Security Alert: FlashChat plugin!

Sergey by Sergey in e107

If you've installed FlashChat as a plugin by using Cameron's e107 integration instructions, you may not be aware that you're supposed to delete these two files:

If you've installed FlashChat as a plugin by using Cameron's e107 integration instructions, you may not be aware that you're supposed to delete these two files:

install.php and install2.php

Also, phpinfo.php is unnecessary and you should delete it too. These files are in e107_plugins/flashchat_menu directory. Cameron's e107 integration scripts don't use these files, so you can delete them even before you install the plugin. If you don't delete the files, visitors to your site can use the install files to see your database connection settings, including db user name and password! The README - DETAILED INSTRUCTIONS.txt that came with FlashChat contains instruction to delete install.php but you may not have read it since you probably follow the e107 integration instructions.

Many thanks to Dobbelsoft who brought this security issue to my attention.


Social Links