Private Message system open to exploits
Posted by Falk on 08/15/2005

---

I have been alerted to some sql injection exploits in PHPFusion's private message system. The problem is that certain variables are not sanitised (don't blame me I didn't create it!). I've fixed it now, so it's all nicely secure now. The full package has been updated to include the fix. Existing users can grab the messages patch from the downloads area.