glFusion v1.1.2 and earlier Security Fix

There has been an vulnerability identified in all current glFusion versions that will allow an attacker to expose the password hash for users on your site, including the Admin user.  This could lead to an attacker successfully logging into your site using those compromised credentials.

All glFusion users should replace the listfactory.class.php source file with this updated version which will remove the vulnerability:


This exploit has highlighted some additional concerns that we are currently investigating and will post any additional updates when necessary.

by Mark

Mark is the main developer on glFusion. When not doing his real job and playing with his family, he really enjoys working on glFusion and the collaboration with the glFusion community.

Share It

Be the first to comment