jNews is using an open source library called Open Flash Chart to display graphical statistics. Yesterday we indentified critical code execution vulnerabilities within Open Flash Chart file "ofc_upload_image.php".
All jNews users using version jNews 7.7.x and below are affected to this vulnerability.
We've released a new version jNews 7.9.x to address the problem and we highly recommend to update.
Two options to remove the vulnerability:
- By updating to the latest released version of jNews 7.9.x, see instruction below.
- By removing the file from your server through FTP:
Remove the following file from your server:
How to obtain the latest version?
1. If you purchased jNews after February 2012, you can download the updated file from your order page. Please go to My Purchases from the members area to access the file.
2. All users purchased before February 2012 are advised to submit a ticket to obtain the latest updated version.