webERP Forum webERP Discussion Problems / Bugs? v
*** Serious vulnerability

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
*** Serious vulnerability
02-19-2014, 09:12 PM,
#9
Forums Offline
Senior Member
****
 		Posts: 155
Threads: 9
Joined: Jan 2014
RE: Potential vulnerability
Hi Jo,

It needs taking out urgently. As it is, anybodies TB is downloadable by anybody on the same network. If the webERP installation is on the internet then this means anybody on the internet can download your TB.

I would advise anybody who doesn't have an urgent need for this script to delete it from their installations immediately. It was deliberately committed back in November 2009 so all code since then is vulnerable.

I was project admin at the time and I missed it, so I apologise to everyone :-(

Tim
Website Find
Reply


Messages In This Thread
*** Serious vulnerability - by Forums - 02-15-2014, 10:46 PM
RE: Potential vulnerability - by agaluski - 02-18-2014, 12:00 AM
RE: Potential vulnerability - by Forums - 02-18-2014, 12:33 AM
RE: Potential vulnerability - by icedlava - 02-19-2014, 06:00 PM
RE: Potential vulnerability - by phil - 02-19-2014, 06:24 PM
RE: Potential vulnerability - by icedlava - 02-19-2014, 06:30 PM
RE: Potential vulnerability - by Forums - 02-19-2014, 07:28 PM
RE: Potential vulnerability - by icedlava - 02-19-2014, 08:55 PM
RE: Potential vulnerability - by Forums - 02-19-2014, 09:12 PM
RE: Potential vulnerability - by icedlava - 02-19-2014, 10:24 PM
RE: *** Serious vulnerability - by Forums - 02-19-2014, 10:30 PM
RE: *** Serious vulnerability - by icedlava - 02-19-2014, 10:38 PM
RE: *** Serious vulnerability - by Forums - 02-19-2014, 11:22 PM
RE: *** Serious vulnerability - by jo lwebuga - 02-20-2014, 02:35 AM
RE: *** Serious vulnerability - by phil - 02-20-2014, 01:00 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)