Topic: Addagent file vulnerability FR < 3.0
There is a minor vulnerability in addagent.php in versions of FreeRealty less than 3.0.
This vulnerability affects you only if you allow agents to be created without requiring the admin login and allows someone with a script to create multiple spam type accounts.
If you require the admin to create new accounts this will not affect you. If you allow agents to create their own account, this will affect you. Please grab the file http://freerealty.rwcinc.net/code/addagent.tar and replace your addagent.php file this one.
Lead developer FreeRealty
Other claims to fame: http://www.rwcinc.net
Enrolled Agent, Licensed to Represent Taxpayers before Exams, Appeals and Conference divisions of the Internal Revenue Service.