WillyXJ
commented
8 months ago Thanks for the report!
This is now fixed in fM 4.5.1 and later.
Closed jmrcsnchz closed 8 months ago
jmrcsnchz
commented
8 months ago Hi! Nice work for the very quick fixes. May I ask if you requested CVE for them?
On Wed, 31 Jan 2024, 8:58 am WillyXJ, @.***> wrote:
Thanks for the report!
This is now fixed in fM 4.5.1 http://www.facilemanager.com/download/ and later.
— Reply to this email directly, view it on GitHub https://github.com/WillyXJ/facileManager/issues/599#issuecomment-1918172094, or unsubscribe https://github.com/notifications/unsubscribe-auth/ASPKKYONMKG4FURDGYWN3K3YRGJMTAVCNFSM6AAAAABCBO4JHWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJYGE3TEMBZGQ . You are receiving this because you authored the thread.Message ID: @.***>
WillyXJ
commented
8 months ago Yes, I did request CVEs for each of them. Expectations are to have assignments later this week.
[SECURITY]
Security Issues
Hi, we are a group of security consultants / researchers and we've identified a number of security issues in this project (ranging from SQL injection, XSS, to Account Privilege Escalation). We would like to disclose these vulnerabilities responsibly and we're hoping to get in touch with the repo maintainer. Please don't hesitate to reach out via my email. Thanks!