Urgent fix for security hole in phpNuke 6.5
Date: Sunday, March 23 @ 00:36:38 CET Topic: Security
The fix for what is mentioned in the previous articles as provided by
Francisco Burzi is as follows
Everyone should edit the file modules/News/index.php and search the function
rate_article. You should change the first lines of the functions to close the
security hole.
File: modules/News/index.php
Function: rate_article
It looks like:
if ($score) {
if ($score > 5) { $score = 5; }
if ($score < 1) { $score = 1; }
Should be changed for:
$score = intval($score);
if ($score) {
if ($score > 5) { $score = 5; }
if ($score < 1) { $score = 1; }
if ($score != 1 AND $score != 2 AND $score != 3 AND $score != 4 AND $score != 5)
{
Header("Location: index.php");
die();
}
The code has been updated to reflect the latest patch.
|
|