Hey all,
Thanks to InterNot we've been able to identify and fix a potential XSS exploit in vBAnalytics v1.1.4.
You can either re-download v1.1.4 and re-upload the vbanalytics.php file directly within the upload folder, or you can apply a manual file edit.
For the manual file edit, open up vbanalytics.php within your forum directory and find:
Replace with:
Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
Thanks to InterNot we've been able to identify and fix a potential XSS exploit in vBAnalytics v1.1.4.
You can either re-download v1.1.4 and re-upload the vbanalytics.php file directly within the upload folder, or you can apply a manual file edit.
For the manual file edit, open up vbanalytics.php within your forum directory and find:
PHP:
$options = array('action' => $_GET['action']);Replace with:
PHP:
$options = array('action' => preg_replace('/[^\w-]/i', '', $_GET['action']));Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
