Dragonfly CMS - German Community

Hier erstmal ein Link da findet Ihr genaueres das CPG ist auch betroffen habe den mist schon geändert auf der cpgnuke.com gibt es ein Update
www.heise.de/newsticke...dung/53499

Hier der text von CPGNUKE.com
CRITICAL SECURITY BULLETIN

Following my original post here regarding the recent phpBB search highlighting exploit, the phpBB Group has become aware that the exploit can be taken advantage of, in a serious way. This clearly contradicts what I said in my original post, but this IS serious folks. We cannot urge you strongly enough to apply the fix below. This fix does NOT pertain to CPG-Nuke 9, it is immune because of our new quote handling system.

Note: If you applied the earlier fix for .htaccess, keep it - it's a good security measure to take.

The Patch

Open up modules/Forums/viewtopic.php

Find on line ~514:
PHP:
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));


Replace with:
PHP:
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));


Note: If you see a <?php in the above code snippets, ignore it - it's a bug that we are trying to trace.

If you prefer to upload a patched copy of the file, you will find it below...


Please do take this seriousely, this is a critical issue. Spread the word to as many people as you possibly can that are using CPG-Nuke!

As always, thank you for your continued support of CPG-Nuke.

External Links

www.phpbb.com/p...p?t=240513

www.phpbb.com/p...p?t=240636

thx

ist ein phpbb bug

und nicht cpgnuke

aber wichtig patch einspielen