a few days ago a Remote File Inclusion Vulnerability regarding CMSimple 4.4 and 4.4.2 was reported: http://www.exploit-db.com/exploits/32930/. This vulnerability affects CMSimple_XH since 1.5 as well.
The report doesn't mention that an exploit requires register_globals to be enabled (what shouldn't be the case, anyway), so if you have disabled register_globals everything is fine. Otherwise you are strongly encouraged to download and install the appropriate patch:
A place for security related announcements and discussions - please check this forum frequently!
2 posts • Page 1 of 1