The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once
Warning [2] Undefined array key "" - Line: 1584 - File: inc/functions.php PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/inc/functions.php 1584 errorHandler->error
/inc/functions_post.php 203 usergroup_displaygroup
/showthread.php 1117 build_postbit
Warning [2] Trying to access array offset on value of type null - Line: 1588 - File: inc/functions.php PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/inc/functions.php 1588 errorHandler->error
/inc/functions_post.php 203 usergroup_displaygroup
/showthread.php 1117 build_postbit
Warning [2] Trying to access array offset on value of type null - Line: 1588 - File: inc/functions.php PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/inc/functions.php 1588 errorHandler->error
/inc/functions_post.php 203 usergroup_displaygroup
/showthread.php 1117 build_postbit
Warning [2] Trying to access array offset on value of type null - Line: 1588 - File: inc/functions.php PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/inc/functions.php 1588 errorHandler->error
/inc/functions_post.php 203 usergroup_displaygroup
/showthread.php 1117 build_postbit
Warning [2] Trying to access array offset on value of type null - Line: 1588 - File: inc/functions.php PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/inc/functions.php 1588 errorHandler->error
/inc/functions_post.php 203 usergroup_displaygroup
/showthread.php 1117 build_postbit
Warning [2] Trying to access array offset on value of type null - Line: 1588 - File: inc/functions.php PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/inc/functions.php 1588 errorHandler->error
/inc/functions_post.php 203 usergroup_displaygroup
/showthread.php 1117 build_postbit
Warning [2] Trying to access array offset on value of type null - Line: 1588 - File: inc/functions.php PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/inc/functions.php 1588 errorHandler->error
/inc/functions_post.php 203 usergroup_displaygroup
/showthread.php 1117 build_postbit
Warning [2] Trying to access array offset on value of type null - Line: 1588 - File: inc/functions.php PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/inc/functions.php 1588 errorHandler->error
/inc/functions_post.php 203 usergroup_displaygroup
/showthread.php 1117 build_postbit
Warning [2] Undefined array key "useravatar" - Line: 6 - File: inc/functions_post.php(931) : eval()'d code PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/inc/functions_post.php(931) : eval()'d code 6 errorHandler->error
/inc/functions_post.php 931 eval
/showthread.php 1117 build_postbit
Warning [2] Undefined array key "userstars" - Line: 11 - File: inc/functions_post.php(931) : eval()'d code PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/inc/functions_post.php(931) : eval()'d code 11 errorHandler->error
/inc/functions_post.php 931 eval
/showthread.php 1117 build_postbit





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
4.3.24 Vulnerabilities
#1
Hello

New version release anytime soon for these?

https://packetstormsecurity.com/files/14...um=twitter

https://www.exploit-db.com/exploits/44871/
  Reply
#2
Hi Gok,

We will be working on patching these soon.

Fortunately the first one relies on you providing someone with Administrator access.

Thank you,
Brandin.
  Reply
#3
Regarding the second vulnerability, we're going to fix it, but I'd like to point out a tech note. Because of the way our passwords are stored in the database, even figuring out someone's username, does not make brute forcing someone's password trivial or fast (unless they use a really common stupid one). The whole $2y$12 thing at the beginning of our passwords means that the server needs to do a LOT of work to check a password. It's impossible to speed that up. It doesn't make our sites completely brute force proof, but it takes long enough per guess that it's very brute force resistant. Also, if you change the 12 to 13 on your password hashing it makes it take twice as long and 14 is twice as long as 13.
  Reply
#4
These were resolved with the most recent update.
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)