i happened to saw this vulnerability.
http://www.securityfocus.com/bid/23777/info
getting a fix or response from the author will require some time, so i am thinking if there is anyone who know how to fix this?
Watch
GitHub Core
Show your support for Zikula! Sign up at Github account and watch the Core project!
GitHub Modules
Forum Activity
- mazdev responded to »Hide "Register new account" and change template to 3 col« 07:50 AM
- mesteele101 created topic »Zikula 1.3.3 - Site Search 1.5.2 - Unable to turn off plug-ins« 07:48 AM
- internetking created topic »password problem« 25. May
- mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 25. May
- mazdev responded to »Pages 2.5.0 and updating - Page not found« 25. May
- mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 25. May
- mdee created topic »How to implement returnpage ?« 25. May
Zikula Blog
- Anatomy of Open Source Projects on Mar 07
- Continuous Review on Mar 01
- Not Invented Here on Feb 24
- How to Contribute Your Code at Github on Jan 13
- 10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
- Submitting Bug Report Tickets That Get Results on Aug 17
- Cozi Tricks #1: Syntax Highlighting on Aug 07
Login
v4bjournal 0.99
-
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 19
Posted: May 22, 2007 - 03:19 AM
-
- Rank: Team Member
- Registered: Jan 05, 2003
- Last visit: May 28, 2010
- Posts: 775
Posted: May 24, 2007 - 09:00 AM
Hmm, I've just taken a look at the securityfocus announcement and I believe that it refers to an old version of v4bJournal. The reasons for me believing this are as follows:
1) The security announcement refers to v4bJournal version 0.99. The current version is 0.99b (available from http://openstar.postnuke.com/index.php?name=CmodsDownload&file=index&req=viewsdownload&sid=35&orderby=dateD).
2) The security announcement refers to the function journal_comment. This function no longer exists in the newest version as comments are now handled by EZComments.
Given the above, I believe the security announcement targets an old version of v4bJournal. If you're using the new/current version, you should be safe. If you have any information to the contrary, please let me know and I'll fix it ASAP.
Greetings
R -
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 19
Posted: May 26, 2007 - 05:36 PM
oh.. thanks! :)
- Moderated by:
- Support
Users on-line
- 0 users
This list is based on users active over the last 60 minutes.
