1

Resolved

Comment Delete/Approve Security Hole

description

I found a security hole with the delete/approve/approveall functionality of the comment system. See my blog post about it:

comments

jarrettv wrote Jul 11, 2008 at 12:44 AM

jarrettv wrote Jul 11, 2008 at 2:40 AM

Removed details on how to reproduce from blog to be more discrete about it. Please email me for the details.

madskristensen wrote Jul 11, 2008 at 6:14 AM

Fixed in 1.4.0.12