Feature #23050
Updated by Christian Kuhn almost 10 years ago
Quote from Bernhard Kraft: =================================================== I think this should be seen as a security exploit. As a normal admin should not be able to enter the install tool. If you deactivate installing of extensions via the install tool (AllowLocalInstall) so an admin can not install an extension like quixplorer. And additionally set the "noEdit" flag, then this issue can of course get avoided. But I think operators of a site should be aware of this issue. What do you think? OTRS: 2010021810000014 (issue imported from #M14935)