Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.
3rd party infusion exploits
Recently several community users websites have been hacked, from what we can tell this is not due to PHP-Fusion Core exploits but due to infusions/mods that have exploits. Doing a bit of research we have found that the following website has some of them...
October 07 2008Bugs and Errors

News in Bugs and Errors

PHP Fusion - New BugTracker

PHP Fusion - New BugTracker

Digitanium has created a new custom bugtracker for us here at PHP Fusion so we dont need to use a 3rd party application and it integrates fairly nicely with the site. We have added it to this site for those who wish to test and provide feedback on errors...
July 19 2008 Bugs and Errors
Mantis Bug Tracker

Mantis Bug Tracker

Along with the release of the helpdesk system we are proud to announce the release of the Mantis Bug Tracking system. This system will allow users to report bugs, ask for feature requests which can be denied, accepted and allocated to certain version...
April 03 2008 Bugs and Errors
Service release (6.01.9)

Service release (6.01.9)

As we prepare to enter the first alpha phase of version 7, today I am releasing an update for version 6.01. The main emphasis of this update is to close a number of issues. For details of what has been updated click Read more. Although we are busy developing...
March 25 2007 Bugs and Errors
Minor file update

Minor file update

A security team called fixed before hacked.com has recently informed me of a cross site exploit which can allow a malicious user to change a logged in user's profile caused by a hole in the file includes/update_profile_include.php. Don't panic though!...
November 18 2006 Bugs and Errors
Couple of minor fixes

Couple of minor fixes

This morning I received information about an XSS exploit in the shoutbox. A user can plant malicious code via the shout_name field. Knowing my code, I immediatey knew the same trick can be done in comments. Two fixes then which are comments_include.php...
February 05 2006 Bugs and Errors
Critical update - v6.00.303

Critical update - v6.00.303

Following the recent attack on a number of PHP-Fusion sites I have been looking for a possible exploit. Thanks to Jangus, we believe a user has been able to steal the site admins cookie by uploading avatars with malicious filenames. Having checked our...
January 11 2006 Bugs and Errors
Patch to stop iframe insertion

Patch to stop iframe insertion

A patch to stop the insertion of the malicious code in Settings Main is now available for download. All users running version 6.00.301 should update their sites. Alternatively you can view the changes in the cvs and update manually. Existing v6.00.301...
January 07 2006 Bugs and Errors
Messages struck by new exploit

Messages struck by new exploit

A union exploit has been discovered in the $show variable in messages.php. This will only work if your server has magic_quotes turned off, so most users are safe. I strongly recommend that you update your messages.php immediately. You can download the...
December 31 2005 Bugs and Errors
Multiple vulnerabilities in PHP-Fusion 6

Multiple vulnerabilities in PHP-Fusion 6

It's another bug hunt day for PHP-Fusion. I've recently been informed of three exploits, 2 of them major. members.php can be exploited by minipulating the $sortby variable via the url (fixed). There is a potential cross-site exploit in the $_POST['rating']...
December 21 2005 Bugs and Errors
Latest problem with messages.php fixed.

Latest problem with messages.php fixed.

A new concern has been reported in messages.php. This time it's a weakness in the search feature in which the url can be minipulated to create a SQL injection. Again, it's easily fixed and I have released a patch. I've also fixed a minor error in the...
November 28 2005 Bugs and Errors
Minor forum exploits patch

Minor forum exploits patch

A few minor exploits have been identified in the forum files index.php, options.php and viewforum.php. I have fixed the reported problems and have released an update for existing users. The full download has been updated. You can find out what has been...
November 19 2005 Bugs and Errors
PHP-Fusion not MySQL 5 compatible

PHP-Fusion not MySQL 5 compatible

Once in a while a developer gets punished for programming habits. Well it's just happened to me, and the result is PHP-Fusion not being MySQL 5 compatible. Don't panic though, I do know where the problem lies (use of short inserts) and I will be updating...
November 17 2005 Bugs and Errors
Missing file in 204up

Missing file in 204up

A quick note, whilst updating the 204up patch the file db-backup.php was accidently removed from the administration folder. This has been corrected. It does not affect the sourceforge download.
October 23 2005 Bugs and Errors
Even more v6.00.203 Fixes

Even more v6.00.203 Fixes

A few more issues have been discovered in PHP-Fusion v6.00.203. I discovered that Tinymce's language filenames use different suffixes compared to php-mailer's (I use $locale['tinymce'] for both). I've now added $locale['phpmailer'] setting to all locale/global.php...
October 16 2005 Bugs and Errors