Sign in or Register

Already a member?

Sign in

Or sign in with your account on:

Not a member yet?

Register

jNews is using an open source library called Open Flash Chart to display graphical statistics. Yesterday we indentified critical code execution vulnerabilities within Open Flash Chart file "ofc_upload_image.php".

All jNews users using version jNews 7.7.x and below are affected to this vulnerability.
We've released a new version jNews 7.9.x to address the problem and we highly recommend to update.

 Two options to remove the vulnerability:

  1. By updating to the latest released version of jNews 7.9.x, see instruction below.    
  2. By removing the file from your server through FTP:

Remove the following file  from your server:

components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php


How to obtain the latest version?

1. If you purchased jNews after February 2012, you can download the updated file from your order page. Please go to My Purchases from the members area to access the file.

2. All users purchased before February 2012 are advised to submit a ticket to obtain the latest updated version.

After update, please verify that the file ofc_upload_image.php was properly removed.

Things people say about us

  • We needed a cutting edge multi-vendor solution to drive our marketplace and work seamlessly with jomsocial. We tried many options but jmarket pro was by far the best we've found. So good in fact that we ended up buying the fully integrated package.

    Paul—Founder/CEO

  • The experience with Joobi has been phenomenal. Their applications saved me countless hours of editing and configuration and the tech support was within minutes of assisting me with the application! Unbelievably Reliable and Always Recommended A+

    Hao Ly—Chief Operations Officer

  • http://www.ndigallery.com
  • http://magnoliamiracle.com