GMapFP in the Joomla Vulnerable Extensions List

  • webilicious
  • Topic Author
  • Visitor
  • Visitor
7 years 11 months ago #4172 by webilicious
Hi,

Thanks for the free version of GMapFP which I love and have been using for a while on a client website.

I noticed that GMapFP J3.38F has been listed on the Vulnerable Extensions List at vel.joomla.org/live-vel/1829-gmapfp-j3-3...formation-disclosure

I am using version 9.44 on Joomla 2.5. Is this version also affected?

Is there anything I need to do to make the website secure?

Thanks,

Neil.

Please Log in or Create an account to join the conversation.

More
7 years 11 months ago #4173 by gmapfp
Hi,

There are not vulnerability !

The message of the JED is :
A JED team member has sent you the following message
Hello,
your listing has been unpublished due to several issues.
1) VEL listing: https://vel.joomla.org/live-vel/1829-gmapfp-j3-38f-information-disclosure
2) inserting adsense into a form fundtion (admin cpanel)
3) linking to several sites owned by the developr that would appear not to be OSM compliant regarding name use two files affected are form.php and view.html. 
Kind regards,
Luca
The following user(s) said Thank You: webilicious

Please Log in or Create an account to join the conversation.

  • webilicious
  • Topic Author
  • Visitor
  • Visitor
7 years 11 months ago #4175 by webilicious
Replied by webilicious on topic GMapFP in the Joomla Vulnerable Extensions List
Thanks for the clarification.

I'm still not sure why they have listed GMapFP in the VEL if it's not vulnerable!

If there was a genuine vulnerability I would expect more detail in the VEL listing but so far the listing is tagged with "Information Disclosure" and that is all.

Please Log in or Create an account to join the conversation.

  • caeos
  • Visitor
  • Visitor
7 years 11 months ago #4206 by caeos
vel.joomla.org/live-vel/1835-gmapfp-3-39...cross-site-scripting

gmapfp,3.39f,XSS (Cross Site Scripting) Info disclosure, arbitrary fileupload

Please Log in or Create an account to join the conversation.

  • drweb
  • Visitor
  • Visitor
7 years 11 months ago #4207 by drweb

Please Log in or Create an account to join the conversation.

More
7 years 11 months ago #4208 by gmapfp
Hi,

There are a potential vulnerability on the uploading of picture in the submission form and in admin.
I will solve it in the next days.
The following user(s) said Thank You: webilicious

Please Log in or Create an account to join the conversation.

Time to create page: 0.194 seconds
Powered by Kunena Forum
FaLang translation system by Faboba