CMS Made Simple Forums

I've been reading about the new SQL injection attack that's reported to have infected more than 500K pages worldwide. I'm not able to get to the details but it looks like the affected systems are mostly Microsoft SQL Server-based system, but I could be wrong.

Does anyone know if CMSMS-based systems are vulnerable to this attack? If so, any ideas as to which versions are especially vulnerable? Are there any preventative measures that can be take for vulnerable versions?

Here's a link to a summary article: http://www.pcworld.com/businesscenter/a ... _know.html

TIA,
Sanjay

Hi all

Thats an interesting question for me too. I suppose this one really is only an MS SQL problem, probably even only on .asp pages.

But the question arises: If once there should be something around endangering CMSMS, is there a place here where we can get informed? As I, for example, do not come here regularly and search around for "attack" or "virus" etc. in the forum, only after reading specific news about a threat.

I suggest that CMSMS creates a "danger" mailinglist, where we CMSMS users can inscribe ourselves, and get an early warning message as soon as a real threat is discovered.

Thom

There is a newsletter sign up on cmsmadesimple.org that will get sent when a new version of cmsms is available, which means even if it just an upgrade or a security patch...