XOOPS
A security vulnerability within the Visitors 2 module has been brought to our attention.
The XOOPS team would ask that anyone using this module, please discontinue it's usage by deactivating it and removing the Vistors 2 module from your system completely. The vulnerability makes it possible for someone without any privileges to execute rouge php code on the host system compromising security. As an example, we were handed a sample of our etc/passwd file.
We apologize for any inconvenience this might cause but we strongly advise discontinuing using this module. Since this is not an official XOOPS module, it has been depreciated for the upcoming XOOPS 2 release.
Thanks,
XOOPS Team
Note: This vulerability is not possible if allow_url_fopen is set to 0 (the default is 1) in the php.ini file.
The XOOPS team would ask that anyone using this module, please discontinue it's usage by deactivating it and removing the Vistors 2 module from your system completely. The vulnerability makes it possible for someone without any privileges to execute rouge php code on the host system compromising security. As an example, we were handed a sample of our etc/passwd file.
We apologize for any inconvenience this might cause but we strongly advise discontinuing using this module. Since this is not an official XOOPS module, it has been depreciated for the upcoming XOOPS 2 release.
Thanks,
XOOPS Team
Note: This vulerability is not possible if allow_url_fopen is set to 0 (the default is 1) in the php.ini file.
|
|
Login
Search
Recent Comments
Who's Online
Donat-O-Meter
| Stats | |
| Goal: | $100.00 |
| Due Date: | Apr 30 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|