Dear customers,
We have detected a few Vulnerabilities in the script and strongly recommend applying the patch below.
If you see the code below already in place it means that we added the code for you using your ftp logins.
To fix the vulnerability you should add the code that is highlighted in bold green.
(!) Before you change the files, back up the files to be modified.
/libs/upload/upload.php
Code:Only registered members can view the code.
/files/.htaccess
Code:Only registered members can view the code.
/tmp/upload/.htaccess
Updated: the file must contain only the code
Code:Only registered members can view the code.
/.htaccess
Code:Only registered members can view the code.
/libs/system.lib.php
The other minor vulnerabilities, which will not affect stability and security of your site, will be posted later in this thread.Code:Only registered members can view the code.
Possible SQL Injection and FIX for it
rlAccount.class.php
rlListings.class.php
rlCategories.class.php
rlSearch.class.php
rlPlan.class.php
Subscribe to this thread and keep up with the latest updates.