Search found 124 matches
- Tue May 18, 2021 10:45 am
- Forum: CMSMS Core
- Topic: Is class.phpmailer.php part of CMSMS?
- Replies: 2
- Views: 1225
Re: Is class.phpmailer.php part of CMSMS?
Greetings Rolf. Yes, I am using 2.2.15. So when my host says they are going to upgrade it, I assume they meant they will upgrade just the phpmailer package. But that is scary if they upgrade it without regard for how it interacts with the rest of the CMSMS system...
- Mon May 17, 2021 8:35 pm
- Forum: CMSMS Core
- Topic: Is class.phpmailer.php part of CMSMS?
- Replies: 2
- Views: 1225
Is class.phpmailer.php part of CMSMS?
Potentially a very dumb question. My host just emailed: Code injection vulnerability in PHPMailer /home/HOMEDIR/public_html/lib/phpmailer/class.phpmailer.php Is this code supplied with CMSMS? The host says they will "upgrade it for me" in 7 days if I don't do anything. Thank you for CMSMS!...
- Mon Mar 22, 2021 8:19 pm
- Forum: CMSMS Core
- Topic: CMSMS eval vulnerability
- Replies: 6
- Views: 1882
Re: CMSMS eval vulnerability
https://seclists.org/fulldisclosure/ and search for 2.2.15
- Mon Mar 22, 2021 4:37 pm
- Forum: CMSMS Core
- Topic: CMSMS eval vulnerability
- Replies: 6
- Views: 1882
Re: CMSMS vulnerability
Sorry, the person that pointed this out to me was actually pointing me to a different place than I thought. Maybe this will prove more helpful to the dev team. MS Made Simple - File upload bypass with .phar extension lead to RCE riccardo krauter (Mar 19) 1) Summary Affected software CMS Made Simple-...
- Mon Mar 22, 2021 4:33 pm
- Forum: CMSMS Core
- Topic: CMSMS eval vulnerability
- Replies: 6
- Views: 1882
[SOLVED] Re: CMSMS eval vulnerability
You would know better than I. Total newb when it comes to things like that. I considered what you said prior to posting. I wondered if they meant this gave you RCE on the webhost's server, not to affect the website you already have admin access to, but to the server more broadly.
- Mon Mar 22, 2021 3:24 pm
- Forum: CMSMS Core
- Topic: CMSMS eval vulnerability
- Replies: 6
- Views: 1882
CMSMS eval vulnerability
Someone just pointed this out to me: https://www.exploit-db.com/exploits/49345. Wondered if a fix is available. Vulnerability is present at "editusertag.php" at line #93 where the user input is in eval() PHP function. // Vulnerable eval() code if (eval('function testfunction'.rand().'() {'...
- Wed Mar 25, 2020 7:59 pm
- Forum: CMSMS Core
- Topic: Content Manager Find box not working in all cases
- Replies: 1
- Views: 829
Content Manager Find box not working in all cases
I have content structured like this: 7 Members 7.1 Login 7.2 Giving 7.3 Members Home If I put "Members" in the Find box in the upper right, it returns a number of valid possibilities, including Members (7) and Members Home (7.3) If I type "Login" in the Find box, it returns the o...
- Sat Sep 07, 2019 12:27 am
- Forum: Modules/Add-Ons
- Topic: FEU 3.1.3 - various questions
- Replies: 3
- Views: 2422
Re: FEU 3.1.3 - various questions
When I try to view the source code of frontendusers, cmsmadesimple.org reports Unable to find repository "frontendusers". svn checkout http://svn.cmsmadesimple.org/svn/frontendusers reports svn: E170013: Unable to connect to a repository at URL 'http://svn/cmsmadesimple.org/svn/frontenduse...
- Sat Sep 07, 2019 12:05 am
- Forum: Modules/Add-Ons
- Topic: FEU 3.1.3 - various questions
- Replies: 3
- Views: 2422
Re: FEU 3.1.3 - various questions
A. Thanks. B. This is mostly correct. There are a few refs to returnto in action.do_userchangesettings.php but that wasn't relevant to my case. C. I see returnto has no effect, even though I had used it. I modified the login template to have it redirect to where I want. D. I am not knowledgeable eno...
- Fri Sep 06, 2019 1:27 pm
- Forum: Modules/Add-Ons
- Topic: FEU 3.1.3 - various questions
- Replies: 3
- Views: 2422
FEU 3.1.3 - various questions
Running CMSMS 2.2.11. Having some problems with the new FEU. These questions will be a mix of technical "how to" questions and design questions. 1. This is my current login page: {if feu_smarty::get_current_userid()}{redirect_page page='parent-home'}{/if} <h1>Please log in to access more i...
- Tue Mar 19, 2019 6:22 pm
- Forum: Modules/Add-Ons
- Topic: FEU old hashing mechanism; feuser login not working
- Replies: 5
- Views: 1401
[SOLVED] FEU old hashing mechanism; feuser login not working
This problem is solved. First, I backed up everything. Next, I uninstalled CustomContent (this was a VERY old module that I guess has been integrated into CMSMS core functionality with "Protected Content"). I just didn't notice all this time. Then I uninstalled FrontEndUsers, and reinstall...
- Tue Mar 19, 2019 3:44 pm
- Forum: Modules/Add-Ons
- Topic: FEU old hashing mechanism; feuser login not working
- Replies: 5
- Views: 1401
Re: FEU old hashing mechanism; feuser login not working
I have them, but only "by accident" in that I was formerly using whatever the default login template was. I just now specified it explicitly so I would know in the future. I created a new testuser, and the FEU users list shows this one as "Unsafe" as well, same tool tip reason gi...
- Tue Mar 19, 2019 3:30 pm
- Forum: Modules/Add-Ons
- Topic: FEU old hashing mechanism; feuser login not working
- Replies: 5
- Views: 1401
Re: FEU old hashing mechanism; feuser login not working
I did not know anything about csrf. Here's my call: {FrontEndUsers action="login" logintemplate="FEU login form" returnto="parent-home"} I see the {cge_form_csrf} several places in an admin search, including in the FEU login form. Search Templates (5) FEU chsettings for...
- Tue Mar 19, 2019 3:01 pm
- Forum: Modules/Add-Ons
- Topic: FEU old hashing mechanism; feuser login not working
- Replies: 5
- Views: 1401
FEU old hashing mechanism; feuser login not working
Just upgraded to 2.2.10. My one frontend user cannot log in now. I see in FEU Management that the user is marked as "Unsafe" in red. The pop-up "tool tip" warning says this: This users password us using an old hashing mechanism. The user should change the password. (I tried to ty...
- Sat Mar 02, 2019 3:26 am
- Forum: CMSMS Core
- Topic: Can't install 2.2.9.1
- Replies: 3
- Views: 1799
[SOLVED] Can't install 2.2.9.1
Tried it on a different computer. Double checked that I was in binary mode in FileZilla, and it worked. I'll post back if I find out what was going on.
Thanks DIGI3...I don't have command-line access on this host, so I'm not sure if I can do that.
Thanks DIGI3...I don't have command-line access on this host, so I'm not sure if I can do that.