A Page Flip Book
[resolved] PageflipBook pageflipbook_language parameter local file inclusion (4 posts)

  1. henrisalo
    Posted 2 years ago #

    I noticed following issue: http://www.securityfocus.com/bid/54368/info

    Is this valid security vulnerability? Have you fixed this in some version already? Is there CVE available for this?


  2. AW360
    Plugin Author

    Posted 2 years ago #

    Hi henrisalo,

    Thanks for your alert. Yes the problem wads solved since last version.

    Hope you enjoy our plugin.

  3. henrisalo
    Posted 2 years ago #

    In the future could you please include changes to changelog (in your http://plugins.svn.wordpress.org/wppageflip/trunk/readme.txt). It would be also nice if you wouldn't remove old changelogs when you release new version. Also there should be CVE <http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures> for communicating about this issue. For example I want to tell users to update to at least version, which fixed this security vulnerability. LFI vulnerability could be used for example to read WordPress installation configuration file.

    If this security vulnerability is indeed still missing CVE I could request one if that is OK for you (e.g. you haven't done so already)? Could you tell me what version of the plugin is patched, thanks?

    I'm just trying to help here :)
    Other reference URL: http://osvdb.org/83667

  4. AW360
    Plugin Author

    Posted 2 years ago #

    Hi Henrisalo,

    Great to read this, I really appreciated constructive ideas like yours.

    Next release will integrate your comments.

    Best !

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • A Page Flip Book
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic