phpBB exploits...Anyone have a new rpm?

[tekmage]

EV1 notifed me this morning of a compromised site that was using phpBB. I've managed to change the effected file, but I'd like to do a full upgrade. Does Plesk have a new updated rpm for phpBB to close this exploit down?

it is in forum/viewtopic.php


and is not a root level exploit

in the above file to fix it (though i would recomend upgrading)
replace
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
with:
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));