PHP Security Breach - Important Date: Monday, December 06 @ 14:16:33 CET Topic: Security As per article/recommendation at codezwiz.com I urge all our users to make the following change to viewtopic.php (Forum module) as a matter of urgency. Open viewtopic.php in any text editor. Find the following section of code: // // Was a highlight request part of the URI? // $highlight_match = $highlight = ''; if (isset($HTTP_GET_VARS['highlight'])) { // Split words and phrases $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight'])))); for($i = 0; $i { and replace with: // // Was a highlight request part of the URI? // $highlight_match = $highlight = ''; if (isset($HTTP_GET_VARS['highlight'])) { // Split words and phrases $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight']))); for($i = 0; $i { Note: Please inform as many people as possible about this issue. If you're a hosting provider please inform your customers if possible. Else we advise you implement some level of additional security if you run ensim or have PHP running cgi under suexec, etc. This article comes from NukeCops http://www.nukecops.com The URL for this story is: http://www.nukecops.com/modules.php?name=News&file=article&sid=3209