Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Exploit in Private Message System reported

  1. Home
  2. News
  3. Security
  4. Exploit in Private Message System reported
Exploit in Private Message System reported
Today a exploit was reported in messages.php, the main file responsible for the Private Message System. It is been brought to attention of the developers and they will release a patch as soon as possible.
If you want to be certain that your site will not be affected by this exploit you are advised to remove messages.php from your server until the patch has been released.

Update: 12.53 GMT: This issue also applies to v6 versions of PHPFusion.
It should be noted it will only be when magic_quotes is set to off (applies both to v6 and v7).
Update: 13.10 GMT: According to Digitanium the risk is relatively low.


PLEASE NOTE: The Private Message System has been disabled temporarily on this site, too.

muscapaul November 21 2008 13,136
News Categories
Popular News
PHPFusion 9.0 Beta
PHPFusion 9.0 BetaOctober 03 2014 | Downloads
136393
Tesseract, Progress Report
Tesseract, Progress ReportApril 26 2014 | Development & Design
84850
Welcome Back
Welcome BackMarch 24 2006 | PHPFusion
80514
PHPFusion 9.0 ( Andromeda ) Stable
PHPFusion 9.0 ( Andromeda ) StableApril 27 2017 | PHPFusion
69532
Critical update - v6.00.305
Critical update - v6.00.305March 12 2006 | PHPFusion
67126
PHPFusion v7.02.06
PHPFusion v7.02.06January 27 2013 | Downloads
58865