A theoretical security risk in the JEvent search plugin
Forum rules
Please include as much detail in any test or bug reports for JEvents 1.5 as possible.
First of all, check if you are running the latest available version of Joomla! and JEvents. Posts for issues, where both systems are not updated, will be ignored.
We need the following at least:
* PHP version (e.g. 5.2.5). Note: Support for PHP4 is discontinued.
* Joomla! version
* JEvents version
* Web Server software (Apache or IIS with version number if possible)
* Server Operating system (e.g. Linux, Windows, Solaris, Darwin ...)
* Database version
* memory_limit from your phpinfo
* Web browser and version
Please enable error reporting and include any error messages in your posting. You do this via the Joomla Configuration - set "error reporting" to "maximum" on the Server tab.
Finally, please describe the steps required to recreate the problem and also please enable error reporting and give us any error messages generated.
Please include as much detail in any test or bug reports for JEvents 1.5 as possible.
First of all, check if you are running the latest available version of Joomla! and JEvents. Posts for issues, where both systems are not updated, will be ignored.
We need the following at least:
* PHP version (e.g. 5.2.5). Note: Support for PHP4 is discontinued.
* Joomla! version
* JEvents version
* Web Server software (Apache or IIS with version number if possible)
* Server Operating system (e.g. Linux, Windows, Solaris, Darwin ...)
* Database version
* memory_limit from your phpinfo
* Web browser and version
Please enable error reporting and include any error messages in your posting. You do this via the Joomla Configuration - set "error reporting" to "maximum" on the Server tab.
Finally, please describe the steps required to recreate the problem and also please enable error reporting and give us any error messages generated.
5 posts
• Page 1 of 1
A theoretical security risk in the JEvent search plugin
by Geraint » Mon Jan 18, 2010 5:46 pm
A theoretical security risk has been identified in the search plugin of JEvents 1.5.
This affects all version of the JEvents 1.5 plugin up to and including version 1.5.3.
You should download and install version 1.5.3b of the plugin from http://joomlacode.org/gf/download/frsre ... 1.5.3b.zip as soon as possible.
This version should be compatible with versions 1.5.0-1.5.2 of JEvents as well as versions 1.5.3 and 1.5.4.
This affects all version of the JEvents 1.5 plugin up to and including version 1.5.3.
You should download and install version 1.5.3b of the plugin from http://joomlacode.org/gf/download/frsre ... 1.5.3b.zip as soon as possible.
This version should be compatible with versions 1.5.0-1.5.2 of JEvents as well as versions 1.5.3 and 1.5.4.
JEvents club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits.
Join the JEvents club today!
Join the JEvents club today!
- Geraint
- Posts: 9920
- Joined: Fri Feb 15, 2008 6:14 pm
Re: A theoretical security risk in the JEvent search plugin
by dfirsching » Mon Feb 01, 2010 1:38 pm
You have another page on this site describing this vulnerability that links to something called mod_jevents_switchview_1.5.3.zip. What is the relationship of switchview to the vulnerability? Or maybe that should point to the plg_search_events_1.5.3b.zip also? Thanks for clarifying.
- dfirsching
- Posts: 3
- Joined: Mon Feb 01, 2010 4:03 am
Re: A theoretical security risk in the JEvent search plugin
by Geraint » Mon Feb 01, 2010 2:37 pm
It is the search plugin that should be updated - where did I mention the switch view module (I need to correct that)?
Thanks
Thanks
JEvents club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits.
Join the JEvents club today!
Join the JEvents club today!
- Geraint
- Posts: 9920
- Joined: Fri Feb 15, 2008 6:14 pm
Re: A theoretical security risk in the JEvent search plugin
by skelvin00 » Thu Apr 08, 2010 7:21 am
Hello,
Thanks for the informative post, I really appreciate your download section especially Free Downloads. Get some choice of layouts.
Regards,
Sam Kelvin
Thanks for the informative post, I really appreciate your download section especially Free Downloads. Get some choice of layouts.
Regards,
Sam Kelvin
- skelvin00
- Posts: 1
- Joined: Thu Apr 08, 2010 7:16 am
Re: A theoretical security risk in the JEvent search plugin
by phoenixaz » Tue Jul 13, 2010 2:11 pm
Versions prior to JEvents 1.5.3b are vulnerable.
- phoenixaz
- Posts: 1
- Joined: Tue Jul 13, 2010 9:39 am
5 posts
• Page 1 of 1
Return to JEvents 1.5 (Free Access)
Who is online
Users browsing this forum: arincon, MSN [Bot], Yahoo [Bot] and 3 guests