A bug in the index.php file allows unauthorized access to modules protected with the BSCI Permissions System version 1.0.4 or earlier.
There is a bug in the index.php file included with the BSCIpermissions module. A protected module can be accessed by using the old module calling method. For example:
index.php?name=ModName&file=index
The bug exists for both the Xanthia and pnHTML versions of the module. Anyone using version 1.0.4 or earlier should upgrade immediately to prevent unauthorized access to their modules.
An updated version can be found here.
Sorry for the inconvenience.
Chris Miller
Posted by
r3ap3r
on Friday, January 30, 2004
Comments (0) · 13702 Reads
|
