Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.
Admin Password Reset Malfunction
Recent events has made us aware of a malfunction of the Admin Password Reset page in the Administration Panel of PHP-Fusion v7.02. Given the right conditions this malfunction could enable a hacker to gain access to those accounts which have had their...
May 30 2011Security

News in Security

Update on weekends downtime

Update on weekends downtime

This is just to let the community at large know about why the site was down over the weekend. From our preliminary investigations, there appears to be an issue with the admin reset facility. Our Dev team are currently verifying the problem and are working...
May 29 2011 Security
PHP-Fusion v6.01.19 upgrade for v6.01.18

PHP-Fusion v6.01.19 upgrade for v6.01.18

We have just been informed about a very serious MySQL injections in the latest version of PHP-Fusion v6, PHP-Fusion v7 is perfectly safe and this injection do not harm any sites running PHP-Fusion v7 only those still using PHP-Fusion v6. The new package...
November 28 2009 Security
New spambot attack on PHP-Fusion v6 sites

New spambot attack on PHP-Fusion v6 sites

During the last week is has become clear that there is a new wave of spambots registering on PHP-Fusion v6 sites. Especially sites that do not have member activation by administrators enabled may suffer from severe spamming in comments for news, photo's,...
January 13 2009 Security
PHP-Fusion v7.00.05 upgrade for v7.00.4

PHP-Fusion v7.00.05 upgrade for v7.00.4

It's with pleasure that we announce the present upgrade package for PHP-Fusion v7. This package includes two minor vulnerabilities and a whole bunch of bug fixes and smaller improvements. Most bug fixes were already available through the SVN and, indeed,...
January 13 2009 Security
Security update for PHP-Fusion 7.00.3 and 6.01.17

Security update for PHP-Fusion 7.00.3 and 6.01.17

Another XSS vulnerability in messages.php has been reported and fixed. PHP-Fusion 7.00.4 Update - for 7.00.3 only (7Kb). PHP-Fusion 6.01.18 Update - for 6.01.17 only (6Kb). The full download pacakages on SourceForge have also been updated. Thanks...
December 30 2008 Security
Security update for PHP-Fusion 7.00.2 & 6.01.16

Security update for PHP-Fusion 7.00.2 & 6.01.16

An exploit in submit.php was reported just before our recent downtime. It only affects servers with magic quotes disabled so risk is minimal. As always we have prepared an update which addresses the issue. The SVN and full download package have also been...
December 29 2008 Security
Themes Site - Offline | Update: Online

Themes Site - Offline | Update: Online

Due to detected malicious hacking attempts directed at the themes site it will remain offline until further investigation can be completed. We thank you for your patience while we investigate! To calm everyone, this is not a PHP-Fusion flaw but the remains...
November 25 2008 Security
PHP-Fusion v6.01.16 - as promised...

PHP-Fusion v6.01.16 - as promised...

For those of you who did not update to v7 yet, a SQL Injection vulnerability patch is available for v6.01.15. As usual - if you are running an earlier version of 6.01, you need to apply the previous updates before utilizing this patch. However, please...
November 22 2008 Security
Security update for PHP-Fusion 7.00.1

Security update for PHP-Fusion 7.00.1

We are happy to announce that the exploit in messages.php that was reported earlier today is now fixed. Also updated is search.php to cure a few niggles, but that was nothing serious. An update for v6 will follow soon. The SVN and full download...
November 21 2008 Security
Exploit in Private Message System reported

Exploit in Private Message System reported

Today a exploit was reported in messages.php, the main file responsible for the Private Message System. It is been brought to attention of the developers and they will release a patch as soon as possible. If you want to be certain that your site will...
November 21 2008 Security
PHP-Fusion v6 - Mod Vulnerability Patch

PHP-Fusion v6 - Mod Vulnerability Patch

The PHP-Fusion version 6 vulnerability was officially linked to an Advanced Search System modification from mFusion developed by Wooya. You can download a patch by PMM at the following link ( http://www.phpfusion-mods.com/ ) or you can download a patch...
November 14 2008 Security
Once more: Update your site a.s.a.p.

Once more: Update your site a.s.a.p.

Please be advised that the person(s) responsible for attacking the PHP-Fusion sites through the search vulnerability is still active, even though a fix is made available. The raw access logs from my own site, even though upgraded to v7.00.1, show five...
November 13 2008 Security
PHP-Fusion v6 Vulnerability Information

PHP-Fusion v6 Vulnerability Information

Hello all, A update on our efforts to find the issue with v6. Why it has taken us awhile to track it down is because the hack is targeted towards search.php as well in v6. However the affected regions in v7 are not in v6 unless you are using the Advanced...
November 13 2008 Security
Critical Security update for PHP-Fusion 7

Critical Security update for PHP-Fusion 7

Ok folks, as you know a security issue was reported yesterday. I and the dev team have been working on the issue and a fix is now available for v7. We have yet to discover v6's flaw at this time but we believe it may be a non core infusion. Anyway,...
November 11 2008 Security