Vulnerability in NuSEO.PHP v1.6

[ElfMage]

A security vulnerability was found in NuSEO.PHP version 1.6

At first it was reported on illegal copies of NuSEO.PHP, but after some research it has been determined that the bug is present in the original code.

Information about this bug:
- Only affects servers which have the Register_Globals set to 'On' in the php.ini
- Register_Globals has been defaulted to 'Off' in PHP installations for the last 5 years. Unless you or your hosting company has explicitly enabled this flag, it is highly possible that this is already set to 'Off'

We will be releasing a new version of NuSEO.PHP shortly which will have the fix for this bug.

In the mean time, you can apply the fix to NuSEO.PHP.

Steps:

1) Verify the value for the Register_Globals setting. If it is set to Off, then you don't need to do anything else. If it is enabled, change it to Off (e.g. register_globals = off )

2) Delete a file named nuseo_admin_d.php found in the nuseo/admin/ directory.

3) Open nuseo_admin.php and find this line of code:

PHP Code:

if ( !isset( $nuseo_dir ) ) 


And remove this line.

Thanks.