Posted by oadaeh on
Last updated: October 10, 2012 - 13:46
View change notices for this release
Correct some security problems and some potential security problems reported in SA-CONTRIB-2012-154 - Basic webmail - Multiple vulnerabilities:
- Not sufficiently sanitizing data when setting page title.
- Storing login IDs and passwords in plain text in the data column of the users table, possibly including the users' Drupal site login ID and password.
- Not sufficiently sanitizing data displayed from email messages.
- Provideing a path to users who have the 'access basic_webmail' permission, and it allows them access to the all site's users' email addresses.
Official release from tag: