View Issue Details

This bug affects 1 person(s).
IDProjectCategoryView StatusLast Update
14827Bug reportsSecuritypublic2021-07-12 15:11
Reporterbewi Assigned ToLouisGac 
Status closedResolutionfixed 
Product Version3.17.x 
Fixed in Version5.x 
Summary14827: admin without rights can access pages

admins with limited rights (non superadmins, no access to config area) are able to access the following directories even though they were not linked anywhere in the application:

The users can access the directories, but they can neither add anything to them, nor edit

TagsNo tags attached.
Bug heat254
Complete LimeSurvey version number (& build)Version 3.17.1+190408
I will donate to the project if issue is resolvedNo
Database type & version*
Server OS (if known)
Webserver software & version (if known)
PHP Version*

Users monitoring this issue

User List There are no users monitoring this issue.




2019-04-30 15:27

developer   ~51702

access directory? I'm not sure to understand. what do you see exactly?



2019-04-30 15:30

developer   ~51703

ok I can reproduce (direct access to the url works, the view is displayed, even if no action on the page is possible)



2021-07-12 15:11

administrator   ~65381

Hello bewi,
I checked this with the latest version and could not reproduce, so this is most likely fixed for good.
Therefore, I am closing this issue. If you still can reproduce the issue using the latest version, please feel free to re-open the issue.
Thank you!


Issue History

Date Modified Username Field Change
2019-04-30 11:33 bewi New Issue
2019-04-30 13:45 c_schmitz Assigned To => LouisGac
2019-04-30 13:45 c_schmitz Status new => assigned
2019-04-30 13:46 c_schmitz Priority none => urgent
2019-04-30 13:46 c_schmitz Reproducibility have not tried => always
2019-04-30 15:27 LouisGac Note Added: 51702
2019-04-30 15:30 LouisGac Note Added: 51703
2020-03-05 14:03 cdorin Priority urgent => normal
2020-03-05 14:03 cdorin Status assigned => confirmed
2021-07-12 15:11 c_schmitz Status confirmed => resolved
2021-07-12 15:11 c_schmitz Resolution open => fixed
2021-07-12 15:11 c_schmitz Fixed in Version => 5.x
2021-07-12 15:11 c_schmitz Status resolved => closed
2021-07-12 15:11 c_schmitz Note Added: 65381