Chlitzxer
commented
4 years ago Hey @CuteNews why aren't you guys responding to this :( ??? I love the system but looks like nobody take care of that anymore and actually your forum is full of spam.
Open exoticpenguin opened 4 years ago
Chlitzxer
commented
4 years ago Hey @CuteNews why aren't you guys responding to this :( ??? I love the system but looks like nobody take care of that anymore and actually your forum is full of spam.
exoticpenguin
commented
4 years ago It seems that this project is no longer under development. The last commit was in 2018 and the developer @CuteNews hasn't posted anything on the forum for ages. Unless you don't need guest users (I don't), better switch to something else :-(
Arek75
commented
4 years ago I just submitted a PR with mitigation patch for this. While not a complete fix, it does make it MUCH harder for an attacker to exploit. The full fix is to stick a .htaccess file in the uploads directory that uses ForceType to disable script execution. You could also use the "engine off" trick, but that only disables PHP, not other languages.
--Arek75
Are there any plans to fix the remote code execution vulnerability in 2.1.2 described in
http://52.42.148.182/cve/CVE-2019-11447/
????