github.com/itodaro/cve/blob/master/README.md

You should at least consider adding the suggested fixes.
They are probably not really severe, but it would round up the upcoming version 2.3 just nicely :D


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting