Jump to content

Photo
- - - - -

[Social Engine] SocialEngine PHP 4.10.3p5 Security Release


  • Please log in to reply
No replies to this topic

#1 Newsbot

Newsbot

    Automated News Grabber

  • Members
  • Level
  • 180 points
  • 692 posts
    • Gender:Not Telling


Users Awards

Posted 03 January 2019 - 06:58 PM

SocialEngine Release

We are releasing a security patch. This patch addresses a CSRF vulnerability reported to us which allows someone with advanced knowledge the ability to take over an account by changing the email if the website allows HTML and if advanced code were injected to the website due to allowing HTML or iframes. We recommend that all SocialEngine PHP websites apply the patch as a precaution.

You don’t need to do a full upgrade. Follow these steps to just apply the patched file.

  • Download the current files from your account at socialengine.com/login .
  • Untar (similar to unzipping) the upgrade files or unzip the SocialEngine zip file. Either will work as they both have this fix.
  • Open the application/modules/User/Form/Settings/ folder.
  • Find the file “General.php” and using an FTP program or cpanel, upload that file to the same folder on your server, application/modules/User/Form/Settings . You may want to backup the current file on your server first, in case you need to revert it.
  • Clear your website cache.

Changelog:

  • application/modules/User/Form/Settings/General.php

We recommend not allowing members to add iframes and only allowing HTML to be used by trusted members.

Should you decide to perform an upgrade we highly encourage all clients to do a complete backup of both files and database before performing upgrades. Please have the backup performed by your host or a developer if you’re not comfortable with performing it yourself. Always check with third party experts for compatibility with any products you use before upgrading.

Important: If you decide to do a full upgrade and are on version 4.9.4p1 or below, you will need to follow the special steps in the upgrading documents before upgrading and apply the patch mentioned there.

If you find any issues, please let us know by filing a bug report in our Bug Tracker. We’d like to encourage you to stay connected with the community. Security issues should be reported to our support desk by emailing us at support@socialengine.com.

We would like to extend our greatest appreciation to Sanjay Lendhar who brought this vulnerability to our attention via our support channel. It is with the help of our clients that we continue to improve.

With Great Appreciation,

The SocialEngine Team

The post SocialEngine PHP 4.10.3p5 Security Release appeared first on SocialEngine.



View the full article...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


All the resources listed here are just for testing purpose and they shouldn't be used at any commercial environment without a valid license.
Those are for users who wants to try them before buy. Help the developer to build it better by purchasing them from original authors.