Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum
https://www.tinywebgallery.com/forum/

is version 2.5.4 joomla_flash_uploader security risk
https://www.tinywebgallery.com/forum/viewtopic.php?f=12&t=2857
Page 1 of 1

Author:  videovic [ 6. Jan 2011, 07:58 ]
Post subject:  is version 2.5.4 joomla_flash_uploader security risk

is version JFU 2.1.2, the latest download on the site, newer than the one i have on my site already?

the one on my site is V 2.5.4.

my joomla sites have been listed on the CBL email block list because of software listed in the listing here for flash uploader joomlaexploit.com/

as a result all users on the ip have blocked emails for hotmail etc.

do i need to remove the uploader or am i secure with V 2.5.4

thanks

vic in toronto

Author:  TinyWebGallery [ 6. Jan 2011, 13:50 ]
Post subject:  Re: is version 2.5.4 joomla_flash_uploader security risk

Hi,

JFU is NOT listed here: http://joomlaexploit.com/
There are a couple of other components listed which have expoits in their upload (and even the Joomla core).

And the current version is 2.12.1 which is of course newer than 2.5.4.
But you should update because of a different parameter handling in Joomla.

See: http://www.tinywebgallery.com/en/tfu/web_jfu.php#dl

- Michael

Page 1 of 1 All times are UTC + 1 hour [ DST ]
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/