ALERT - Security hole in Zenphoto 1.4.1.4 November 09, 2011

Categories:

We urge anyone to upgrade to Zenphoto 1.4.1.5 if still on 1.4.1.4 or older. The ajax file manager included in earlier versions had a security hole. This is 3rd party tool by phpletter.com we use for non gallery file management as a plugin for our text editor TinyMCE and standalone on the admin backend upload tab.

This security hole had been reported (ticket #2005) and fixed in 1.4.1.5. But since the last days several security sites flooded the web and twitter with notes about that we sadly learnt that someone apparently has been exploiting it hacking some sites now (we don't know what exactly this hack does):

So if you encounter the symtoms described in these forum topics please upgrade immediatly following our upgrade instructions and also check your custom themes or plugins if you use such.

For questions and comments please use the forum or discuss on the social networks.

RSS feeds!

All news (incl. all below except forum)
All general news (except themes, showcase, screenshots)
New releases and announcements
User guide
Extensions
Screenshots and screencasts
Themes
Showcase
Forum

Social networks

Join the Google Group!

zenphoto-announce
Release announcements and security alerts only (no support)
Subscribe right here:

Email:

Website powered by Zenphoto
Forum powered by Vanilla

Categories

Need project help?

Like using Zenphoto? Donate!

ALERT - Security hole in Zenphoto 1.4.1.4 November 09, 2011

RSS feeds!

Social networks

Join the Google Group!

Information

Legal stuff