Unlisted photos are returned while searching on public site (security flaw)

kusikusi Registered Users Posts: 15 Big grins
edited July 17, 2022 in SmugMug Support

I have a bunch of galleries whose visibility is set to "unlisted" and "SmugMug searchable = no". The photos in the folder contain keywords which are found with the public search box on my website. I consider this a serious security flaw. I tested all kind of different combinations (private browser mode, logged out, different browser, different computer), and I always get access to photos which are supposed to be invisible if you don't have the direct link to the photo/folder.
This behavior is not reproducible with every gallery, for some it works as expected. I suspect only older galleries are hit by this security leak, but I cannot confirm this.

Comments

Sign In or Register to comment.