Jump to content

3.0.0 - 3.0.6 Vulnerability Fix


Al Brookbanks

Recommended Posts

A vulnerability has been discovered which allows the execution of admin/filemanager/upload.php without an administration session present.

To fix this either upload the attached file over your existing file. Or follow the instructions below:

Open /admin/filemanager/upload.php with a text editor such as notepad.

Find line 31:

include("../../classes/gd.inc.php");




Directly after this add:
include("../includes/auth.inc.php");

if(permission("filemanager","write")==FALSE){

	header("Location: ".$GLOBALS['rootRel']."admin/401.php");

	exit;

}

upload.php

Edited by brooky
Link to comment
Share on other sites

×
×
  • Create New...