Whizzywig 0.61

A place for security related announcements and discussions - please check this forum frequently!
Post Reply
cmb
Posts: 12647
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Whizzywig 0.61

Post by cmb » Sun Jan 20, 2013 4:43 pm

Hello Community,

Whizzywig 0.61 has an arbitrary image upload vulnerability. That means that everybody can upload images to a CMSimple installation where Whizzywig 0.61 is running. Not only to the images/ folder, but to any folder which is not write protected.

Therefore I strongly advise against using Whizzywig 0.61. Please contact the vendor for a security patch.

Christoph
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

ubik
Posts: 1
Joined: Sun Jul 07, 2013 6:41 pm

Re: Whizzywig 0.61

Post by ubik » Sun Jul 07, 2013 6:45 pm

It is terrible news to find out about this here.

What can I do without, is there an alternative the CMSimple team recommend?

___________________
Free hosting

Post Reply