Security Exploit Discovered

In the past 48 hours we have learned of 2 separate security exploits in the latest version of Pligg. We have patched one of the issues and the second problem has been fixed in several different ways. This is a warning post to all Pligg users that they will need to keep an eye on the Forum and Blog over the next 1-2 days until we post a proper security fix release. We will provide a new release that will have a patch for these security holes along with many bugfixes and a few new features since the last release from several months ago.

6 thoughts on “Security Exploit Discovered

  1. Thanks for this update. Please let us know when the new version is out. I’ve subscribed to this comment thread to get updates.

  2. My site was compromised this morning, how do we fix these holes? Otherwise I have to take this site down.

  3. You may want to disable registration by removing the register.php file. You could also try using the ReCaptcha captcha module, we haven’t heard whether or not the one auto-submission hack has found a way around that. A solution will be posted soon.

  4. What happened to me last night was far more serious. The exploit allowed the hacker to install their own php files into the root directory. Since there has been no disclosure from pligg as to what exploits they know about or what they can do, this may very well be a new one.

Comments are closed.