• Home
• Urgent: Remove adodb-perf-module.inc.php from your install

Urgent: Remove adodb-perf-module.inc.php from your install

A vulnerability in the ADOdb Lite package that PacerCMS uses to interact with the database has been discovered that could potentially allow an attacker to execute PHP on your system. Please remove the following file from your install, as its functionality is of limited use to the software at this time.

./includes/adodb_lite/adodb-perf-module.inc.php

In order for the attacker to exploit your system register_globals would have to be enabled on your PHP installation with your Web host. Most modern hosts have this feature disabled by default, but some (including GoDaddy) leave it enabled for backwards compatibility. Further reading:

http://php.net/register_globals

Again, please take a moment to remove the specified file from your installations even if you do not have register_globals enabled. The problem has been reported to the developer of ADOdb Lite, but a patched version is not yet available.

Running an online newspaper or magazine may bring some unwelcome attention from those seeking to exploit vulnerabilities in PacerCMS. We have received a great deal more traffic as of late as a result of our previous vulnerability and a few other minor examples that would effect a very small percentage of Web hosts. With that in mind, realize that your site is always in the crosshairs of an attacker because he or she can draw a great deal of attention by defacing or disabling your Web site. If you come across a site outlining a vulnerability in the software, please let us know (through direct e-mail) so that we may act quickly.