Joomla! version : 3.6.2
PHP version : 5.7
AdsManager version : 3.2
Hello support,
We found out that there is a vulnerability that allowed spammers to send out mails through our site using Adsmanager contact form.
Problem is that even if you configure the form to be available only to logged in user, this is not enforced if you know the direct URL to the contact form - it only removes the option/link in the ads display.
Even non logged in users can gain access to the contact form if they enter the URL directly.
PHP version : 5.7
AdsManager version : 3.2
Hello support,
We found out that there is a vulnerability that allowed spammers to send out mails through our site using Adsmanager contact form.
Problem is that even if you configure the form to be available only to logged in user, this is not enforced if you know the direct URL to the contact form - it only removes the option/link in the ads display.
Even non logged in users can gain access to the contact form if they enter the URL directly.
Custom Fields
- Joomla Version
- 3.6.2
- PHP Version
- 5.7
- Product
- AdsManager
- Product Version
- 3.2