Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2013-006: Information disclosure in Versioned.php

Severity:
Low (?)
Identifier:
SS-2013-006
Versions Affected:
3.0
Versions Fixed:
3.0.6
Release Date:
2013-09-12

Malicious website visitors can inspect older and newer versions of website content without requiring CMS access, through special URL parameters usually reserved for CMS users. This includes unpublished content.

This has been fixed by more specific permission checks in ContentController.php