FutureQuest has discovered that CMS Made Simple
has multiple Security Vulnerabilities which have resulted in site compromises.
ALL versions of CMS Made Simple that contain uploadview.php are subject to an Arbitrary File Upload Vulnerability.
There is no known official update for this and we recommend removing or disabling this file if present until such time as the Authors of CMS Made Simple issue an update addressing this.
Additionally All versions of CMS Made Simple prior to Version 220.127.116.11 are subject to SQL injection attacks.
All CMS Made Simple Installations prior to version 18.104.22.168 must be disabled, removed or upgraded to Version 22.214.171.124
FutureQuest has attempted to identify all Packages that have CMS Made Simple installed and we have already sent notices to the Contacts listed for those accounts to take the appropriate actions.
This is a good time to remind all site owners that it is very important to maintain all third party scripts installed within your accounts with all up to date patches and upgrades to prevent possible compromise and exploitation of your accounts.
The FutureQuest Team