Official Home of PHP-Fusion - Discussion Forum: 7.02.04 vulnerability

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

Navigation

Latest Addons

Xbox Leaderboards	5
Cookiebar Panel	70
AD Gallery	151
SyntaxHighlighte...	63
Newsletters v4.03	168
Facebook Like Box	202
Newsletters v4.02	79
Metro	235
Facebook Connect	215
Shoutbox Panel	185
Redactor for PHP...	127
MI Floating Side...	132
Facebook Login/R...	180
Avatar Studio v2.03	215
Relationship Sta...	120

Popular Addons

iTheme2	5907
Arise	5869
User Control v1.23	4680
Event Calendar	4129
Photowidget panel	3921
Radio-Theme red2...	3394
Highslide Gallery	3359
CSS/JavaScript D...	3274
Facebook Connect...	3055
Dynamic Menu	2945
Slideshow Lightb...	2768
L-AMANT	2689
Enigma	2670
2Dark	2624
Black	2618

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site,
or upgrade to a Web browser that does support JavaScript; Firefox, Safari, Opera, Chrome or a version of Internet Explorer newer then version 6.

View Thread

Official Home of PHP-Fusion » PHP-Fusion 7 Support » Security Issues & Announcements

Who is here? 1 guest(s)

7.02.04 vulnerability
coach4all	#1 Posted on 22-02-2012 09:45
Newbie Posts: 1 Joined: 14/11/2011	Since 2 days, 2 of my sites using php-fusion gets modified php files with redirections to offensive sites. Google points to sites like packetstormsecurity.org with "PHP-Fusion version 7.02.04 suffers from a remote SQL injection vulnerability". What is the best way to repair and how to prevent? (or when to expect a security patch/upgrade?)


Christian	#2 Posted on 22-02-2012 12:13
Admin Posts: 131 Joined: 19/09/2005	I will announce the availability of v7.02.05 in a few days Best regards, Christian Damsgaard Jørgensen, PHP-Fusion Lead Developer.


val	#3 Posted on 26-02-2012 16:51
Junior Member Posts: 41 Joined: 11/01/2006	PMM wrote: I will announce the availability of v7.02.05 in a few days now we passed the "few" days period


Pete_Hes	#4 Posted on 29-02-2012 11:39
Newbie Posts: 8 Joined: 29/01/2010	http://packetstor...n7-sql.txt PHP-Fusion version 7.02.04 suffers from a remote SQL injection vulnerability in weblinks.php.


HaYaLeT	#5 Posted on 29-02-2012 12:35
Senior Member Posts: 276 Joined: 31/10/2008	and downloads.php


hen3ry	#6 Posted on 01-03-2012 02:14
Member Posts: 53 Joined: 26/03/2009	Any temporary prevention measures possible, short of shutting down the site?


Daywalker	#7 Posted on 01-03-2012 03:00
Member Posts: 107 Joined: 28/03/2005	well if the sql issues are in downloads and weblinks.php then deleting those files temporarily would work i'd suspect. *"Might and Greed will never outweigh Honor and Loyalty"* Come join us for IRC Support: Here


hen3ry	#8 Posted on 01-03-2012 04:34
Member Posts: 53 Joined: 26/03/2009	Daywalker wrote: well if the sql issues are in downloads and weblinks.php then deleting those files temporarily would work i'd suspect. Ummm, that makes sense, except: I don't mind disabling those functions, but I want to avoid users getting page-not-found errors.


Korcsii	#9 Posted on 14-03-2012 23:06
Member Posts: 132 Joined: 22/01/2006	Honestly, I/we can't find any SQL injection possibilities in these files. You may used some add-ons those were not 100% secure. Senior Developer (v7.02) php-fusion.co.hu


tixel	#10 Posted on 22-08-2012 02:14
Newbie Posts: 2 Joined: 04/08/2012	connecting to prosperent.com; added add-ons on php-fusion v7.02.05, ads panel v1.02 by fangree productions and classifieds v4.08 by stars heaven. please help remove the sql injections?


PolarFox	#11 Posted on 22-08-2012 12:43
Admin Posts: 1503 Joined: 26/08/2008	please help remove the sql injections? do you have any? why do you think so? Do not pm me, ask here \| English part of my addons :: PHP-Fusion - all versions \| how to insert your code in the panel \| How to fix infusion


tixel	#12 Posted on 23-08-2012 13:59
Newbie Posts: 2 Joined: 04/08/2012	its okay now, i reuploaded and reinfused all of my add ons.

Jump to Forum:

Similar Threads

Thread	Forum	Replies	Last Post
Vulnerability in viewpage.php	Security Issues & Announcements	5	26-02-2013 17:29
Important: MySQL Vulnerability - NOT PHP-FUSION	Security Issues & Announcements	3	29-06-2012 16:09
Hacked! Due to a PHP-Fusion 6 vulnerability?	Official Core Support	7	30-03-2009 08:58

Official Home of PHP-Fusion uses cookies. Some may already have been set. Read more about our Cookies here.
Please click the button I Consent Cookies to hide this bar and accept our cookies. If you continue to use the site with no action taken, we'll assume that you consent our cookies anyway.

Arise Theme by Domi 2011	106,337,807 unique visits
	Powered by PHP-Fusion copyright © 2002 - 2013 by Nick Jones. Released as free software without warranties under GNU Affero GPL v3.

National Support Network

General

Information

Extensions

Affiliated Sites

Misc