Installation hacked??

[dedide]

Hi folks,
I have been very happy with my installation of version 1.0.3. Today I went to the site and it auto-rediredted to another web site (a Turkish web design company). I upgraded to 1.0.4 but still it redirected to this site that I have no knowledge of. I can log into the admin section and all seems normal. I can't find what has been done to my site but the CMS installation appears to be the only thing hacked on the site (lots of other databased php controlled stuff on the site)
PHP version 4.4.3 apache version 1.3.37
Any clues?
TIA

[Pierre M.]

Hi folks,
...the CMS installation appears to be the only thing hacked on the site (lots of other databased php controlled stuff on the site)

Hi dedide,
may be these "lots of other databased php controlled stuff on the site" provide very nice cross site vulnerabilities ?
Pierre M.

[dedide]

Other stuff is all WordPress controlled.  The offending code ended up in the news_category table. I had not specified any categories of my own. 

[calguy1000]

Hopefully you can find out exactly which URL caused this problem, so we can solve it.

We make every effort to use the proper method of securing things so that SQL injection cannot happen.  However, mistakes happen, people forget, work too late at night, etc.  So though the vast majority of the code in CMS has been checked, some of the modules may be vulnerable. 

Particularly third party modules may be vulnerable.  We don't have control over that code (and don't have the time to dig into it if we did).  So many third party modules may be vulnerable.

If you find anything, please let us know and we'll fix it ASAP.  Thanks.