Recent security vulnerabilities (XSS + Session fixation)

Hello, It’s late, but I will try to describe security vulnerabilities I found recently: 1) XSS in BugTrackerYou visit bug tracker, hacker can login on your account. This works only if you – as admin – logs into bug tracker and there is malicious report/code from user. The fix is here: Fix XSS in bugtracker.php …

Read More Recent security vulnerabilities (XSS + Session fixation)

Demo online again

Hello, the demos are working again, there was a small break since yesterday, cause I migrated from Ubuntu 20.04 to 22.04, which includes newer PHP 8.1, which was required to run latest myaac. One change – now you login by email on the Latest News – Forgotten (https://next.my-aac.org), so to login as admin just use:email address: admin@admin.compassword: …

Read More Demo online again

v0.9.0-alpha released

After 3 years again, it’s time to release our latest work – MyAAC v0.9.0. Minimum PHP version for this release is PHP v7.2.5. This time as alpha. Please not use in production server. Download & test & give feedback on what’s working, what’s not, and what’s good about this release. https://github.com/otsoft/myaac/releases/tag/v0.9.0-alpha

Read More v0.9.0-alpha released

Next version preview online

News! You can now preview the new release (0.9) and login as admin to view the new admin panel! Page: Login – MyAAC Next Demo (https://next.my-aac.org/admin) Login: admin, password: admin You can do almost anything. Only plugin upload is disabled and php pages, for security. You cannot also edit the admin account, and you cannot change …

Read More Next version preview online