SECURITY UPDATE: AutoBlocks in AutoTheme
|
Posted by: Shawn on Saturday, January 17, 2004 - 04:30 PM
|
|
For all users of all versions of AutoTheme for PostNuke, MD-Pro and eNvolution.
It appears that the blocks code used for AutoBlocks has a security issue that reveals the configuration page of a block to unauthorized users. This bug exists in PostNuke, MD-Pro and eNvolution.
You can download the patch here. Simply overwrite modules/Blocks/pnadmin.php.
Note: Thanks to Markwest, Larsneo and TiMax for collaborating to find and fix this bug. |