Hello Community,
a few days ago a Remote File Inclusion Vulnerability regarding CMSimple 4.4 and 4.4.2 was reported: http://www.exploit-db.com/exploits/32930/. This vulnerability affects CMSimple_XH since 1.5 as well.
The report doesn't mention that an exploit requires register_globals to be enabled (what shouldn't be the case, anyway), so if you have disabled register_globals everything is fine. Otherwise you are strongly encouraged to download and install the appropriate patch:
The patch requires the respective CMSimple_XH version (1.5.10 resp. 1.6.1) to be already installed; if you're running an older version you have to download and install the respective update package first. Then simply upload the files contained in the patch to your website.
German translation
Christoph
Potential Remote File Inclusion Vulnerability
Potential Remote File Inclusion Vulnerability
Last edited by cmb on Thu Apr 24, 2014 12:16 pm, edited 1 time in total.
Reason: added link to German translation
Reason: added link to German translation
Christoph M. Becker – Plugins for CMSimple_XH
Re: Potential Remote File Inclusion Vulnerability
The same vulnerability was found in jQuery4CMSimple too.
More informations can be found in this thread.
Holger
More informations can be found in this thread.
Holger