Quantcast

Please upgrade to MojoMojo 1.01

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Please upgrade to MojoMojo 1.01

dandv
Administrator
A security issue has been found in MojoMojo versions 1.00 and prior
whereby an attacker can delete pages they should not have permissions
to delete.

Users who have open registration enabled are strongly encouraged to
upgrade to 1.01.

--
Dan Dascalescu
http://wiki.dandascalescu.com

_______________________________________________
Mojomojo mailing list
[hidden email]
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/mojomojo
If God is good, why do 26000 children die each day?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Please upgrade to MojoMojo 1.01

Mateu X Hunter
It's worth noting this only affects sites with open registration.   In that case, a general authenticated user had permissions to delete any page (except root node).  We've now completely restricted the delete a page functionality to 'admin' level users only.


On Thu, May 27, 2010 at 8:11 PM, Dan Dascalescu <[hidden email]> wrote:
A security issue has been found in MojoMojo versions 1.00 and prior
whereby an attacker can delete pages they should not have permissions
to delete.

Users who have open registration enabled are strongly encouraged to
upgrade to 1.01.

--
Dan Dascalescu
http://wiki.dandascalescu.com

_______________________________________________
Mojomojo mailing list
[hidden email]
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/mojomojo


_______________________________________________
Mojomojo mailing list
[hidden email]
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/mojomojo
Loading...