[opencms-dev] security hole!!!
Marek
mareknow-pbc at o2.pl
Wed Apr 20 17:17:38 CEST 2005
Hi
There is security hole in CMS. Somobody can log as User. If he goes to Administration view he cannot vie staticexport module, but if he passes url
javascript:document.location.href='/opencms/opencms/system/workplace/action/administration_content_top.html?sender=/system/workplace/administration/staticexport/'
to Internet Explorer he has _access_ to "hidden" module.
Regards,
Marek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20050420/d8a46617/attachment.htm>
More information about the opencms-dev
mailing list