[Vtigercrm-developers] v5.4 documents question
Richard Hills
richard at tw.co.nz
Sun Apr 6 20:50:45 GMT 2014
Hi Joe
Unsure what the cause was, yes security patches were applied.
I have not had a look at this, as all of our clients crm's are behind
multiple authentication levels it is not a huge problem for us right
now. I do however want to spend some time and try to find the cause of
this issue when possible.
Thanks
On 06/04/14 10:08, Joe Bordes wrote:
> Hi Richard,
>
> Did you find anything about this? Does this install have the 5.4
> Security patch applied? There were fixes there for script injection.
> Just curious.
>
> Joe
> TSolucio
>
>
> El 18/03/14 12:27, Richard Hills escribió:
>> Hi guys
>>
>> I have seen a live unmodified 5.4 install which we have running as a
>> test for clients who want to see what vtiger can do end up with an
>> injected script inside of a normal documents structure
>> (/storage/year/month/week/filename.whatever).
>>
>> No entry was made to match this in the crmentity table or elsewhere
>> so it seems some very large security hole.
>>
>> I'm just wondering if anyone can point me to the file which handles
>> these file uploads so I can get hunting for whatever has allowed this
>> to happen.
>>
>> Thank you
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
> _______________________________________________
> http://www.vtiger.com/
--
Richard Hills
TechnologyWise Ltd, Tauranga, NZ
richard at tw.co.nz
www.technologywise.co.nz
ph: +64 (0)7 571 1060
fax: +64 (0)7 571 1061
More information about the vtigercrm-developers
mailing list