Local file disclosure vulnerability on Feedcreator

[datahell]

A local file disclosure vulnerability discovered on a third party class Elxis CMS uses to create RSS feeds.
This vulnerability affects all Elxis versions prior to 2009.2.
Elxis 2009.1 Hecate was patched against this vulnerability and you can download the patched release from the Elxis Downloads Center.

To fix this security issue on existing installations replace the file bellow with the one attached in this post.

includes/feedcreator.class.php


ALL elxis sites hosted on exidna and hades web servers were patched against this vulnerability by Is Open Source.

[Coursar]

Thanks

[supernet]

Thanks Gianni.

[Sirigos]

Thank you Gianni !

[WebGift]

Thanks a lot Gianni!

[jimmyz]

Thanks Johnnie.
Does the vulnerability affect the 2009.0 version of Elxis as well?
Do I need to do something immediately? Upgrading the whole site takes precius time, that I can not afford right now. 

[supernet]

Thanks Johnnie.
Does the vulnerability affect the 2009.0 version of Elxis as well?
Do I need to do something immediately? Upgrading the whole site takes precius time, that I can not afford right now. 

Datahell is rather clear  This vulnerability affects all Elxis versions prior to 2009.2.

To fix this security issue on existing installations replace the file bellow with the one attached in this post.
includes/feedcreator.class.php

[jimmyz]

I guess that I missed "prior".
Replacement done smoothly. All OK now I think. 

[datahell]

Just replace one file (feedcreator.class.php).
elxis.org lately receives many XSS and SQL injection attacks and today a large scale attack occurred against the elxis server. Some people don't like elxis... 

[WebGift]

Some people don't like elxis... 

We have already understood that !