The Joomla! Forum ™

Download

Demo


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues



Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 
  Print view Previous topic | Next topic 
Author Message
PhilTaylor-Prazgod
PostPosted: Mon Dec 24, 2007 9:01 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Sat Aug 20, 2005 12:32 pm
Posts: 1109
Location: Weymouth, UK
There are reports circulating this Christmas Eve that the modules provided by mosDirectory v2.3.2 are vulnerable to a remote file inclusion.

Having reviewed the code I can confirm that, under the right circumstances, this can happen with all versions up until mosDirectory v2.3.7.

The modules provided by mosDirectory are all community/customer developed and submitted and added into mosDirectory by request.  It appears that our quality control missed this single line of code - and for this we are very sorry - the code in this file has not changed for almost two years and has never been flagged as an issue before, we now have automated nightly builds that check for this kind of security issue.

There are no reported cases of a Joomla site being hacked through mosDirectory
There are no reported cases of a Joomla site being hacked through this vulnerability in the module.
The vulnerability in a module - not in the main mosDirectory component

If you are using the htaccess file provided by Joomla then you are not vulnerable - however all customers should upgrade to the latest mosDirectory v2.4.0 as soon as possible to ensure that you are full protected.

The latest version of mosDirectory v2.4.0 can be downloaded by logging into your account at http://secure.myjoomla.com/

Full details of patching your site have been emailed to every customer. If you missed this email then please contact us at phil@phil-taylor.com ASAP

_________________
Phil Taylor - Full Time Joomla/PHP Expert
Blue Flame IT Ltd.
-- http://myjoomla.com/ Joomla Security/Hack fix Auditing Service
-- http://www.phil-taylor.com/
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group