Hi there


I was Today at H2kmatrix.com and i see there is Some thread called vba gallery and i right away go check it was some bug in vba gally that let everyone edit /delete /active the image etc.. and it work Everyone who use vBa gallery just close it for Security reson

You can Read here
[link removed]

Sounds like some missing/incorrect logic to check permissions, i'm sure Tigga will get it sorted straight away.

- Zero Tolerance

It might be better to post this in the hack's thread.

It might be better to post this in the hack's thread.

but this is not hack just security info :nervous:

Yes but all questions/remarks/warnings should go into the support thread/forum for that hack. The author might not read all posts on vb.org.

not really a true exploit as it doesn't cause any problems really, but at the same time it's easily enough fixed with a quick conditional :)

While we appreciate you informing of our members of potential vulnrabilities in software they may be using, it's not wise to post a direct link to how to exploit it. I've removed your link. Please contact the modification author with the information :)

A quick patch can be found here: http://www.vbadvanced.com/forum/showthread.php?t=8661 (post #8)

Shut down your galleries huh? That's a little extreme. Yes, there is a bug with vBa Gallery, but it's not as severe as that post makes it out to be. You cannot validate/delete images that are waiting approval unless you are a moderator/admin, but there is a bug where that is possible with posts that are awaiting moderation. That's obviously still not a good thing and we will be releasing an update shortly to correct the problem (or, as Kevin said, there is a fix posted), but the problem is still not as severe as those posts indicate.

I am going to close this one, I think this has gone about as far as it needs to.