Secunia Security Advisory SA11431 - Journalness versions below 3.0.8 suffer from a vulnerability that can be exploited by invalid users to create and edit posts.
ba21156081726f8ce227d282d958d178e2194e0cd3d7e487a45b91f1267ea004
TITLE:
Journalness Unauthenticated Post Manipulation Vulnerability
SECUNIA ADVISORY ID:
SA11431
VERIFY ADVISORY:
http://secunia.com/advisories/11431/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From remote
SOFTWARE:
Journalness 3.0.x
DESCRIPTION:
A vulnerability has been discovered in Journalness, which reportedly
can be exploited by invalid users to create and edit posts.
No more information is available.
SOLUTION:
Update to version 3.0.8.
https://sourceforge.net/project/showfiles.php?group_id=101583
PROVIDED AND/OR DISCOVERED BY:
Reported by developer.
ORIGINAL ADVISORY:
http://journalness.sourceforge.net/ChangeLog
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------