Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?
  1. Home
  2. Discussion Forum
  3. The Chill Out Zone
  4. Announcements & Security Issues
  5. 7.02.04 vulnerability

7.02.04 vulnerability

Asked Modified Viewed 8,560 times
Back to Forum Index Previous Topic Next Topic
Print
C
coach4all
C
  • Newbie, joined since
  • Contributed 1 post on the community forums.
  • Started 1 thread in the forums
  • Started this discussions
asked
Newbie

Since 2 days, 2 of my sites using php-fusion gets modified php files with redirections to offensive sites.

Google points to sites like packetstormsecurity.org with "PHPFusion version 7.02.04 suffers from a remote SQL injection vulnerability".

What is the best way to repair and how to prevent?
(or when to expect a security patch/upgrade?)
0 replies

11 posts

C
Christian
C
Best regards,
Christian Damsgaard Jørgensen.
  • Member, joined since
  • Contributed 125 posts on the community forums.
  • Started 4 threads in the forums
answered
Member

I will announce the availability of v7.02.05 in a few days ;)
0 replies
V
val
V
val 10
  • Junior Member, joined since
  • Contributed 40 posts on the community forums.
  • Started 11 threads in the forums
answered
Junior Member

Quote

PMM wrote:

I will announce the availability of v7.02.05 in a few days ;)


now we passed the "few" days period B) :P
0 replies
P
Pete_Hes
P
  • Junior Member, joined since
  • Contributed 14 posts on the community forums.
  • Started 4 threads in the forums
answered
Junior Member

http://packetstormsecurity.org/files/109410/phpfusion7-sql.txt

PHPFusion version 7.02.04 suffers from a remote SQL injection vulnerability in weblinks.php.
0 replies
H
HaYaLeT
H
  • Senior Member, joined since
  • Contributed 262 posts on the community forums.
  • Started 28 threads in the forums
answered
Senior Member

and downloads.php
0 replies
H
hen3ry
H
hen3ry 10
  • Member, joined since
  • Contributed 53 posts on the community forums.
  • Started 25 threads in the forums
answered
Member

Any temporary prevention measures possible, short of shutting down the site?
0 replies
D
Daywalker
D
"Might and Greed will never outweigh Honor and Loyalty"

Come join us for IRC Support: Here
  • Member, joined since
  • Contributed 152 posts on the community forums.
  • Started 31 threads in the forums
answered
Member

well if the sql issues are in downloads and weblinks.php then deleting those files temporarily would work i'd suspect.
0 replies
H
hen3ry
H
hen3ry 10
  • Member, joined since
  • Contributed 53 posts on the community forums.
  • Started 25 threads in the forums
answered
Member

Quote

Daywalker wrote:

well if the sql issues are in downloads and weblinks.php then deleting those files temporarily would work i'd suspect.


Ummm, that makes sense, except: I don't mind disabling those functions, but I want to avoid users getting page-not-found errors.
0 replies
K
Korcsii
K
Former Senior Developer (v7.02) and Hungarian Translator
  • Member, joined since
  • Contributed 132 posts on the community forums.
  • Started 8 threads in the forums
answered
Member

Honestly, I/we can't find any SQL injection possibilities in these files.

You may used some add-ons those were not 100% secure.
0 replies
— 5 months later —
T
tixel
T
tixel 10
  • Newbie, joined since
  • Contributed 2 posts on the community forums.
answered
Newbie

connecting to prosperent.com; added add-ons on php-fusion v7.02.05, ads panel v1.02 by fangree productions and classifieds v4.08 by stars heaven. please help remove the sql injections?
0 replies
P
PolarFox
P
  • Veteran Member, joined since
  • Contributed 1,633 posts on the community forums.
  • Started 29 threads in the forums
answered
Veteran Member

Quote

please help remove the sql injections?

do you have any?
why do you think so?
0 replies
T
tixel
T
tixel 10
  • Newbie, joined since
  • Contributed 2 posts on the community forums.
answered
Newbie

its okay now, i reuploaded and reinfused all of my add ons.
0 replies

Category Forum

Announcements & Security Issues

Labels

None yet

Statistics

  • Views 0 views
  • Posts 11 posts
  • Votes 0 votes
  • Topic users 10 members

10 participants

D
D
"Might and Greed will never outweigh Honor and Loyalty"

Come join us for IRC Support: Here
  • Member, joined since
  • Contributed 152 posts on the community forums.
  • Started 31 threads in the forums
C
C
Best regards,
Christian Damsgaard Jørgensen.
  • Member, joined since
  • Contributed 125 posts on the community forums.
  • Started 4 threads in the forums
V
V
val 10
  • Junior Member, joined since
  • Contributed 40 posts on the community forums.
  • Started 11 threads in the forums
K
K
Former Senior Developer (v7.02) and Hungarian Translator
  • Member, joined since
  • Contributed 132 posts on the community forums.
  • Started 8 threads in the forums
P
P
  • Veteran Member, joined since
  • Contributed 1,633 posts on the community forums.
  • Started 29 threads in the forums
H
H
  • Senior Member, joined since
  • Contributed 262 posts on the community forums.
  • Started 28 threads in the forums
H
H
hen3ry 10
  • Member, joined since
  • Contributed 53 posts on the community forums.
  • Started 25 threads in the forums
P
P
  • Junior Member, joined since
  • Contributed 14 posts on the community forums.
  • Started 4 threads in the forums
C
C
  • Newbie, joined since
  • Contributed 1 post on the community forums.
  • Started 1 thread in the forums
  • Started this discussions
T
T
tixel 10
  • Newbie, joined since
  • Contributed 2 posts on the community forums.

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet