Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Security problem with Thankful People

edited September 2011 in Vanilla 2.0 - 2.8
If a "normal" user check Administrator Profile, under "Thanks!" column can read the first word of a post in Admin area...
Tagged:

Comments

  • SS ✭✭
    edited September 2011
    Could you explain term "first word of a post in Admin area"?
  • Hi @S, thanks for your help!
    I have a forum with one category limited to staff only. If a registered user go to staff member profile, and browse the "Thanks" column he can read title and few words of post in one category that they are not allow to read. Example: normal user, browsing admin profile, can read, under "Thanks" label, title and few words of a post in admin restricted area thanked by admin.
  • :( i will turn it off then.
Sign In or Register to comment.