Security Hotfix: vBDonate v1.2.2

Thread starter Fillip H.
Start date Sep 2, 2012

Fillip H.

Staff member

Owner

Developer

Customer

Sep 2, 2012

Hey all,

Thanks to InterNot we've been able to identify and fix a file inclusion exploit in vBDonate v1.2.2.

You can either re-download v1.2.2 and re-upload the vbdonate.php file directly within the upload folder, or you can apply a manual file edit.

For the manual file edit, open up vbdonate.php within your forum directory and find:

PHP:

if (!empty($_POST['do']))
{
	$action = $_POST['do'];
} elseif(!empty($_GET['do'])) {
	$action = $_GET['do'];
} else {
	$action = 'content';
}

Add below:

PHP:

// Strip non-valid characters
$action = preg_replace('/[^\w-]/i', '', $action);

Sorry for the inconvenience, and thank you for your continued support

Discuss this news here.

You must log in or register to reply here.

Similar threads

Add-on DragonByte Security 4.7.0 [XenForo]

Replies: 0

Views: 159

Apr 4, 2024

DragonByte Technologies

Add-on DragonByte Security 4.6.8 [XenForo]

Replies: 0

Views: 818

Jan 9, 2024

DragonByte Technologies

Add-on DragonByte Security 4.6.7 [XenForo]

Replies: 0

Views: 2K

Jul 26, 2023

DragonByte Technologies

Add-on DragonByte Security 4.6.6 [XenForo]

Replies: 0

Views: 1K

Jul 13, 2023

DragonByte Technologies

Add-on DragonByte Security 4.6.5 [XenForo]

Replies: 0

Views: 3K

Feb 1, 2023

DragonByte Technologies

Facebook X (Twitter) Reddit Pinterest Tumblr WhatsApp Email Link

We value your privacy

We use essential cookies to make this site work, and optional cookies to enhance your experience.

See further information and configure your preferences

Accept all cookies Reject optional cookies
Essential cookies

These cookies are required to enable core functionality such as security, network management, and accessibility. You may not reject these.

Optional cookies

We deliver enhanced functionality for your browsing experience by setting these cookies. If you reject them, enhanced functionality will be unavailable.

Third-party cookies

Cookies set by third parties may be required to power functionality in conjunction with various service providers for security, analytics, performance or advertising purposes.

Detailed cookie usage

Privacy policy

Back

Top

Security Hotfix: vBDonate v1.2.2

Fillip H.

Similar threads

We value your privacy