A reader posted some comments on my blog this morning, pointing me to a website listing some security vulnerabilities in gCards and also to the fact that this had been exploited on my website! Not good, not good. I’ve fixed these problems and posted gCards 1.46 – you can download it at the regular location.

If you’re using gCards (any version), you must upgrade to this version or you risk someone gaining control of your site and executing arbitrary code.

The challenge with me for gCards is that I wrote it so long ago and it’s such a big mess of spaghetti code, that it’s difficult for me to confidently say how secure it is. I would rewrite it from scratch, but that requires a bunch of time, and there’s so much built into it already to handle the complexities on running in so many different PHP environments. If anyone hears of any other security vulnerabilities or finds any, please let me know…