Potential information leakage with active debug mode

A place for security related announcements and discussions - please check this forum frequently!
cmb
Posts: 11717
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Potential information leakage with active debug mode

Postby cmb » Tue Sep 05, 2017 10:17 am

Hi everybody!

If debug mode is enabled, but _XHdebug.txt contains anything else than a single ASCII character, respective error messages are displayed not only in admin mode, thus causing information leakage.

This issue most likely affects all CMSimple_XH versions so far.

So ensure that debug mode is disabled, or that _XHdebug.txt contains only a single ASCII character!

See also https://github.com/cmsimple-xh/cmsimple-xh/issues/293.
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest