Okay, turns out that Graham's insert_user class (which is built into this MOD) has had some security issues. He just posted an update about an hour and a half ago, and now the MOD Team is hitting up on me to fix this MOD because of the security blegh.
Therefore, just to get everyone to stop sending me private messages, I will be generating a release of ACP User Registration 1.0.1, which will be submitted to the MOD Database. The only change will be this fix, because I've abandoned this MOD, however I'm making a one-time
exception for this fix.
If you want, you can fix this by downloading this MOD
. Unzip it, and then copy functions_mod_user.php to includes/functions_mod_user.php, overwriting the previous one.
As stated above, this vuln only affects you if you are on a server with register_globals enabled. If register_globals is on, this vulnerability IS serious and you should do this step immediately! If register_globals for you is off, then this update is OPTIONAL, and there is no security risk on your board.
So, there you go, straight out of the exhausted cat's mouth. Next time there's a Saturday the 14th, I'm going to turn off my computer for the day and go mini-golfing.