Forum

Hiawatha version: 6.16
Operating System: Ubuntu 9.04 Server

Hi,

I am running XOOPS 2.3.3 (a kind of CMS) on Hiawatha 6.16 in VirtualHost. When I enabled PreventCMDi and wanted to login, the XOOPS shows me that I have been logged in but it finally returned me to the login page.

Is it a bug or a feature?

Samiux

The PreventCMDi removes characters that might be dangerous. It looks like XOOPS uses one of such characters in the login cookies. If XOOPS is not vulnerable for command injection, you better remove the PreventCMDi option.