We are in the process of migrating the Spacial Wiki content to our new Help Center at spacial.com.
Please visit the Help Center for latest Tips and Tricks, Documentation and Troubleshooting.
spacial.com/help-center

SamPHPweb Vulnerability fix

From SpacialAudio

Jump to: navigation, search

This article explains how to remove a severe vulnerability from the samPHPweb template, as reported by this security site.

We highly recommend you take immediate action to address this issue as the vulnerability can be exploited to gain full control over the server in certain cases.

NOTE: This vulnerability has been fixed in the samPHPweb template that ships with SAM Broadcaster v4.3.4 or later.

Luckily, the solution is really simple.

  • Locate the .\samPHPweb\common\db.php file and open it with your favourite text editor (or Notepad)
  • You should see the following code:
<?

$metabasepath = "$commonpath/metabase";
require("$metabasepath/metabase_interface.php");
require("$metabasepath/metabase_database.php");


class DBTable {
..etc
  • Delete these 3 lines
$metabasepath = "$commonpath/metabase";
require("$metabasepath/metabase_interface.php");
require("$metabasepath/metabase_database.php");
  • Now open .\samPHPweb\config.php
  • Right above the line
    require_once("common/form.php");
    add the 3 lines you just deleted. It should look something like this:
  //Row colors used
  $darkrow  = "#dadada";
  $lightrow = "#F6F6F6";  
 
/* ## ======================================== ## */

 $metabasepath = "$commonpath/metabase";
 require("$metabasepath/metabase_interface.php");
 require("$metabasepath/metabase_database.php");
  
 require_once("common/form.php");
 require_once("common/db.php");
 require_once("common/functions.php");

Thats it! Your site should now be safe and secure once more. Please make sure to test the features of the site once you have made these changes.

Personal tools