Security fix's for MDPro 1.0.76 - 21/11/2006 - MAXdev - MDPro the most easy to use and feature rich GPL CMS

May 10, 2008 | 03:24 AM

Welcome

• Register | Login
• Documentation
• Search
• Get /give help

Don't have an account yet? You can create one, it is free, just click here

as a registered user you have some advantages like free downloads, comments and posting on our forums, depending upon this site's configuration and options.

Set font size:

Small fonts
Default fonts
Big fonts

• • Control Panel - Register - Login • •

Search site | Areafiles | About MDPro | MDPro features | Site map

Current Stable MDPro Lite 1.0821

Welcome

Download MDPro package

Forums

Documentation

MDPro design tutorials

Language Packs

MDChannels

Permissions

MDLite Dev documentation

Developer documentation

MAXdev Community

Latest Comments

Re: New MDPro free t...
hello

emmansoft

Re: MDPro 1.0821 released
My question is why you have not added it to the quick l...

eLGie

Re: MDForum 2.07 released
Just curious, want to be sure - this is still compatibl...

jenming

Support and security : Security fix's for MDPro 1.0.76 - 21/11/2006

Posted by : TiMax - Tuesday, November 21, 2006

The MAXdev team has been notified of a security issue, the problem was found to be due to directory traversal vulnerability in error.php in MDPro 1.076 and earlier allows remote attackers to include and execute arbitrary local files under certain circumstances via the PNSVlang session variable which is included by error.php.

The patch is available from HERE this affects all versions of MDPro released up until this point.

Many thanks go to Larsneo for his help and collaboration

We strongly recommend all users apply this patch to their sites ASAP, all MDPro 1.0.76 packages have been updated to include this fix as from the 21-Nov-06 07:00 GMT

Security fix's for MDPro 1.0.76 - 21/11/2006 | Login/Create an account | 5 Comments

Comments are owned by their poster. We aren't responsible for their content.

Re: Security fix's for MDPro 1.0.76 - 21/11/2006 (Score: 1)
by TiMax (timax@spamhere.com) on Nov 22, 2006 - 11:00 AM
(User information | Send a Message) http://www.maxdev.com)

sorry, there was an small error with this fix, please re-download and re-apply it if you have downloaded it before 21/11/2006 23:45 GMT

Re: Security fix's for MDPro 1.0.76 - 21/11/2006 by Meda on Nov 27, 2006 - 10:59 AM
- Re: Security fix's for MDPro 1.0.76 - 21/11/2006 by TiMax on Nov 28, 2006 - 04:50 AM
  - Re: Security fix's for MDPro 1.0.76 - 21/11/2006 by Meda on Nov 28, 2006 - 01:39 PM
Re: Security fix's for MDPro 1.0.76 - 21/11/2006 by FLTWSWebCzar on July 24, 2007 - 04:05 AM

web design by
PointNet