Our site www.viart.com site is operated by latest Viart Shop 5 with default Clear design
Topic Information
ViArt Team (Guest)
ViArt Team (Guest)
Brief
We have fixed the 'user_select.php' and 'user_upload.php' scripts for release 3.5.
 
Description.
There was a critical bug with possibility to include remote files if PHP setting register_globals is On.
Only version 3.5 was vulnerable. All earlier versions including 3.4.7 are not impacted.
 
Solution.
We would recommend to download an updated version of the file from here: http://www.viart.com/downloads/user_select-3.5.zip
http://www.viart.com/downloads/user_upload-3.5.zip
 
Further, extract the above mentioned files into the root folder of your shop replacing an existing ones. Don't forget to make a backup copy of the current files in case something goes wrong.
Last modified: 3 Jul 2008 10:01 AM
 
Ned
Ned
Thanks Eugene but yet again the full download has not been changed. Its still dated 20th June after our last exchange on this subject when you also said "We have not still came to a consensus about updating full distribution after fix issue".
 
If this is a _critical_ bug why are you leaving new and upgrading users open to vunerability and why is it taking you so long to come to a concensus that existing users have suggested is extremely important?