1

Resolved

Comment Delete/Approve Security Hole

description

I found a security hole with the delete/approve/approveall functionality of the comment system. See my blog post about it:

comments

jarrettv wrote Jul 10, 2008 at 11:44 PM

jarrettv wrote Jul 11, 2008 at 1:40 AM

Removed details on how to reproduce from blog to be more discrete about it. Please email me for the details.

madskristensen wrote Jul 11, 2008 at 5:14 AM

Fixed in 1.4.0.12