The XOOPS Core development team is pleased to announce that a patch addressing the vulnerability in the XoopsMediaUploader class has been released and is available in our Downloads Section
It contains three files: /class/uploader.php - the new XoopsMediaUploader class, replacing the existing /class/mimetypes.inc.php - a new file containing mimetypes and their extensions /include/version.php - updates the version to 2.0.9.3
Upgrade Instructions: Upload the files to their respective folders, overwriting existing files.
Special thanks goes out to Pokleyzz for reporting this bug on sourceforge.net, to the Japanese community for reporting it a long time ago and to phppp for helping Skalpa addressing it. Also thank you to everyone testing this patch prior to its release.