Jump to content

Photo
* * * * * 1 votes

[SE4] SocialEngine 4.10.3p5 - Retail (untouched)


  • Please log in to reply
4 replies to this topic

#1 Les

Les

    Blue Team Lima 1

  • Moderators
  • Level
  • 5,015 points
  • 3,316 posts
    • Gender:Male
    • Location:Westland, Michigan U.S.A.
    • Software:SE 4.8.x


Users Awards

Posted 09 January 2019 - 02:48 AM

[SE4] SocialEngine PHP - 4.10.3p5 - Security Release

By Donna | posted in Release Notes | on January 3, 2019

securityrelease.png

 

We are releasing a security patch. This patch addresses a CSRF vulnerability reported to us which allows someone with advanced knowledge the ability to take over an account by changing the email if the website allows HTML and if advanced code were injected to the website due to allowing HTML or iframes. We recommend that all SocialEngine PHP websites apply the patch as a precaution.

 

You don’t need to do a full upgrade. Follow these steps to just apply the patched file.

  • Download the current files from your account at socialengine.com/login .
  • Untar (similar to unzipping) the upgrade files or unzip the SocialEngine zip file. Either will work as they both have this fix.
  • Open the application/modules/User/Form/Settings/ folder.
  • Find the file “General.php” and using an FTP program or cpanel, upload that file to the same folder on your server, application/modules/User/Form/Settings . You may want to backup the current file on your server first, in case you need to revert it.
  • Clear your website cache.

Changelog:

  • application/modules/User/Form/Settings/General.php

We recommend not allowing members to add iframes and only allowing HTML to be used by trusted members.

Should you decide to perform an upgrade we highly encourage all clients to do a complete backup of both files and database before performing upgrades. Please have the backup performed by your host or a developer if you’re not comfortable with performing it yourself. Always check with third party experts for compatibility with any products you use before upgrading.

 

Important: If you decide to do a full upgrade and are on version 4.9.4p1 or below, you will need to follow the special steps in the upgrading documents before upgrading and apply the patch mentioned there.

If you find any issues, please let us know by filing a bug report in our Bug Tracker. We’d like to encourage you to stay connected with the community. Security issues should be reported to our support desk by emailing us at support@Socialengine.com.

 

We would like to extend our greatest appreciation to Sanjay Lendhar who brought this vulnerability to our attention via our support channel. It is with the help of our clients that we continue to improve.

 

Attached File  social-engine-4.10.3p5.zip   18.44MB   25 downloads

 

Attached File  socialengine-php-upgrade-4-x-4-10-3p5-4.10.3p5.tar   13.86MB   10 downloads

 

 

P.SThese modules are retail and requiring no nulling and are provided by MisterWizard. You do not have to join a "Fan Club" to get most modules provided by MisterWizard! MisterWizard is: You, I, Anyone, Everyone! Because: We are Legend... We are many... We are outside the realm of possibility!

 

11133.jpg?1420219019


Edited by Les, 09 January 2019 - 02:59 AM.

:emo: Please don't forget to  27-AwardsImgIcon.png "LIKE" if you like this post or if it is helpful to you. This is a way to show gratitude for the help that you received. After all, the "LIKE" costs you nothing. Don't you agree? Also, any and all modules, plug-ins, themes, widgets, or DB entries that are shared or posted by me are for educational purposes. Please visit the developers websites and purchase legitimately, if you like them. Thanks, Les

socialengine-experts.png

 

 


#2 Kronos

Kronos

    Level 3

  • Members
  • Level
  • 13 points
  • 69 posts
    • Gender:Not Telling
    • Software:SE 4.8.x

Posted 09 January 2019 - 07:18 AM

this is not nulled? or nulling is not needed?

just change general.php in:

application/modules/User/Form/Settings/General.php  ?



#3 Les

Les

    Blue Team Lima 1

  • Moderators
  • Level
  • 5,015 points
  • 3,316 posts
    • Gender:Male
    • Location:Westland, Michigan U.S.A.
    • Software:SE 4.8.x


Users Awards

Posted 09 January 2019 - 12:53 PM

this is not nulled? or nulling is not needed?

just change general.php in:

application/modules/User/Form/Settings/General.php  ?

Nulling is needed on whole version or no nulling for just genral.php ftp update.


Edited by Les, 09 January 2019 - 12:54 PM.

:emo: Please don't forget to  27-AwardsImgIcon.png "LIKE" if you like this post or if it is helpful to you. This is a way to show gratitude for the help that you received. After all, the "LIKE" costs you nothing. Don't you agree? Also, any and all modules, plug-ins, themes, widgets, or DB entries that are shared or posted by me are for educational purposes. Please visit the developers websites and purchase legitimately, if you like them. Thanks, Les

socialengine-experts.png

 

 


#4 Kronos

Kronos

    Level 3

  • Members
  • Level
  • 13 points
  • 69 posts
    • Gender:Not Telling
    • Software:SE 4.8.x

Posted 09 January 2019 - 12:58 PM

awesome, thanks for your hard work. Just updated general.php



#5 qqqq1111

qqqq1111

    Level 1

  • Members
  • Level
  • 0 points
  • 1 posts

Posted 14 April 2019 - 09:07 AM

please,  full nulled version






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


All the resources listed here are just for testing purpose and they shouldn't be used at any commercial environment without a valid license.
Those are for users who wants to try them before buy. Help the developer to build it better by purchasing them from original authors.