After upgradintg from 6.4.4 to 6.5 I encounter a security problem with one user. This user was a long time ago moderator and member of a cvlosed forum. He have the propper right in the access group. Under 6.4.4 Mod status was revoked and membership from this grop was killed.
Today I get a message told me that this user ist still able to get to this forum and post in it !
I check out the group and the user is NOT in the access group. He is normal user without any mod power. Ido check every setting from the controlpanel for this user, save all settings again, he can still enter (try on myself with overlogging).
I have to delete the group to solve this and create a new one.
Is there any way to find out other users with 'ghostrights' to groups to prevent this ? Some manual selects from database ?
This do today some trouble on my board. the user read something that he never should see <img src="https://www.ubbcentral.com/boards/images/graemlins/frown.gif" alt="" />