Unfortunately it has come to our attention that there is a way for phpVMS websites running version 5/5.5.2 & 5.5.2 7.2 to be accessed via SQL injection into php-ofc-imageupload. This issue has been reported to the developers at phpVMS and we would like to relay the appropriate action to keep your phpVMS website safe!
The tale tale sign that your site has come victim is when you go to login and end up with a blank white page. For some reason 2 individuals are finding it amusing crawling Va-list.com, sign up to the airlines and then proceed with the SQL injection.
To secure your website now, we advise you do the following:
Login to your FTP account and navigate to your phpVMS installation.
Navigate to /Core/lib/, here you will see a folder names php-ofc-library. Either rename this folder to something random or delete the folder entirely. We have found no bad effects from doing this on phpVMS installations.
This in turn, removes the back door for the hackers to access the database.
If you require assistance, please don’t hesitate to contact us!
