Bugtraq mailing list archives
Phorum 5.1.15 security release (fixes "PHORUM 5 arbitrary local inclusion")
From: Maurice Makaay <maurice.makaay () internl net>
Date: Fri, 14 Jul 2006 04:06:56 +0200
Today, Phorum 5.1.15 was released. This version of Phorum addresses a couple of security related issues:
* Some minor input validation issues were fixed. These were incorrectly flagged as SQL injection vulnerabilities by some websites, probably due to automatic vulnerability checking without looking at the underlying code. In fact, these issues resulted at most in SQL syntax errors. Nonetheless, they have of course been fixed. * One XSS issue has been found and fixed. * The register_globals related problem that was sent to bugtraq a short while ago ("PHORUM 5 arbitrary local inclusion") has been fixed. A similar problem like the one in pm.php was identified and fixed in control.php. Additionally, protective code has been added at a low level to prevent this type of problem in the future.We urge all users of Phorum to disable register_globals on their webserver and to upgrade to Phorum 5.1.15. This version of Phorum can be downloaded from our website http://www.phorum.org/
With kind regards, Maurice Makaay Phorum.org developer
Current thread:
- Phorum 5.1.15 security release (fixes "PHORUM 5 arbitrary local inclusion") Maurice Makaay (Jul 14)