Official Home of the PHPFusion CMS

Messages struck by new exploit
Posted by Falk on 12/31/2005

A union exploit has been discovered in the $show variable in messages.php. This will only work if your server has magic_quotes turned off, so most users are safe. I strongly recommend that you update your messages.php immediately. You can download the file below or view the required changes in the cvs. The sourceforge files have been updated. We take security issues very seriously here at PHPFusion and are committed to releasing fixes as soon as possible.

Download messages.php