Potential Remote File Inclusion Vulnerability
Posted: Thu Apr 24, 2014 12:14 pm
Hello Community,
a few days ago a Remote File Inclusion Vulnerability regarding CMSimple 4.4 and 4.4.2 was reported: http://www.exploit-db.com/exploits/32930/. This vulnerability affects CMSimple_XH since 1.5 as well.
The report doesn't mention that an exploit requires register_globals to be enabled (what shouldn't be the case, anyway), so if you have disabled register_globals everything is fine. Otherwise you are strongly encouraged to download and install the appropriate patch:
The patch requires the respective CMSimple_XH version (1.5.10 resp. 1.6.1) to be already installed; if you're running an older version you have to download and install the respective update package first. Then simply upload the files contained in the patch to your website.
German translation
Christoph
a few days ago a Remote File Inclusion Vulnerability regarding CMSimple 4.4 and 4.4.2 was reported: http://www.exploit-db.com/exploits/32930/. This vulnerability affects CMSimple_XH since 1.5 as well.
The report doesn't mention that an exploit requires register_globals to be enabled (what shouldn't be the case, anyway), so if you have disabled register_globals everything is fine. Otherwise you are strongly encouraged to download and install the appropriate patch:
The patch requires the respective CMSimple_XH version (1.5.10 resp. 1.6.1) to be already installed; if you're running an older version you have to download and install the respective update package first. Then simply upload the files contained in the patch to your website.
German translation
Christoph