Select Page

Nasty Bug in SecurityImages 5.1.2

Nasty Bug in SecurityImages 5.1.2

software_bugs_dilbert

Thanks to Margus Pala, a security Flaw has been reported and corrected in SecurityImages version 5.1.2 and previous

The flaw is of moderate level, in register forms, spammers are able to register without solving the Captcha!

  • It affect only SecurityImages 5.x for #Joomla! 1.5
  • SecurityImages 6.x for #Joomla! 1.6 is not affected

In order to resolve this issue, you don’t have to install any new version of SecurityImages, you must either

  • Update your blog with the right version of the joomla! patches, the all end with #Joomla_1.5.x-Stable-Full_PackageForSecurityImages5.y.z_v01.03.00

OR

  • Edit the file components\com_user\controller.php and remove the line 274 ($this->register())
if ($useSecurityImagesInRegister && !$this->checkSecurityImagesCaptcha()) {   JError::raiseWarning('', JText::_('SECURITYIMAGES REJECT USER ENTRY'));     $this->register();   return false; }

These patches versions have the flaw

04/12/2008  #Joomla_1.5.1-Stable-Full_PackageForSecurityImages5.0.0.zip
05/01/2008  #Joomla_1.5.2-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
05/01/2008  #Joomla_1.5.3-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
07/10/2008  #Joomla_1.5.4-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
08/03/2008  #Joomla_1.5.5-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
08/03/2008  #Joomla_1.5.6-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
08/19/2008  #Joomla_1.5.6-Stable-Full_PackageForSecurityImages5.1.0_v01.00.00.zip
09/13/2008  #Joomla_1.5.7-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
09/20/2008  #Joomla_1.5.7-Stable-Full_PackageForSecurityImages5.1.0_v01.00.00.zip
11/11/2008  #Joomla_1.5.8-Stable-Full_PackageForSecurityImages5.0.0_v01.00.00.zip
01/19/2009  #Joomla_1.5.8-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip
01/19/2009  #Joomla_1.5.9-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip
03/28/2009  #Joomla_1.5.10-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip
06/03/2009  #Joomla_1.5.11-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip
07/04/2009  #Joomla_1.5.12-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
07/26/2009  #Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
07/26/2009  #Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
09/11/2009  #Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
11/09/2009  #Joomla_1.5.15-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
04/24/2010  #Joomla_1.5.16-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
04/24/2010  #Joomla_1.5.17-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
09/12/2010  #Joomla_1.5.18-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
04/24/2010  #Joomla_1.5.20-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
01/09/2011  #Joomla_1.5.21-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
01/09/2011  #Joomla_1.5.22-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip
01/09/2011  #Joomla_1.5.23-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip

You can download the updated versions in HERE or search the download section, type 1.5.23 for the patches for 1.5.23 for example

About The Author

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.

Categories