Jump to content

Recommended Posts

Please patch your sites :



Hi Carlos Garcia,

It's come to my attention that there is a nasty exploit for phpVMS that is out in the wild, and sites are getting hit with it. The exploit is not actually in phpVMS, but in a 3rd party library that's used for the charts. It allows the attacker(s) to write files to your server, and spam out from it.

Currently the way to fix it is simple: delete the file in core/lib/php-ofc-library/ofc_image_upload.php. Also please make sure that you've deleted any suspicious files, some names include kill.php, contact.html, etc.

If you have a tmp-upload-images in your core/lib folder, your server has been compromised.

Please visit this thread and take a look at the possible files that have been uploaded.

I've removed the above file from the download links from phpVMS

Thanks, and sorry for any troubles!


Handy Links
Community Address: http://forum.phpvms.net/index.php
Log In: http://forum.phpvms.net/index.php?app=core&module=global§ion=login
Lost Password Recovery: http://forum.phpvms.net/index.php?app=core&module=global§ion=lostpass

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...