4images Forum & Community
4images Help / Hilfe => Bug Fixes & Patches => Topic started by: kp on September 01, 2022, 11:51:47 PM
-
Found a PHP8 bug in this version.
If I use the function "check for new images" (German: Neue Bilder checken) and there are new images in the chosen category (which I've uploaded upfront via FTP) you will see nothing (because there is a not displayed error).
A fix you can find here: https://www.4homepages.de/forum/index.php?topic=33113.new#new
-
Thanks
-
Thank you.
Hello there. There are 2 security vulnerabilities here, I wonder if the developers can release a patch for it? Thanks in advance, it's urgent.
https://packetstormsecurity.com/files/163818/4images-1.8-SQL-Injection.html
https://packetstormsecurity.com/files/162946/4Images-1.8-Cross-Site-Scripting.html
Versions 1.8 and 1.9 seem to be affected.
-
Hey,
I'm not a responsible person but I kept on eye on your post.
As I can see, the first "bug" is within the Admin area. So nobody could go there and can do something bad. On the other hand it looks for me, that 4images is cleaning all parameters.
So are you really sure that there is a real bug? I can't really find out on the page what the result is with this security tool.
About Cross Site Scripting I had not looked at yet.
Thank you.
Hello there. There are 2 security vulnerabilities here, I wonder if the developers can release a patch for it? Thanks in advance, it's urgent.
https://packetstormsecurity.com/files/163818/4images-1.8-SQL-Injection.html
https://packetstormsecurity.com/files/162946/4Images-1.8-Cross-Site-Scripting.html
Versions 1.8 and 1.9 seem to be affected.
-
Found a new PHP8 bug in this version.
By using the admin-function "Edit images" (German: Bilder bearbeiten) the result is strange when there are no filters set. Sometimes I got 0 images, sometimes 5000 sometimes all of them. This comes from the new handling in misusing a compare of string with an integer.
A fix you can find here: https://www.4homepages.de/forum/index.php?topic=33113.new#new