Security advisory: Drop Document plugin
From KnowledgeTree Community
Contents |
Description
A bug in the Drop Documents Plugin may allow unprivileged users administrator access to KnowledgeTree. This issue occurs where the Administrator does not have read/write access to the /DroppedDocuments folder, causing a fatal error that affects the DropDocument Plugin.
Affected Installations
This issue occurs in the following KnowledgeTree versions:
- 3.5.4 Commercial Edition
- 3.5.4 Community Edition
- 3.5.3 Community Edition
How to resolve this issue
To resolve this issue, please implement either of the following solutions:
Solution 1:
Disable the DropDocument plugin.
Note: Disabling the plugin disables KnowledgeTree Drop Box and removes this functionality from your system. To continue using this functionality, perform Solution 2 below.
Solution 2:
1) Locate and backup the following file: <KnowledgeTree Directory>/knowledgeTree/plugins/MyDropDocumentsPlugin/MyDropDocumentsPage.php
2) Replace the file with the version available at the following address: http://www.knowledgetree.com/files/MyDropDocumentsPage.zip
Support
Please email any questions regarding this issue to support@knowledgetree.com. Note that the patch for this issue will be included in the next KnowledgeTree release.
del.icio.us
digg
reddit
facebook
stumbleupon
