LISE exploit and patch

Project Announcements. This is read-only, as in... not for problems/bugs/feature request.
Post Reply
User avatar
DIGI3
Dev Team Member
Dev Team Member
Posts: 1609
Joined: Wed Feb 25, 2009 4:25 am
Location: Victoria, BC

LISE exploit and patch

Post by DIGI3 »

A vulnerability that allows a remote attacker to initiate the uninstaller routine for specific LISE instances was discovered today. An update (version 1.4.3) to LISE has been released to patch this, and should be applied immediately to all sites using the LISE module.

The exploit results in the database tables for the instance to be deleted, but all files remain in tact. Recovering the tables in question from a database backup is the remedy. The patch will prevent future, similar exploits but cannot recover any lost data.
Not getting the answer you need? CMSMS support options
Post Reply

Return to “Announcements”