Until this patch comes out there are two things that can be done to remove this potential exploit.
1) Create an FTP user that only can access the exports and reports directory and use that in the Online League options
2) Remove any public link to the league file. If you have a new GM, give them a link in email. If the league can't be downloaded then you can't get the details you need to log-in
|