|
|
|
FacileForms 1.4.7 Security Release |
|
|
|
Written by Peter Koch
|
|
Wednesday, 27 September 2006 |
 A cross-site scripting vulnerability has been identified and fixed in the FacileForms 1.4.7 Security Release. The vulnerability required either PHP's register globals to be enabled, or the RG_EMULATION setting of Joomla/Mambo to on (1) which is unfortunately the default in current joomla and mambo installations. If both register globals as well as RG_EMULATION are off, the exploit was not possible.
It is advised to upgrade to 1.4.7 ASAP, and for your own safety also turn off register globals and RG_EMULATION. FacileForms 1.4.7 is available now in the Download Section, and there is a patch available for 1.4.6g as well.
Comments
alexwalker
2006-10-11 05:19:31
boesh
2006-10-15 04:21:39
Boldee
2006-10-15 11:05:36
perler
2006-10-26 10:41:59
Newbytes
2006-11-24 06:56:43
mathdeveloper
2007-01-07 10:55:59
seanang
2007-01-14 04:35:20
khawasli
2007-04-12 05:36:53
jmeyer74
2007-04-15 09:10:52
gelbehexe
2007-05-01 12:13:58
fizot
2007-05-02 03:38:48
afomenko
2009-06-06 18:05:15
trentonwilmore
2009-10-17 13:16:25
zancudopilucho
2009-10-23 17:55:10
christmassms
2010-05-08 02:12:20
jameskg
2010-05-13 23:57:29
dellatlas
2010-06-02 23:31:35
christmassms
2010-06-12 17:45:31
christmassms
2010-06-12 17:46:20
christmassms
2010-06-28 14:01:03
basecom
2010-07-06 17:01:08
rick854
2010-08-19 21:08:47
rick854
2010-08-19 21:12:14
adultbluray
2010-08-24 22:54:36
Only registered users can write comments. Please login or register. |
|
|