Security exploit found in .617x versions of e107

CaMer0n by CaMer0n in e107

Unfortunately another hole has been found in the .617x tree of e107.

Unfortunately another hole has been found in the .617x tree of e107. This is a rather severe problem and needs to be taken care of immediately.

A fix is posted on sourceforge: http://prdownloads.sourceforge.net/e107/e107v0.6174.zip?download
A link can also be found on the download page of this site.

Overwrite your existing files with these, please make backup first. This also fixes a small error in .6172 fix, nothing major. You can also just delete your e107_files/resetcore.php if you like. This file is only needed if you have some sort of corruption with your site and need to reset your core database settings.

We appreciate everyone alerting us to this exploit and are commited to fixing any security related problems with this version.

NOTE: As reported on secunia, the last fix barely fixed anything. SweetAs was kind enough to code up a real fix for me today. I've tested it and should be MUCH better, thanks SweetAs.

The download links have been updated. Everybody must update again, sorry for the inconvenience.





This news item is from e107 Bootstrap CMS Open Source
https://mail.static.e107.org/blog/761.html