News: Bugs and Errors - Official Home of PHP-Fusion

Sign In

Login ID*

Password*

Stay signed in

Not a member yet? Click here to register.

Forgot Password?

Navigation

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

3rd party infusion exploits

Bugs and Errors

3rd party infusion exploits

Recently several community users websites have been hacked, from what we can tell this is not due to PHP-Fusion Core exploits but due to infusions/mods that have exploits. Doing a bit of research we have found that the following website has some of them...

Most Recent News

Bugs and Errors

3rd party infusion exploits

Recently several community users websites have been hacked, from what we can tell this is not due to PHP-Fusion Core exploits but due to infusions/mods that have exploits. Doing a bit of research we have found that the following website has some of them...

Bugs and Errors

PHP Fusion - New BugTracker

Digitanium has created a new custom bugtracker for us here at PHP Fusion so we dont need to use a 3rd party application and it integrates fairly nicely with the site. We have added it to this site for those who wish to test and provide feedback on errors...

Bugs and Errors

Mantis Bug Tracker

Along with the release of the helpdesk system we are proud to announce the release of the Mantis Bug Tracking system. This system will allow users to report bugs, ask for feature requests which can be denied, accepted and allocated to certain version...

Bugs and Errors

Service release (6.01.9)

As we prepare to enter the first alpha phase of version 7, today I am releasing an update for version 6.01. The main emphasis of this update is to close a number of issues. For details of what has been updated click Read more. Although we are busy developing...

Bugs and Errors

Minor file update

A security team called fixed before hacked.com has recently informed me of a cross site exploit which can allow a malicious user to change a logged in user's profile caused by a hole in the file includes/update_profile_include.php. Don't panic though!...

Bugs and Errors

Couple of minor fixes

This morning I received information about an XSS exploit in the shoutbox. A user can plant malicious code via the shout_name field. Knowing my code, I immediatey knew the same trick can be done in comments. Two fixes then which are comments_include.php...

Bugs and Errors

Critical update - v6.00.303

Following the recent attack on a number of PHP-Fusion sites I have been looking for a possible exploit. Thanks to Jangus, we believe a user has been able to steal the site admins cookie by uploading avatars with malicious filenames. Having checked our...

Bugs and Errors

Patch to stop iframe insertion

A patch to stop the insertion of the malicious code in Settings Main is now available for download. All users running version 6.00.301 should update their sites. Alternatively you can view the changes in the cvs and update manually. Existing v6.00.301...

Bugs and Errors

Messages struck by new exploit

A union exploit has been discovered in the $show variable in messages.php. This will only work if your server has magic_quotes turned off, so most users are safe. I strongly recommend that you update your messages.php immediately. You can download the...

Bugs and Errors

Multiple vulnerabilities in PHP-Fusion 6

It's another bug hunt day for PHP-Fusion. I've recently been informed of three exploits, 2 of them major. members.php can be exploited by minipulating the $sortby variable via the url (fixed). There is a potential cross-site exploit in the $_POST['rating']...

Bugs and Errors

Latest problem with messages.php fixed.

A new concern has been reported in messages.php. This time it's a weakness in the search feature in which the url can be minipulated to create a SQL injection. Again, it's easily fixed and I have released a patch. I've also fixed a minor error in the...

Bugs and Errors

Minor forum exploits patch

A few minor exploits have been identified in the forum files index.php, options.php and viewforum.php. I have fixed the reported problems and have released an update for existing users. The full download has been updated. You can find out what has been...

Bugs and Errors

PHP-Fusion not MySQL 5 compatible

Once in a while a developer gets punished for programming habits. Well it's just happened to me, and the result is PHP-Fusion not being MySQL 5 compatible. Don't panic though, I do know where the problem lies (use of short inserts) and I will be updating...

Bugs and Errors

Missing file in 204up

A quick note, whilst updating the 204up patch the file db-backup.php was accidently removed from the administration folder. This has been corrected. It does not affect the sourceforge download.

Bugs and Errors

Even more v6.00.203 Fixes

A few more issues have been discovered in PHP-Fusion v6.00.203. I discovered that Tinymce's language filenames use different suffixes compared to php-mailer's (I use $locale['tinymce'] for both). I've now added $locale['phpmailer'] setting to all locale/global.php...