Storyteller CMS is the predecessor of Contentteller, which will be still used by some websites. Shamus from the http://antijasakom.net/forum forum discovered a weakness in Storyteller CMS where an attacker may execute arbitrary SQL statements on the vulnerable system. I was able to pinpoint the vulnerability and have released the patch below. Unzip the patch and upload the new core.php to your Storyteller main directory. This vulnerability exists only in Storyteller, Contentteller is using a completely different code base.
In line 751? To make the username file system safe, so special characters will not break the filename.
