Page 1 of 1

Potential information leakage with active debug mode

Posted: Tue Sep 05, 2017 10:17 am
by cmb
Hi everybody!

If debug mode is enabled, but _XHdebug.txt contains anything else than a single ASCII character, respective error messages are displayed not only in admin mode, thus causing information leakage.

This issue most likely affects all CMSimple_XH versions so far.

So ensure that debug mode is disabled, or that _XHdebug.txt contains only a single ASCII character!

See also https://github.com/cmsimple-xh/cmsimple-xh/issues/293.