Skip to content

Security Vulnerability [FCMS 2.5 – 2.7.1]

There is a security vulnerability in some versions of Family Connections on some configurations of PHP, that could allow an attacker to execute arbitrary commands.

How to Fix

To protect yoursite from an attack simply remove the dev/ directory from your site.

This directory is not needed for Family Connections to work and is only useful to developers who want to make major changes.  Future versions of Family Connections will be available in two forms, one for development and one for production.  The production version will no longer contain the dev/ directory.

Technical Details

The bug exists in the dev/less.php file in all versions since 2.5.  This file is used to help with converting LESS files into CSS files.  You can find out more about this vulnerability by visiting ticket #406.

Be Sociable, Share!

Categories: News.

Comment Feed

No Responses (yet)

Some HTML is OK

or, reply to this post via trackback.