Forum

PreventCMDi problem

Samiux
31 August 2009, 09:47


Hiawatha version: 6.16
Operating System: Ubuntu 9.04 Server

Hi,

I am running XOOPS 2.3.3 (a kind of CMS) on Hiawatha 6.16 in VirtualHost. When I enabled PreventCMDi and wanted to login, the XOOPS shows me that I have been logged in but it finally returned me to the login page.

Is it a bug or a feature?

Samiux
Hugo Leisink
31 August 2009, 09:57
The PreventCMDi removes characters that might be dangerous. It looks like XOOPS uses one of such characters in the login cookies. If XOOPS is not vulnerable for command injection, you better remove the PreventCMDi option.
This topic has been closed.