×
Kunena 5.2 Beta 1 Released (24 Sep 2020)

The Kunena team is thrilled to announce the first public beta release of Kunena 5.2, a native Joomla extension for Joomla 3.9. This is a development release and should be only be used for testing; this version is not recommended for live websites at this stage.

The purpose of this release is to encourage testing by downloading, installing and identifying any problems or shortcomings that people may discover. K 5.2.0 B1 is stable and we are aware that people will discover defects. We encourage you to use the forum to report defects, as soon as they are discovered, so that the development team can work through the problems before the release of K 5.1 as a stable product. Reporting defects does not mean that the problems can or will be fixed. The Kunena team is looking forward to hearing your feedback on how well we have achieved our design goals.

× Topics must relate to a currently supported version of Kunena. If you are unsure what is the current supported version of Kunena, please go to the download page.

If you are having problems then, for your own benefit, it would save us all a lot of time if you would kindly post your configuration report when you ask for help from this forum. If you do not post your configuration report we will not ask you for it but you will probably not get your problem solved, either.

Question Information disclosure when reporting posts.

More
2 years 7 months ago - 2 years 7 months ago #1 by heyai
Aloha,

This is a real fringe scenario, but you should know.

When a user reports a post, e-mails are sent to moderators.
In this case, emails are sent using SMTP.
A moderator has an e-mail address from the same domain as the SMTP domain.
The moderator's e-mail address was deleted from the server but is still set in their user account.

Now, the SMTP server returns an error message about the e-mail not existing, this error is displayed to the user.

So, yeah, there is information disclosure about e no-longer existing e-mail address.

This message contains confidential information

Database collation check: The collation of your table fields are correct

Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Disabled |

This message contains confidential information
htaccess: Exists | PHP environment: Max execution time: 300 seconds | Max execution memory: 256M | Max file upload: 8M

Kunena menu details:

Warning: Spoiler!

Joomla default template details : protostar | author: Kyle Ledbetter | version: 1.0 | creationdate: 4/30/2012

Kunena default template details : Crypsis | author: Kunena Team | version: 5.0.13 | creationdate: 2017-12-31

Kunena template params:

Warning: Spoiler!

Kunena version detailed: Kunena 5.0.13 | 2017-12-31 [ Meerkat ]
| Kunena detailed configuration:

Warning: Spoiler!
| Kunena integration settings:
Warning: Spoiler!
| Joomla! detailed language files installed:
Warning: Spoiler!

Third-party components: CommunityBuilder 2.1.3 | UddeIM 4.0

Third-party SEF components: None

Plugins: Search - Kunena Search 5.0.3 | Content - Kunena Discuss 5.0.3

Modules: Kunena Latest 5.0.3 | Kunena Stats 5.0.3 | Kunena Search 5.0.3

I hope I described this well enough. Let me know if you have questions (or tell me I'm a wacko).
Attachments:
Last edit: 2 years 7 months ago by heyai.

Please Log in or Create an account to join the conversation.

More
2 years 7 months ago #2 by xillibit
Hello,

This kind of error is throw by Joomla! directly, i'am agree with you this kind shouldn't be shown at every user

I don't provide support by PM, because this can be useful for someone else.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Time to create page: 0.385 seconds