Register Plugin: arbitrary code execution vulnerability

A place for security related announcements and discussions - please check this forum frequently!
Post Reply
cmb
Posts: 12893
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Register Plugin: arbitrary code execution vulnerability

Post by cmb » Sun Sep 16, 2012 2:12 pm

Hello Community,

I've found an arbitrary code execution vulnerability in Register, Register_mod_XH and Register_XH.

Recommended solution: upgrade to Register_XH 1.4rc5.

Alternative solution, if upgrading is no option: change the setting of "captcha mode" to "image" or "none".

Christoph
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

Post Reply