Important: apply a security patch if under r1720 and you can’t update your version

As noted by the document published by Synacktiv regarding an improper authorization check, versions prior to r1720 should update or, if it’s not possible to do that, apply a patch as described in the document:

Modify the file uploads/files/.htaccess and add the following line to it:

php_flag engine off

Thank you to the team at Synacktiv for the responsible disclosure. And sorry to everyone affected by this issue.

Top