Important Security Update for Font Script - Pre v2.02

adam

Administrator
Staff member
Dec 5, 2009
2,043
108
63
Hi,

An issue with a third party library within the script has recently been found and needs fixing as matter of priority. The issue is with the 'uploadify' plugin within the admin area of the script. It's bundled with 2 test php scripts which may enable an unauthorised user to gain limited access to your website files.

Which versions of the script are effected?

All versions up to v2.01 inclusive. If you've recently downloaded the previous release code you wont be effected as the files have been removed, although please double check.

How can you fix it?

By simply removing the 2 php files below, they are not needed by our script.

Code:
/admin/assets/scripts/uploadify/uploadify.php
/admin/assets/scripts/uploadify/check.php
If you don't have the above files then you aren't at risk. Delete them if you find them ensuring you also delete them in any development environments you may have.

Regards,
Adam.