HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Search
-
Security vulnerability in version 2.0.18.8
It appears 2.0.18.8, which I understand is the stable release, has one unpatched published security vulnerability and possibly another one, as documented at: http://www.exploit-db.com/exploits/25720/ To verify, I logged in on my forum as an admin, created a new discussion and saved a draft. I then opened another browser,… -
Re: Security vulnerability in version 2.0.18.8
I tried accessing the drafts of user and it is not possible. Not using http://www.mysite.com/forum/drafts to access someone else's drafts and not with this either, the link to the draft /forum/discussion/1/0#Form_Comment The link to the drafts of other users does not appear to the admin or other users. The way this works…
2 results