Security issue

Security alert
due checking trough Google with keyword “OtomiGen.X 2.2 (lang) Local File Inclusion Vulnerabilities”, it’s important to change the script at rss.php on line 49
session_start();
include $cCfg->setLanguage($_SESSION['userID'], $_SESSION['userType'], $_GET[lang]);

you can delete this two lines or comment it
#session_start();
#include $cCfg->setLanguage($_SESSION['userID'], $_SESSION['userType'], $_GET[lang]);

Posted by Anduz 2008-06-11