I've just tried this on one of my "vulnerable" Mambo installations
and got nothing, but the blank screen. I wonder why this happened?..
Could it be because of displaying php errors turned off as it should be
done in any production environment?
> Solution:
> --------------------
> There is no vendor-supplied patch for this issue at
> this time but we are not advising you to upgrade to
> Joomla because Mambo, version 4.5.3, will be released
> soon ( by the end of November this year).
> 4.5.3 represents the new Teamâ??s first consolidation
> of bug fixes and includes a number of security
> enhancements.
Isn't this "solution" somewhat overcomplicated? If someone wants to
workaround this bug, it's not necessary to upgrade. It would be enough
just to follow basic security principles.
> Demonstration URL :
> --------------------
> http://www.example.com/mambo/index.php?option=com_content&task=section&i
d=1&Itemid=PATH
I've just tried this on one of my "vulnerable" Mambo installations
and got nothing, but the blank screen. I wonder why this happened?..
Could it be because of displaying php errors turned off as it should be
done in any production environment?
> Solution:
> --------------------
> There is no vendor-supplied patch for this issue at
> this time but we are not advising you to upgrade to
> Joomla because Mambo, version 4.5.3, will be released
> soon ( by the end of November this year).
> 4.5.3 represents the new Teamâ??s first consolidation
> of bug fixes and includes a number of security
> enhancements.
Isn't this "solution" somewhat overcomplicated? If someone wants to
workaround this bug, it's not necessary to upgrade. It would be enough
just to follow basic security principles.
--
wbr,
Vasiliy
[ reply ]