+- LetoDMS Community Forum (https://community.letodms.com)
+-- Forum: LetoDMS Support (https://community.letodms.com/forumdisplay.php?fid=4)
+--- Forum: Bugs/Errors (https://community.letodms.com/forumdisplay.php?fid=11)
+--- Thread: vulnerability (/showthread.php?tid=15)
vulnerability - llby - 01-28-2010
Hi, I was looking for something else, when I found that :
http://www.viruslist.com/en/advisories/38237
https://www.sec-consult.com/files/20100115-0_mydms_file_inclusion.txt
When is the new version coming up ?
RE: vulnerability - administrator - 01-29-2010
We are short staff right now and at this time we don't have a dedicated team yet for LetoDMS we are working on getting a dedicated team for LetoDMS.
We are working on different Projects like RapidCP, CITECRM and ,we are part of Trilex labs so we are all working on different projects.
Thanks
LetoDMS.
RE: vulnerability - matteo lucarelli - 02-24-2010
(01-29-2010, 05:17 AM)administrator Wrote: We are short staff right now and at this time we don't have a dedicated team yet for LetoDMS we are working on getting a dedicated team for LetoDMS.
We are working on different Projects like RapidCP, CITECRM and ,we are part of Trilex labs so we are all working on different projects.
Thanks
LetoDMS.
Do this means thet the LetoDMS is a obsolete project?
I'm evaluting the use of leto DMS and this vulnerability seems a seriuos bug but not difficoult to resolve. I can work on it if you don't plan to.
RE: vulnerability - administrator - 02-25-2010
Right now we are not planning yet but we are going to add a PHP Developer Lead soon to the project so we can fix bugs
but if you feel like helping us sure go ahead
and if you feel like joining LetoDMS developer team let me know
thanks very much
RE: vulnerability - matteo lucarelli - 02-25-2010
(02-25-2010, 05:00 AM)administrator Wrote: Right now we are not planning yet but we are going to add a PHP Developer Lead soon to the project so we can fix bugs
but if you feel like helping us sure go ahead
and if you feel like joining LetoDMS developer team let me know
thanks very much
No problem about joining the team. I'm yet working on leto dms.
Let me know how.
Here is the patch for the vulnerability of "lang" and "sesstheme" vars.
I've added a "getStyle" and getLanguages control in lines 179, 183, 194,and 198.
Note: the "referuri" var is still TODO.
RE: vulnerability - administrator - 02-26-2010
hey Matteo
thanks for fixing the issue ,
if you have msn please add me so we can chat, thanks
matin47(at)trilexnet.com
thanks
LetoDMS
RE: vulnerability - matteo lucarelli - 02-26-2010
No MSN, I've written you an e-mail.
I'm doing some heavy work on the code. Let me know how to upload the package (it should be a new release)
RE: vulnerability - administrator - 02-27-2010
do you have access to SourceForge?
if you do please provide me your user id so you can upload the SVN on SF thanks very much.
Mat
LetoDMS
RE: vulnerability - matteo lucarelli - 03-01-2010
My Sourceforge id is "accio7"
let me know
RE: vulnerability - administrator - 03-02-2010
hey matteo
i have added you to SF under LetoDMS account .
Thanks
mat