projectsend icon indicating copy to clipboard operation
projectsend copied to clipboard
verified publisher icon projectsend

Potential security problem with version r1605

Open qtmgit opened this issue 1 year ago • 5 comments

I have the option for "Clients can register themselves" as disabled, however someone managed to do exactly that as shown in the activity log. How can I stop this from happening again? image

qtmgit avatar Dec 10 '24 12:12 qtmgit

Does your database table tbl_options has the parameter „clients_can_register„ different from 0?

raduhazsda avatar Dec 10 '24 13:12 raduhazsda

Does your database table tbl_options has the parameter „clients_can_register„ different from 0?

Apologies for the dumb question, but how can I check this? I don't think I have any tools to connect to the database

**** I've checked this and clients_can_register is set to 0 in the database Also created_by shows as null for this user

qtmgit avatar Dec 10 '24 15:12 qtmgit

If you found that clients_can_register is 0 in the database then the issue maybe lies in the code somewhere. I can't seem to find a cause at this moment.

raduhazsda avatar Dec 12 '24 07:12 raduhazsda

It is probably https://censys.com/cve-2024-11680/

tomkuba avatar Dec 17 '24 16:12 tomkuba

It is probably https://censys.com/cve-2024-11680/

I made the recommended changes to the .htaccess file but it didn't seem to make any difference.

qtmgit avatar Dec 17 '24 16:12 qtmgit