| Author |
Message |
cbradley
MD user level 5
Joined: July 21, 2005
Posts: 59
Member
|
 Posted:
Oct 09, 2007 - 03:24 AM |
 
|
| Post subject: Should I (can I) upgrade to MDLite? |
I've been running an MDPro-based site for a couple of years now. Currently on 1.0.76, all stable and working fine, does what is needed, mostly very well. I'll be moving to a new server soon, and it would be a good time to upgrade, but MDLite seems to be different enough to make me wonder if the upgrade is viable.
The biggest potential problem is that most of my content is user-created in the old Subjects and Downloads modules, and I use Categories to structure the Subjects content. The documentation and comments in the forum suggest that these modules don't work with post-1.0.76 releases and the substitute module for Subjects doesn't have Categories.
It seems from the upgrade guide that third-party modules will continue to work, but does that mean all of them, and definitely?
Committing to an upgrade is probably out of the question if it means manually rebuilding hundreds of pages of user-created content and thousands of downloads, as well as re-organising the structure of the site (if there are no Categories) 
I'ts hard to be sure if I'm right about all this because I can't find a detailed guide to the differences in functionality, so I'd be really grateful for any advice. |
|
|
|
|
pinggvin
New MD user
Joined: Apr 06, 2004
Posts: 6
bannato
|
| Posted:
Oct 09, 2007 - 11:19 AM |
|
|
I think, yes ASAP
I have four sites running on MDPro 1076. Upgrade on 108х version is not very easy for me, because 108х versions is not localized for my language. But I have upgraded two of them with many manual works, and the main reason for this - 1076 version is not secure yet. There is no patch for 1076, the only solution is upgrading to 108x. Manual rebuilding is not very high price for keeping your site safe. IMHO.
Published: 04-10-2007
Updated: 05-10-2007
Product:
MAXdev: MDPro 1.0.76
Severity: High (7.5)
CVSS vector: (AV:N/AC:L/Au:N/C /I/A)
Potential loss type: Gain other access, Integrity, Confidentiality, Availability
Vulnerability description:
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a"Firefox ID="substring in a Referer HTTP header. |
|
|
|
|
|
|
|
| |
Forum FAQ
Search
Usergroups
Preferences
Options forum
Watched Topics
Latest forum posts
Log in to check your private messages
Log in
