Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

newsPHP v216 patch

From: Dariusz 'Officerrr' Kolasinski <officerrr () poligon com pl>
Date: Sun, 4 Jan 2004 22:13:49 +0100
This small patch will fix the
'newsPHP arbitary file inclusion & bad login validation'
bug published on 1st sepember 2003.

===+++===+++===+++
Product: newsPHP
Version: <= v216
Vendor: http://www.nphp.net
Bug discover by: Officerrr <officerrr () poligon com pl>
Vendor Response: no patch released since 1st September
===+++===+++===+++

Patch:
===+++===+++===+++
diff -ruN nphp/nfunc.php nphp.ofi/nfunc.php
--- nphp/nfunc.php      2003-01-08 16:40:00.000000000 +0100
+++ nphp.ofi/nfunc.php  2004-01-04 21:47:08.000000000 +0100
@@ -292,6 +292,7 @@
   function LoadSettings(&$config, &$users)
   {
     global $nphp_files, $nphp_common;
+    unset($users,$config);
     $raw_config = file($nphp_files["config"]);
         
     $id=0;
===+++===+++===+++


-- 
Pozdrawiam,
Dariusz 'Officerrr' Kolasinski
<Linux Administrator> <gg: 516354>
"Living on a razors edge, Balancing on a ledge"
Previous By Date Next
Previous By Thread Next

Current thread: