Exploit in Private Message System reported
Posted by muscapaul on November 21 2008 07:37:49
Today a exploit was reported in messages.php, the main file responsible for the Private Message System. It is been brought to attention of the developers and they will release a patch as soon as possible.
If you want to be certain that your site will not be affected by this exploit you are advised to remove messages.php from your server until the patch has been released.

The new exploit was confirmed by millw0rm: http://milw0rm.com/exploits/7173.

UPDATE:
We are happy to announce that the exploit in messages.php that was reported earlier today is now fixed. Also updated is search.php to cure a few niggles, but that was nothing serious.

An update for v6 will follow soon.

The SVN and full download package have also been updated.

PHP-Fusion 7.00.2 Update - for 7.00.1 only (11KB).