glFusion v1.1.2 and earlier Security Fix
Sunday, March 29 2009 @ 08:30 AM CDT
Contributed by: Mark
There has been an vulnerability identified in all current glFusion versions that will allow an attacker to expose the password hash for users on your site, including the Admin user. This could lead to an attacker successfully logging into your site using those compromised credentials.
All glFusion users should replace the listfactory.class.php source file with this updated version which will remove the vulnerability:
This exploit has highlighted some additional concerns that we are currently investigating and will post any additional updates when necessary.