muscapaul's PHP-Fusion website - News: Exploit in Private Message System reported

October 22 2024 12:16:16

Navigation

· Home
· Articles
· Downloads
· FAQ
· Discussion Forum
· News Categories
· Contact Me
· Search

Demos

· Glossary

Users Online

· Guests Online: 2

· Members Online: 0

· Total Members: 1,892
· Newest Member: skalsted

Last Seen Users

· muscapaul	8 weeks
· Unforgiven	37 weeks
· Wheeler	40 weeks
· batbaru1	45 weeks
· MM	127 weeks
· Zippo	148 weeks
· hyperkolyok	150 weeks
· Wivern	203 weeks
· Sinders	323 weeks
· Froberg	366 weeks

Support sites

Fusion Sites

PHP-Fusion

Exploit in Private Message System reported

Today a exploit was reported in messages.php, the main file responsible for the Private Message System. It is been brought to attention of the developers and they will release a patch as soon as possible.
If you want to be certain that your site will not be affected by this exploit you are advised to remove messages.php from your server until the patch has been released.

The new exploit was confirmed by millw0rm: http://milw0rm.com/exploits/7173.

UPDATE:
We are happy to announce that the exploit in messages.php that was reported earlier today is now fixed. Also updated is search.php to cure a few niggles, but that was nothing serious.

An update for v6 will follow soon.

The SVN and full download package have also been updated.

PHP-Fusion 7.00.2 Update - for 7.00.1 only (11KB).

Donate

Please help to make
muscapaul.com
possible and enable
further improvements!

Forgotten your password?
Request a new one here.

Temporary email addresses

Please note: While activating new accounts I usually check them out. If I notice an account registered with a temporary email address it will be deleted.

Newsletter

Newsletters are for registered members only.

Shoutbox

You must login to post a message.

hyperkolyok

01/12/2021 16:45

Szép napot

batbaru1

13/06/2021 07:01

I found this site again!

muscapaul

21/04/2020 18:32