SQL Injection Vulnerability!
Date: Sunday, February 08 @ 14:38:08 CET Topic: Security
Sites are being exposed even as I write this! This is still in 7.0 and 7.1. Check your modules/Reviews/index.php file for the following code. There should be 2 instances.
WHERE id=$id
If you have it, then you MUST modify it to
WHERE id='$id' .
Otherwise your admin passwords can be exposed. They are still encrypted, but depending on how serious someone was to get them, they might! please note that Chatserv's Patches have this fix in them.
An advisory to those using Nuke Cops PHP-Nuke Bundle, this has been fixed in 2003 already.
|
|