Al Brookbanks Posted December 24, 2005 Share Posted December 24, 2005 (edited) A vulnerability has been discovered which allows the execution of admin/filemanager/upload.php without an administration session present. To fix this either upload the attached file over your existing file. Or follow the instructions below: Open /admin/filemanager/upload.php with a text editor such as notepad. Find line 31:include("../../classes/gd.inc.php"); Directly after this add: include("../includes/auth.inc.php"); if(permission("filemanager","write")==FALSE){ header("Location: ".$GLOBALS['rootRel']."admin/401.php"); exit; }upload.php Edited December 24, 2005 by brooky Link to comment Share on other sites More sharing options...
Recommended Posts