[Phpwebsite-security] phpWebSite Security Patch

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Last night, a security issue was posted to Bugtraq concerning phpWebSite.
You need to take immediate steps to secure your system.

Download the security patch at
http://phpwebsite.appstate.edu/downloads/security/phpws_image_secure_patch.tgz

Untar the file in your phpwebsite installation directory. It will replace:
mod/calendar/class/Event.php
mod/calendar/class/Form.php
mod/announce/class/Announcement.php
mod/search/class/Search.php

This patch will prohibit normal users from uploading images.

I will also note that this issue was not sent to us before posted to
Bugtraq so we were forced to investigate after being alerted. Sorry for
the short notice.

-- 
Brian W. Brown
Director, Electronic Student Services
Room 269, John Thomas Hall
Appalachian State University
Boone, NC 28608

vox: 828-262-7124

http://ess.appstate.edu/
http://phpwebsite.appstate.edu/