Server side request forgery - Joomla! Forum - community, help and support

-

we in process of inheriting site foundation joomla. part of corporate required (and entirely reasonable) security scan, i'm greeted 500+ server side request forgery findings.

to best of understanding these inherent joomla. :( i've scoured google in time have had available , found little (if any) resolution. relevant information found post on forum 2 years ago: viewtopic.php?t=863344

so questions are:
1) known issue joomla?
2) joomla going fix it? (or have fixed , can't find it?)
3) if no, there common community workaround?

any assistance appreciated
b

without knowing scan throwing fit about, can scanners commonly come false positives because of manner in joomla works.





Comments

Post a Comment

Popular posts from this blog

Joomal 3.6.3 update error - PHP temporary folder is not set - Joomla! Forum - community, help and support

-
hello, my current joomla version 3.6.0/joomla platform 13.1.0 (php version 5.6.18) , when tried update joomla 3.6.3 url, gave me "php temporary folder not set" error. tried update zip file local folder , gave me errors below. error com_installer_msg_install_warninstalluploaderror com_installer_msg_warnings_smalluploadsize please advise me how avoid above errors. if need create temporary folder, go? if need increase max_file_uploads in php.ini file, should value be? my website hosting company not joomla specialist, need know values required joomla work correctly! thanks in anticipation qamar qamar_uddin wrote: hello, gave me "php temporary folder not set" error. viewtopic.php?t=929087#p3415747 Board index Joomla! 3.x - Ask Support Questions Here Migrating and Upgrading to Joomla! 3.x
Read more

Fatal error during instalation - Joomla! Forum - community, help and support

-
Image
hi -- after after loading files of joomla 3.5 program, went site , tried open complete installation. got message: fatal error: require_once(): failed opening required '/homepages/37/d199794875/htdocs/gnustories/libraries/import.legacy.php' (include_path='.:/usr/lib/php5.5') in /homepages/37/d199794875/htdocs/gnustories/includes/framework.php on line 15 ran fpa program. hope way make available here. http://gnustories.org/fpa-en.php winku your domain name seems not working - not showing fpa report php page holding page generated isp (1 & 1) the easier way generate report fpa script , copy reply of thread (that intended way done). suggest review instructions on generating report makes format suitable forum. Board index Joomla! 3.x - Ask Support Questions Here Installation Joomla! 3.x
Read more

Upgrade 3.4.8 to 3.5.1 failed "download package failed" - Joomla! Forum - community, help and support

-
hi guys there numerous threads on issue reading don't give simple solution. i stubborn guy , stick method suggested. hence placed stable3.5.1update-package.zip in local site /tmp file. pc connected web joomal 3.4.8 telling there new version. when click "install update", says "download of update package failed." unzip file , placed them in tmp folder, same error. as stated earlier want stick method quick straight forward. there must fix method. appreciate response. jm3.51updatefail.jpg make backup download joomla_3.5.1-stable-update_package.zip , use method b or c of https://docs.joomla.org/j3.x:upgrading_ ... 4.x_to_3.5 Board index Joomla! 3.x - Ask Support Questions Here Migrating and Upgrading to Joomla! 3.x
Read more