This script currently has a security issue that will allow users to download and execute data on to your account. Just today this has been used on a handful of accounts to place fraudulent PayPal websites and send mass amounts of e-mails to advertise them in an attempt to gain legitimate user information.
The latest version of this script is version 2.3.1, however I was unable to find any information as to whether or not it is even fixed in that version. Thus far it looks like the issue is being exploited via the POST method on /templates/url.php
I highly recommend removing this script immediatley, if we find that it has been exploited on one of your domains, that domain will be suspended.
The latest version of this script is version 2.3.1, however I was unable to find any information as to whether or not it is even fixed in that version. Thus far it looks like the issue is being exploited via the POST method on /templates/url.php
I highly recommend removing this script immediatley, if we find that it has been exploited on one of your domains, that domain will be suspended.
Comment