This small patch will fix the
'newsPHP arbitary file inclusion & bad login validation'
bug published on 1st sepember 2003.

===+++===+++===+++
Product: newsPHP
Version: <= v216
Vendor: http://www.nphp.net
Bug discover by: Officerrr <officerrr (at) poligon.com (dot) pl [email concealed]>
Vendor Response: no patch released since 1st September
===+++===+++===+++

Patch:
===+++===+++===+++
diff -ruN nphp/nfunc.php nphp.ofi/nfunc.php
--- nphp/nfunc.php 2003-01-08 16:40:00.000000000 +0100
+++ nphp.ofi/nfunc.php 2004-01-04 21:47:08.000000000 +0100
@@ -292,6 +292,7 @@
function LoadSettings(&$config, &$users)
{
global $nphp_files, $nphp_common;
+ unset($users,$config);
$raw_config = file($nphp_files["config"]);

$id=0;
===+++===+++===+++

--
Pozdrawiam,
Dariusz 'Officerrr' Kolasinski
<Linux Administrator> <gg: 516354>
"Living on a razors edge, Balancing on a ledge"

[ reply ]