[Tickets #4112] Upgrade Documetation about.php
bugs@bugs.horde.org
bugs at bugs.horde.org
Tue Jul 4 07:08:42 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=4112
-----------------------------------------------------------------------
Ticket | 4112
Updated By | info at lintecsa.com
Summary | Upgrade Documetation about.php
Queue | Horde Framework Packages
Version | FRAMEWORK_3
State | Feedback
Priority | 3. High
Type | Enhancement
Owners |
-----------------------------------------------------------------------
info at lintecsa.com (2006-07-04 07:08) wrote:
> What are you talking about?
/horde/services/help/about.php
This file is obsolete in horde 3.1.1 - If you do an upgrade from former
versions by just overwriting the directory the file about.php remains and
opens horde to exploits. Version 3.1.1 fixed the remote code execution
vulnerability in the help viewer but if about.php doesn't get deleted the
vulnerability still exists. Therefore I recommend to mention this risk in
docs/UPGRADING or even better: patch about.php to make it unusable.
More information about the bugs
mailing list