[Phpwebsite-security] phpWebSite 1.6.0 compromised

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Good morning,

I am extremely distressed to announce that the version of phpwebsite 
1.6.0 that was downloadable from our site has been compromised. I 
received an email from Lapin Andrey who discovered some, as he put it, 
"evil code" in the Init.php file. He was correct.

This apparently happened during a server hack due to some old versions 
of PHP and doesn't appear to be the fault of phpWebSite itself. In any 
case, if you downloaded phpWebSite 1.6.0 from our web site PLEASE 
download a copy from Sourceforge instead.

http://sourceforge.net/project/showfiles.php?group_id=15539&package_id=136611&release_id=641777

It was uploaded prior to the hack.

I sincerely apologize to everyone who supports us and uses our software 
and to anyone affected by this code. I will give more details as I find 
them.

-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
Ext. 6493
http://ess.appstate.edu
http://phpwebsite.appstate.edu