Jump to content

mattyastic

Members
  • Posts

    6
  • Joined

  • Last visited

mattyastic's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. At the moment there is a very serious security issue. It has been fixed in github... but no new release. No idea why. I would suggest people don't use it until it is patched or they patch it manually.
  2. I didn't mean to sound so harsh btw, sorry about that. The sad thing is, phpVMS needs re-writing from the ground up.
  3. Pretty appalling that a new release hasn't been made.
  4. Let's get one with right phpVMS was not at all made for PHP4. It is fully object orientated which was not supported in php4. It was made for 5.2 (released in 2006). However the rest of your post is correct, there is numerous bugs that are there, that really need to be fixed. I appreciate Nabeel is busy in real life, but there is plenty of people around who could help, I have just recently fixed a big security hole in Github. The first priority is to issue a new release, fixing this bug. I don't think they realise how big it is, I could hack any phpVMS installation right now. So can any one else that views the issue on github and knows how to exploit it. The second priority is fixing the bugs you listed above.
  5. Is there going to be a patch for this hole released?
  6. There is a security hole affecting ALL versions of phpVMS. The security whole affects Auth.class.php and can be exploited via the login form. I have submitted a pull request on github, and i suggest a patch is released ASAP.
×
×
  • Create New...