Downloads & Web Links vulnerability Patch
Date: Thursday, October 09 @ 13:22:50 CEST Topic: Bug Fixes
Recently a sql injection vulnerability has been reported that relates to the Downloads and Web Links modules where an admin account can be created by passing a sql line through the $cid variable, i have patched both modules not only to block this code to be passed through the $cid variable but on all similar variables as well, patch your websites.
Download for PHP-Nuke 6.5-6.9
Download for PHP-Nuke 6.0
To those that already downloaded the patch please download again, another check was added.
|
|