Hello people,
my website had been hacked some days ago due to a security hole in a part of CMS (see http://www.securityfocus.com/bid/25768). google told me that the reason was a bug(?) in ADODB (see http://www.juniper.net/security/auto/vu ... 27711.html for details).
The thing is my cmsmadesimple installation wasn't up to date (I used version 1.1). Because i didn't find anything about this I would like to know, if this bug has been fixed in never versions? If not, how could I avoid a second hack? I've just installed the latest version and my website is online again (my webhoster blocked it because of phising!!!)
Thanks for answers!
Regards
bobkins
Vulnerable ADODB: adodb-perf-module.inc.php
Re: Vulnerable ADODB: adodb-perf-module.inc.php
The ADODB Lite database abstraction layer used in CMCMS is full of vulnerabilities, and is no longer maintained, so there is not much hope for a patch.
Install and use den full version of ADODB instead. It can be downloaded from http://phplens.com/adodb/index.html
Unpack the zip file, and upload to the /lib directory on your CMSMS site.
Then change the value of $config['use_adodb_lite'] from true to false in your config.php
[Important] Delete the adodb_lite directory from the /lib directory to block future hacks.
Regards
Joergen Moeller Larsen
jworks.dk
Install and use den full version of ADODB instead. It can be downloaded from http://phplens.com/adodb/index.html
Unpack the zip file, and upload to the /lib directory on your CMSMS site.
Then change the value of $config['use_adodb_lite'] from true to false in your config.php
[Important] Delete the adodb_lite directory from the /lib directory to block future hacks.
Regards
Joergen Moeller Larsen
jworks.dk
Re: Vulnerable ADODB: adodb-perf-module.inc.php
Sorry folks but the ver. you were using was vulnerable and since 1.2.5 on iirc the problem has been fixed so you are encouraged to upgrade to 1.4.1 asap to avoid any problems in the future...
