Important Security Update for Wurlie - Pre v3.3

adam

Administrator
Staff member
Dec 5, 2009
2,043
108
63
Hi,

An issue with a third party library within the script has recently been found and needs fixing as matter of priority. The issue is with the 'uploadify' plugin within the admin area of the script. It's bundled with 2 test php scripts which may enable an unauthorised user to gain limited access to your website files.

Which versions of Wurlie are effected?

All versions up to v3.2 inclusive. If you've recently downloaded the v3.2 release code you wont be effected as the files have been removed, although please double check.

How can you fix it?

By simply removing the 2 php files below, they are not needed by our script.

Code:
/admin/assets/scripts/uploadify/uploadify.php
/admin/assets/scripts/uploadify/check.php
If you don't have the above files then you aren't at risk. Delete them if you find them ensuring you also delete them in any development environments you may have.

Regards,
Adam.