1 (edited by 2014-03-31 16:20:39)

Topic: Security issue with comments v2.0.1

There appears to be a security issue with the comments section of V2.0.1

As I have tried to inform support of this through several channels- and it is a SECURITY ISSUE, to have no response from support is itself an issue.

Since upgrading to V2.0.1 I have had a number of spam or simply plain nonsensical comments added.

See attached images.

After a comment is added, no details other than date are shown in the  Dashboard comments admin section. All other comment data disappears. - see clipboard01.jpg

After comment is deleted, details return to the dashboard comments section:

Captcha is enabled.

Due to this, which I consider a security issue, I have disabled comments except for registered users only.

Script writers please look into this asap.

If this security bug is not addressed I will revert back to V2, which does not have this issue.

Is anyone else experiencing this with comments ?? as I have identical issues on two websites with separate Cutenews installations...

Re: Security issue with comments v2.0.1

Is this fixed already?

Re: Security issue with comments v2.0.1

Dear User!

Could you kindly send us a sample of a news text that leads to that problem. Also, kindly give us the precise number of news you have on the website.

Best regards,
CN Support team

Re: Security issue with comments v2.0.1

Dear User!

Could you kindly send us a sample of a news text that leads to that problem. Also, kindly give us the precise number of news you have on the website.

I don't see the relevance to number of news, but active news varies from 1 to 70 items each month prior to archiving.
The archives probably contain over 500 items.

The spamming comments are inserted from news items called from the archived content.
When such a comment is posted, there is no information in the dashboard other than the date and time - no IP etc etc - and all other comment entries do not show until the offending item has been deleted.

Re: Security issue with comments v2.0.1

This issue is still outstanding in limbo - it is not possible to correctly, efficiently and securely manage the comments section while this issue persists.

Please advise if this matter is being addressed, as it does represent a security issue with the script.


Re: Security issue with comments v2.0.1

I am now advising admin and users of this script of an unaddressed security issue with the comments section of this script which I have reported many times and which remains unresolved..

Today the following entry appeared in my mailbox through the comments notification process

New Comment was added by Pharmf163 on 14 May 2014 at https://app01.kaonavi.jp/apc/

Very nice site!

The site is NOT my site - how can a comment be added to my site that then shows it being added to a different URL.

The comments admin page shows only this:


All users of this script are exposing their website to such issues.

Re: Security issue with comments v2.0.1

Ok,I got it,Thank you!

Re: Security issue with comments v2.0.1

In March I drew attention to a security issue regarding the comments section of this script.

This issue has not been addressed.


Re: Security issue with comments v2.0.1

GE07: EskoArtwork at Graph Expo A Conversation with Mark Vanover <a href="http://printing-in-china.net/box-printing.html">Box Printing</a> <a href="http://printing-in-china.net/box-printing.html">packaging boxes</a> GBC Commercial         Laminating Solutions located drupa with         thermal laminating solutions for commercial, on-demand and wide-format         finishing along and speed top-of-mind. The company put its new GBC 8500HS         Cyclone laminating system and new GBC High-Bonding Strength film on the test by         inviting the Guinness Book of World Records to adjudicate its challenge to         laminate 100 square meters of paper inside of 60 seconds or so. Designed for         single-sided lamination of high-volume print runs, the GBC 8500HS Cyclone runs         at speeds as much as 150 m (500 ft) a minute, which enable it to cut production time by         one-half or even more without having to sacrifice accuracy, control and quality, the corporation         claims. The Cyclone accomplished its goal within over 40 seconds, becoming the         machine to overpower rolling around in its category. Also on display at GBC&rsquo;s stand were the GBC         7580 Voyager, competent at speeds to 200 fpm and said for being ideally suited to your         medium- and high-volume finishing of books covers, folders, brochures and         bags. GBC&rsquo;s 6200s and 5031TS         systems they are both dedicated towards the finishing of narrow-format offset and digital         output. Also for the GBC stand was this company&rsquo;s compact GBC 3052, specialized in         the commercial print finishing market and well-adapted to your handling of smaller digital jobs. According to your company, featuring its         ability to switch stock, size and film rapidly, the GBC 3052 improves         efficiency around the production line, while a sheet-counter enables an individual to         set the equipment to avoid after laminating a pre-set variety of sheets, reducing         waste and increasing productivity. ,Q2 GDP Revised Up, Bigger Rebound from Q1... But What's Ahead? 
In case you&rsquo;re failing to pay attention, the earth is moving online, 2.4 billion folks are online today, this also number grows by 8% yearly, adding another 198 million people online annually. Commerce is moving internet and is predicted to achieve $1.3 trillion in 2013. Customer engagement is moving online. Marketing is moving online. Yet, lower than 50% of U.S. printers have adopted web-to-print as well as in other elements of the earth, the adoption rates are even lower. ,<a href="http://printing-in-china.net/">print solutions</a> <a href="http://printing-in-china.net/Book-Printing.html">Book Printing</a> 
http://www.theselousscouts.com/signgues … _code=true http://kiku-bsd.cc.it-hiroshima.ac.jp/c … mp;con=532 http://cgi.din.or.jp/%7Ejiiya/cgi_bin/s … amp;ar=911 http://kiku-bsd.cc.it-hiroshima.ac.jp/c … ;pid=00906 http://qxwzk.com/forum.php?mod=viewthre … amp;extra= http://kiku-bsd.cc.it-hiroshima.ac.jp/c … ;amp;v=081 http://flowthroughme.com/index.php/articles/item/12- http://kiku-bsd.cc.it-hiroshima.ac.jp/c … amp;ar=499 http://event.mt-beagle.com/bbs/bbs.cgi? … mp;pid=811 http://ggyqzhuan.com/home.php?mod=space&uid=91904

Posts: 9

Pages 1

You must login or register to post a reply

CutePHP Forums → Problem Solving / Help & Support → Security issue with comments v2.0.1