Brandito Posted March 9, 2007 Share Posted March 9, 2007 Hi, I would like to setup a newsletter on my website. Open Newsletter 2.5 seems like a good choice. But I have read about some security issues with it. I was hoping I could get a little help fixing the problem so I don't leave a gap in my websites security. Thanks. References: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6786 http://www.milw0rm.com/exploits/2981 http://www.securityfocus.com/bid/21775 http://secunia.com/advisories/23476 Link to comment https://forums.phpfreaks.com/topic/42056-open-newsletter-help/ Share on other sites More sharing options...
Brandito Posted March 12, 2007 Author Share Posted March 12, 2007 Anyone? The problem is that on settings.php and subscribers.php don't exit when authentication fails... The only protection for these files is this: session_start(); if($_SESSION["valid"] != true) { header("Location: index.php"); } Does anyone know how to fix this? Link to comment https://forums.phpfreaks.com/topic/42056-open-newsletter-help/#findComment-205820 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.