I found a rather bad security issue in the administration menu. On my site I have denied access to the system admin module for the group originally called "webmasters". I renamed that group to "moderators" and then made a new group called "webmasters", which has full access to the site. I had to do this to make full use of the phpwiki module.
Anyway, the thing is that although my "moderators" group has no rights to the system admin module, this module can still be accessed by simply typing "http://www.my-url.com/modules/system/admin.php". The module button doesn't pop up however.
Has anyone else experienced this? Can this security issue be solved?
PS: I'm using XOOPS 2.0.5.2
Greets