|
Jix Security Update 2010-05-05 |
|
Written by Pete Nurse
|
|
Jix Security Issue: Non Authorised Access to Jix Config Files
All versions of Jix prior to V0.024 have a security issue that requires your immediate attention.
Jix does not automatically delete Jix conguration files from the following directories on your web site:-
- administrator/components/com_jix/export;
- administrator/components/com_jix/import.
These files may then be accessed by non-authorised people.
Jix version V0.024 circumvents this problem by saving Jix config files to a folder with a 10 character name encoded from your Joomla site's secret word (Global Configuration=>Site=>System Settings). |
|
|
|
|