We have a few clients that utilize aMember Membership Management software. There is a serious security hole found in aMember Pro. It affects all aMember Pro versions from 2.4.1 to 3.0.8. It is absolutely NECESSARY to take actions agains this and protect your aMember installation. Below are steps to follow. Please note that not all steps are necessary. In fact, if you follow just one step completely – you are safe.
There is just a few vulnerable files, and in fact these files are not needed for most installations of aMember. If you are not using PayPal PRO, SecPay and PaymeNow payment processors, you can safely delete the following files from your installation and you’re all set.
amember/plugins/payment/paymenow/config.inc.phpamember/plugins/payment/paymenow/paymenow.inc.phpamember/plugins/payment/paypal_pro/paypal_pro.inc.phpamember/plugins/payment/secpay/secpay.inc.phpamember/plugins/payment/secpay/config.inc.phpamember/plugins/payment/manual_cc/config.inc.php
I contacted the software developers who wrote the aMember application after I saw SecurityNote04 and had them personally go in and check our client’s installations for us to make sure we are in good shape on this vulnerability and they have assured us that we are but if you are a developer and run aMember I recommend you do some checking with your installations and make sure you are in good shape as well. The method I outlined above will work 100% of the time if you are running 3.08.
I need a good programmer/developer to help me with amember software. Can you recommend someone? Greatly appreciate your help. I’m in Calif.