|
![]() |
|
Thread Tools | Search this Thread | Display Modes |
#1
|
|||
|
|||
![]()
It has come to my attention that Mosets Tree 2.1.5 and below contains a security vulnerability affecting the attachment and image upload feature that allows users to upload and execute arbitrary codes on your website. This affects all Mosets Tree 2.1.x installation that accepts front-end attachments or images submission.
This release addresses the security vulnerability and fixes all bugs that have been reported since 2.1.5's release. Changes:
All users that are running Mosets Tree 2.1 series are advised to upgrade to 2.1.6 immediately. Downloading the upgrade The upgrade is available at your account by logging in to http://www.mosets.com/login/ and clicking at Mosets Tree subscription number. Full install and upgrade instructions are also available there. Last edited by dknight; 09-16-2010 at 02:54 PM. |
#2
|
|||
|
|||
![]()
If you are still running Mosets Tree version 2.0.x, follow these instructions to patch this vulnerability.
FILE: /components/com_mtree/mtree.php Find these codes near line 3484: PHP Code:
PHP Code:
|
![]() |
Thread Tools | Search this Thread |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Mosets Tree 2.1.5 update available | dknight | Announcements | 0 | 07-01-2010 07:24 PM |
Mosets Tree 2.1.1 upgrade available | dknight | Announcements | 1 | 08-13-2009 07:58 PM |
Mosets Tree 2.0.4 upgrade available | dknight | Announcements | 0 | 11-21-2007 01:11 PM |
Mosets Tree 2.0 released | dknight | Announcements | 0 | 08-02-2007 05:32 PM |