• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

phpBB exploits...Anyone have a new rpm?

T

tekmage

Guest
EV1 notifed me this morning of a compromised site that was using phpBB. I've managed to change the effected file, but I'd like to do a full upgrade. Does Plesk have a new updated rpm for phpBB to close this exploit down?

it is in forum/viewtopic.php


and is not a root level exploit

in the above file to fix it (though i would recomend upgrading)
replace
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
with:
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
 
You must log in or register to reply here.

Similar threads

T
Upgrade Phpbb Now!!! 2.0.15
Replies
1
Views
3K
Outlaw
O
Back
Top