Potential security hole in Public Media Manager

It came to our attention today that there is a potential security hole in Public Media Manager that can allow malicious access to your web server if the PHP configuration is set with the register_globals directive turned to "on." This directive can be turned on in a few different ways, but the most common are either in the php.ini settings or in a .htaccess file. If you are using PMM to manage your content, please check with your web server administrator and make sure that the register_globals directive is set to "off."

When we have had a chance to investigate more fully, a patch will be made available here at PubForge, and an update made to the software package at SourceForge. In the meantime, we do not recommend that people download and install the current package PMM-CMS v 1.3. My apologies for any inconvenience this has caused. Please contact me directly for more information:
Dale Hobson, dale@ncpr.org, 315-229-5336.