All times are UTC + 1 hour




Post new topic Reply to topic  [ 1 post ] 
 

Bugtraq report for Achievo 1.1
Author Message
PostPosted: Wed May 16, 2007 10:33 pm 
Site Admin
User avatar
Offline

Joined: Sun May 22, 2005 1:28 pm
Posts: 4214
Location: Utrecht, The Netherlands
Yesterday someone reported a security issue in bugtraq:

http://www.securityfocus.com/bid/23992/info

Although the issue was reported directly to SecurityFocus and not to us, I want to stress that this is a bug in an old version of Achievo. Version 1.2 that was released over a year ago already had a fix for this issue. (The report originally didn't mention this but I had them include the info on 1.2 when I discovered the report.)

Those of you still running Achievo 1.1 are advised to upgrade to the latest stable version of Achievo, 1.2.1.

If that is not an option, the issue can be fixed in two ways:

* Make sure that register_globals is turned off in php.ini. The problem is not present when this setting is turned off.
* Edit index.php, and add the line $config_atkroot = "./"; right in front of the include of atk.inc


When in doubt, or if you have questions according to this issue, please consult the Achievo forum or contact me directly.


Top
 Profile  
 

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group