2006-09-22, 09:53 AM
Found whilst using version 1.2 of Mybb
I found a problem with the "Forum Stats in Profile" plugin that can cause a "security" breach with certain forums.
On my forum we have specific areas only staff can see. eg a "staff room". These were set in the permissions so no one unregistered, registered etc can view them. However. In the profile of an admin he had the most posts in one of the staff areas. I clicked it whilst as a guest and went straight into it and read all the posts!
I have turned it off for now
I found a problem with the "Forum Stats in Profile" plugin that can cause a "security" breach with certain forums.
On my forum we have specific areas only staff can see. eg a "staff room". These were set in the permissions so no one unregistered, registered etc can view them. However. In the profile of an admin he had the most posts in one of the staff areas. I clicked it whilst as a guest and went straight into it and read all the posts!
I have turned it off for now