Community Builder for Joomla Vunerability
We have just received notification as follows:
The CB Core team over at joomlapolis.com has been working hard during the past 48 hours on a security release 1.0.1 of the CB suite following the discovery of a vulnerability present in 1.0 RC2 and 1.0 stable on weakly configured web-servers.
We have decided to release it as a highly-recommended critical security and stability update, as we had one report this morning and another one this afternoon for 2 sites where it got exploited to change files.
Your site needs urgent update to CB 1.0.1 if ALL of these PHP settings are met:
- php register_globals set to ON
- allow_url_fopen is ON
- no open base directory limitations set
- php code directories have write permissions from web-server process
CB 1.0.1 will be released in the next hours and will be available on http://www.joomlapolis.com and on the Community Builder project area on forge.joomla.org.
Everyone is urged to upgrade asap, a REAME file is included in the release as usual.
Sites with the settings above are in danger.
If you want to stop receiving future messages of this type just visit your contact info tab on your joomlapolis profile and click on the “Don’t email me critical vulnerability fixes” checkbox.
Thank you,
The CB Team on Joomlapolis.com
It is important to note that CB is not one of our products 
Tags: Bug Fixes, Joomla Components, Security | August 11th, 2006 |