Cotonti / Open Source PHP Content Management FrameworkContent Management Framework

Forums / Cotonti / Bugs / Reports / Cotonti Security Vulnerability Notification

htbridge
#1 2013-07-17 18:33


Members
Thanked: 1 time

Hello,

High-Tech Bridge Security Research Lab has discovered a security vulnerability in Cotonti version 0.9.13.

Preview available here: https://www.htbridge.com/advisory/HTB23164

Developers can contact us by email advisory (at) htbridge.com for details.

For any questions related to this notification message - please visit our General Information & Disclosure Policy page: https://www.htbridge.com/advisory/disclosure_policy.html

Best regards,

High-Tech Bridge Security Research Lab

Trustmaster
#2 2013-07-17 18:56


Administrators
Thanked: 229 times

Hello,
Thank you very much for reporting the vulnerability. I have just committed the fix for it to our repository on GitHub:
https://github.com/Cotonti/Cotonti/commit/45eec046391afabb676b62b9201da0cd530360b4

This fix will be included in the upcoming 0.9.14 release which we will do our best to release by July 22.
 

May the Source be with you!
tensh
#3 2013-07-18 07:25


Contributors
Thanked: 9 times

Maybe a bit on topic, maybe a bit offtopic:

Interesting read about HTML5 security :)

http://w3af.org/understanding-html5-security