×
Kunena 5.1.5 Released - Security Release (14 Oct 2018)

The Kunena team has announce the arrival of Kunena 5.1.5 [K 5.1.5] which is now available for download as a native Joomla extension for J! 3.8.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1. This is a Security release.

× Topics must relate to a currently supported version of Kunena. If you are unsure what is the current supported version of Kunena, please go to the download page.

If you are having problems then, for your own benefit, it would save us all a lot of time if you would kindly post your configuration report when you ask for help from this forum. If you do not post your configuration report we will not ask you for it but you will probably not get your problem solved, either.

Question Information disclosure when reporting posts.

More
8 months 1 week ago - 8 months 1 week ago #1 by heyai
Aloha,

This is a real fringe scenario, but you should know.

When a user reports a post, e-mails are sent to moderators.
In this case, emails are sent using SMTP.
A moderator has an e-mail address from the same domain as the SMTP domain.
The moderator's e-mail address was deleted from the server but is still set in their user account.

Now, the SMTP server returns an error message about the e-mail not existing, this error is displayed to the user.

So, yeah, there is information disclosure about e no-longer existing e-mail address.

This message contains confidential information

Database collation check: The collation of your table fields are correct

Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Disabled |

This message contains confidential information
htaccess: Exists | PHP environment: Max execution time: 300 seconds | Max execution memory: 256M | Max file upload: 8M

Kunena menu details:

Warning: Spoiler! [ Click to expand ]

Joomla default template details : protostar | author: Kyle Ledbetter | version: 1.0 | creationdate: 4/30/2012

Kunena default template details : Crypsis | author: Kunena Team | version: 5.0.13 | creationdate: 2017-12-31

Kunena template params:

Warning: Spoiler! [ Click to expand ]

Kunena version detailed: Kunena 5.0.13 | 2017-12-31 [ Meerkat ]
| Kunena detailed configuration:

Warning: Spoiler! [ Click to expand ]
| Kunena integration settings:
Warning: Spoiler! [ Click to expand ]
| Joomla! detailed language files installed:
Warning: Spoiler! [ Click to expand ]

Third-party components: CommunityBuilder 2.1.3 | UddeIM 4.0

Third-party SEF components: None

Plugins: Search - Kunena Search 5.0.3 | Content - Kunena Discuss 5.0.3

Modules: Kunena Latest 5.0.3 | Kunena Stats 5.0.3 | Kunena Search 5.0.3

I hope I described this well enough. Let me know if you have questions (or tell me I'm a wacko).
Attachments:
Last edit: 8 months 1 week ago by heyai.

Please Log in or Create an account to join the conversation.

More
8 months 1 week ago #2 by xillibit
Hello,

This kind of error is throw by Joomla! directly, i'am agree with you this kind shouldn't be shown at every user

I don't provide support by PM, because this can be useful for someone else.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Time to create page: 0.220 seconds