Tyree writes “phpMyAgenda 3.1 Beta 1 has been released.
This version is a security release. A vulnerability has been discovered by ‘Aesthetico’ (http://www.majorsecurity.de/) which affects all versions of phpMyAgenda up to version 3.0 Final. This vulnerability leverages an unnecessary variable named $rootagenda that is used in an include statement in the following scripts: infoevent.php3, agendaplace2.php3, agenda2.php3. This vulnerability has been removed in version 3.1 Beta. The next version/beta of phpMyAgenda will not need registerGlobals on, and as such, that php option will be able to be turned off then.
This version is a security release. A vulnerability has been discovered by ‘Aesthetico’ (http://www.majorsecurity.de/) which affects all versions of phpMyAgenda up to version 3.0 Final. This vulnerability leverages an unnecessary variable named $rootagenda that is used in an include statement in the following scripts: infoevent.php3, agendaplace2.php3, agenda2.php3. This vulnerability has been removed in version 3.1 Beta. The next version/beta of phpMyAgenda will not need registerGlobals on, and as such, that php option will be able to be turned off then.
If you use phpMyAgenda on your website, it is strongly recommended that you either upgrade to the beta security patch, remove the vulnerable code, or discontinue your use of phpMyAgenda until the next final release.
You can download the latest version of phpMyAgenda here on SourceForge.
I am still looking for volunteers to help out with this project. If you are interested in helping out, please contact me on SourceForge. And please, if you have any suggestions, comments, or critisms, feel free to post a message.
Regards,
Tyree”
Link: sourceforge.net
