Advisory from Netsparker - Plikli 4.0.0 | General Support | Forum

Avatar

Please consider registering
Guest

Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Register Lost password?
sp_Feed sp_TopicIcon
Advisory from Netsparker - Plikli 4.0.0
Avatar
Daniel
New Member
Members
Forum Posts: 1
Member Since:
June 28, 2018
sp_UserOfflineSmall Offline
1
June 28, 2018 - 12:52 pm
sp_Permalink sp_Print

Hello,

While testing the Netsparker web application security scanner we identified vulnerabilities in Plikli 4.0.0. Can you please advise whom shall we contact to disclose the vulnerability details so it can be fixed?

Looking forward to hearing from you.

Regards,

Daniel

Email: daniel [at] netsparker [dot] com

Avatar
redwine
Admin
Forum Posts: 184
Member Since:
February 21, 2018
sp_UserOfflineSmall Offline
2
June 28, 2018 - 1:54 pm
sp_Permalink sp_Print

Hello Daniel,

I will contact you via your email you provided. Thank you!

Avatar
redwine
Admin
Forum Posts: 184
Member Since:
February 21, 2018
sp_UserOfflineSmall Offline
3
July 5, 2018 - 3:39 pm
sp_Permalink sp_Print

Hello Daniel,

Further to our email conversation, I messaged you again yesterday to ask about the details that were supposed to be sent to me.

Thank you for your prompt attention to this matter!

Avatar
redwine
Admin
Forum Posts: 184
Member Since:
February 21, 2018
sp_UserOfflineSmall Offline
4
July 10, 2018 - 11:05 pm
sp_Permalink sp_Print

To update all users about this topic, Daniel from Netsparker sent me the details and I immediately worked on patching the vulnerabilities. As soon as I finish everything, I will release a new version with all the security fixes as well as few bugs that I solved already here on the forum.

The release should be by the end of the weekend of Monday next week at the most!

Avatar
john
Member
Members
Forum Posts: 40
Member Since:
June 12, 2018
sp_UserOfflineSmall Offline
5
July 11, 2018 - 7:03 am
sp_Permalink sp_Print sp_EditHistory

Hi, will you have an upgrade patch or do we need to install the new version from scratch?

Avatar
redwine
Admin
Forum Posts: 184
Member Since:
February 21, 2018
sp_UserOfflineSmall Offline
6
July 11, 2018 - 11:52 am
sp_Permalink sp_Print

Hi John,

Of course it will be like usual, the CMS will have both Install and upgrade options. The upgrade will update the database tables, while maintaining the data, and the new files will replace the old ones.

Avatar
hicks
Member
Members
Forum Posts: 3
Member Since:
March 14, 2018
sp_UserOfflineSmall Offline
7
July 27, 2018 - 11:25 am
sp_Permalink sp_Print

Kudos to Daniel for the notice, and of course to redwine for working on it ūüôā
Great to see Plikli up to date with security issues.

Avatar
john
Member
Members
Forum Posts: 40
Member Since:
June 12, 2018
sp_UserOfflineSmall Offline
8
July 30, 2018 - 6:57 pm
sp_Permalink sp_Print

Hi redwine. What is the upgrade status?

Avatar
redwine
Admin
Forum Posts: 184
Member Since:
February 21, 2018
sp_UserOfflineSmall Offline
9
July 30, 2018 - 7:03 pm
sp_Permalink sp_Print

Hi John,

I apologize for the delay, I had to take care of some medical issues. The new version will be released for sure on Friday, August 03,2018.

The new version will be available for fresh installation or upgrading from any Pligg 1.2.2 to 2,.0.2 and Kliqqi 3.0.0 to 3.5.2 and Plikli 4.0.0

Avatar
john
Member
Members
Forum Posts: 40
Member Since:
June 12, 2018
sp_UserOfflineSmall Offline
10
July 30, 2018 - 7:09 pm
sp_Permalink sp_Print

Redwine, no apologies necessary. Hope all goes well with your medical issues. I appreciate your hard work and dedication. Thank you!

Avatar
redwine
Admin
Forum Posts: 184
Member Since:
February 21, 2018
sp_UserOfflineSmall Offline
11
July 30, 2018 - 7:12 pm
sp_Permalink sp_Print

I get the biggest reward having great members like you, John! I thank you for your contribution!

Avatar
john
Member
Members
Forum Posts: 40
Member Since:
June 12, 2018
sp_UserOfflineSmall Offline
12
July 30, 2018 - 7:14 pm
sp_Permalink sp_Print sp_EditHistory

Thank you for the kind words Redwine. The feeling is mutual! Smile

Avatar
redwine
Admin
Forum Posts: 184
Member Since:
February 21, 2018
sp_UserOfflineSmall Offline
13
August 3, 2018 - 6:40 pm
sp_Permalink sp_Print

Plikli CMS 4.1.0 is now available for download.

We are grateful to netsparker https://www.netsparker.com/ who brought to our attention two SQL injection and three Cross-site Scripting vulnerabilities! All fixed now and extensive work on sanitizing and filtering input fields has been done.

Forum Timezone: Asia/Beirut

Most Users Ever Online: 8

Currently Online:
2 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

john: 40

Mosage: 25

Martin Gold: 22

Nishant kumar: 21

StaticMove: 13

Hariom Balhara: 9

Zona Info: 8

Mark: 7

ugryzh: 7

Marcus Vinicius: 7

Newest Members:

Sadmir

linkers

Zona Info

Hariom Balhara

Nishant kumar

hari

Ijack

ugryzh

vrack

awoqo

Forum Stats:

Groups: 1

Forums: 8

Topics: 54

Posts: 368

 

Member Stats:

Guest Posters: 0

Members: 32

Moderators: 1

Admins: 1

Administrators: redwine

Moderators: Kshitij Kumar