
Security risk in securityimages

![]() | The webmaster of janwiersma.com sent me an email today at 6:12AM , his server was hacked because of a bug in securityimages. This bug allows a remote atacker to execute commands via remote forceful include and execute function on your server and affect ALL version of securityimages <= 3.0.5 Here are all files which put your server at risk: Example of attack: |
In fact I forget to use that line in these files: defined(‘_VALID_MOS’) or die(‘Direct Access to this location is not allowed.’); This avoid any requests to access directly this file. – upgrade to 3.0.6 (download at #Joomla Forge or in my download sections) OR Please also contact all Your friends which are using securityimages! And for my other components? Hashcash 1.2.X is also affected: http://secunia.com/product/11046/ and my patch is avalaible! – upgrade to 1.2.2 (download at #Joomla Forge or in my download sections) OR |
YOU ARE ALL URGE TO UPGRADE ASAP!