Search found 124 matches

by postiffm
Tue May 18, 2021 10:45 am
Forum: CMSMS Core
Topic: Is class.phpmailer.php part of CMSMS?
Replies: 2
Views: 1225

Re: Is class.phpmailer.php part of CMSMS?

Greetings Rolf. Yes, I am using 2.2.15. So when my host says they are going to upgrade it, I assume they meant they will upgrade just the phpmailer package. But that is scary if they upgrade it without regard for how it interacts with the rest of the CMSMS system...
by postiffm
Mon May 17, 2021 8:35 pm
Forum: CMSMS Core
Topic: Is class.phpmailer.php part of CMSMS?
Replies: 2
Views: 1225

Is class.phpmailer.php part of CMSMS?

Potentially a very dumb question. My host just emailed: Code injection vulnerability in PHPMailer /home/HOMEDIR/public_html/lib/phpmailer/class.phpmailer.php Is this code supplied with CMSMS? The host says they will "upgrade it for me" in 7 days if I don't do anything. Thank you for CMSMS!...
by postiffm
Mon Mar 22, 2021 8:19 pm
Forum: CMSMS Core
Topic: CMSMS eval vulnerability
Replies: 6
Views: 1882

Re: CMSMS eval vulnerability

by postiffm
Mon Mar 22, 2021 4:37 pm
Forum: CMSMS Core
Topic: CMSMS eval vulnerability
Replies: 6
Views: 1882

Re: CMSMS vulnerability

Sorry, the person that pointed this out to me was actually pointing me to a different place than I thought. Maybe this will prove more helpful to the dev team. MS Made Simple - File upload bypass with .phar extension lead to RCE riccardo krauter (Mar 19) 1) Summary Affected software CMS Made Simple-...
by postiffm
Mon Mar 22, 2021 4:33 pm
Forum: CMSMS Core
Topic: CMSMS eval vulnerability
Replies: 6
Views: 1882

[SOLVED] Re: CMSMS eval vulnerability

You would know better than I. Total newb when it comes to things like that. I considered what you said prior to posting. I wondered if they meant this gave you RCE on the webhost's server, not to affect the website you already have admin access to, but to the server more broadly.
by postiffm
Mon Mar 22, 2021 3:24 pm
Forum: CMSMS Core
Topic: CMSMS eval vulnerability
Replies: 6
Views: 1882

CMSMS eval vulnerability

Someone just pointed this out to me: https://www.exploit-db.com/exploits/49345. Wondered if a fix is available. Vulnerability is present at "editusertag.php" at line #93 where the user input is in eval() PHP function. // Vulnerable eval() code if (eval('function testfunction'.rand().'() {'...
by postiffm
Wed Mar 25, 2020 7:59 pm
Forum: CMSMS Core
Topic: Content Manager Find box not working in all cases
Replies: 1
Views: 829

Content Manager Find box not working in all cases

I have content structured like this: 7 Members 7.1 Login 7.2 Giving 7.3 Members Home If I put "Members" in the Find box in the upper right, it returns a number of valid possibilities, including Members (7) and Members Home (7.3) If I type "Login" in the Find box, it returns the o...
by postiffm
Sat Sep 07, 2019 12:27 am
Forum: Modules/Add-Ons
Topic: FEU 3.1.3 - various questions
Replies: 3
Views: 2422

Re: FEU 3.1.3 - various questions

When I try to view the source code of frontendusers, cmsmadesimple.org reports Unable to find repository "frontendusers". svn checkout http://svn.cmsmadesimple.org/svn/frontendusers reports svn: E170013: Unable to connect to a repository at URL 'http://svn/cmsmadesimple.org/svn/frontenduse...
by postiffm
Sat Sep 07, 2019 12:05 am
Forum: Modules/Add-Ons
Topic: FEU 3.1.3 - various questions
Replies: 3
Views: 2422

Re: FEU 3.1.3 - various questions

A. Thanks. B. This is mostly correct. There are a few refs to returnto in action.do_userchangesettings.php but that wasn't relevant to my case. C. I see returnto has no effect, even though I had used it. I modified the login template to have it redirect to where I want. D. I am not knowledgeable eno...
by postiffm
Fri Sep 06, 2019 1:27 pm
Forum: Modules/Add-Ons
Topic: FEU 3.1.3 - various questions
Replies: 3
Views: 2422

FEU 3.1.3 - various questions

Running CMSMS 2.2.11. Having some problems with the new FEU. These questions will be a mix of technical "how to" questions and design questions. 1. This is my current login page: {if feu_smarty::get_current_userid()}{redirect_page page='parent-home'}{/if} <h1>Please log in to access more i...
by postiffm
Tue Mar 19, 2019 6:22 pm
Forum: Modules/Add-Ons
Topic: FEU old hashing mechanism; feuser login not working
Replies: 5
Views: 1401

[SOLVED] FEU old hashing mechanism; feuser login not working

This problem is solved. First, I backed up everything. Next, I uninstalled CustomContent (this was a VERY old module that I guess has been integrated into CMSMS core functionality with "Protected Content"). I just didn't notice all this time. Then I uninstalled FrontEndUsers, and reinstall...
by postiffm
Tue Mar 19, 2019 3:44 pm
Forum: Modules/Add-Ons
Topic: FEU old hashing mechanism; feuser login not working
Replies: 5
Views: 1401

Re: FEU old hashing mechanism; feuser login not working

I have them, but only "by accident" in that I was formerly using whatever the default login template was. I just now specified it explicitly so I would know in the future. I created a new testuser, and the FEU users list shows this one as "Unsafe" as well, same tool tip reason gi...
by postiffm
Tue Mar 19, 2019 3:30 pm
Forum: Modules/Add-Ons
Topic: FEU old hashing mechanism; feuser login not working
Replies: 5
Views: 1401

Re: FEU old hashing mechanism; feuser login not working

I did not know anything about csrf. Here's my call: {FrontEndUsers action="login" logintemplate="FEU login form" returnto="parent-home"} I see the {cge_form_csrf} several places in an admin search, including in the FEU login form. Search Templates (5) FEU chsettings for...
by postiffm
Tue Mar 19, 2019 3:01 pm
Forum: Modules/Add-Ons
Topic: FEU old hashing mechanism; feuser login not working
Replies: 5
Views: 1401

FEU old hashing mechanism; feuser login not working

Just upgraded to 2.2.10. My one frontend user cannot log in now. I see in FEU Management that the user is marked as "Unsafe" in red. The pop-up "tool tip" warning says this: This users password us using an old hashing mechanism. The user should change the password. (I tried to ty...
by postiffm
Sat Mar 02, 2019 3:26 am
Forum: CMSMS Core
Topic: Can't install 2.2.9.1
Replies: 3
Views: 1799

[SOLVED] Can't install 2.2.9.1

Tried it on a different computer. Double checked that I was in binary mode in FileZilla, and it worked. I'll post back if I find out what was going on.

Thanks DIGI3...I don't have command-line access on this host, so I'm not sure if I can do that.

Go to advanced search