FutureQuest, Inc. FutureQuest, Inc. FutureQuest, Inc.

FutureQuest, Inc.
Go Back   FutureQuest Community > FutureQuest Site Owners (All may read - Only Site Owners May Respond) > Security Alerts
User Name
Password  Lost PW

 
Thread Tools Search this Thread Display Modes
Old 06-08-2011, 09:53 AM   Postid: 180134
 Bob
Service Rep
 
Bob's Avatar
 
Join Date: Dec 1999
Location: Jacksonville, Fl
Posts: 5,102
[FQuest Alert] CMS Made Simple - Multiple Security Vulnerabilities

FutureQuest has discovered that CMS Made Simple has multiple Security Vulnerabilities which have resulted in site compromises.

ALL versions of CMS Made Simple that contain uploadview.php are subject to an Arbitrary File Upload Vulnerability.
http://www.securityfocus.com/bid/47637
http://www.exploit-id.com/web-applic...ms-made-simple

***Action Required***
There is no known official update for this and we recommend removing or disabling this file if present until such time as the Authors of CMS Made Simple issue an update addressing this.

Additionally All versions of CMS Made Simple prior to Version 1.9.4.2 are subject to SQL injection attacks.
http://forum.cmsmadesimple.org/viewt...hp?f=1&t=54536

***Action Required***
All CMS Made Simple Installations prior to version 1.9.4.2 must be disabled, removed or upgraded to Version 1.9.4.2

FutureQuest has attempted to identify all Packages that have CMS Made Simple installed and we have already sent notices to the Contacts listed for those accounts to take the appropriate actions.

This is a good time to remind all site owners that it is very important to maintain all third party scripts installed within your accounts with all up to date patches and upgrades to prevent possible compromise and exploitation of your accounts.

The FutureQuest Team
Bob is offline  


Currently Active Users Viewing This Thread: 1 (0 members and 1 visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 08:18 AM.


Running on vBulletin®
Copyright © 2000 - 2014, Jelsoft Enterprises Ltd.
Hosted & Administrated by FutureQuest, Inc.
Images & content copyright © 1998-2014 FutureQuest, Inc.
FutureQuest, Inc.