phpwcms Support Forum

The phpwcms support forum will help to find answers to your questions. The small but strong community is here since more than 10 years.
https://forum.phpwcms.org/

Contact Email for Security Issues

https://forum.phpwcms.org/viewtopic.php?t=24779

Page 1 of 1

Contact Email for Security Issues

Posted: Tue 29. Sep 2015, 16:06
by FooBar001
Hi,

I have found some security issues in phpwcms. I tried to report them to oliver@phpwcms.de and security@phpwcms.de, but these email addresses do not seem to exist (anymore).

I also tried to contact someone via PM, but PMs are disabled for me.

Can you please post an email address where security issues can be reported to?

Thanks!

Re: Contact Email for Security Issues

Posted: Wed 30. Sep 2015, 05:56
by Oliver Georgi
Thanks, I got your report and will try to solve the issues till the vulnerabilities are planned (29th of October) for disclosure.

To explain a bit to others. It has to do with uploads, inline PHP, CSRF. As far I have understood by now you need access to the backend for every of the issues. For sure, these issues should be solved.

If you have found security related issues too that should be fixed before being disclosed you can email me using security@phpwcms.org otherwise use GitHub issues.
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited