Security fix's for MDPro 1.0.76 - 21/11/2006 :: Content Management System

MD-Pro Overview
System Requirements
MD Features
Downloads
MaxDev Support

Basic Modules
Add-on Modules

MD News

MDLite RC released ..

Security fix's for MDPro ..

New MAXdev.com theme and ..

Lost Password security f ..

MDLite ..

Security fixes for MDPro ..

Sourceforge CVS opened ..

Security update for MDPr ..

MDLite Release Candidate ..

The GPLdev Association I ..

Security fix's for MDPro 1.0.76 - 21/11/2006

The MAXdev team has been notified of a security issue, the problem was found to be due to directory traversal vulnerability in error.php in MDPro 1.076 and earlier allows remote attackers to include and execute arbitrary local files under certain circumstances via the PNSVlang session variable which is included by error.php. The patch is available from Maxdev Downloads page this affects all versions of MDPro released up until this point.

Many thanks go to Larsneo for his help and collaboration

We strongly recommend all users apply this patch to their sites ASAP, all MDPro 1.0.76 packages have been updated to include this fix as from the 21-Nov-06 07:00 GMT

Posted by : Support