Security!!! Older releases of phpwcms <1.3 and Spaw
Posted: Sun 24. Feb 2008, 11:21
Just a warning again because I got a lot of emails related to this where older releases of phpwcms were hacked by using leaks in Spaw.
- Check that you have register_globals set off - check phpinfo() - link in admin section of phpwcms!!!
If register_globals is ON take the .htaccess file inside the attached zip archive and upload it to your web root.
If you still have an .htaccess file in use put in the following line:If this is not wroking contact your server admin and tell him to disable this for you by default.Code: Select all
php_flag register_globals Off
- Additional check if you have Spaw WYSIWYG editor in use - there was a very big security problem in phpwcms < 1.3.
Delete it if you can - placed in include/inc_ext/spaw* and use FCKeditor or use an updated release of Spaw or contact me for a fix.