[Already Fixed] mosDirectory 2.3.2 Module Issue

There are reports circulating this Christmas Eve that the modules provided by mosDirectory v2.3.2 are vulnerable to a remote file inclusion.

Having reviewed the code I can confirm that, under the right circumstances, this can happen with all versions up until mosDirectory v2.3.7.

The modules provided by mosDirectory are all community/customer developed and submitted and added into mosDirectory by request.  It appears that our quality control missed this single line of code - and for this we are very sorry - the code in this file has not changed for almost two years and has never been flagged as an issue before, we now have automated nightly builds that check for this kind of security issue.

There are no reported cases of a Joomla site being hacked through mosDirectory
There are no reported cases of a Joomla site being hacked through this vulnerability in the module.
The vulnerability in a module - not in the main mosDirectory component

If you are using the htaccess file provided by Joomla then you are not vulnerable - however all customers should upgrade to the latest mosDirectory v2.4.0 as soon as possible to ensure that you are full protected.

The latest version of mosDirectory v2.4.0 can be downloaded by logging into your account at http://secure.myjoomla.com/

Full details of patching your site have been emailed to every customer. If you missed this email then please contact us at phil@phil-taylor.com ASAP