ATTENTION - PHP-Nuke Security Hole
Date: Friday, December 16 @ 12:41:33 CET Topic: Security
Today I have found a big security hole in PHP-Nuke which can easily allow a hacker complete control of almost any PHP-Nuke website.
This is a critical security flaw!
I strongly advise at this time that ALL PHP-NUKE WEBSITES SHOULD DISABLE OFFSITE AVATARS!
That is currently the easiest and fastest protection.
If you currently have this feature enabled your website is at serious risk!
I will not go into detail about how an exploit is possible at this time.
Admin Note: I've expanded on this fix and I am testing it currently here. Thanxs Prophet! - Evaders99
|
|