A new security fix for webSPELL 4.01.02 has been released on January 22, 2009. Security Fix 2009-01-22b fixes a security hole in src/login.php. It is highly recommended to upload the new fix, because a public exploit allows others to get access to all user accounts (also administrator accounts!) Quotation of the webSPELL.org Team: "Please upload this fix as fast as possible to your webSPELL pages." Furthermore caused the first fix (Security Fix 2009-01-22) some troubles with the download (white screen during downloading..) About 24 hours (January 23, 2009 - 21:45) after the first fix was released, the fix of the fix (Security Fix 2009-01-22b) has been released. Download: Security Fix 2009-01-22b |