Hier der text von CPGNUKE.com
CRITICAL SECURITY BULLETIN
Following my original post here regarding the recent phpBB search highlighting exploit, the phpBB Group has become aware that the exploit can be taken advantage of, in a serious way. This clearly contradicts what I said in my original post, but this IS serious folks. We cannot urge you strongly enough to apply the fix below. This fix does NOT pertain to CPG-Nuke 9, it is immune because of our new quote handling system.
Note: If you applied the earlier fix for .htaccess, keep it - it's a good security measure to take.
The Patch
Open up modules/Forums/viewtopic.php
Find on line ~514:
PHP:
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
Replace with:
PHP:
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
Note: If you see a <?php in the above code snippets, ignore it - it's a bug that we are trying to trace.
If you prefer to upload a patched copy of the file, you will find it below...
Please do take this seriousely, this is a critical issue. Spread the word to as many people as you possibly can that are using CPG-Nuke!
As always, thank you for your continued support of CPG-Nuke.
External Links
www.phpbb.com/p...p?t=240513
www.phpbb.com/p...p?t=240636