[opencms-dev] security hole!!!
Marek
mareknow-pbc at o2.pl
Wed Apr 20 18:10:55 CEST 2005
Even somebody who is User or Projectmanager in a project should not be able
to perform mentioned operations!
Regards,
Marek
----- Original Message -----
From: "Patrick Donker" <list at webpagina.nu>
To: "The OpenCms mailing list" <opencms-dev at opencms.org>
Sent: Wednesday, April 20, 2005 5:31 PM
Subject: Re: [opencms-dev] security hole!!!
> Marek wrote:
>
>> Hi
>> There is security hole in CMS. Somobody can log as User. If he goes to
>> Administration view he cannot vie staticexport module, but if he passes
>> url
>>
>> javascript:document.location.href='/opencms/opencms/system/workplace/action/administration_content_top.html?sender=/system/workplace/administration/staticexport/'
>> to Internet Explorer he has _access_ to "hidden" module.
>> Regards,
>> Marek
>
> It might be if one would know a userid to login with, which would be a
> serious issue to begin with...
> -Patrick
>
>
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
>
More information about the opencms-dev
mailing list