Announcing CMSMS 18.104.22.168 - Security Release
Today we would like to announce a fix for an important security vulnerability that was detected in all running versions of CMS Made Simple.
Posted: May 25, 2011 by calguy1000
Today we would like to announce a fix for an important security vulnerability that was detected in all running versions of CMS Made Simple. Today, the CMSMS Dev team became aware of a serious vulnerability in our software. Apparently the News module shipped with all versions of CMS Made Simple was open to SQL injection attacks that would return the hashed versions of all administrator passwords, allowing the hacker to gain administrative access to the website if those hashes could be reverse engineered. We have released CMS Made Simple version 22.214.171.124 with fixes to the News module to address this vulnerability, and we encourage all users to upgrade their sites as soon as possible. Additionally, out of courtesy, we have patched the 1.6 series of CMSMS, and released a version 1.6.10 for those users that are forced to use PHP 4 based servers. Both versions of CMS Made Simple can be downloaded from . At this time CMS Made Simple 1.9.3 and above are supported by the dev team. Please ensure that you have upgraded your CMSMS install to the latest development version before requesting supoort for a difficulty with CMSMS. Again, we thank you for your support and encourage you to upgrade to CMSMS 126.96.36.199 as soon as possible.