Flexible Content Management System


Security Announcement: PostSchedule 1.0.5 SQL injection vulnerability

Contributed by on Apr 29, 2008 - 04:16 AM

As a quick fix we suggest to replace the original pnuserapi.php with the content of that can be downloaded [url=]here[/url]. As a long time solution we suggest to look for a replacement as the development has stopped some time ago. For .764 PGCalender or PostCalendar might be a solution, when using .8 crpcalendar, Eventliner or TimeIt may be worth to look at.

We do not support PostSchedule with this fix, you use it on you own risk. It may (or may not) fix the recent exploit, but there might be others in the code. If someone wants to have closer look at it, feel free.