• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

phpBB exploits...Anyone have a new rpm?

T

tekmage

Guest
EV1 notifed me this morning of a compromised site that was using phpBB. I've managed to change the effected file, but I'd like to do a full upgrade. Does Plesk have a new updated rpm for phpBB to close this exploit down?

it is in forum/viewtopic.php


and is not a root level exploit

in the above file to fix it (though i would recomend upgrading)
replace
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
with:
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
 
You must log in or register to reply here.

Similar threads

T
Upgrade Phpbb Now!!! 2.0.15
Replies
1
Views
3K
Outlaw
O
Back
Top