• Welcome to Simple Machines Community Forum. Please login or sign up.

Possible *major* SMF exploit in the wild, going back years!

Started by be_cool, September 29, 2007, 10:17:19 AM

Previous topic - Next topic

fotisevangelou

Having been mentioned in be_cool's list - http://forum.joomlaworks.gr -  I can confirm we were "victims" of such code injections as well, despite being on the latest 1.1.4 release.

We've applied some restrictions (like the ones mentioned here), but I know already that many SMF forums suffered from the same issue.

青山 素子

If you know this occurred while you were at 1.1.4, please file a security report.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.



rthrash

Quote from: Motoko-chan on October 16, 2007, 08:43:20 PM
If you know this occurred while you were at 1.1.4, please file a security report.
Where do we file security reports? We were victims of this on a very busy forum ... likely starting yesterday. Upgraded shortly after it came out.



Advertisement: