Kunena 7.0.6 & Kunena 6.4.12 – Security Updates Released

The Kunena team has announce the arrival of Kunena 7.0.6 [K 7.0.6] in stable which is now available for download as a native Joomla extension for J! 5.4.x/6.0.x. This version addresses most of the issues that were discovered in K 6.2 / K 6.3 / K 6.4 and issues discovered during the last development stages of K 7.0.

The Kunena team is also pleased to announce the twelfth version of Kunena 6.4, a native Joomla extension for Joomla! 5.0, 5.1, 5.2, 5.3, 5.4 and 6.0.

Topics that are moved into this category are generally considered to be closed. Users may want to add additional information but these topics should not be resurrected in order to discuss new problems or unrelated matters.

Question Security problem

ChaosHead
Topic Author
Offline
Senior Member

15 years 3 months ago - 15 years 3 months ago #87554 by ChaosHead

Security problem was created by ChaosHead

Under this link mysite.com/forum/who
Any person can see actions of visitors in any categories of a forum. Including the categories hidden for it.

Please, in upcoming versions block display under this link for visitors. This must see only Site Administrators and Global Moderators.

Last edit: 15 years 3 months ago by ChaosHead.

Please Log in or Create an account to join the conversation.

sozzled
Offline
Banned

15 years 3 months ago #87557 by sozzled

Replied by sozzled on topic Re: Security problem

Can you provide a little more information, please. For example, your K 1.6 configuration report would be helpful.

Can you tell us when this kind of "security problem" occurs and how other people can reproduce those conditions that you have on your forum?

Thanks

Blue Eagle vs. Crypsis reference guide
Read my blog and

Please Log in or Create an account to join the conversation.

ChaosHead
Topic Author
Offline
Senior Member

15 years 3 months ago #87564 by ChaosHead

Replied by ChaosHead on topic Re: Security problem

Our community - a game clan. Our site - archangels.su. All players in a clan are divided into various groups. With various access rights at a forum. Beginners shouldn't know that occurs in a clan management. The clan management discusses important themes in closed from extraneous categories.
The clan has opponents - competing clans. Someone from a competing clan has learned that having typed in an address line of the browser: archangels.su/forum/who. He will get to the closed zone for administrators.
Even from names of posts in a category for a management, it is possible to learn about our plans.

My problem consists in it. I want that a zone for administrators could see only administrators.

p.s. I know that last version - 1.6.3. But I have checked up. Updating doesn't solve this problem. And 1.6.2 in the rest works perfectly well.

This message contains confidential information

Database collation check: The collation of your table fields are correct

Legacy mode: Disabled | Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Enabled |
This message contains confidential information
htaccess: Exists | PHP environment: Max execution time: 20 seconds | Max execution memory: 128M | Max file upload: 64M

This message contains confidential information

Joomla default template details : 3rt_replicant2_j15 | author: RocketTheme, LLC | version: 1.5.7 | creationdate: August 23, 2010

Kunena default template details : Archangels | author: cha0shead | version: 1.6.2 | creationdate: 2011-01-30

Kunena version detailled: Installed version: 1.6.2 | Build: 3894 | Version name: Team | Kunena detailled configuration:

Warning: Spoiler!

[th]Kunena config settings:[/th]
board_title Клан Архангелы в игре Perfect World PvP на сервере Extreme PW

board_offline 0

board_ofset 0

offline_message <h2>Форум закрыт на технические работы.</h2>
<div>В данный момент форум закрыт. </div>

enablerss 0

enablepdf 0

threads_per_page 30

messages_per_page 25

messages_per_page_search 25

showhistory 1

historylimit 15

shownew 1

jmambot 0

disemoticons 0

template archangels

showannouncement 0

avataroncat 1

catimagepath category_images/

showchildcaticon 1

annmodid 62

rtewidth 450

rteheight 300

enableforumjump 0

reportmsg 1

username 1

askemail 0

showemail 0

showuserstats 1

showkarma 1

useredit 1

useredittime 0

useredittimegrace 600

editmarkup 1

allowsubscriptions 0

subscriptionschecked 0

allowfavorites 1

maxsubject 70

maxsig 300

regonly 0

changename 0

pubwrite 0

floodprotection 10

mailmod 0

mailadmin 0

captcha 0

mailfull 0

allowavatar 1

allowavatarupload 1

allowavatargallery 0

avatarquality 95

avatarsize 512

allowimageupload 0

allowimageregupload 0

imageheight 800

imagewidth 800

imagesize 512

allowfileupload 0

allowfileregupload 0

filetypes zip,txt,doc,gz,tgz,bat

filesize 2048

showranking 1

rankimages 1

avatar_src

fb_profile

pm_component

userlist_rows 30

userlist_online 1

userlist_avatar 1

userlist_name 1

userlist_username 1

userlist_posts 1

userlist_karma 1

userlist_email 0

userlist_usertype 1

userlist_joindate 1

userlist_lastvisitdate 1

userlist_userhits 1

latestcategory 0

showstats 1

showwhoisonline 1

showgenstats 1

showpopuserstats 1

popusercount 10

showpopsubjectstats 1

popsubjectcount 10

usernamechange 0

rules_infb 1

rules_cid 372

help_infb 1

help_cid 1

showspoilertag 1

showvideotag 1

showebaytag 0

trimlongurls 0

trimlongurlsfront 40

trimlongurlsback 20

autoembedyoutube 1

autoembedebay 0

ebaylanguagecode en-us

fbsessiontimeout 1800

highlightcode 0

rss_type topic

rss_timelimit week

rss_limit 100

rss_included_categories

rss_excluded_categories

rss_specification rss2.0

rss_allow_html 1

rss_author_format name

rss_author_in_title 1

rss_word_count 0

rss_old_titles 1

rss_cache 900

fbdefaultpage categories

default_sort asc

alphauserpointsnumchars 5

sef 0

sefcats 0

sefutf8 0

showimgforguest 1

showfileforguest 0

pollnboptions 10

pollallowvoteone 1

pollenabled 1

poppollscount 5

showpoppollstats 1

polltimebtvotes 24:00:00

pollnbvotesbyuser 1

pollresultsuserslist 1

maxpersotext 50

ordering_system replyid

post_dateformat ago

post_dateformat_hover datetime

hide_ip 0

js_actstr_integration 0

imagetypes jpg,jpeg,gif,png

checkmimetypes 1

imagemimetypes image/jpeg,image/jpg,image/gif,image/png

imagequality 100

thumbheight 32

thumbwidth 32

hideuserprofileinfo put_empty

integration_access joomla

integration_login joomla

integration_avatar kunena

integration_profile kunena

integration_private uddeim

integration_activity none

boxghostmessage 0

userdeletetmessage 0

latestcategory_in 1

topicicons 1

onlineusers 1

debug 0

catsautosubscribed 0

showbannedreason 1

version_check 1

showthankyou 1

showpopthankyoustats 1

popthankscount 10

mod_see_deleted 0

bbcode_img_secure text

listcat_show_moderators 1

lightbox 0

activity_limit 0

show_list_time 720

show_session_type 0

show_session_starttime 0

userlist_allowed 1

Third-party components: AlphaUserPoints: Disabled or not installed | CommunityBuilder: Disabled or not installed | Jomsocial: Disabled or not installed | UddeIm: Installed (Version : 2.2)

Third-party SEF components: sh404sef: Disabled or not installed | ARTIO JoomSEF: Disabled or not installed | AceSEF: Disabled or not installed

Plugins: System - Mootools12: Disabled | System - Mootools Upgrade: Enabled | JFirePHP: Disabled or not installed | Kunena Discuss: Enabled (Version : 1.6.2) | Kunena Search: Disabled or not installed | My Kunena Forum Menu: Disabled or not installed | My Kunena Forum Posts: Disabled or not installed

Modules: Kunena Latest: Enabled (Version : 1.6.2) | Kunena Stats: Disabled or not installed | Kunena Login: Disabled or not installed

Please Log in or Create an account to join the conversation.

Matias
Offline
Administrator

15 years 3 months ago #87972 by Matias

Replied by Matias on topic Re: Security problem

You can disable whoisonline page by replacing it's template file with empty one..

Please Log in or Create an account to join the conversation.

Time to create page: 0.317 seconds