You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 425 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Downloads and Weblinks Vulnerability patch with Theme select for logos
Bug Fixestelli writes "Recently a sql injection vulnerability has been reported that relates to the Downloads and Web Links modules where an admin account can be created by passing a sql line through the $cid variable, i have patched both modules not only to block this code to be passed through the $cid variable but on all similar variables as well, patch your websites.

Same fix chatserv has written i just updated it for 6.9 and the theme select option to use the Web logo or The Down logo for each theme.
Download here for 6.9

Telli
http://codezwiz.com"
Posted on Thursday, October 09 @ 15:19:53 CEST by [RETIRED]mikem
 
Related Links
· More about Bug Fixes
· News by [RETIRED]mikem
Most read story about Bug Fixes:
Downloads & Web Links vulnerability Patch
Article Rating
Average Score: 5
Votes: 1


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad
Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Downloads and Weblinks Vulnerability patch with Theme select for logos (Score: 1)
by Sheboygan Online on Saturday, October 11 @ 20:29:34 CEST
(User Info | Send a Message) http://www.sheboyganonline.com
Thank you for the patch. my website got hit the other day. he or she made a admin account and then added something to the footer to have media player open and a pop up.
hope this will stop it from happening again.

Re: Downloads and Weblinks Vulnerability patch with Theme select for logos (Score: 1)
by Spacebom on Saturday, October 11 @ 10:37:14 CEST
(User Info | Send a Message) http://www.desarrollonuke.org
Hi, from http://www.desarrollonuke.org the fix to this bug had been released this morning in spanish.

Re: Downloads and Weblinks Vulnerability patch with Theme select for logos (Score: 1)
by aUsTiN on Friday, October 10 @ 21:00:32 CEST
(User Info | Send a Message) http://phpbb-tweaks.com
Just So Yall Know, As I Know One Of The People Who Defaced A Dozen Sites In A Night With That Script, He Can Do It From Almost Every Default Module That Comes With Nuke.
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.119 Seconds - 225 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::