Dear team, does "Disable editing backend users' properties" protect from the latest J! security issue? I mean, if one could register as "Registered" user, could he still give himself higher privileges (Admin/SuperAdmin)? We have a problem with a certain website of a customer we cannot update, because a custom extension breaks... Any help/info is greatly appreciated! All best, Konstantinos
#26391 Does "Disable editing backend users' properties" protect from the latest J! security issue?
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by deeno on Friday, 04 November 2016 04:50 CDT
Wednesday, 26 October 2016 07:19 CDT
tampe125
Akeeba Staff
Hello,
no, that won't protect you.
You have to update to the latest version of Admin Tools and enable the WAF Blacklist rule that targets com_users component.
no, that won't protect you.
You have to update to the latest version of Admin Tools and enable the WAF Blacklist rule that targets com_users component.
Davide Tampellini
Developer and Support Staff
🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Friday, 04 November 2016 04:50 CDT
deeno
thanks and sorry for the late reply. someone else posted the same question 2 min before me and i got the answer from there quicker