[Koha-bugs] [Bug 4517] New: serials routing list member reordering can be done without staff authentication
bugzilla-daemon at kohaorg.ec2.liblime.com
bugzilla-daemon at kohaorg.ec2.liblime.com
Mon May 17 14:51:03 CEST 2010
http://bugs.koha.org/cgi-bin/bugzilla3/show_bug.cgi?id=4517
Summary: serials routing list member reordering can be done
without staff authentication
Product: Koha
Version: HEAD
Platform: All
URL: serials/reorder_members.pl
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: Serials
AssignedTo: colin.campbell at ptfs-europe.com
ReportedBy: gmcharlt at gmail.com
Estimated Hours: 0.0
Change sponsored?: ---
serials/reorder_members.pl does not do an authentication check, thus allowing
somebody to construct a URL to manipulate the order of members in a serials
routing list without authorization.
--
Configure bugmail: http://bugs.koha.org/cgi-bin/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the Koha-bugs
mailing list