Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Minor file update

  1. Home
  2. News
  3. Bugs and Errors
  4. Minor file update
Minor file update
A security team called fixed before hacked.com has recently informed me of a cross site exploit which can allow a malicious user to change a logged in user's profile caused by a hole in the file includes/update_profile_include.php. Don't panic though! as ever I have created a fix and you are encouraged to update your site. As this is a simple fix and I am rather busy with development I have opted not to release a patch. However, you can download the file from the cvs using the link below. The sourceforge download has been updated to include the fixed line. Thanks to Chislam for the information.

Update: fixed a minor error, sorry for any inconvenience.

Download update_profile_include.php

View updated update_profile_include.php (File version 1.06).

Falk November 18 2006 26,616
News Categories
Popular News
PHPFusion 9.0 Beta
PHPFusion 9.0 BetaOctober 03 2014 | Downloads
136393
Tesseract, Progress Report
Tesseract, Progress ReportApril 26 2014 | Development & Design
84850
Welcome Back
Welcome BackMarch 24 2006 | PHPFusion
80514
PHPFusion 9.0 ( Andromeda ) Stable
PHPFusion 9.0 ( Andromeda ) StableApril 27 2017 | PHPFusion
69532
Critical update - v6.00.305
Critical update - v6.00.305March 12 2006 | PHPFusion
67126
PHPFusion v7.02.06
PHPFusion v7.02.06January 27 2013 | Downloads
58865