[opencms-dev] security hole!!!
Patrick Donker
list at webpagina.nu
Wed Apr 20 17:31:03 CEST 2005
Marek wrote:
> Hi
>
> There is security hole in CMS. Somobody can log as User. If he goes to
> Administration view he cannot vie staticexport module, but if he
> passes url
>
> javascript:document.location.href='/opencms/opencms/system/workplace/action/administration_content_top.html?sender=/system/workplace/administration/staticexport/'
>
> to Internet Explorer he has _access_ to "hidden" module.
>
>
> Regards,
> Marek
It might be if one would know a userid to login with, which would be a
serious issue to begin with...
-Patrick
More information about the opencms-dev
mailing list