The Webuzo Team has released Webuzo 2.1.4
This version of Webuzo fixes a critical bug.
A complete list of changes:
1) Bug Fix : Remote OS command injection due to insufficient input validation. This is fixed now.
2) Bug Fix : Reflected cross-site scripting on File Manager module. This is fixed now.
3) Bug Fix : User enumeration on Webuzo login page. This is fixed now.
Username will not be pre-filled by default on the login page. Users can manage the setting from the Admin Panel.
Note : This bug was present in Webuzo 2.1.3 and lower versions
Note : If you have disabled Auto update (enabled by default) please update your installation to Webuzo 2.1.4