Vulnerability with Gold System Plugin
I have been alerted to a serious issue with the e107 Gold System plugin.
I have been alerted to a serious issue with the e107 Gold System plugin. Normally we try not to mention vulnerabilities with plugins as this is not our code and it's much harder for us to get it fixed.
However, in this instance I know the exploit is out in the wild so I thought it was serious enough to mention it here. I have alerted the author of the code and hopefully a fix will be out soon.
If you are currently using the gold system plugin, I would suggest you temporarily disable it. At the very least, rename the gold_system/shop.php file to something different until the vulnerability has been fixed.
I do not know all of the versions this affects, but it does include the latest.