phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0015372phplist applicationAuthentication Systempublic30-11-09 20:4519-04-10 19:53
Reporteradrian15 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product VersionFutureDevelopments 
Target VersionFixed in Version2.10.12 
Summary0015372: An admin can delete other admins lists without being the owner
DescriptionIf one admin have access to list page he can write an url like this:
http://domain.com/lists/admin/?page=list&delete=4 [^]

Even if list with id=4 is not a property of the admin it gets deleted!
Additional InformationI think this bug should be checked in 2.10.10 and solved also there because it is a very important bug in my opinnion.
TagsNo tags attached.
Attached Filespatch file icon svn_r1703_post_initial_04_patch_list_admin_can_delete_other_admins_lists.patch [^] (1,421 bytes) 30-11-09 20:45 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
related to 0015377resolvedmichiel Editlist: Admin can edit other admins' lists and stole them 

-  Notes
(0050931)
michiel (manager)
19-04-10 19:53

revision 1871


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker