vBa CMPS Security Flaw Discovered

[Brian]

Earlier today we were informed of a security flaw in all versions of vBadvanced CMPS which could potentially allow a hacker to run a remote file on a server with vBa CMPS. Fortunately this exploit requires that PHP on your server to have been configured with "register_globals" enabled, and most hosting companies will not enable this since it is widely known to cause security issues. Regardless, we highly recommend that all customers upgrade to the versions of vBa CMPS that have just been released in the Members' Area here (v3.2.3 for vB3, or v4.1.3 for vB4) as soon as possible to prevent any potential damage resulting from the flaw being exploited.

[attroll]

I have installed this and when I go to run the update it tell me
"You are already running the current version of vBadvanced CMPS!"

[slipkot]

Same problem with attroll...

[Brian]

Sorry about that. I was in such a hurry to get the new versions out that I completely forgot to update the version number in the install file. There were no changes to the database so it's not actually necessary to run the upgrade option from the vbacmps_install.php file since all it would really do is update your version number. As long as you uploaded the new files then you're patched.
The install files in the download packages have been corrected now though.

[thecore762]

Brian, after uploading the files the front page doesn't work.
See www.47r-squad.com

Nothing appears, not sure whats going on.

I had to revert the files back to 4.1.2 since 4.1.3 was not displaying the front page.

[Deimos]

Same problem here, a blank white page when the new files are uploaded and upgrade run

[thecore762]

Quote:

Originally Posted by Deimos

Same problem here, a blank white page when the new files are uploaded and upgrade run

At least we know it's just not just me.

[Grae]

Quote:

Originally Posted by Deimos

Same problem here, a blank white page when the new files are uploaded and upgrade run

I'm having the same problem.
3.2.3

[whitey10tc]

Yup same issue, blank white page after upgrade. Guess it's better than having a security issue.

[attroll]

I had the blank front page at first too. I re-uploaded the files a couple of times and refreshed the screen and then it started working. Don't know why but it did.

[thecore762]

Quote:

Originally Posted by attroll

I had the blank front page at first too. I re-uploaded the files a couple of times and refreshed the screen and then it started working. Don't know why but it did.

I tried few times but 0 success.

[attroll]

You may want to check your cmps_index.php file. Did you overwrite it with the new one and forget to make the proper changes.

[thecore762]

I overwrited and made sure it was.

[Mikea113n]

This is a known issue that code cause. new one has been released for the fix. re download and reinstall. It will fix it. I was freaking out as well.

[Black Tiger]

The new 3.2.3 release is missing the ecdownloads and/or downloads2 modules.

[CareyCrew]

Quote:

Originally Posted by Black Tiger

The new 3.2.3 release is missing the ecdownloads and/or downloads2 modules.

No such module was ever produced by Brian, those are 3rd party additions.

[Artes_Marciales]

I uploaded all the files but...
Powered by vBadvanced CMPS v3.2.2

Is this normal?

[A.Chakery]

Quote:

Originally Posted by Artes_Marciales

I uploaded all the files but...
Powered by vBadvanced CMPS v3.2.2

Is this normal?

yes it is.

You should run the upgrade process if you wanna have the new version in your products system.

[A.Chakery]

Brian is it ok to use the old news.php ? cause I did so much customizations to it and at the moment I have not enough time to do the custom codding again.

thanks

[Artes_Marciales]

Quote:

Originally Posted by A.Chakery

yes it is.

You should run the upgrade process if you wanna have the new version in your products system.

OK, thanks.
I understand that it is not necessary to run the installer right?