Today a guy called kh0aimi ( This email address is being protected from spam bots, you need Javascript enabled to view it , www.xfrog.org) hacked Mamboportal.com and managed to insert a user through sql injection using the ReMOSitory component. Therefore I sadly have to take down the complete filebase for now. The hacker did not contacted me personally after finding the security hole, but published it on another website to become famous. This stupid behavior leed to 5 hacks by other people abusing his information this morning.

Currently I'm working with high pressure to fix the hole. Untill then, everybody should take down their ReMOSitory filebase immediately as everyone can gain admin access easily! Detailed informations about the hack can be found at the following website:

• www.securitytracker.com/alerts/2004/Sep/1011356.html

Update: I managed to find the hole and fixed it. I'm currently taking a look at the whole ReMOSitory code to avoid such security issues in the future. The filebase will be online again in a few hours. I also wrote a small patch file for your ReMOSitory filebase. You can download it here:

• ReMOSitory Security Patch