Hi There have been two more CVEs[0][1] issued for problems with the translation module (translator.php).
CVE-2007-5694: Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491. CVE-2007-5693: Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492. Please keep in mind to include them as a reference into the changelog, if you fix this bug. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5694 [1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5693
signature.asc
Description: This is a digitally signed message part.
