TemPlug Templates: Arbitrary Code Execution Vulnerability

[cmb]

Hello Community,

probably all TemPlug templates suffer an arbitrary code execution vulnerability. I've checked that for tp_3cols_avantgardeXH, but other TemPlug templates are most likely affected as well.

I have PMed Gert 2 weeks ago, but he has not yet replied. I suggest you immediately contact him for a fix. I will not publicly reveal any details, let alone the exploit I've written to confirm this issue. You can contact me by mail or PM for further information.

Christoph

[Gert]

Download new and update the folder "templug/", but without the folder "templug/data/",

Gert

[MiHa]

I don't find a link to the updated Templug.
Where is it?
(1.4 is from january 25th 2012)

[Gert]

http://www.ge-webdesign.de/cmsimpletemplates/?TemPlug

You have to update the templates, not the plugin,

Gert

[MiHa]

http://www.ge-webdesign.de/cmsimpletemplates/?TemPlug
You have to update the templates, not the plugin,

Ah, thank you. I am trying out tp_float_treesXH.zip - but it was not updated (it is from 27 march 2013).

[Gert]

but it was not updated (it is from 27 march 2013).

It IS updated - I have updated all templates on 27 march 2013,

Gert

[MiHa]

Great news!

I got started on the new CMSimple 4 on or right after march 27, then =)

I was on the old CMSimple a long time ago for a NGO ( www.hemundervisning.org ), and recently needed more - SO happy about the progress you are making!

[Gert]

I got started on the new CMSimple 4 on or right after march 27, then =)

"On" or "right after"?

I have uploaded the new zip files 2 pm in the afternoon, but in case "right after march 27" you have the new template surely,

Gert