This is a quick bugfix release to fix the following holes found by the security community -

Two of the three only took effect if you had PHP register_globals turned on which is against the PHP defaults nowdays and unlikely to be needed by anything. The third was an SQL injection vulnerability which had very limited scope to do anything malicious as the results are not echoed anywhere on the screen. It was limited to selecting data and not inserting or adding anything. It is our belief that all three exploits are fairly low risk, however you should upgrade to 1.2.0a to remove the chances of anything happening. We have also patched a number of similar routes that could be used to exploit the same behaviour.

 

If anyone finds any new problems, fell free to let us know. I can be contacted at This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

The new downloads are -

Just upload over the top of 1.2.0, no upgrade needed. If you have a previous version of Moa just upload and follow the update link. No new features are added from the default 1.2.0 install, this is purely a security release.
Comments
Add New Search
+/-
Write comment
Name:
Email:
 
Website:
Title:
UBBCode:
[b] [i] [u] [url] [quote] [code] [img] 
 
 
:angry::0:confused::cheer:B):evil::silly::dry::lol::kiss::D:pinch:
:(:shock::X:side::):P:unsure::woohoo::huh::whistle:;):s
:!::?::idea::arrow:
 
Please input the anti-spam code that you can read in the image.

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."