Hey all,
Thanks to InterNot we've been able to identify and fix a file inclusion exploit in vBDonate v1.2.2.
You can either re-download v1.2.2 and re-upload the vbdonate.php file directly within the upload folder, or you can apply a manual file edit.
For the manual file edit, open up vbdonate.php within your forum directory and find:
Add below:
Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
Thanks to InterNot we've been able to identify and fix a file inclusion exploit in vBDonate v1.2.2.
You can either re-download v1.2.2 and re-upload the vbdonate.php file directly within the upload folder, or you can apply a manual file edit.
For the manual file edit, open up vbdonate.php within your forum directory and find:
PHP:
if (!empty($_POST['do']))
{
$action = $_POST['do'];
} elseif(!empty($_GET['do'])) {
$action = $_GET['do'];
} else {
$action = 'content';
}
Add below:
PHP:
// Strip non-valid characters
$action = preg_replace('/[^\w-]/i', '', $action);
Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.