Not sure if it's Elgg that has the vulnerability or if it's just that my hosting account was hacked, but I recently lost two complete sites that were running Elgg. I'm skeptical that my account was targetted because I run several websites but only the two Elgg sites were hit.
When I logged on recently, I found both sites with the error message "Elgg couldn't select the database 'eastcoa1_uber'". I opened my cPanel to see if something was somehow changed in the settings file but to my horror I discovered that the databases for each site had been deleted. DELETED! No other site was touched.
Is it possible that there is a vulnerability in the Elgg software that would allow a user to change or delete a database? I can think of no other possibility. All my other databases were present.
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.