Post by fajo on Dec 2, 2010 3:29:20 GMT 7
The PHP scripts provided with the Module Mailserver_1.0.10 do not check for proper authorization (admin). Beside this, one of the scripts can be used to perform remote SSH probes.
Users of the Mailserver module should de-install the module until a fixed version is made available. It is not sufficient to just disable the module since the scripts can be called directly.
References:
/Falk
Users of the Mailserver module should de-install the module until a fixed version is made available. It is not sufficient to just disable the module since the scripts can be called directly.
References:
- HAH-887222 @esupport.thecus.com
- BOB-445950 @esupport.thecus-eu.com
/Falk