muscapaul's PHP-Fusion website - News: Exploit in Private Message System reported

April 04 2025 06:25:16

Navigation

· Home
· Articles
· Downloads
· FAQ
· Discussion Forum
· News Categories
· Contact Me
· Search

Demos

· Glossary

Users Online

· Guests Online: 1

· Members Online: 0

· Total Members: 1,892
· Newest Member: skalsted

Last Seen Users

· jjwichter	8 weeks
· muscapaul	32 weeks
· Unforgiven	61 weeks
· Wheeler	64 weeks
· batbaru1	69 weeks
· MM	150 weeks
· Zippo	172 weeks
· hyperkolyok	174 weeks
· Wivern	227 weeks
· Sinders	346 weeks

Support sites

Fusion Sites

PHP-Fusion

Exploit in Private Message System reported

Today a exploit was reported in messages.php, the main file responsible for the Private Message System. It is been brought to attention of the developers and they will release a patch as soon as possible.
If you want to be certain that your site will not be affected by this exploit you are advised to remove messages.php from your server until the patch has been released.

The new exploit was confirmed by millw0rm: http://milw0rm.com/exploits/7173.

UPDATE:
We are happy to announce that the exploit in messages.php that was reported earlier today is now fixed. Also updated is search.php to cure a few niggles, but that was nothing serious.

An update for v6 will follow soon.

The SVN and full download package have also been updated.

PHP-Fusion 7.00.2 Update - for 7.00.1 only (11KB).

Donate

Please help to make
muscapaul.com
possible and enable
further improvements!

Forgotten your password?
Request a new one here.

Temporary email addresses

Please note: While activating new accounts I usually check them out. If I notice an account registered with a temporary email address it will be deleted.

Newsletter

Newsletters are for registered members only.

Shoutbox

You must login to post a message.

hyperkolyok

01/12/2021 16:45

Szép napot

batbaru1

13/06/2021 07:01

I found this site again!

muscapaul

21/04/2020 18:32