[Vtigercrm-commits] [vtiger development] #2107: Huge security hole
vtiger development
vtiger-tickets at trac.vtiger.com
Fri Jan 11 14:42:03 EST 2008
#2107: Huge security hole
------------------------+---------------------------------------------------
Reporter: pieper | Owner: mangai
Type: defect | Status: reopened
Priority: major | Milestone: 5.0.4
Component: vtigercrm | Version: 5.0.4
Resolution: | Keywords:
------------------------+---------------------------------------------------
Changes (by prasad):
* status: closed => reopened
* resolution: fixed =>
Comment:
Refer: http://secunia.com/advisories/28370/
Comments from secunia.com:
However, it seems like the fix only mitigates the possibility to list
the directory contents, so it's still possible for attackers to download
files by guessing their file names. Thus, we don't consider this to be
an appropriate patch.
--
Ticket URL: <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107#comment:15>
vtiger development <http://trac.vtiger.com/>
vtigerCRM
More information about the vtigercrm-commits
mailing list