Welcome the Technical Support section. Help us in assisting you by providing us with a concise and descriptive elaboration of your issues. Be specific and if possible, provide us with a step-by-step instruction in replicating your problem.
M Chabbani, to be honest i tried to follow your steps from description, but it's not very detailed, could you maybe elaborate how we can replicate this issue?
Chris, even after your feedback in other thread to close all modules to registered, this security hole is still present. after clicking on photo
anyone can hack into superuser. This issue is quite serious in JomSocial.
Could you please provide solution on this - or at least provide SQL to remove this empty entry in the DB of the empty photo perhaps?
I really understand this's a important matter, this's why I need some detailed steps to replicate this problem, I tried following those from misc info and sadly I wasn't able to reproduce this problem. Could you maybe provide us with some more details? Screenshots of the problem? Video maybe?
We have tested the process you describe in your first post and if i have accessed my administrator section of the site then not logged off your process to replicate can be achieved, This is due to the browser session remaining open not because of a security hole.
Please do the following to confirm
1. close all your open browsers so that all browser sessions are closed then log into administrator then explicitly log out (don't just close the tab)
2. Follow the process you explained in your first post
3 when you click on the profile link then add /administrator to the URL you will be taken to the administrator login screen
This is a correct process and we are unable to find any security issue
Thanks Paul. Indeed it was a cache issue. We will have to constantly remind ourselves during heavy changes at this stage will clear the cache every time. thanks agin.