a vulnerability (sql injection which can give the admins nick + passhash) has been discover in all btit 1.4.x/xbtit <= rev 544 version (
BtiTracker <= 1.4.7, xbtit <= 2.0.542 SQL Injection Vulnerability), please apply urgently the patch
quick fix:
open
scrape.php
find:
Code:
require("$BASEPATH/include/config.php");
require("$BASEPATH/include/common.php");
below add:
Code:
require_once $BASEPATH.'/include/crk_protection.php';
or download attached, upload to your tracker's root and rename to scrape.php
To unsubscribe from these announcements, login to the forum and uncheck "Receive forum announcements and important notifications by email." in your profile.
You can view the full announcement by following this link:
Template Parse Error!
Regards,
The Btiteam Forum Team.