Page 1 of 1

Potential Remote File Inclusion Vulnerability

Posted: Thu Apr 24, 2014 12:14 pm
by cmb
Hello Community,

a few days ago a Remote File Inclusion Vulnerability regarding CMSimple 4.4 and 4.4.2 was reported: http://www.exploit-db.com/exploits/32930/. This vulnerability affects CMSimple_XH since 1.5 as well.

The report doesn't mention that an exploit requires register_globals to be enabled (what shouldn't be the case, anyway), so if you have disabled register_globals everything is fine. Otherwise you are strongly encouraged to download and install the appropriate patch:
The patch requires the respective CMSimple_XH version (1.5.10 resp. 1.6.1) to be already installed; if you're running an older version you have to download and install the respective update package first. Then simply upload the files contained in the patch to your website.

German translation

Christoph

Re: Potential Remote File Inclusion Vulnerability

Posted: Tue May 06, 2014 8:54 pm
by Holger
The same vulnerability was found in jQuery4CMSimple too.
More informations can be found in this thread.

Holger