- Posts: 29
- Thank you received: 4
Kunena 6.3.5 released
The Kunena team has announce the arrival of Kunena 6.3.5 [K 6.3.5] in stable which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x/5.1.x. This version addresses most of the issues that were discovered in K 6.2 / K 6.3 and issues discovered during the last development stages of K 6.3
Note: Please go to the Kunena Dashboard after an upgrade so that the Kunena database tables are also updated.
Question Possible Injection Exploit
This indicates to me a possible vulnerability. I'm on version 1.5.11, I don't see security fixes in 1.5.12 so not sure if this is still an issue for the upgrade.
Note for mods: Please let me know if this is not the right place for vulnerability reporting.
Joomla Extension Templates: extensiontemplates.com
Please Log in or Create an account to join the conversation.
That is not be a vulnerability in kunena or even joomla that would be a linux server vulnerability. Most production web servers use mod_security ( php security module ) that runs a security rule to guard against this: " SecFilter /etc/passwd " there are many more secfilters but i have just highlighted the one you mentioned.
Simple answer:
This is NOT an issue or a vulnerability in kunena/joomla , this is an old PHP server vulnerability that your webserver will already as standard guard against.
Please Log in or Create an account to join the conversation.
(You can try it yourself -- you should end up into the main page, not have white page or error message)
Please Log in or Create an account to join the conversation.
I was tired of my site getting hacked and I purchased the OSE Anti-hacker component. It is detecting the following:
This indicates to me a possible vulnerability. I'm on version 1.5.11, I don't see security fixes in 1.5.12 so not sure if this is still an issue for the upgrade.
Note for mods: Please let me know if this is not the right place for vulnerability reporting.
Just to confirm: What you see might be a hack attempt, but Kunena does not allow anything but integer for itemid. There for all the extra text gets stripped away before we process anything.
This is NOT a Kunena vulnerability.
Thx!
We love stars on the Joomla Extension Directory .
Please Log in or Create an account to join the conversation.
Quick response from 3 head devs. You guys definitely have a watchful eye when it comes to security. Thanks guys
Joomla Extension Templates: extensiontemplates.com
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.