ATTENTION - PHP-Nuke Security Hole
Date: Friday, December 16 @ 12:41:33 CET
Topic: Security


Today I have found a big security hole in PHP-Nuke which can easily allow a hacker complete control of almost any PHP-Nuke website.

This is a critical security flaw!

I strongly advise at this time that ALL PHP-NUKE WEBSITES SHOULD DISABLE OFFSITE AVATARS!

That is currently the easiest and fastest protection.

If you currently have this feature enabled your website is at serious risk!

I will not go into detail about how an exploit is possible at this time.

Admin Note: I've expanded on this fix and I am testing it currently here. Thanxs Prophet! - Evaders99







This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=5015