More in this section

Forums / Module Builder / Security hole

Security hole

1 posts, 0 answered
  1. Gary
    Gary avatar
    91 posts
    19 Jul 2007
    21 Mar 2013
    Link to this post
    Scenario: Logged in as a user with backend access, but only permission granted is View for a custom module created with the module builder.

    Issue: When viewing the content items, there is a "Content types" link in the sidebar. Clicking this link launches the module builder, and from here I am able to deactivate the module.

1 posts, 0 answered