-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please be more careful #1
Comments
Hello!
|
I understand that you are learning, but your tool may need fixing. The reference screenshot does not show our software's interface. It is just a blank screen. It is not clear that you have tested anything. If you had contacted us first, we could easily lead you to this mistake. |
|
Before submitting any report, you must verify it as a human and understand what you are doing. The field you have tested does not relay back to the browser, so the assertion is impossible. This report was clearly generated from another CMS: I'm sorry, it is not my job to teach you this. Please stop. |
Of course, because if the error is the same as another CMS, I use it as a template, I am not going to fill out a report from scratch. And yes, when you install the Octobercms software they ask you to fill in the database connection information and user access information during the installation process. I don't make up the information that the Burpsuite tool captures. It can be seen perfectly in the images of my PoC ("Proof of concept") which is its software in the installation process ("Local"). Perfect, I now know that I don't have to invest my time in helping your CMS security. |
Hello
We have taken the time to investigate your report and found it NOT to be a valid vulnerability as it cannot be reproduced.
To repeat: This is not a vulnerability and appears to be an automatically generated / low-effort report.
Additionally:
db_host
field is not replayed to the browser in the installer package in any of the code.Your actions have triggered several false flags on CI/CD pipelines for our customers, preventing them from updating their software securely.
Please be more careful!
The text was updated successfully, but these errors were encountered: