Whizzywig 0.61 has an arbitrary image upload vulnerability. That means that everybody can upload images to a CMSimple installation where Whizzywig 0.61 is running. Not only to the images/ folder, but to any folder which is not write protected.
Therefore I strongly advise against using Whizzywig 0.61. Please contact the vendor for a security patch.
A place for security related announcements and discussions - please check this forum frequently!
2 posts • Page 1 of 1