phpwebsite-developers

[Phpwebsite-developers] Security Patch

[Matthew M. <ma...@tu...>]

Greetings,

Some possible cross site scripting and SQL insertion issues were brought
to our attention by James Bercegay of the GulfTech Security Research
Team.

Please take a moment to read the information from this page, download
and apply the patch.

http://phpwebsite.appstate.edu/downloads/security/

Thanks to James Bercegay of the GulfTech Security Research Team for
working with us on this.

We will explain the hack after people have had a chance to patch. We
will also discuss measures we have taken for future versions to prevent
such hacks.

Thanks,
phpWebSite Development Team

-- 
Matthew McNaney
Internet Systems Architect
Electronic Student Services
Appalachian State University
Phone: 828-262-6493
http://phpwebsite.appstate.edu
http://ess.appstate.edu

[Phpwebsite-developers] Security Patch

[Matthew M. <ma...@tu...>]

Diabolic Crab, an independent security researcher at Hackers Center has
revealed some security weaknesses in phpWebSite. Mr. Crab was kind
enough to contact us before these holes become public knowledge.

Please download the security patch and untar it in your phpWebSite
version 0.10.1 installation directory.

http://phpwebsite.appstate.edu/downloads/security/phpwebsite_security_patch_20050705.2.tgz


-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu