#1 January 27, 2015 2:11pm

timbuckingham
Administrator
From: Baltimore, MD
Registered: April 2, 2012
Posts: 905

Security Advisory for BigTree 4.1.4 and BigTree 4.0.8 and lower.

A vulnerability exists in the updateUser (and potentially createUser through type inference) that allows a user with Administrator level access to escalate his or her level (or another user's level) to Developer status.

BigTree 4.0.9 and 4.1.5 fix this vulnerability and are recommended for all users of the relevant branches.

Offline

Board footer

Powered by FluxBB

The Discussion Forum is not available on displays of this size.