Jamroom Logo Jamroom 5 Core
is now Open Source!
Member Spotlight
510677
The Talent Farm
"TheTalentFarm is South Florida's newest and coolest recording studio/venue! We encourage artists of all genres to showcase their skills at any of our live shows, most of which are broadcast over the Internet. The selection process is sometimes painstaking. But thanks to Jamroom, all candidates can submit their bios, songs, EPK's even videos without effort, making it really easy for the staff to evaluate an artist and place them on the correct type of show. As the site grows and takes on its own personality, I remain confident that Jamroom will be able to keep up. The program is excellent, and the support is even better. Jamroom does everything I need, and does it well!"
Follow Jamroom on Twitter!

Remote File Inclusion vulnerability in Admin Browser plugins
Resolved
Affects: Jamroom Core
Priority: Urgent
Created: 06/21/08 20:26
Resolved: 06/21/08 20:57
Created By: Brian
Details
There is a critical Remote File Inclusion vulnerability in 2 of Jamroom's Admin Browser plugins:

jamroom/include/plugins/jrBrowser/payment.php
jamroom/include/plugins/jrBrowser/purchase.php

That can allow remote code to be executed within Jamroom. This has been fixed for Jamroom 3.3.6, and it is highly recommend that if you are running any version of Jamroom 3.3.x that you upgrade immediately.

Versions of Jamroom Prior to Jamroom 3.3.0 are not affected, nor are sites that have the PHP "register_globals" setting turned off.

If you are unable to update to Jamroom 3.3.6 at this time, an easy fix is to delete the 2 files:

jamroom/include/plugins/jrBrowser/payment.php
jamroom/include/plugins/jrBrowser/purchase.php

Which will make the "payments" and "purchases" section of the Admin Browser not work until you can update.
Resolution
This has been fixed in Jamroom 3.3.6
Solutions Products Support Community Company
Social Media Platform
Social Networking Software
Musician Website Manager
Community Builder
Jamroom 5
Jamroom 5 Modules
Jamroom Marketplace
Support Forum
Documentation
Support Center
Contact Support
Community Forum
Member Sites
Developers
About Us
Contact Us
Privacy Policy
©2003 - 2014 The Jamroom Network