The security problem mentionned here occur only if your PHP have register_global set to ON and "remote include" also set to on, "remote include" often causing security risk is well known. The latest version (1.2.2) I released is sufficiently safe. Users of 1.2.1 version can also adopte Onokazu's simple patch.
wjue
Quote:
Jan304 wrote:
I'm suprised of this post by GIJOE. I always tought he was posting on a professional way, but this... Scaring people like hell and advicing to remove in place of fixing it. I hope not for own profit...
Check the post by onokazu:
http://www.xoopscube.jp/modules/news/article.php?storyid=195
You might check the Agenda-X 2.0 beta 2 version, I don't think this version has any security flaw.
http://sourceforge.net/project/showfiles.php?group_id=83736&package_id=99635&release_id=215592
And again, if you goto the post by Onokazu there is a fix listed.