Announcing CMSMS 22.214.171.124 - Security Release
May 25, 2011 by Robert Campbell
Today we would like to announce a fix for an important security vulnerability that was detected in all running versions of CMS Made Simple. Today, the CMSMS Dev team became aware of a serious vulnerability in our software. Apparently the News module shipped with all versions of CMS Made Simple was open to SQL injection attacks that would return the hashed versions of all administrator passwords, allowing the hacker to gain administrative access to the website if those hashes could be reverse engineered. We have released CMS Made Simple version 126.96.36.199 with fixes to the News module to address this vulnerability, and we encourage all users to upgrade their sites as soon as possible. Additionally, out of courtesy, we have patched the 1.6 series of CMSMS, and released a version 1.6.10 for those users that are forced to use PHP 4 based servers. Both versions of CMS Made Simple can be downloaded from our download page. At this time CMS Made Simple 1.9.3 and above are supported by the dev team. Please ensure that you have upgraded your CMSMS install to the latest development version before requesting supoort for a difficulty with CMSMS. Again, we thank you for your support and encourage you to upgrade to CMSMS 188.8.131.52 as soon as possible.
© Copyright 2011 by CMSMS™ and the posts author(s). All rights reserved.
comments powered by Disqus