Security risk in securityimages
| The webmaster of janwiersma.com sent me an email today |
at 6:12AM , his server was hacked because of a bug in
securityimages. This bug allows a remote atacker to
execute commands via remote forceful include and
execute function on your server
and affect ALL version of securityimages <= 3.0.5
Here are all files which put your server at risk:
Example of attack:
|In fact I forget to use that line in these files:|
defined(‘_VALID_MOS’) or die(‘Direct Access to this location is not allowed.’);
This avoid any requests to access directly this file.
– upgrade to 3.0.6 (download at #Joomla Forge or in my download sections) OR
Please also contact all Your friends which are using securityimages!
And for my other components?
Hashcash 1.2.X is also affected: http://secunia.com/product/11046/ and my patch is avalaible!
– upgrade to 1.2.2 (download at #Joomla Forge or in my download sections) OR
YOU ARE ALL URGE TO UPGRADE ASAP!