"When I was first introduced to Jamroom, it looked a useful application to manage the bands in which I play, or am associated, on a single website. It installed and ran successfully, and only then did I realize what Jamroom was about and its potential. Opening my site up to other bands I knew, I had a few takers, and am now in the process of promoting Motagator further. Motagator is open to all genres of music, but specializes in Cajun, Zydeco, Folk, Roots and Blues (my favorites). I'll be staying with Jamroom, wherever Brian takes it - it has been, and will be an interesting adventure."
Remote File Inclusion vulnerability in Admin Browser plugins
Affects: Jamroom Core
Created: 06/21/08 20:26
Resolved: 06/21/08 20:57
Created By: Brian
There is a critical Remote File Inclusion vulnerability in 2 of Jamroom's Admin Browser plugins:
That can allow remote code to be executed within Jamroom. This has been fixed for Jamroom 3.3.6, and it is highly recommend that if you are running any version of Jamroom 3.3.x that you upgrade immediately.
Versions of Jamroom Prior to Jamroom 3.3.0 are not affected, nor are sites that have the PHP "register_globals" setting turned off.
If you are unable to update to Jamroom 3.3.6 at this time, an easy fix is to delete the 2 files: