CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

Bugtraq report of security issues in 1.6.6

https://forum.cmsmadesimple.org/viewtopic.php?t=41519

Page 1 of 1

Bugtraq report of security issues in 1.6.6

Posted: Sat Feb 13, 2010 4:30 pm
by Peripatetic
Just came across this on Bugtraq:

cmsmadesimple Multiple Security Issues : XSS+ LFI
http://seclists.org/bugtraq/2010/Feb/133

I tried the proof of concept code on my own non-public 1.6.6 installation but couldn't get it to work.  Maybe it only works on a default installation or it's configuration dependent.  I didn't want to file a bug until it can be reproduced.  Can anyone with more in-depth CMSMS knowledge check this out and see if these are real vulnerabilities?

Re: Bugtraq report of security issues in 1.6.6

Posted: Sat Feb 13, 2010 5:13 pm
by calguy1000
It's been dealt with, we're waiting for confirmation from the original hacker that the bug is fixed, and then 1.6.7 will be released,.

Re: Bugtraq report of security issues in 1.6.6

Posted: Sun Feb 14, 2010 8:59 pm
by Peripatetic
Great.  Nice to hear it's been so quickly dealt with.

Re: Bugtraq report of security issues in 1.6.6

Posted: Mon Feb 15, 2010 4:38 am
by Wishbone
What was exploiting this vulnerability supposed to be able to do?

Re: Bugtraq report of security issues in 1.6.6

Posted: Mon Feb 15, 2010 3:42 pm
by tyman00
We found where the concern came from, but we honestly could not replicate the issue. However, we made a change to be proactive. Once we hear back the confirmation a 1.6.7 will go out.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited