Major security issue during registration process

  • Resolved tannker

    (@tannker)


    9 years, 3 months ago

    This plugin has a major security issue in registration flow.
    The URL directing to final registration confirmation looks like this:
    /?action=show_confirm_mess&event_id=1&reg_id=120

    It contains reg_id parameter. By manually altering this parameter (for example decrease it), information of other registrations becomes visible.

    https://www.ads-software.com/plugins/event-registration/

Viewing 2 replies - 1 through 2 (of 2 total)

  • Yup, Big TIME! Just tested that as well tannker.

    @avdude PLEASE fix this.

    Plugin Author avdude

    (@avdude)

    Thank you for the input. We have updated the file in the development version to reflect the fix. We are working on a few other patches. If you would like to apply the fix immediately to version 6.01.08, you may download it here and replace it in the public folder of the plugin.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Major security issue during registration process’ is closed to new replies.