Page 1 of 2 12 LastLast
Results 1 to 20 of 31

Thread: vBa CMPS Security Flaw Discovered

  1. #1
    Join Date
    Jan 2004
    Location
    Georgia, USA
    Posts
    34,466

    Default vBa CMPS Security Flaw Discovered

    Earlier today we were informed of a security flaw in all versions of vBadvanced CMPS which could potentially allow a hacker to run a remote file on a server with vBa CMPS. Fortunately this exploit requires that PHP on your server to have been configured with "register_globals" enabled, and most hosting companies will not enable this since it is widely known to cause security issues. Regardless, we highly recommend that all customers upgrade to the versions of vBa CMPS that have just been released in the Members' Area here (v3.2.3 for vB3, or v4.1.3 for vB4) as soon as possible to prevent any potential damage resulting from the flaw being exploited.
    Last edited by Brian; 01-28-2012 at 11:56 AM.
    Frequently Asked Questions
    CMPS Users Manual

    For vBadvanced software assistance, please use the support forums.
    Unsolicted PMs, IMs, and email will not be responded to.
    If you have a non-software related question or problem with your account, please submit a support ticket.

  2. #2
    Join Date
    Jan 2004
    Posts
    820

    Default

    I have installed this and when I go to run the update it tell me
    "You are already running the current version of vBadvanced CMPS!"

  3. #3
    Join Date
    Mar 2008
    Posts
    3

    Default

    Same problem with attroll...

  4. #4
    Join Date
    Jan 2004
    Location
    Georgia, USA
    Posts
    34,466

    Default

    Sorry about that. I was in such a hurry to get the new versions out that I completely forgot to update the version number in the install file. There were no changes to the database so it's not actually necessary to run the upgrade option from the vbacmps_install.php file since all it would really do is update your version number. As long as you uploaded the new files then you're patched.
    The install files in the download packages have been corrected now though.
    Frequently Asked Questions
    CMPS Users Manual

    For vBadvanced software assistance, please use the support forums.
    Unsolicted PMs, IMs, and email will not be responded to.
    If you have a non-software related question or problem with your account, please submit a support ticket.

  5. #5

    Default

    Brian, after uploading the files the front page doesn't work.
    See www.47r-squad.com

    Nothing appears, not sure whats going on.

    I had to revert the files back to 4.1.2 since 4.1.3 was not displaying the front page.
    Last edited by thecore762; 01-26-2012 at 10:58 PM.

  6. #6
    Join Date
    Mar 2004
    Posts
    13

    Default

    Same problem here, a blank white page when the new files are uploaded and upgrade run

  7. #7

    Default

    Quote Originally Posted by Deimos View Post
    Same problem here, a blank white page when the new files are uploaded and upgrade run
    At least we know it's just not just me.

  8. #8
    Join Date
    Mar 2005
    Posts
    28

    Default

    Quote Originally Posted by Deimos View Post
    Same problem here, a blank white page when the new files are uploaded and upgrade run
    I'm having the same problem.
    3.2.3

  9. #9
    Join Date
    May 2011
    Posts
    1

    Default

    Yup same issue, blank white page after upgrade. Guess it's better than having a security issue.

  10. #10
    Join Date
    Jan 2004
    Posts
    820

    Default

    I had the blank front page at first too. I re-uploaded the files a couple of times and refreshed the screen and then it started working. Don't know why but it did.

  11. #11

    Default

    Quote Originally Posted by attroll View Post
    I had the blank front page at first too. I re-uploaded the files a couple of times and refreshed the screen and then it started working. Don't know why but it did.
    I tried few times but 0 success.

  12. #12
    Join Date
    Jan 2004
    Posts
    820

    Default

    You may want to check your cmps_index.php file. Did you overwrite it with the new one and forget to make the proper changes.

  13. #13

    Default

    I overwrited and made sure it was.

  14. #14
    Join Date
    Feb 2011
    Posts
    14

    Default

    This is a known issue that code cause. new one has been released for the fix. re download and reinstall. It will fix it. I was freaking out as well.

  15. #15
    Join Date
    Sep 2006
    Posts
    118

    Default

    The new 3.2.3 release is missing the ecdownloads and/or downloads2 modules.

  16. #16
    Join Date
    Sep 2007
    Posts
    1,694

    Default

    Quote Originally Posted by Black Tiger View Post
    The new 3.2.3 release is missing the ecdownloads and/or downloads2 modules.
    No such module was ever produced by Brian, those are 3rd party additions.

  17. #17

    Default

    I uploaded all the files but...
    Powered by vBadvanced CMPS v3.2.2

    Is this normal?

  18. #18
    Join Date
    Nov 2010
    Posts
    25

    Default

    Quote Originally Posted by Artes_Marciales View Post
    I uploaded all the files but...
    Powered by vBadvanced CMPS v3.2.2

    Is this normal?
    yes it is.

    You should run the upgrade process if you wanna have the new version in your products system.

  19. #19
    Join Date
    Nov 2010
    Posts
    25

    Default

    Brian is it ok to use the old news.php ? cause I did so much customizations to it and at the moment I have not enough time to do the custom codding again.

    thanks

  20. #20

    Default

    Quote Originally Posted by A.Chakery View Post
    yes it is.

    You should run the upgrade process if you wanna have the new version in your products system.
    OK, thanks.
    I understand that it is not necessary to run the installer right?

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Security Flaw - can it be fixed without a full upgrade?
    By PhilMcKrackon in forum "How Do I..." Questions
    Replies: 2
    Last Post: 11-05-2012, 06:35 AM
  2. Security Flaw - How to fix without upgrading?
    By BirdOPrey5 in forum "How Do I..." Questions
    Replies: 3
    Last Post: 11-02-2011, 11:00 AM
  3. vBa Links Security Flaw & New Releases
    By Brian in forum Announcements
    Replies: 2
    Last Post: 11-01-2011, 07:45 AM
  4. Various Bugs Discovered
    By John in forum Bugs & Issues From v2.0.0
    Replies: 2
    Last Post: 07-26-2010, 04:12 PM
  5. vBa CMPS Security Alert! 3.2.2 & 4.0 RC1 Released
    By Brian in forum Announcements
    Replies: 22
    Last Post: 03-15-2010, 04:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •