Minor security hole discovered

News/blog categories » News archive » Minor securi…le discovered

A security hole has been found in ocPortal that allows the 'recommend site' module to be used to relay spam via the ocPortal website it is installed on.

We found this security hole as it was exploited on our own website and we were able to trace the problem. ocProducts is not the originator of the spam sent through our servers, but we apologise upfront for this problem.

To fix this problem:

choose an appropriate attached file for your PHP version
extract the included mail.php file
upload the file to the sources/ directory of your website

Attachment

» Download: 2.6.x.zip (4 Kb, 1197 downloads so far)

Attachment

» Download: 3.0.x.zip (4 Kb, 989 downloads so far)

A new patch release of ocPortal 3 will be released soon, but new users need not worry because we have re-released the latest version with this patch included.

ocPortal version 2.6.4 has been released (quick installer, manual installer), which has fixed this problem along with a number of other bugs that have been found since version 3 was released. This is the last release of the 2.6.x family and these versions are now officially at their end-of-life. Upgrading to version 3 is strongly recommended.

Trackbacks

There have been no trackbacks yet

» Trackback link

Comments

There have been no comments yet

Make comment

Your name:	Your name (join or login)
Subject:	Subject
Your message: ( posting rules ) [ View all emoticons ]	Your message To reply to an existing post use the reply/quote button under it. Type fresh posts here when not replying to any existing post. Make your post civil and relevant.

Type in the text from the graphic or audio version.