Kunena 5.1.8 Released - Security Release (30 Dec 2018)

The Kunena team has announce the arrival of Kunena 5.1.8 [K 5.1.8] which is now available for download as a native Joomla extension for J! 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1. This is a Security release. Fixes 3 XSS security issues.


Please Read This First:

This category is only for reporting defects with K 3.0.

Do not use this category:
  • to ask general questions about how to use K 3.0 or to ask when new versions of Kunena will be released;
  • to ask about other (older) versions of Kunena; or
  • if you have tried to install K 3.0 on J! 1.5; or
  • if you installed K 3.0 on a live, production site and you want your site restored to its previous state; or
  • if this website ( www.kunena.org ) works but works differently to how you expected.

You must include your K 3.0 configuration report; if you do not include your configuration report, your topic may be closed (locked) or deleted without any further warnings from the moderators.

Topics that have been closed (resolved) will be archived and no further discussion on those topics will be allowed.

Question User posting as a different user

3 years 6 months ago #1 by TomasFC
I came across this issue today. I'm still on Kunena 3.0.7 (Joomla 3.4.0)

I have a private Kunena forum, that only approved members get to see the forum and post. We have about 300 active members.

Today, one of a users "Robyn" posted in one of the threads, but it was posted as another user "Julie" who was logged in at the time though had not accessed that thread. Thankfully these are very kind human beings and they let me know right away. "Julie" told me she could edit the post that "Robyn" had just posted and came up in her, "Julie's" name.

In the database I could see that the post was labeled with "Julie's" username and user id, but the IP address corresponded to "Robyn's".

"Robyn" and "Julie" both use an iPad (the devices from hell if you ask me).

The only other strange issues I've had in the past was with this same user "Julie" who was seeing the wrong images (switched icons) throughout the site. After clearing cache it went to normal. At the time I blamed this on the way Apple assigns random strings to the cached images (I may be wrong, but that's what I remember seeing some time ago).

This however is another can of worms, and a potential security risk.

I'm not sure what can be done about it, but I just wanted to report it.

Thank you,

Please Log in or Create an account to join the conversation.

3 years 6 months ago - 3 years 6 months ago #2 by 810
please add kunena report.

PS K3.0.7 isn't supported anymore
Last edit: 3 years 6 months ago by 810.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Time to create page: 0.083 seconds