2011-06-01, 03:49:12
2011-06-02, 01:00:26
Quick fix. Edit /admin/inc/plugin_functions.php, line 33:
Change to:
Code:
if (isset($_GET['set'])){
Code:
if (isset($_GET['set']) && substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1)!='index.php'){
2011-06-02, 01:18:31
This is fixed in the latest SVN.
Official fix can be seen here:
http://code.google.com/p/get-simple-cms/...tail?r=487
Mike....
Official fix can be seen here:
http://code.google.com/p/get-simple-cms/...tail?r=487
Mike....
2011-06-02, 23:52:34
n00dles101 Wrote:This is fixed in the latest SVN.
Official fix can be seen here:
http://code.google.com/p/get-simple-cms/...tail?r=487
Mike....
Lots of changes in upload.php since the 3.0 "official" release (I don't run svn on production). What is is minimum security patch that can be done to close this vulnerability?
-Rob A>