I just wanted to post a quick message about the recent security vulnerability in Pixaria now that it's been dealt with. The issue relates to a single file in Pixaria's resources/includes/ directory called class.Smarty.php and it will only affect systems where the 'register_globals' setting for PHP is turned on.
The vulnerability allows a hacker to include and execute malicious PHP code over the internet which can then be used to give the hacker access to the affected web server as if they owned it.
The fix works by preventing the class.Smarty.php file from including remote files. The next update to Pixaria will feature changes to all include files to prevent them from being called or executed individually in this way.
del.icio.us Digg itPixaria Gallery 2.9.1 Released
Tuesday, July 27, 2010
Pixaria Forum Updates
Tuesday, July 6, 2010
Pixaria Gallery 2.8.8 Released
Sunday, July 4, 2010
Upgrades and Support FAQ
Thursday, July 1, 2010
Pixaria Support Extensions Now Available
Wednesday, June 30, 2010
Two New Showcase Websites
Friday, June 25, 2010
Pixaria Bootleg Problems
Wednesday, June 23, 2010
Ars Technica Reviews Adobe Lightroom 3
Tuesday, June 22, 2010
Back Online
Saturday, June 12, 2010
Offline Between June 5th and 12th
Friday, June 4, 2010